From kurt at openssl.org Fri Jan 2 10:36:18 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Fri, 2 Jan 2015 11:36:18 +0100 (CET) Subject: [openssl-commits] [web] OpenSSL Web Pages branch master updated. 8c31b889d64732b86d2ab6cb047559df4c1edb9a Message-ID: <20150102103621.8ED461DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL Web Pages ". The branch, master has been updated via 8c31b889d64732b86d2ab6cb047559df4c1edb9a (commit) from b6a3f656d6e8a670e5e07c801b32684e01f94ba9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8c31b889d64732b86d2ab6cb047559df4c1edb9a Author: Kurt Roeckx Date: Fri Jan 2 00:41:20 2015 +0100 Add openssl-security at openssl.org to the pgp key ----------------------------------------------------------------------- Summary of changes: news/openssl-security.asc | 140 ++++++++++++++++++++++++++++----------------- 1 file changed, 88 insertions(+), 52 deletions(-) diff --git a/news/openssl-security.asc b/news/openssl-security.asc index 1cd3b49..952edbc 100755 --- a/news/openssl-security.asc +++ b/news/openssl-security.asc @@ -1,52 +1,88 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQINBFQv6Z8BEACuJwJkw/Iniec6U1RzocYHBFKl1eE0WBu1vthYmcn0D/GJKvWM -kRhx9GSlWMqj9mgSFUOsFWrpPIm3Jzh4bLweUjH5I7R0Frh39dDFh1hhwHEholBy -yUGFTb8TppptXnzzDoNz4yUQcRP2oeG1vC/ePXPWHKgtp+0hmM3MQ3WIN+gSmpdt -4vMIoWKKCq+E1tYcsFk9URBWWEwBw+OJ37o7TrernyxwtXwdPOjYhA4mLtnKHs+5 -QivuOvK7gNf5hggyv6fp6d2ixvJZ9CdUYFdlOwaHA97B694RcAMxaMtzUpfkiJ/Q -2zR83QG4az6COKK38W6Kp7bLveMF6Rb4Y+gOjV4KvHKpzNAP2sNkmCIohlmoPhT9 -Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO -3GLcyTJW4enmTUFxy0d24Bfdgu7FpH1vHIisDkON3QO4TMwCJoLWGULqpJKP7kUf -5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc -zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK -eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB -tCdPcGVuU1NMIHRlYW0gPG9wZW5zc2wtdGVhbUBvcGVuc3NsLm9yZz6JAj0EEwEK -ACcFAlQv6Z8CGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ2JTi -zos9efV70xAAlXY8dfsZRKMbVyv7YOPaC38XL1ySNUqoMy0lBS8L8Sac5vrim3B1 -X8Ztxlli0kgIEbpDidT8sP8hxvQZa+rnObmpaBXpBudBgT/FrpwKt0kAcfxnoLGo -1ZrSS4MJPwgYAyg2VY6O5gzJG+AnxoeT6NpG8KmgVsFr8QpLFJOI20fOoCCsNMWs -Qk5uWKifoYNnFsYwdaKJnzfYFqC3lQCcU12WF0Eeo/+gSK309+Dq3ujoTgKAElOv -Vom3c+RIFRHTwnCgucrJFAgcavZiEEd9QGPg3LsZ7HpmE6nwzPOwnxqM8qLtvUvz -XJPH6j87iuk7ojPVBPAyHU2ITaANj8IyVi4liRzvNohypWCbV+MUyrkI/Ko+TrQ/ -XmDRfQKSfFbt9UBH1g+/iBfUVdLPNKD0gyXwy04nTNdgyB5V3zjCfQ1UEZ5TESDX -fjBP+5TGzF5IMlvAYa3dyGYpHuMTGjCno8R/d9vVxlOaQSWcbB5uNUHLj6Fpvoxv -z1InfrarFXIh4jbZg0ewI3sbuUmjh0PhX0fRr9HiEAhpRjUfdidWbuOa7+BMXyLO -oifNpxv4Q8gm+eu/kxYjayRHNv+0DX1nKM2sLdODoMf5BYIULLksavUlrmZ7GpJt -BgEO4dhSDDp6VYw24NNSG8orV2V4FleegdesD8tAA1Bl6Chb64m28sK5Ag0EVC/p -nwEQAMB3s+8dq5T8fW+b3OcGujEcbhyguc6D5shlNWsuCV3W7+izsVUe+0hD1YwD -30C6zj2+CJrMxPQ/BB3u3SbyHMDP5fKL7GQiA/n192hX2DuHxvQwnDNkHxYghtrF -KOlXAyte2awA0fC+e0o8lHa1Yd2ZZNqlDC23qJtLMJH8bX8CIr59KckNyv64bF+h -VPIN3evnh1Ajn4A85848EZMQcjedg72MsA3TW2D4omayY7eXE5uut7FYcY6SM4pT -hIB2X9DM39Rgy3qC4ObvEkEfaWnJfHxyXiA8XF+FZukXc/iM68P0VS/sMml9QPsY -MWnMHcGlOcuzQJRAalqZJwuK0ZIvobh/Y9rYLxrHtNCgSjaFuSN9K/YhpAxs80H6 -lVa7GCSASTRrS3OvmY++fTsUPzSOvit0kqQfimziYx7QcJIagG92mvUmuf2PEfzv -Si6iaIqMhaTaJq5qxOR0q430KakQktNPX53HflWL7YenDPYw1rEyQFxGqjaBY1X8 -NtuzZ0P4cahgsBFc8HgYu2u3Ysd5wmvSTsOXld8Qsns1KIUOpzgWw56AJ6dxS3lK -4QSUFwjzbZW9H0jJ49eBMAaA+hCjv8c/4BFuZq9Gvsafn425Lx1V/3PFJlPu55V+ -7qWjeOkSzNctMlmCqPQVetbZ/pHLAJO5IUO3SoTs5kl6bARzABEBAAGJAiUEGAEK -AA8FAlQv6Z8CGwwFCQHhM4AACgkQ2JTizos9efW9Gg/9GoPUHtq600MemwBQvgZd -V1IMGTavvwnROhmrDH+tmJnKchyEZ/SpfQWjEyj50WichcWaCQ0O4JNHL7cRXhJD -8SbxwODQn6+6rdH2ilFCke+VDq3dKGbc4IM8YUHg3b6babXQkRTlUYsJ2oPCfNTj -PFXXyLJvtdob1FPDXll42X+lcXx3P2seTf+lrGuPvg071ftDGFtnMom+DziC56wd -3PqpGxyWuQycgtiXYZEAs2rs7y028lVB3S/aRRtBll6NTdvAGoHaoSvnssqklID2 -lqoAhpvhO+wdgRrdiHVUBJ9pzl1dUVZK8bU4R2Wx3SBK42dXeaWFnf3UqpiSMhyX -wHZlCQNaQaMjFL8oAJEWNakVlwejqoI+1kS0Am7iYV9L5bSUDvK9PDWKAJTUhQbO -nO5lztumkmflbHg16+ptT4VqpvB9mDdCdgOUB7spLKhTZkOVT9OG1ROxBQbIjt8P -UUu2MbHw4XMx7pwkYcYAu3tBaz9KDDMvvnYH9/V9o8b2qczQY98tIZaOVfjqK7sm -kMuNP82HXrpRTsfUvW1i8TR4gH9RCO8ltNoAO6QXjCsCbeI+TTi8DqTYHcZD0cDm -DBNojblubYS6mezodM1jIazlFqHFSBvzMbiSQ5BL5QZC3qd2B2DHxyuUDjvmJAVV -PuIxu13yhrUC3SW2zWSthsI= -=bnV4 ------END PGP PUBLIC KEY BLOCK----- +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQINBFQv6Z8BEACuJwJkw/Iniec6U1RzocYHBFKl1eE0WBu1vthYmcn0D/GJKvWM +kRhx9GSlWMqj9mgSFUOsFWrpPIm3Jzh4bLweUjH5I7R0Frh39dDFh1hhwHEholBy +yUGFTb8TppptXnzzDoNz4yUQcRP2oeG1vC/ePXPWHKgtp+0hmM3MQ3WIN+gSmpdt +4vMIoWKKCq+E1tYcsFk9URBWWEwBw+OJ37o7TrernyxwtXwdPOjYhA4mLtnKHs+5 +QivuOvK7gNf5hggyv6fp6d2ixvJZ9CdUYFdlOwaHA97B694RcAMxaMtzUpfkiJ/Q +2zR83QG4az6COKK38W6Kp7bLveMF6Rb4Y+gOjV4KvHKpzNAP2sNkmCIohlmoPhT9 +Ce9tWq6oK+o1MEc1Ejb1/kn9CeCloKlF8HkzhFLpqqkZ//3j73/6kuK45UVg5PbO +3GLcyTJW4enmTUFxy0d24Bfdgu7FpH1vHIisDkON3QO4TMwCJoLWGULqpJKP7kUf +5HCnafDroN5wF9jMVxFhmDOOdXyIeYkBVF6swwIlyq8VlYSjYWGAUtIb3rOiUNWc +zYY6spdAN6VtKTMnXTm608yH118p+UOB5rJuKBqk3tMaiIjoyOcya4ImenX85rfK +eCOVNtdOC/0N8McfO0eFc6fZxcy7ykZ1a7FLyqQDexpZM7OLoM5SXObX1QARAQAB +tDRPcGVuU1NMIHNlY3VyaXR5IHRlYW0gPG9wZW5zc2wtc2VjdXJpdHlAb3BlbnNz +bC5vcmc+iQI9BBMBCgAnBQJUpdpWAhsDBQkB4TOABQsJCAcDBRUKCQgLBRYCAwEA +Ah4BAheAAAoJENiU4s6LPXn1j/UP/1iYmFLO4JDERSQ2qXDDryFnxM14hV8hnt8a +fh1NrjraYNOKo9S/2vvPv97FsNrzau7jCNAMUOyvWw/fNwur2jW5H44G7M8slaAg +DSfEEkKrG/mc+cC9VQfnGkOrgvfuOnPQ54uH0RRgRvjBO9rOzu4SKjXs4y5+gsVE +06mYY9fqCJK4opxImR3zZMhNPvbpHj44i9yZ4RPm0uQ1W7yJAD2P43ATG9MoFezw +eMtNL04jBIyd7p+edXTT49QTc8LkDGLpHxEecCYPkZGyEMbsm2ee2T5J1iSjiFkW +2+oY/6vZjg0CeUA8mR1ghtyfMc2gfHT7UHZ0TYBZ2eL8g0qzGAQwsFaOot/O2ljk +m5X5PrmnUx8FyBjyqRcScQOslPXPygFxhGZj8EYEaSNrDRaGPASGesNO6LabkkFl +1hIXM8ZCYhJlhiBGL5H0BTEohW2qYaHVgnklBUi/QqDTktt/hAcMHjA7+lXaXy7v +Y7KH3AvHpASd/jxLEL2oBUG3bKrfrb5su76OCbmOnKiIp0TeoT2gvQBRRKzsLelX +ypr5vbh9hYd6wjhruvIE1lesyS23di4E36IdZPYLMs0X9IWwsxSTyr9//MO9SOOc +fYA5IVbhxDYOFy4XucKcGVC1wpeYsCSKVtqPpzndSedX0Tc+gJ1LhphF/xlW/Oa9 +nuRHzeoFiQIcBBABCgAGBQJUpdtpAAoJECBkxTZBwl5dockP/0m9chPxSxSCac34 +wMcOdRs160JpETjnpdOxw22np/g1XawIZOxTBA3cpATfmod15fx/qjTJcVWx2RzZ +j4YdPr5JMzGLDnDDjS75Vj5kIfoHyvHVnybIVA4kjgWR4MU9fPV9xiF6uIjOhB7P +qqjb4C/B1+t+IY1uTSHpIIJJz06outCj5l6u3s1qLO234i0TzaZMF77y9YXgPbUf +yoRU/Kmpqx+teYFlsj1I1Rt3TyfKsS5FoYkgUM/7Gk00lRZqb9cpFRsJ0Ir8oGrG +MpcypAndtf2KT3HFmRP1wpxqiSedA13QMnTuH8UmEaM2fQWjba2+RrGFdd1eKzSa +NiaiwDFdl/dkkBSCIINgYJ+A22uywqpkmsfj4cPZ3Jt+Fh28h+4EeKM+Ozz0oKkE +yOlJE6xSCCu3u5+L3vkzIfqHVH8pizug+w1U2naQ5sNQYH/Ef3z4xjPhatBd4soE +IXJAIPymyfRoCqZNcm9mf4pJcOXdZ2I1VkMPYVrCog/CQ6Cyh0VWgggeNB1D1TEJ +jzI4csX/94QNBuLQafKb6O7HaU7b8w6rdff0XiLDUQeOEdJk5FEVvayb86crTpzl +sKWsPlbtq+rNUuxGWp8q5Hx7qxzZyEFe3phUSO/iCIlwkEqhPIkJGZ6eNxp8K3Ia +Lmr6z6lu6JMJuKHGcwX4Wam24+0vtCdPcGVuU1NMIHRlYW0gPG9wZW5zc2wtdGVh +bUBvcGVuc3NsLm9yZz6JAj0EEwEKACcFAlQv6Z8CGwMFCQHhM4AFCwkIBwMFFQoJ +CAsFFgIDAQACHgECF4AACgkQ2JTizos9efV70xAAlXY8dfsZRKMbVyv7YOPaC38X +L1ySNUqoMy0lBS8L8Sac5vrim3B1X8Ztxlli0kgIEbpDidT8sP8hxvQZa+rnObmp +aBXpBudBgT/FrpwKt0kAcfxnoLGo1ZrSS4MJPwgYAyg2VY6O5gzJG+AnxoeT6NpG +8KmgVsFr8QpLFJOI20fOoCCsNMWsQk5uWKifoYNnFsYwdaKJnzfYFqC3lQCcU12W +F0Eeo/+gSK309+Dq3ujoTgKAElOvVom3c+RIFRHTwnCgucrJFAgcavZiEEd9QGPg +3LsZ7HpmE6nwzPOwnxqM8qLtvUvzXJPH6j87iuk7ojPVBPAyHU2ITaANj8IyVi4l +iRzvNohypWCbV+MUyrkI/Ko+TrQ/XmDRfQKSfFbt9UBH1g+/iBfUVdLPNKD0gyXw +y04nTNdgyB5V3zjCfQ1UEZ5TESDXfjBP+5TGzF5IMlvAYa3dyGYpHuMTGjCno8R/ +d9vVxlOaQSWcbB5uNUHLj6Fpvoxvz1InfrarFXIh4jbZg0ewI3sbuUmjh0PhX0fR +r9HiEAhpRjUfdidWbuOa7+BMXyLOoifNpxv4Q8gm+eu/kxYjayRHNv+0DX1nKM2s +LdODoMf5BYIULLksavUlrmZ7GpJtBgEO4dhSDDp6VYw24NNSG8orV2V4Fleegdes +D8tAA1Bl6Chb64m28sKJAhwEEAEKAAYFAlSl23AACgkQIGTFNkHCXl3/qw/7BatG +hw4B4dKJsw2Ds3fBcOl4m8q5+TxIILZaz4ko63tLBoXzs04f3UF+5DKb0H/lo1Pp +3WYQL+KL0sVcZ3KDNXWLTpvz0qND88Ek85c0PusIrqcvD24bUlFkNyeToniPj+59 +LGbmxSg6FdQ9w+a72QwcE1hPxSYgnC8b5U1jlmteFKGYAI8vy5OkQG/t9JhS6yi9 +TTVAE+jT9tDbkmWaJo+B3+VReO0dRnH799vGk23GxXEf1ncA4SO6BFKve/eewB3b +uf4dbPnI6V3BS2Bcdo21bmECeqddAeIGAxWC5kvwZwHvjrkOJq+5jsRvB+PYUPhd +Atr6nNroWn+t/hFgfYd85arqLWj+Ln156tNFzULEgOIZcC2DnkW+a/cFa0GOqIyN +H3lysLuE0dzin6EE6upae/u2KYMeGqaOs6KdyH1bu/zUg0bxX0n2GyBBxCAKTeD7 +qpv/OMdNSZRQckTDYzAd+BguzQ3F9I8tVXWp53G4mZWVXK4kU78Gj4nvM6FMBEXo +wtvBNhx+xRY2n0mA0x36IbERcKLE7nCxhdiUqEZGixDbZOj1TTxMd97TC6FIWGQL +Vu46R0HJsulpljUBeEcMNM7hNC7dLlpSujZiOydJaHxio2uO5vOYetkrl7hA+MDm +02BteFshlUYlsOhCoM0qOTvW+t5OLY0yBrsEYCW5Ag0EVC/pnwEQAMB3s+8dq5T8 +fW+b3OcGujEcbhyguc6D5shlNWsuCV3W7+izsVUe+0hD1YwD30C6zj2+CJrMxPQ/ +BB3u3SbyHMDP5fKL7GQiA/n192hX2DuHxvQwnDNkHxYghtrFKOlXAyte2awA0fC+ +e0o8lHa1Yd2ZZNqlDC23qJtLMJH8bX8CIr59KckNyv64bF+hVPIN3evnh1Ajn4A8 +5848EZMQcjedg72MsA3TW2D4omayY7eXE5uut7FYcY6SM4pThIB2X9DM39Rgy3qC +4ObvEkEfaWnJfHxyXiA8XF+FZukXc/iM68P0VS/sMml9QPsYMWnMHcGlOcuzQJRA +alqZJwuK0ZIvobh/Y9rYLxrHtNCgSjaFuSN9K/YhpAxs80H6lVa7GCSASTRrS3Ov +mY++fTsUPzSOvit0kqQfimziYx7QcJIagG92mvUmuf2PEfzvSi6iaIqMhaTaJq5q +xOR0q430KakQktNPX53HflWL7YenDPYw1rEyQFxGqjaBY1X8NtuzZ0P4cahgsBFc +8HgYu2u3Ysd5wmvSTsOXld8Qsns1KIUOpzgWw56AJ6dxS3lK4QSUFwjzbZW9H0jJ +49eBMAaA+hCjv8c/4BFuZq9Gvsafn425Lx1V/3PFJlPu55V+7qWjeOkSzNctMlmC +qPQVetbZ/pHLAJO5IUO3SoTs5kl6bARzABEBAAGJAiUEGAEKAA8FAlQv6Z8CGwwF +CQHhM4AACgkQ2JTizos9efW9Gg/9GoPUHtq600MemwBQvgZdV1IMGTavvwnROhmr +DH+tmJnKchyEZ/SpfQWjEyj50WichcWaCQ0O4JNHL7cRXhJD8SbxwODQn6+6rdH2 +ilFCke+VDq3dKGbc4IM8YUHg3b6babXQkRTlUYsJ2oPCfNTjPFXXyLJvtdob1FPD +Xll42X+lcXx3P2seTf+lrGuPvg071ftDGFtnMom+DziC56wd3PqpGxyWuQycgtiX +YZEAs2rs7y028lVB3S/aRRtBll6NTdvAGoHaoSvnssqklID2lqoAhpvhO+wdgRrd +iHVUBJ9pzl1dUVZK8bU4R2Wx3SBK42dXeaWFnf3UqpiSMhyXwHZlCQNaQaMjFL8o +AJEWNakVlwejqoI+1kS0Am7iYV9L5bSUDvK9PDWKAJTUhQbOnO5lztumkmflbHg1 +6+ptT4VqpvB9mDdCdgOUB7spLKhTZkOVT9OG1ROxBQbIjt8PUUu2MbHw4XMx7pwk +YcYAu3tBaz9KDDMvvnYH9/V9o8b2qczQY98tIZaOVfjqK7smkMuNP82HXrpRTsfU +vW1i8TR4gH9RCO8ltNoAO6QXjCsCbeI+TTi8DqTYHcZD0cDmDBNojblubYS6mezo +dM1jIazlFqHFSBvzMbiSQ5BL5QZC3qd2B2DHxyuUDjvmJAVVPuIxu13yhrUC3SW2 +zWSthsI= +=08wY +-----END PGP PUBLIC KEY BLOCK----- hooks/post-receive -- OpenSSL Web Pages From steve at openssl.org Fri Jan 2 22:26:24 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 2 Jan 2015 23:26:24 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 4f605ccb779e32a770093d687e0554e0bbb137d3 Message-ID: <20150102222625.0F0A91DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 4f605ccb779e32a770093d687e0554e0bbb137d3 (commit) from 2a9338ee31b8448186b79c4a8115dc76f6a431d7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4f605ccb779e32a770093d687e0554e0bbb137d3 Author: Dr. Stephen Henson Date: Fri Dec 5 13:39:14 2014 +0000 Clear existing extension state. When parsing ClientHello clear any existing extension state from SRP login and SRTP profile. Thanks to Karthikeyan Bhargavan for reporting this issue. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index fec7ace..2180c54 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1996,6 +1996,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; #endif +#ifndef OPENSSL_NO_SRP + if (s->srp_ctx.login != NULL) + { + OPENSSL_free(s->srp_ctx.login); + s->srp_ctx.login = NULL; + } +#endif + + s->srtp_profile = NULL; + if (data >= (d+n-2)) goto ri_check; n2s(data,len); hooks/post-receive -- OpenSSL source code From steve at openssl.org Fri Jan 2 22:32:50 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 2 Jan 2015 23:32:50 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-93-g500d67f Message-ID: <20150102223250.84C511DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 500d67f15ac8199a39c3ba3861f71951766fbae4 (commit) from 40fb8587ed854eaa6bbe703a4480b5b20ff7b71c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 500d67f15ac8199a39c3ba3861f71951766fbae4 Author: Dr. Stephen Henson Date: Fri Dec 5 13:39:14 2014 +0000 Clear existing extension state. When parsing ClientHello clear any existing extension state from SRP login and SRTP profile. Thanks to Karthikeyan Bhargavan for reporting this issue. Reviewed-by: Matt Caswell (cherry picked from commit 47606dda672a5008168f62d4b7d7f94cd2d31313) Conflicts: ssl/t1_lib.c ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1a5f4c1..179b467 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1005,6 +1005,16 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in ssl_check_for_safari(s, data, d, n); #endif /* !OPENSSL_NO_EC */ +#ifndef OPENSSL_NO_SRP + if (s->srp_ctx.login != NULL) + { + OPENSSL_free(s->srp_ctx.login); + s->srp_ctx.login = NULL; + } +#endif + + s->srtp_profile = NULL; + if (data >= (d+n-2)) goto ri_check; n2s(data,len); hooks/post-receive -- OpenSSL source code From steve at openssl.org Fri Jan 2 22:32:50 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 2 Jan 2015 23:32:50 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-132-g47606dd Message-ID: <20150102223250.B82F71DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 47606dda672a5008168f62d4b7d7f94cd2d31313 (commit) from c30c8761766d98c7fcd257b7332df5cd56c40a6f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 47606dda672a5008168f62d4b7d7f94cd2d31313 Author: Dr. Stephen Henson Date: Fri Dec 5 13:39:14 2014 +0000 Clear existing extension state. When parsing ClientHello clear any existing extension state from SRP login and SRTP profile. Thanks to Karthikeyan Bhargavan for reporting this issue. Reviewed-by: Matt Caswell (cherry picked from commit 4f605ccb779e32a770093d687e0554e0bbb137d3) Conflicts: ssl/t1_lib.c ----------------------------------------------------------------------- Summary of changes: ssl/t1_lib.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 962861d..4deab88 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2016,6 +2016,16 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char s->cert->peer_sigalgs = NULL; } +#ifndef OPENSSL_NO_SRP + if (s->srp_ctx.login != NULL) + { + OPENSSL_free(s->srp_ctx.login); + s->srp_ctx.login = NULL; + } +#endif + + s->srtp_profile = NULL; + if (data >= (d+n-2)) goto ri_check; n2s(data,len); hooks/post-receive -- OpenSSL source code From steve at openssl.org Fri Jan 2 23:01:01 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 3 Jan 2015 00:01:01 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 95275599399e277e71d064790a1f828a99fc661a Message-ID: <20150102230102.ABECC1DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 95275599399e277e71d064790a1f828a99fc661a (commit) via 63eab8a620944a990ab3985620966ccd9f48d681 (commit) from 4f605ccb779e32a770093d687e0554e0bbb137d3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 95275599399e277e71d064790a1f828a99fc661a Author: Dr. Stephen Henson Date: Fri Jan 2 22:40:41 2015 +0000 Remove SGC restart flag. Reviewed-by: Matt Caswell commit 63eab8a620944a990ab3985620966ccd9f48d681 Author: Dr. Stephen Henson Date: Fri Oct 24 02:36:13 2014 +0100 Remove MS SGC MS Server gated cryptography is obsolete and dates from the time of export restrictions on strong encryption and is only used by ancient versions of MSIE. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/crypto/BIO_f_ssl.pod | 2 +- doc/ssl/SSL_accept.pod | 5 +-- doc/ssl/SSL_do_handshake.pod | 5 +-- ssl/d1_srvr.c | 21 +++---------- ssl/s3_both.c | 11 ------- ssl/s3_srvr.c | 69 +++++------------------------------------- ssl/ssl3.h | 10 ------ ssl/ssl_locl.h | 1 - 8 files changed, 15 insertions(+), 109 deletions(-) diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index bc5861a..a9f23f1 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -108,7 +108,7 @@ SSL BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a BIO_read() operation, one -case where this happens is when SGC or step up occurs. +case where this happens is when step up occurs. In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index 2239444..89ad6bd 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -21,10 +21,7 @@ B by setting an underlying B. The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B, SSL_accept() will only return once the -handshake has been finished or an error occurred, except for SGC (Server -Gated Cryptography). For SGC, SSL_accept() may return with -1, but -SSL_get_error() will yield B and SSL_accept() -should be called again. +handshake has been finished or an error occurred. If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod index b35ddf5..8b590c9 100644 --- a/doc/ssl/SSL_do_handshake.pod +++ b/doc/ssl/SSL_do_handshake.pod @@ -23,10 +23,7 @@ L. The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B, SSL_do_handshake() will only return -once the handshake has been finished or an error occurred, except for SGC -(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1, -but SSL_get_error() will yield B and -SSL_do_handshake() should be called again. +once the handshake has been finished or an error occurred. If the underlying BIO is B, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0cdc51b..bcadd31 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -610,24 +610,13 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) + if (s->s3->tmp.cert_request) { - dtls1_stop_timer(s); - s->state = SSL3_ST_SR_CLNT_HELLO_C; + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; } - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 6c0fb37..845c803 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -412,17 +412,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } - if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { - /* At this point we have got an MS SGC second client - * hello (maybe we should always allow the client to - * start a new handshake?). We need to restart the mac. - * Don't increment {num,total}_renegotiations because - * we have not completed the handshake. */ - ssl3_init_finished_mac(s); - } s->s3->tmp.message_type= *(p++); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index a308577..6c0bdcf 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -308,7 +308,6 @@ int ssl3_accept(SSL *s) } s->init_num=0; - s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY; s->s3->flags &= ~SSL3_FLAGS_CCS_OK; /* Should have been reset by ssl3_get_finished, too. */ @@ -592,21 +591,13 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) - s->state = SSL3_ST_SR_CLNT_HELLO_C; - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -907,52 +898,6 @@ int ssl3_send_hello_request(SSL *s) return ssl_do_write(s); } -int ssl3_check_client_hello(SSL *s) - { - int ok; - long n; - - /* this function is called when we really expect a Certificate message, - * so permit appropriate message length */ - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, - -1, - s->max_cert_list, - &ok); - if (!ok) return((int)n); - s->s3->tmp.reuse_message = 1; - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) - { - /* We only allow the client to restart the handshake once per - * negotiation. */ - if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) - { - SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; - } - /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) */ -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } -#endif -#ifndef OPENSSL_NO_ECDH - if (s->s3->tmp.ecdh != NULL) - { - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - } -#endif - s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; - return 2; - } - return 1; -} - int ssl3_get_client_hello(SSL *s) { int i,j,ok,al=SSL_AD_INTERNAL_ERROR,ret= -1; diff --git a/ssl/ssl3.h b/ssl/ssl3.h index efff233..24e6faa 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -439,16 +439,6 @@ typedef struct ssl3_buffer_st */ #define SSL3_FLAGS_CCS_OK 0x0080 -/* SSL3_FLAGS_SGC_RESTART_DONE is set when we - * restart a handshake because of MS SGC and so prevents us - * from restarting the handshake in a loop. It's reset on a - * renegotiation, so effectively limits the client to one restart - * per negotiation. This limits the possibility of a DDoS - * attack where the client handshakes in a loop using SGC to - * restart. Servers which permit renegotiation can still be - * effected, but we can't prevent that. - */ -#define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 /* Set if we encrypt then mac instead of usual mac then encrypt */ #define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100 diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index facfec5..33a55fe 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1185,7 +1185,6 @@ int ssl3_send_hello_request(SSL *s); int ssl3_send_server_key_exchange(SSL *s); int ssl3_send_certificate_request(SSL *s); int ssl3_send_server_done(SSL *s); -int ssl3_check_client_hello(SSL *s); int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); hooks/post-receive -- OpenSSL source code From steve at openssl.org Fri Jan 2 23:14:21 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 3 Jan 2015 00:14:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-134-g5396c11 Message-ID: <20150102231421.3C9771DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 5396c1190fe7c95b71d5d091c31d0fd6d65bb2ff (commit) via cf95b2d66ac5ea857a28eb901effa4da6b0c4bca (commit) from 47606dda672a5008168f62d4b7d7f94cd2d31313 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5396c1190fe7c95b71d5d091c31d0fd6d65bb2ff Author: Dr. Stephen Henson Date: Fri Jan 2 23:09:39 2015 +0000 Update SGC flag comment. Since SGC has been removed from OpenSSL 1.0.2 the SSL3_FLAGS_SGC_RESTART_DONE is no longer used. However the #define is retained for compatibility. Reviewed-by: Matt Caswell commit cf95b2d66ac5ea857a28eb901effa4da6b0c4bca Author: Dr. Stephen Henson Date: Fri Oct 24 02:36:13 2014 +0100 Remove MS SGC MS Server gated cryptography is obsolete and dates from the time of export restrictions on strong encryption and is only used by ancient versions of MSIE. Reviewed-by: Matt Caswell (cherry picked from commit 63eab8a620944a990ab3985620966ccd9f48d681) ----------------------------------------------------------------------- Summary of changes: doc/crypto/BIO_f_ssl.pod | 2 +- doc/ssl/SSL_accept.pod | 5 +-- doc/ssl/SSL_do_handshake.pod | 5 +-- ssl/d1_srvr.c | 21 +++---------- ssl/s3_both.c | 11 ------- ssl/s3_srvr.c | 69 +++++------------------------------------- ssl/ssl3.h | 10 +----- ssl/ssl_locl.h | 1 - 8 files changed, 16 insertions(+), 108 deletions(-) diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index bc5861a..a9f23f1 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -108,7 +108,7 @@ SSL BIOs are exceptional in that if the underlying transport is non blocking they can still request a retry in exceptional circumstances. Specifically this will happen if a session renegotiation takes place during a BIO_read() operation, one -case where this happens is when SGC or step up occurs. +case where this happens is when step up occurs. In OpenSSL 0.9.6 and later the SSL flag SSL_AUTO_RETRY can be set to disable this behaviour. That is when this flag is set diff --git a/doc/ssl/SSL_accept.pod b/doc/ssl/SSL_accept.pod index 2239444..89ad6bd 100644 --- a/doc/ssl/SSL_accept.pod +++ b/doc/ssl/SSL_accept.pod @@ -21,10 +21,7 @@ B by setting an underlying B. The behaviour of SSL_accept() depends on the underlying BIO. If the underlying BIO is B, SSL_accept() will only return once the -handshake has been finished or an error occurred, except for SGC (Server -Gated Cryptography). For SGC, SSL_accept() may return with -1, but -SSL_get_error() will yield B and SSL_accept() -should be called again. +handshake has been finished or an error occurred. If the underlying BIO is B, SSL_accept() will also return when the underlying BIO could not satisfy the needs of SSL_accept() diff --git a/doc/ssl/SSL_do_handshake.pod b/doc/ssl/SSL_do_handshake.pod index b35ddf5..8b590c9 100644 --- a/doc/ssl/SSL_do_handshake.pod +++ b/doc/ssl/SSL_do_handshake.pod @@ -23,10 +23,7 @@ L. The behaviour of SSL_do_handshake() depends on the underlying BIO. If the underlying BIO is B, SSL_do_handshake() will only return -once the handshake has been finished or an error occurred, except for SGC -(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1, -but SSL_get_error() will yield B and -SSL_do_handshake() should be called again. +once the handshake has been finished or an error occurred. If the underlying BIO is B, SSL_do_handshake() will also return when the underlying BIO could not satisfy the needs of SSL_do_handshake() diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 5f15467..ce73f24 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -610,24 +610,13 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) + if (s->s3->tmp.cert_request) { - dtls1_stop_timer(s); - s->state = SSL3_ST_SR_CLNT_HELLO_C; + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; } - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: diff --git a/ssl/s3_both.c b/ssl/s3_both.c index e6ab523..b4bbd47 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -411,17 +411,6 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } - if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && - (st1 == SSL3_ST_SR_CERT_A) && - (stn == SSL3_ST_SR_CERT_B)) - { - /* At this point we have got an MS SGC second client - * hello (maybe we should always allow the client to - * start a new handshake?). We need to restart the mac. - * Don't increment {num,total}_renegotiations because - * we have not completed the handshake. */ - ssl3_init_finished_mac(s); - } s->s3->tmp.message_type= *(p++); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 453d58b..01c9828 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -300,7 +300,6 @@ int ssl3_accept(SSL *s) } s->init_num=0; - s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE; s->s3->flags &= ~TLS1_FLAGS_SKIP_CERT_VERIFY; s->s3->flags &= ~SSL3_FLAGS_CCS_OK; /* Should have been reset by ssl3_get_finished, too. */ @@ -585,21 +584,13 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_A: case SSL3_ST_SR_CERT_B: - /* Check for second client hello (MS SGC) */ - ret = ssl3_check_client_hello(s); - if (ret <= 0) - goto end; - if (ret == 2) - s->state = SSL3_ST_SR_CLNT_HELLO_C; - else { - if (s->s3->tmp.cert_request) - { - ret=ssl3_get_client_certificate(s); - if (ret <= 0) goto end; - } - s->init_num=0; - s->state=SSL3_ST_SR_KEY_EXCH_A; - } + if (s->s3->tmp.cert_request) + { + ret=ssl3_get_client_certificate(s); + if (ret <= 0) goto end; + } + s->init_num=0; + s->state=SSL3_ST_SR_KEY_EXCH_A; break; case SSL3_ST_SR_KEY_EXCH_A: @@ -900,52 +891,6 @@ int ssl3_send_hello_request(SSL *s) return ssl_do_write(s); } -int ssl3_check_client_hello(SSL *s) - { - int ok; - long n; - - /* this function is called when we really expect a Certificate message, - * so permit appropriate message length */ - n=s->method->ssl_get_message(s, - SSL3_ST_SR_CERT_A, - SSL3_ST_SR_CERT_B, - -1, - s->max_cert_list, - &ok); - if (!ok) return((int)n); - s->s3->tmp.reuse_message = 1; - if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) - { - /* We only allow the client to restart the handshake once per - * negotiation. */ - if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE) - { - SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS); - return -1; - } - /* Throw away what we have done so far in the current handshake, - * which will now be aborted. (A full SSL_clear would be too much.) */ -#ifndef OPENSSL_NO_DH - if (s->s3->tmp.dh != NULL) - { - DH_free(s->s3->tmp.dh); - s->s3->tmp.dh = NULL; - } -#endif -#ifndef OPENSSL_NO_ECDH - if (s->s3->tmp.ecdh != NULL) - { - EC_KEY_free(s->s3->tmp.ecdh); - s->s3->tmp.ecdh = NULL; - } -#endif - s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE; - return 2; - } - return 1; -} - int ssl3_get_client_hello(SSL *s) { int i,j,ok,al=SSL_AD_INTERNAL_ERROR,ret= -1; diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 36320ff..6525efe 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -435,15 +435,7 @@ typedef struct ssl3_buffer_st */ #define SSL3_FLAGS_CCS_OK 0x0080 -/* SSL3_FLAGS_SGC_RESTART_DONE is set when we - * restart a handshake because of MS SGC and so prevents us - * from restarting the handshake in a loop. It's reset on a - * renegotiation, so effectively limits the client to one restart - * per negotiation. This limits the possibility of a DDoS - * attack where the client handshakes in a loop using SGC to - * restart. Servers which permit renegotiation can still be - * effected, but we can't prevent that. - */ +/* SSL3_FLAGS_SGC_RESTART_DONE is no longer used */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 #ifndef OPENSSL_NO_SSL_INTERN diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 6b53f24..ec5e300 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1233,7 +1233,6 @@ int ssl3_send_hello_request(SSL *s); int ssl3_send_server_key_exchange(SSL *s); int ssl3_send_certificate_request(SSL *s); int ssl3_send_server_done(SSL *s); -int ssl3_check_client_hello(SSL *s); int ssl3_get_client_certificate(SSL *s); int ssl3_get_client_key_exchange(SSL *s); int ssl3_get_cert_verify(SSL *s); hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Sun Jan 4 19:51:46 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 4 Jan 2015 20:51:46 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 2c60925d1ccc0b96287bdc9acb90198e7180d642 Message-ID: <20150104195147.19F351DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 2c60925d1ccc0b96287bdc9acb90198e7180d642 (commit) from 95275599399e277e71d064790a1f828a99fc661a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2c60925d1ccc0b96287bdc9acb90198e7180d642 Author: Rich Salz Date: Sun Jan 4 14:51:04 2015 -0500 RT2914: NULL check missing in X509_name_canon Check for NULL return from X509_NAME_ENTRY_new() Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_name.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index d7c2318..22da570 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -350,6 +350,8 @@ static int x509_name_canon(X509_NAME *a) set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); + if (!tmpentry) + goto err; tmpentry->object = OBJ_dup(entry->object); if (!asn1_string_canon(tmpentry->value, entry->value)) goto err; hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Sun Jan 4 19:52:13 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 4 Jan 2015 20:52:13 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-135-g9f49067 Message-ID: <20150104195213.8300D1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 9f49067c9e6fbd38dab2cb2cfbedf10300a95901 (commit) from 5396c1190fe7c95b71d5d091c31d0fd6d65bb2ff (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9f49067c9e6fbd38dab2cb2cfbedf10300a95901 Author: Rich Salz Date: Sun Jan 4 14:51:04 2015 -0500 RT2914: NULL check missing in X509_name_canon Check for NULL return from X509_NAME_ENTRY_new() Reviewed-by: Dr. Stephen Henson (cherry picked from commit 2c60925d1ccc0b96287bdc9acb90198e7180d642) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_name.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index d7c2318..22da570 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -350,6 +350,8 @@ static int x509_name_canon(X509_NAME *a) set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); + if (!tmpentry) + goto err; tmpentry->object = OBJ_dup(entry->object); if (!asn1_string_canon(tmpentry->value, entry->value)) goto err; hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Sun Jan 4 19:52:25 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 4 Jan 2015 20:52:25 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-94-g9e9ee7e Message-ID: <20150104195225.E58C71DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 9e9ee7e37f3da6f5c8aecfee9a2919d417842890 (commit) from 500d67f15ac8199a39c3ba3861f71951766fbae4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9e9ee7e37f3da6f5c8aecfee9a2919d417842890 Author: Rich Salz Date: Sun Jan 4 14:51:04 2015 -0500 RT2914: NULL check missing in X509_name_canon Check for NULL return from X509_NAME_ENTRY_new() Reviewed-by: Dr. Stephen Henson (cherry picked from commit 2c60925d1ccc0b96287bdc9acb90198e7180d642) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_name.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c index d7c2318..22da570 100644 --- a/crypto/asn1/x_name.c +++ b/crypto/asn1/x_name.c @@ -350,6 +350,8 @@ static int x509_name_canon(X509_NAME *a) set = entry->set; } tmpentry = X509_NAME_ENTRY_new(); + if (!tmpentry) + goto err; tmpentry->object = OBJ_dup(entry->object); if (!asn1_string_canon(tmpentry->value, entry->value)) goto err; hooks/post-receive -- OpenSSL source code From appro at openssl.org Sun Jan 4 22:22:27 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 4 Jan 2015 23:22:27 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-136-gc02e2d6 Message-ID: <20150104222227.A72961DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via c02e2d6a715f3c3be1138f7b11bbf21a4d5bfb35 (commit) from 9f49067c9e6fbd38dab2cb2cfbedf10300a95901 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c02e2d6a715f3c3be1138f7b11bbf21a4d5bfb35 Author: Andy Polyakov Date: Sun Jan 4 21:29:50 2015 +0100 ecp_nistz256-x86_64.pl: fix occasional failures. RT: 3607 Reviewed-by: Adam Langley Reviewed-by: Emilia Kasper (cherry picked from commit 9e557ab2624d5c5e8d799c123f5e8211664d8845) ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/ecp_nistz256-x86_64.pl | 481 ++++++++++++++-------------------- 1 file changed, 191 insertions(+), 290 deletions(-) diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index c4b6d0f..5b21574 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -31,15 +31,16 @@ # Further optimization by : # # this/original -# Opteron +8-33% -# Bulldozer +10-30% -# P4 +14-38% -# Westmere +8-23% -# Sandy Bridge +8-24% -# Ivy Bridge +7-25% -# Haswell +5-25% -# Atom +10-32% -# VIA Nano +37-130% +# Opteron +12-49% +# Bulldozer +14-45% +# P4 +18-46% +# Westmere +12-34% +# Sandy Bridge +9-35% +# Ivy Bridge +9-35% +# Haswell +8-37% +# Broadwell +18-58% +# Atom +15-50% +# VIA Nano +43-160% # # Ranges denote minimum and maximum improvement coefficients depending # on benchmark. @@ -549,28 +550,20 @@ __ecp_nistz256_mul_montq: # and add the result to the acc. # Due to the special form of p256 we do some optimizations # - # acc[0] x p256[0] = acc[0] x 2^64 - acc[0] - # then we add acc[0] and get acc[0] x 2^64 - - mulq $poly1 - xor $t0, $t0 - add $acc0, $acc1 # +=acc[0]*2^64 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - - # acc[0] x p256[2] = 0 - adc %rdx, $acc2 - adc \$0, $t0 + # acc[0] x p256[0..1] = acc[0] x 2^96 - acc[0] + # then we add acc[0] and get acc[0] x 2^96 + mov $acc0, $t1 + shl \$32, $acc0 mulq $poly3 - xor $acc0, $acc0 - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 + shr \$32, $t1 + add $acc0, $acc1 # +=acc[0]<<96 + adc $t1, $acc2 + adc %rax, $acc3 mov 8*1($b_ptr), %rax adc %rdx, $acc4 adc \$0, $acc5 + xor $acc0, $acc0 ######################################################################## # Multiply by b[1] @@ -607,23 +600,17 @@ __ecp_nistz256_mul_montq: ######################################################################## # Second reduction step - mulq $poly1 - xor $t0, $t0 - add $acc1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 - adc \$0, $t0 - + mov $acc1, $t1 + shl \$32, $acc1 mulq $poly3 - xor $acc1, $acc1 - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 + shr \$32, $t1 + add $acc1, $acc2 + adc $t1, $acc3 + adc %rax, $acc4 mov 8*2($b_ptr), %rax adc %rdx, $acc5 adc \$0, $acc0 + xor $acc1, $acc1 ######################################################################## # Multiply by b[2] @@ -660,23 +647,17 @@ __ecp_nistz256_mul_montq: ######################################################################## # Third reduction step - mulq $poly1 - xor $t0, $t0 - add $acc2, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc4 - adc \$0, $t0 - + mov $acc2, $t1 + shl \$32, $acc2 mulq $poly3 - xor $acc2, $acc2 - add $t0, $acc5 - adc \$0, %rdx - add %rax, $acc5 + shr \$32, $t1 + add $acc2, $acc3 + adc $t1, $acc4 + adc %rax, $acc5 mov 8*3($b_ptr), %rax adc %rdx, $acc0 adc \$0, $acc1 + xor $acc2, $acc2 ######################################################################## # Multiply by b[3] @@ -713,20 +694,14 @@ __ecp_nistz256_mul_montq: ######################################################################## # Final reduction step - mulq $poly1 - #xor $t0, $t0 - add $acc3, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc3, %rax - adc %rdx, $acc5 - #adc \$0, $t0 # doesn't overflow - + mov $acc3, $t1 + shl \$32, $acc3 mulq $poly3 - #add $t0, $acc0 - #adc \$0, %rdx + shr \$32, $t1 + add $acc3, $acc4 + adc $t1, $acc5 mov $acc4, $t0 - add %rax, $acc0 + adc %rax, $acc0 adc %rdx, $acc1 mov $acc5, $t1 adc \$0, $acc2 @@ -739,14 +714,14 @@ __ecp_nistz256_mul_montq: sbb \$0, $acc0 # .Lpoly[2] mov $acc1, $t3 sbb $poly3, $acc1 # .Lpoly[3] - neg $acc2 + sbb \$0, $acc2 - cmovnc $t0, $acc4 - cmovnc $t1, $acc5 + cmovc $t0, $acc4 + cmovc $t1, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $t2, $acc0 + cmovc $t2, $acc0 mov $acc5, 8*1($r_ptr) - cmovnc $t3, $acc1 + cmovc $t3, $acc1 mov $acc0, 8*2($r_ptr) mov $acc1, 8*3($r_ptr) @@ -896,89 +871,62 @@ __ecp_nistz256_sqr_montq: ########################################## # Now the reduction # First iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc0, $acc1 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - adc %rdx, $acc2 # doesn't overflow - #adc \$0, $t0 - + mov $acc0, $t0 + shl \$32, $acc0 mulq $t1 - xor $acc0, $acc0 - #add $t0, $acc3 - #adc \$0, %rdx - add %rax, $acc3 + shr \$32, $t0 + add $acc0, $acc1 # +=acc[0]<<96 + adc $t0, $acc2 + adc %rax, $acc3 mov $acc1, %rax - adc %rdx, $acc4 - adc \$0, $acc0 + adc \$0, %rdx ########################################## # Second iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 # doesn't overflow - #adc \$0, $t0 - + mov $acc1, $t0 + shl \$32, $acc1 + mov %rdx, $acc0 mulq $t1 - xor $acc1, $acc1 - #add $t0, $acc4 - #adc \$0, %rdx - add %rax, $acc4 + shr \$32, $t0 + add $acc1, $acc2 + adc $t0, $acc3 + adc %rax, $acc0 mov $acc2, %rax - adc %rdx, $acc0 - adc \$0, $acc1 + adc \$0, %rdx ########################################## # Third iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc2, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc4 # doesn't overflow - #adc \$0, $t0 - + mov $acc2, $t0 + shl \$32, $acc2 + mov %rdx, $acc1 mulq $t1 - xor $acc2, $acc2 - #add $t0, $acc0 - #adc \$0, %rdx - add %rax, $acc0 + shr \$32, $t0 + add $acc2, $acc3 + adc $t0, $acc0 + adc %rax, $acc1 mov $acc3, %rax - adc %rdx, $acc1 - adc \$0, $acc2 + adc \$0, %rdx ########################################### # Last iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc3, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc3, %rax - adc %rdx, $acc0 # doesn't overflow - #adc \$0, $t0 - + mov $acc3, $t0 + shl \$32, $acc3 + mov %rdx, $acc2 mulq $t1 + shr \$32, $t0 + add $acc3, $acc0 + adc $t0, $acc1 + adc %rax, $acc2 + adc \$0, %rdx xor $acc3, $acc3 - #add $t0, $acc1 - #adc \$0, %rdx - add %rax, $acc1 - adc %rdx, $acc2 - adc \$0, $acc3 ############################################ # Add the rest of the acc - add $acc0, $acc5 + add $acc0, $acc4 + adc $acc1, $acc5 mov $acc4, $acc0 - adc $acc1, $acc6 - adc $acc2, $acc7 + adc $acc2, $acc6 + adc %rdx, $acc7 mov $acc5, $acc1 adc \$0, $acc3 @@ -988,14 +936,14 @@ __ecp_nistz256_sqr_montq: sbb \$0, $acc6 # .Lpoly[2] mov $acc7, $t0 sbb $t1, $acc7 # .Lpoly[3] - neg $acc3 + sbb \$0, $acc3 - cmovnc $acc0, $acc4 - cmovnc $acc1, $acc5 + cmovc $acc0, $acc4 + cmovc $acc1, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $acc2, $acc6 + cmovc $acc2, $acc6 mov $acc5, 8*1($r_ptr) - cmovnc $t0, $acc7 + cmovc $t0, $acc7 mov $acc6, 8*2($r_ptr) mov $acc7, 8*3($r_ptr) @@ -1027,18 +975,15 @@ __ecp_nistz256_mul_montx: ######################################################################## # First reduction step - xor $acc0, $acc0 # $acc0=0,cf=0,of=0 - adox $t1, $acc1 - adox $t0, $acc2 + add $t1, $acc1 + adc $t0, $acc2 mulx $poly3, $t0, $t1 mov 8*1($b_ptr), %rdx - adox $t0, $acc3 - adcx $t1, $acc4 - - adox $acc0, $acc4 - adcx $acc0, $acc5 # cf=0 - adox $acc0, $acc5 # of=0 + adc $t0, $acc3 + adc $t1, $acc4 + adc \$0, $acc5 + xor $acc0, $acc0 # $acc0=0,cf=0,of=0 ######################################################################## # Multiply by b[1] @@ -1067,18 +1012,15 @@ __ecp_nistz256_mul_montx: ######################################################################## # Second reduction step - xor $acc1 ,$acc1 # $acc1=0,cf=0,of=0 - adox $t0, $acc2 - adox $t1, $acc3 + add $t0, $acc2 + adc $t1, $acc3 mulx $poly3, $t0, $t1 mov 8*2($b_ptr), %rdx - adox $t0, $acc4 - adcx $t1, $acc5 - - adox $acc1, $acc5 - adcx $acc1, $acc0 # cf=0 - adox $acc1, $acc0 # of=0 + adc $t0, $acc4 + adc $t1, $acc5 + adc \$0, $acc0 + xor $acc1 ,$acc1 # $acc1=0,cf=0,of=0 ######################################################################## # Multiply by b[2] @@ -1107,18 +1049,15 @@ __ecp_nistz256_mul_montx: ######################################################################## # Third reduction step - xor $acc2, $acc2 # $acc2=0,cf=0,of=0 - adox $t0, $acc3 - adox $t1, $acc4 + add $t0, $acc3 + adc $t1, $acc4 mulx $poly3, $t0, $t1 mov 8*3($b_ptr), %rdx - adox $t0, $acc5 - adcx $t1, $acc0 - - adox $acc2, $acc0 - adcx $acc2, $acc1 # cf=0 - adox $acc2, $acc1 # of=0 + adc $t0, $acc5 + adc $t1, $acc0 + adc \$0, $acc1 + xor $acc2, $acc2 # $acc2=0,cf=0,of=0 ######################################################################## # Multiply by b[3] @@ -1147,38 +1086,34 @@ __ecp_nistz256_mul_montx: ######################################################################## # Fourth reduction step - xor $acc3, $acc3 # $acc3=0,cf=0,of=0 - adox $t0, $acc4 - adox $t1, $acc5 + add $t0, $acc4 + adc $t1, $acc5 mulx $poly3, $t0, $t1 mov $acc4, $t2 mov .Lpoly+8*1(%rip), $poly1 - adcx $t0, $acc0 - adox $t1, $acc1 + adc $t0, $acc0 mov $acc5, $t3 - - adcx $acc3, $acc1 - adox $acc3, $acc2 + adc $t1, $acc1 adc \$0, $acc2 - mov $acc0, $t0 ######################################################################## # Branch-less conditional subtraction of P xor %eax, %eax + mov $acc0, $t0 sbb \$-1, $acc4 # .Lpoly[0] sbb $poly1, $acc5 # .Lpoly[1] sbb \$0, $acc0 # .Lpoly[2] mov $acc1, $t1 sbb $poly3, $acc1 # .Lpoly[3] + sbb \$0, $acc2 - bt \$0,$acc2 - cmovnc $t2, $acc4 - cmovnc $t3, $acc5 + cmovc $t2, $acc4 + cmovc $t3, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $t0, $acc0 + cmovc $t0, $acc0 mov $acc5, 8*1($r_ptr) - cmovnc $t1, $acc1 + cmovc $t1, $acc1 mov $acc0, 8*2($r_ptr) mov $acc1, 8*3($r_ptr) @@ -1246,52 +1181,44 @@ __ecp_nistz256_sqr_montx: mov .Lpoly+8*3(%rip), $t1 # reduction step 1 - xor $acc0, $acc0 - adcx $t0, $acc1 - adcx $t4, $acc2 + add $t0, $acc1 + adc $t4, $acc2 - mulx $t1, $t0, $t4 + mulx $t1, $t0, $acc0 mov $acc1, %rdx - adcx $t0, $acc3 + adc $t0, $acc3 shlx $a_ptr, $acc1, $t0 - adox $t4, $acc0 - shrx $a_ptr, $acc1, $t4 adc \$0, $acc0 + shrx $a_ptr, $acc1, $t4 # reduction step 2 - xor $acc1, $acc1 - adcx $t0, $acc2 - adcx $t4, $acc3 + add $t0, $acc2 + adc $t4, $acc3 - mulx $t1, $t0, $t4 + mulx $t1, $t0, $acc1 mov $acc2, %rdx - adcx $t0, $acc0 + adc $t0, $acc0 shlx $a_ptr, $acc2, $t0 - adox $t4, $acc1 - shrx $a_ptr, $acc2, $t4 adc \$0, $acc1 + shrx $a_ptr, $acc2, $t4 # reduction step 3 - xor $acc2, $acc2 - adcx $t0, $acc3 - adcx $t4, $acc0 + add $t0, $acc3 + adc $t4, $acc0 - mulx $t1, $t0, $t4 + mulx $t1, $t0, $acc2 mov $acc3, %rdx - adcx $t0, $acc1 + adc $t0, $acc1 shlx $a_ptr, $acc3, $t0 - adox $t4, $acc2 - shrx $a_ptr, $acc3, $t4 adc \$0, $acc2 + shrx $a_ptr, $acc3, $t4 # reduction step 4 - xor $acc3, $acc3 - adcx $t0, $acc0 - adcx $t4, $acc1 + add $t0, $acc0 + adc $t4, $acc1 - mulx $t1, $t0, $t4 - adcx $t0, $acc2 - adox $t4, $acc3 + mulx $t1, $t0, $acc3 + adc $t0, $acc2 adc \$0, $acc3 xor $t3, $t3 # cf=0 @@ -1311,14 +1238,14 @@ __ecp_nistz256_sqr_montx: sbb \$0, $acc6 # .Lpoly[2] mov $acc7, $acc3 sbb $t1, $acc7 # .Lpoly[3] + sbb \$0, $t3 - bt \$0,$t3 - cmovnc $acc0, $acc4 - cmovnc $acc1, $acc5 + cmovc $acc0, $acc4 + cmovc $acc1, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $acc2, $acc6 + cmovc $acc2, $acc6 mov $acc5, 8*1($r_ptr) - cmovnc $acc3, $acc7 + cmovc $acc3, $acc7 mov $acc6, 8*2($r_ptr) mov $acc7, 8*3($r_ptr) @@ -1329,8 +1256,8 @@ ___ } { my ($r_ptr,$in_ptr)=("%rdi","%rsi"); -my ($acc0,$acc1,$acc2,$acc3,$acc4)=map("%r$_",(8..12)); -my ($t0,$t1)=("%rcx","%rsi"); +my ($acc0,$acc1,$acc2,$acc3)=map("%r$_",(8..11)); +my ($t0,$t1,$t2)=("%rcx","%r12","%r13"); $code.=<<___; ################################################################################ @@ -1347,109 +1274,83 @@ ecp_nistz256_from_mont: push %r13 mov 8*0($in_ptr), %rax + mov .Lpoly+8*3(%rip), $t2 mov 8*1($in_ptr), $acc1 mov 8*2($in_ptr), $acc2 mov 8*3($in_ptr), $acc3 - lea .Lpoly(%rip), $in_ptr - xor $acc4, $acc4 mov %rax, $acc0 + mov .Lpoly+8*1(%rip), $t1 ######################################### # First iteration - mulq 1*8($in_ptr) - xor $t0, $t0 + mov %rax, $t0 + shl \$32, $acc0 + mulq $t2 + shr \$32, $t0 add $acc0, $acc1 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - adc %rdx, $acc2 - adc \$0, $t0 - - mulq 3*8($in_ptr) - xor $acc0, $acc0 - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 + adc $t0, $acc2 + adc %rax, $acc3 mov $acc1, %rax - adc %rdx, $acc4 - adc \$0, $acc0 + adc \$0, %rdx ######################################### # Second iteration - mulq 1*8($in_ptr) - xor $t0, $t0 + mov $acc1, $t0 + shl \$32, $acc1 + mov %rdx, $acc0 + mulq $t2 + shr \$32, $t0 add $acc1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 - adc \$0, $t0 - - mulq 3*8($in_ptr) - xor $acc1, $acc1 - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 + adc $t0, $acc3 + adc %rax, $acc0 mov $acc2, %rax - adc %rdx, $acc0 - adc \$0, $acc1 + adc \$0, %rdx ########################################## # Third iteration - mulq 1*8($in_ptr) - xor $t0, $t0 + mov $acc2, $t0 + shl \$32, $acc2 + mov %rdx, $acc1 + mulq $t2 + shr \$32, $t0 add $acc2, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc4 - adc \$0, $t0 - - mulq 3*8($in_ptr) - xor $acc2, $acc2 - add $t0, $acc0 - adc \$0, %rdx - add %rax, $acc0 + adc $t0, $acc0 + adc %rax, $acc1 mov $acc3, %rax - adc %rdx, $acc1 - adc \$0, $acc2 + adc \$0, %rdx ########################################### # Last iteration - mulq 1*8($in_ptr) - xor $t0, $t0 - add $acc3, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc3, %rax - adc %rdx, $acc0 - adc \$0, $t0 - - mulq 3*8($in_ptr) - add $t0, $acc1 + mov $acc3, $t0 + shl \$32, $acc3 + mov %rdx, $acc2 + mulq $t2 + shr \$32, $t0 + add $acc3, $acc0 + adc $t0, $acc1 + mov $acc0, $t0 + adc %rax, $acc2 + mov $acc1, $in_ptr adc \$0, %rdx - add %rax, $acc1 - adc %rdx, $acc2 - sbb $acc3, $acc3 - mov 0*8($in_ptr), %rax - mov 1*8($in_ptr), %rdx - mov 2*8($in_ptr), $t0 - mov 3*8($in_ptr), $t1 - - and $acc3, %rax - and $acc3, %rdx - and $acc3, $t0 - and $acc3, $t1 - - sub %rax, $acc4 - sbb %rdx, $acc0 - mov $acc4, 8*0($r_ptr) - sbb $t0, $acc1 - mov $acc0, 8*1($r_ptr) - sbb $t1, $acc2 - mov $acc1, 8*2($r_ptr) - mov $acc2, 8*3($r_ptr) + ########################################### + # Branch-less conditional subtraction + sub \$-1, $acc0 + mov $acc2, %rax + sbb $t1, $acc1 + sbb \$0, $acc2 + mov %rdx, $acc3 + sbb $t2, %rdx + sbb $t2, $t2 + + cmovnz $t0, $acc0 + cmovnz $in_ptr, $acc1 + mov $acc0, 8*0($r_ptr) + cmovnz %rax, $acc2 + mov $acc1, 8*1($r_ptr) + cmovz %rdx, $acc3 + mov $acc2, 8*2($r_ptr) + mov $acc3, 8*3($r_ptr) pop %r13 pop %r12 hooks/post-receive -- OpenSSL source code From appro at openssl.org Sun Jan 4 22:22:27 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 4 Jan 2015 23:22:27 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 9e557ab2624d5c5e8d799c123f5e8211664d8845 Message-ID: <20150104222227.C9BEF1DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 9e557ab2624d5c5e8d799c123f5e8211664d8845 (commit) from 2c60925d1ccc0b96287bdc9acb90198e7180d642 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9e557ab2624d5c5e8d799c123f5e8211664d8845 Author: Andy Polyakov Date: Sun Jan 4 21:29:50 2015 +0100 ecp_nistz256-x86_64.pl: fix occasional failures. RT: 3607 Reviewed-by: Adam Langley Reviewed-by: Emilia Kasper ----------------------------------------------------------------------- Summary of changes: crypto/ec/asm/ecp_nistz256-x86_64.pl | 481 ++++++++++++++-------------------- 1 file changed, 191 insertions(+), 290 deletions(-) diff --git a/crypto/ec/asm/ecp_nistz256-x86_64.pl b/crypto/ec/asm/ecp_nistz256-x86_64.pl index 4486a5e..cdff22a 100755 --- a/crypto/ec/asm/ecp_nistz256-x86_64.pl +++ b/crypto/ec/asm/ecp_nistz256-x86_64.pl @@ -31,15 +31,16 @@ # Further optimization by : # # this/original -# Opteron +8-33% -# Bulldozer +10-30% -# P4 +14-38% -# Westmere +8-23% -# Sandy Bridge +8-24% -# Ivy Bridge +7-25% -# Haswell +5-25% -# Atom +10-32% -# VIA Nano +37-130% +# Opteron +12-49% +# Bulldozer +14-45% +# P4 +18-46% +# Westmere +12-34% +# Sandy Bridge +9-35% +# Ivy Bridge +9-35% +# Haswell +8-37% +# Broadwell +18-58% +# Atom +15-50% +# VIA Nano +43-160% # # Ranges denote minimum and maximum improvement coefficients depending # on benchmark. Lower coefficients are for ECDSA sign, relatively @@ -550,28 +551,20 @@ __ecp_nistz256_mul_montq: # and add the result to the acc. # Due to the special form of p256 we do some optimizations # - # acc[0] x p256[0] = acc[0] x 2^64 - acc[0] - # then we add acc[0] and get acc[0] x 2^64 - - mulq $poly1 - xor $t0, $t0 - add $acc0, $acc1 # +=acc[0]*2^64 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - - # acc[0] x p256[2] = 0 - adc %rdx, $acc2 - adc \$0, $t0 + # acc[0] x p256[0..1] = acc[0] x 2^96 - acc[0] + # then we add acc[0] and get acc[0] x 2^96 + mov $acc0, $t1 + shl \$32, $acc0 mulq $poly3 - xor $acc0, $acc0 - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 + shr \$32, $t1 + add $acc0, $acc1 # +=acc[0]<<96 + adc $t1, $acc2 + adc %rax, $acc3 mov 8*1($b_ptr), %rax adc %rdx, $acc4 adc \$0, $acc5 + xor $acc0, $acc0 ######################################################################## # Multiply by b[1] @@ -608,23 +601,17 @@ __ecp_nistz256_mul_montq: ######################################################################## # Second reduction step - mulq $poly1 - xor $t0, $t0 - add $acc1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 - adc \$0, $t0 - + mov $acc1, $t1 + shl \$32, $acc1 mulq $poly3 - xor $acc1, $acc1 - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 + shr \$32, $t1 + add $acc1, $acc2 + adc $t1, $acc3 + adc %rax, $acc4 mov 8*2($b_ptr), %rax adc %rdx, $acc5 adc \$0, $acc0 + xor $acc1, $acc1 ######################################################################## # Multiply by b[2] @@ -661,23 +648,17 @@ __ecp_nistz256_mul_montq: ######################################################################## # Third reduction step - mulq $poly1 - xor $t0, $t0 - add $acc2, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc4 - adc \$0, $t0 - + mov $acc2, $t1 + shl \$32, $acc2 mulq $poly3 - xor $acc2, $acc2 - add $t0, $acc5 - adc \$0, %rdx - add %rax, $acc5 + shr \$32, $t1 + add $acc2, $acc3 + adc $t1, $acc4 + adc %rax, $acc5 mov 8*3($b_ptr), %rax adc %rdx, $acc0 adc \$0, $acc1 + xor $acc2, $acc2 ######################################################################## # Multiply by b[3] @@ -714,20 +695,14 @@ __ecp_nistz256_mul_montq: ######################################################################## # Final reduction step - mulq $poly1 - #xor $t0, $t0 - add $acc3, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc3, %rax - adc %rdx, $acc5 - #adc \$0, $t0 # doesn't overflow - + mov $acc3, $t1 + shl \$32, $acc3 mulq $poly3 - #add $t0, $acc0 - #adc \$0, %rdx + shr \$32, $t1 + add $acc3, $acc4 + adc $t1, $acc5 mov $acc4, $t0 - add %rax, $acc0 + adc %rax, $acc0 adc %rdx, $acc1 mov $acc5, $t1 adc \$0, $acc2 @@ -740,14 +715,14 @@ __ecp_nistz256_mul_montq: sbb \$0, $acc0 # .Lpoly[2] mov $acc1, $t3 sbb $poly3, $acc1 # .Lpoly[3] - neg $acc2 + sbb \$0, $acc2 - cmovnc $t0, $acc4 - cmovnc $t1, $acc5 + cmovc $t0, $acc4 + cmovc $t1, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $t2, $acc0 + cmovc $t2, $acc0 mov $acc5, 8*1($r_ptr) - cmovnc $t3, $acc1 + cmovc $t3, $acc1 mov $acc0, 8*2($r_ptr) mov $acc1, 8*3($r_ptr) @@ -897,89 +872,62 @@ __ecp_nistz256_sqr_montq: ########################################## # Now the reduction # First iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc0, $acc1 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - adc %rdx, $acc2 # doesn't overflow - #adc \$0, $t0 - + mov $acc0, $t0 + shl \$32, $acc0 mulq $t1 - xor $acc0, $acc0 - #add $t0, $acc3 - #adc \$0, %rdx - add %rax, $acc3 + shr \$32, $t0 + add $acc0, $acc1 # +=acc[0]<<96 + adc $t0, $acc2 + adc %rax, $acc3 mov $acc1, %rax - adc %rdx, $acc4 - adc \$0, $acc0 + adc \$0, %rdx ########################################## # Second iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 # doesn't overflow - #adc \$0, $t0 - + mov $acc1, $t0 + shl \$32, $acc1 + mov %rdx, $acc0 mulq $t1 - xor $acc1, $acc1 - #add $t0, $acc4 - #adc \$0, %rdx - add %rax, $acc4 + shr \$32, $t0 + add $acc1, $acc2 + adc $t0, $acc3 + adc %rax, $acc0 mov $acc2, %rax - adc %rdx, $acc0 - adc \$0, $acc1 + adc \$0, %rdx ########################################## # Third iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc2, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc4 # doesn't overflow - #adc \$0, $t0 - + mov $acc2, $t0 + shl \$32, $acc2 + mov %rdx, $acc1 mulq $t1 - xor $acc2, $acc2 - #add $t0, $acc0 - #adc \$0, %rdx - add %rax, $acc0 + shr \$32, $t0 + add $acc2, $acc3 + adc $t0, $acc0 + adc %rax, $acc1 mov $acc3, %rax - adc %rdx, $acc1 - adc \$0, $acc2 + adc \$0, %rdx ########################################### # Last iteration - mulq $a_ptr - #xor $t0, $t0 - add $acc3, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc3, %rax - adc %rdx, $acc0 # doesn't overflow - #adc \$0, $t0 - + mov $acc3, $t0 + shl \$32, $acc3 + mov %rdx, $acc2 mulq $t1 + shr \$32, $t0 + add $acc3, $acc0 + adc $t0, $acc1 + adc %rax, $acc2 + adc \$0, %rdx xor $acc3, $acc3 - #add $t0, $acc1 - #adc \$0, %rdx - add %rax, $acc1 - adc %rdx, $acc2 - adc \$0, $acc3 ############################################ # Add the rest of the acc - add $acc0, $acc5 + add $acc0, $acc4 + adc $acc1, $acc5 mov $acc4, $acc0 - adc $acc1, $acc6 - adc $acc2, $acc7 + adc $acc2, $acc6 + adc %rdx, $acc7 mov $acc5, $acc1 adc \$0, $acc3 @@ -989,14 +937,14 @@ __ecp_nistz256_sqr_montq: sbb \$0, $acc6 # .Lpoly[2] mov $acc7, $t0 sbb $t1, $acc7 # .Lpoly[3] - neg $acc3 + sbb \$0, $acc3 - cmovnc $acc0, $acc4 - cmovnc $acc1, $acc5 + cmovc $acc0, $acc4 + cmovc $acc1, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $acc2, $acc6 + cmovc $acc2, $acc6 mov $acc5, 8*1($r_ptr) - cmovnc $t0, $acc7 + cmovc $t0, $acc7 mov $acc6, 8*2($r_ptr) mov $acc7, 8*3($r_ptr) @@ -1028,18 +976,15 @@ __ecp_nistz256_mul_montx: ######################################################################## # First reduction step - xor $acc0, $acc0 # $acc0=0,cf=0,of=0 - adox $t1, $acc1 - adox $t0, $acc2 + add $t1, $acc1 + adc $t0, $acc2 mulx $poly3, $t0, $t1 mov 8*1($b_ptr), %rdx - adox $t0, $acc3 - adcx $t1, $acc4 - - adox $acc0, $acc4 - adcx $acc0, $acc5 # cf=0 - adox $acc0, $acc5 # of=0 + adc $t0, $acc3 + adc $t1, $acc4 + adc \$0, $acc5 + xor $acc0, $acc0 # $acc0=0,cf=0,of=0 ######################################################################## # Multiply by b[1] @@ -1068,18 +1013,15 @@ __ecp_nistz256_mul_montx: ######################################################################## # Second reduction step - xor $acc1 ,$acc1 # $acc1=0,cf=0,of=0 - adox $t0, $acc2 - adox $t1, $acc3 + add $t0, $acc2 + adc $t1, $acc3 mulx $poly3, $t0, $t1 mov 8*2($b_ptr), %rdx - adox $t0, $acc4 - adcx $t1, $acc5 - - adox $acc1, $acc5 - adcx $acc1, $acc0 # cf=0 - adox $acc1, $acc0 # of=0 + adc $t0, $acc4 + adc $t1, $acc5 + adc \$0, $acc0 + xor $acc1 ,$acc1 # $acc1=0,cf=0,of=0 ######################################################################## # Multiply by b[2] @@ -1108,18 +1050,15 @@ __ecp_nistz256_mul_montx: ######################################################################## # Third reduction step - xor $acc2, $acc2 # $acc2=0,cf=0,of=0 - adox $t0, $acc3 - adox $t1, $acc4 + add $t0, $acc3 + adc $t1, $acc4 mulx $poly3, $t0, $t1 mov 8*3($b_ptr), %rdx - adox $t0, $acc5 - adcx $t1, $acc0 - - adox $acc2, $acc0 - adcx $acc2, $acc1 # cf=0 - adox $acc2, $acc1 # of=0 + adc $t0, $acc5 + adc $t1, $acc0 + adc \$0, $acc1 + xor $acc2, $acc2 # $acc2=0,cf=0,of=0 ######################################################################## # Multiply by b[3] @@ -1148,38 +1087,34 @@ __ecp_nistz256_mul_montx: ######################################################################## # Fourth reduction step - xor $acc3, $acc3 # $acc3=0,cf=0,of=0 - adox $t0, $acc4 - adox $t1, $acc5 + add $t0, $acc4 + adc $t1, $acc5 mulx $poly3, $t0, $t1 mov $acc4, $t2 mov .Lpoly+8*1(%rip), $poly1 - adcx $t0, $acc0 - adox $t1, $acc1 + adc $t0, $acc0 mov $acc5, $t3 - - adcx $acc3, $acc1 - adox $acc3, $acc2 + adc $t1, $acc1 adc \$0, $acc2 - mov $acc0, $t0 ######################################################################## # Branch-less conditional subtraction of P xor %eax, %eax + mov $acc0, $t0 sbb \$-1, $acc4 # .Lpoly[0] sbb $poly1, $acc5 # .Lpoly[1] sbb \$0, $acc0 # .Lpoly[2] mov $acc1, $t1 sbb $poly3, $acc1 # .Lpoly[3] + sbb \$0, $acc2 - bt \$0,$acc2 - cmovnc $t2, $acc4 - cmovnc $t3, $acc5 + cmovc $t2, $acc4 + cmovc $t3, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $t0, $acc0 + cmovc $t0, $acc0 mov $acc5, 8*1($r_ptr) - cmovnc $t1, $acc1 + cmovc $t1, $acc1 mov $acc0, 8*2($r_ptr) mov $acc1, 8*3($r_ptr) @@ -1247,52 +1182,44 @@ __ecp_nistz256_sqr_montx: mov .Lpoly+8*3(%rip), $t1 # reduction step 1 - xor $acc0, $acc0 - adcx $t0, $acc1 - adcx $t4, $acc2 + add $t0, $acc1 + adc $t4, $acc2 - mulx $t1, $t0, $t4 + mulx $t1, $t0, $acc0 mov $acc1, %rdx - adcx $t0, $acc3 + adc $t0, $acc3 shlx $a_ptr, $acc1, $t0 - adox $t4, $acc0 - shrx $a_ptr, $acc1, $t4 adc \$0, $acc0 + shrx $a_ptr, $acc1, $t4 # reduction step 2 - xor $acc1, $acc1 - adcx $t0, $acc2 - adcx $t4, $acc3 + add $t0, $acc2 + adc $t4, $acc3 - mulx $t1, $t0, $t4 + mulx $t1, $t0, $acc1 mov $acc2, %rdx - adcx $t0, $acc0 + adc $t0, $acc0 shlx $a_ptr, $acc2, $t0 - adox $t4, $acc1 - shrx $a_ptr, $acc2, $t4 adc \$0, $acc1 + shrx $a_ptr, $acc2, $t4 # reduction step 3 - xor $acc2, $acc2 - adcx $t0, $acc3 - adcx $t4, $acc0 + add $t0, $acc3 + adc $t4, $acc0 - mulx $t1, $t0, $t4 + mulx $t1, $t0, $acc2 mov $acc3, %rdx - adcx $t0, $acc1 + adc $t0, $acc1 shlx $a_ptr, $acc3, $t0 - adox $t4, $acc2 - shrx $a_ptr, $acc3, $t4 adc \$0, $acc2 + shrx $a_ptr, $acc3, $t4 # reduction step 4 - xor $acc3, $acc3 - adcx $t0, $acc0 - adcx $t4, $acc1 + add $t0, $acc0 + adc $t4, $acc1 - mulx $t1, $t0, $t4 - adcx $t0, $acc2 - adox $t4, $acc3 + mulx $t1, $t0, $acc3 + adc $t0, $acc2 adc \$0, $acc3 xor $t3, $t3 # cf=0 @@ -1312,14 +1239,14 @@ __ecp_nistz256_sqr_montx: sbb \$0, $acc6 # .Lpoly[2] mov $acc7, $acc3 sbb $t1, $acc7 # .Lpoly[3] + sbb \$0, $t3 - bt \$0,$t3 - cmovnc $acc0, $acc4 - cmovnc $acc1, $acc5 + cmovc $acc0, $acc4 + cmovc $acc1, $acc5 mov $acc4, 8*0($r_ptr) - cmovnc $acc2, $acc6 + cmovc $acc2, $acc6 mov $acc5, 8*1($r_ptr) - cmovnc $acc3, $acc7 + cmovc $acc3, $acc7 mov $acc6, 8*2($r_ptr) mov $acc7, 8*3($r_ptr) @@ -1330,8 +1257,8 @@ ___ } { my ($r_ptr,$in_ptr)=("%rdi","%rsi"); -my ($acc0,$acc1,$acc2,$acc3,$acc4)=map("%r$_",(8..12)); -my ($t0,$t1)=("%rcx","%rsi"); +my ($acc0,$acc1,$acc2,$acc3)=map("%r$_",(8..11)); +my ($t0,$t1,$t2)=("%rcx","%r12","%r13"); $code.=<<___; ################################################################################ @@ -1348,109 +1275,83 @@ ecp_nistz256_from_mont: push %r13 mov 8*0($in_ptr), %rax + mov .Lpoly+8*3(%rip), $t2 mov 8*1($in_ptr), $acc1 mov 8*2($in_ptr), $acc2 mov 8*3($in_ptr), $acc3 - lea .Lpoly(%rip), $in_ptr - xor $acc4, $acc4 mov %rax, $acc0 + mov .Lpoly+8*1(%rip), $t1 ######################################### # First iteration - mulq 1*8($in_ptr) - xor $t0, $t0 + mov %rax, $t0 + shl \$32, $acc0 + mulq $t2 + shr \$32, $t0 add $acc0, $acc1 - adc \$0, %rdx - add %rax, $acc1 - mov $acc0, %rax - adc %rdx, $acc2 - adc \$0, $t0 - - mulq 3*8($in_ptr) - xor $acc0, $acc0 - add $t0, $acc3 - adc \$0, %rdx - add %rax, $acc3 + adc $t0, $acc2 + adc %rax, $acc3 mov $acc1, %rax - adc %rdx, $acc4 - adc \$0, $acc0 + adc \$0, %rdx ######################################### # Second iteration - mulq 1*8($in_ptr) - xor $t0, $t0 + mov $acc1, $t0 + shl \$32, $acc1 + mov %rdx, $acc0 + mulq $t2 + shr \$32, $t0 add $acc1, $acc2 - adc \$0, %rdx - add %rax, $acc2 - mov $acc1, %rax - adc %rdx, $acc3 - adc \$0, $t0 - - mulq 3*8($in_ptr) - xor $acc1, $acc1 - add $t0, $acc4 - adc \$0, %rdx - add %rax, $acc4 + adc $t0, $acc3 + adc %rax, $acc0 mov $acc2, %rax - adc %rdx, $acc0 - adc \$0, $acc1 + adc \$0, %rdx ########################################## # Third iteration - mulq 1*8($in_ptr) - xor $t0, $t0 + mov $acc2, $t0 + shl \$32, $acc2 + mov %rdx, $acc1 + mulq $t2 + shr \$32, $t0 add $acc2, $acc3 - adc \$0, %rdx - add %rax, $acc3 - mov $acc2, %rax - adc %rdx, $acc4 - adc \$0, $t0 - - mulq 3*8($in_ptr) - xor $acc2, $acc2 - add $t0, $acc0 - adc \$0, %rdx - add %rax, $acc0 + adc $t0, $acc0 + adc %rax, $acc1 mov $acc3, %rax - adc %rdx, $acc1 - adc \$0, $acc2 + adc \$0, %rdx ########################################### # Last iteration - mulq 1*8($in_ptr) - xor $t0, $t0 - add $acc3, $acc4 - adc \$0, %rdx - add %rax, $acc4 - mov $acc3, %rax - adc %rdx, $acc0 - adc \$0, $t0 - - mulq 3*8($in_ptr) - add $t0, $acc1 + mov $acc3, $t0 + shl \$32, $acc3 + mov %rdx, $acc2 + mulq $t2 + shr \$32, $t0 + add $acc3, $acc0 + adc $t0, $acc1 + mov $acc0, $t0 + adc %rax, $acc2 + mov $acc1, $in_ptr adc \$0, %rdx - add %rax, $acc1 - adc %rdx, $acc2 - sbb $acc3, $acc3 - mov 0*8($in_ptr), %rax - mov 1*8($in_ptr), %rdx - mov 2*8($in_ptr), $t0 - mov 3*8($in_ptr), $t1 - - and $acc3, %rax - and $acc3, %rdx - and $acc3, $t0 - and $acc3, $t1 - - sub %rax, $acc4 - sbb %rdx, $acc0 - mov $acc4, 8*0($r_ptr) - sbb $t0, $acc1 - mov $acc0, 8*1($r_ptr) - sbb $t1, $acc2 - mov $acc1, 8*2($r_ptr) - mov $acc2, 8*3($r_ptr) + ########################################### + # Branch-less conditional subtraction + sub \$-1, $acc0 + mov $acc2, %rax + sbb $t1, $acc1 + sbb \$0, $acc2 + mov %rdx, $acc3 + sbb $t2, %rdx + sbb $t2, $t2 + + cmovnz $t0, $acc0 + cmovnz $in_ptr, $acc1 + mov $acc0, 8*0($r_ptr) + cmovnz %rax, $acc2 + mov $acc1, 8*1($r_ptr) + cmovz %rdx, $acc3 + mov $acc2, 8*2($r_ptr) + mov $acc3, 8*3($r_ptr) pop %r13 pop %r12 hooks/post-receive -- OpenSSL source code From appro at openssl.org Sun Jan 4 22:54:13 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 4 Jan 2015 23:54:13 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. c1669e1c205dc8e695fb0c10a655f434e758b9f7 Message-ID: <20150104225414.29F831DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via c1669e1c205dc8e695fb0c10a655f434e758b9f7 (commit) from 9e557ab2624d5c5e8d799c123f5e8211664d8845 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c1669e1c205dc8e695fb0c10a655f434e758b9f7 Author: Andy Polyakov Date: Fri Nov 7 22:48:22 2014 +0100 Remove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. Reviewed-by: Ard Biesheuvel Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Configure | 30 +++++++- crypto/aes/asm/aesv8-armx.pl | 8 ++- crypto/aes/asm/bsaes-armv7.pl | 8 ++- crypto/arm_arch.h | 12 ++++ crypto/armcap.c | 7 +- crypto/armv4cpuid.S | 140 +++++++++++++++++------------------- crypto/bn/asm/armv4-gf2m.pl | 128 +++++++++++++++++---------------- crypto/bn/asm/armv4-mont.pl | 9 +-- crypto/evp/e_aes.c | 2 +- crypto/modes/asm/ghash-armv4.pl | 3 +- crypto/modes/gcm128.c | 2 +- crypto/sha/asm/sha1-armv4-large.pl | 11 ++- crypto/sha/asm/sha256-armv4.pl | 11 ++- crypto/sha/asm/sha512-armv4.pl | 11 ++- 14 files changed, 223 insertions(+), 159 deletions(-) diff --git a/Configure b/Configure index 5c4a460..6246822 100755 --- a/Configure +++ b/Configure @@ -350,8 +350,34 @@ my %table=( # throw in -D[BL]_ENDIAN, whichever appropriate... "linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# It's believed that majority of ARM toolchains predefine appropriate -march. -# If you compiler does not, do complement config command line with one! + +####################################################################### +# Note that -march is not among compiler options in below linux-armv4 +# target line. Not specifying one is intentional to give you choice to: +# +# a) rely on your compiler default by not specifying one; +# b) specify your target platform explicitly for optimal performance, +# e.g. -march=armv6 or -march=armv7-a; +# c) build "universal" binary that targets *range* of platforms by +# specifying minimum and maximum supported architecture; +# +# As for c) option. It actually makes no sense to specify maximum to be +# less than ARMv7, because it's the least requirement for run-time +# switch between platform-specific code paths. And without run-time +# switch performance would be equivalent to one for minimum. Secondly, +# there are some natural limitations that you'd have to accept and +# respect. Most notably you can *not* build "universal" binary for +# big-endian platform. This is because ARMv7 processor always picks +# instructions in little-endian order. Another similar limitation is +# that -mthumb can't "cross" -march=armv6t2 boundary, because that's +# where it became Thumb-2. Well, this limitation is a bit artificial, +# because it's not really impossible, but it's deemed too tricky to +# support. And of course you have to be sure that your binutils are +# actually up to the task of handling maximum target platform. With all +# this in mind here is an example of how to configure "universal" build: +# +# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 +# "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 923c7f6..1e93f86 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -35,11 +35,13 @@ $prefix="aes_v8"; $code=<<___; #include "arm_arch.h" -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .text ___ -$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); -$code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); +$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); +$code.=".arch armv7-a\n.fpu neon\n.code 32\n" if ($flavour !~ /64/); + #^^^^^^ this is done to simplify adoption by not depending + # on latest binutils. # Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax, # NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index f3d96d9..fcc81d1 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -702,13 +702,17 @@ $code.=<<___; # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK # define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ __LINUX_ARM_ARCH__ #endif #ifdef __thumb__ # define adrl adr #endif -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + .text .syntax unified @ ARMv7-capable assembler is expected to handle this #ifdef __thumb2__ @@ -717,8 +721,6 @@ $code.=<<___; .code 32 #endif -.fpu neon - .type _bsaes_decrypt8,%function .align 4 _bsaes_decrypt8: diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index d406c8c..9a125d8 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -48,6 +48,18 @@ # endif #endif +#if !defined(__ARM_MAX_ARCH__) +# define __ARM_MAX_ARCH__ __ARM_ARCH__ +#endif + +#if __ARM_MAX_ARCH__<__ARM_ARCH__ +# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" +#elif __ARM_MAX_ARCH__!=__ARM_ARCH__ +# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) +# error "can't build universal big-endian binary" +# endif +#endif + #if !__ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index 7e46d07..24f7a08 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -7,8 +7,12 @@ #include "arm_arch.h" -unsigned int OPENSSL_armcap_P; +unsigned int OPENSSL_armcap_P=0; +#if __ARM_MAX_ARCH__<7 +void OPENSSL_cpuid_setup(void) {} +unsigned long OPENSSL_rdtsc(void) { return 0; } +#else static sigset_t all_masked; static sigjmp_buf ill_jmp; @@ -155,3 +159,4 @@ void OPENSSL_cpuid_setup(void) sigaction (SIGILL,&ill_oact,NULL); sigprocmask(SIG_SETMASK,&oset,NULL); } +#endif diff --git a/crypto/armv4cpuid.S b/crypto/armv4cpuid.S index 0059311..65010ae 100644 --- a/crypto/armv4cpuid.S +++ b/crypto/armv4cpuid.S @@ -3,69 +3,6 @@ .text .code 32 -@ Special note about using .byte directives to encode instructions. -@ Initial reason for hand-coding instructions was to allow module to -@ be compilable by legacy tool-chains. At later point it was pointed -@ out that since ARMv7, instructions are always encoded in little-endian -@ order, therefore one has to opt for endian-neutral presentation. -@ Contemporary tool-chains offer .inst directive for this purpose, -@ but not legacy ones. Therefore .byte. But there is an exception, -@ namely ARMv7-R profile still allows for big-endian encoding even for -@ instructions. This raises the question what if probe instructions -@ appear executable to such processor operating in big-endian order? -@ They have to be chosen in a way that avoids this problem. As failed -@ NEON probe disables a number of other probes we have to ensure that -@ only NEON probe instruction doesn't appear executable in big-endian -@ order, therefore 'vorr q8,q8,q8', and not some other register. The -@ only probe that is not bypassed on failed NEON probe is _armv7_tick, -@ where you'll spot 'mov r0,r6' that serves this purpose. Basic idea is -@ that if fetched in alternative byte oder instruction should crash to -@ denote lack of probed capability... - -.align 5 -.global _armv7_neon_probe -.type _armv7_neon_probe,%function -_armv7_neon_probe: - .byte 0xf0,0x01,0x60,0xf2 @ vorr q8,q8,q8 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv7_neon_probe,.-_armv7_neon_probe - -.global _armv7_tick -.type _armv7_tick,%function -_armv7_tick: - .byte 0x06,0x00,0xa0,0xe1 @ mov r0,r6 - .byte 0x1e,0x0f,0x51,0xec @ mrrc p15,1,r0,r1,c14 @ CNTVCT - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr - nop -.size _armv7_tick,.-_armv7_tick - -.global _armv8_aes_probe -.type _armv8_aes_probe,%function -_armv8_aes_probe: - .byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_aes_probe,.-_armv8_aes_probe - -.global _armv8_sha1_probe -.type _armv8_sha1_probe,%function -_armv8_sha1_probe: - .byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_sha1_probe,.-_armv8_sha1_probe - -.global _armv8_sha256_probe -.type _armv8_sha256_probe,%function -_armv8_sha256_probe: - .byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_sha256_probe,.-_armv8_sha256_probe -.global _armv8_pmull_probe -.type _armv8_pmull_probe,%function -_armv8_pmull_probe: - .byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_pmull_probe,.-_armv8_pmull_probe - .align 5 .global OPENSSL_atomic_add .type OPENSSL_atomic_add,%function @@ -139,30 +76,81 @@ OPENSSL_cleanse: #endif .size OPENSSL_cleanse,.-OPENSSL_cleanse +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + +.align 5 +.global _armv7_neon_probe +.type _armv7_neon_probe,%function +_armv7_neon_probe: + vorr q0,q0,q0 + bx lr +.size _armv7_neon_probe,.-_armv7_neon_probe + +.global _armv7_tick +.type _armv7_tick,%function +_armv7_tick: + mrrc p15,1,r0,r1,c14 @ CNTVCT + bx lr +.size _armv7_tick,.-_armv7_tick + +.global _armv8_aes_probe +.type _armv8_aes_probe,%function +_armv8_aes_probe: + .byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 + bx lr +.size _armv8_aes_probe,.-_armv8_aes_probe + +.global _armv8_sha1_probe +.type _armv8_sha1_probe,%function +_armv8_sha1_probe: + .byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 + bx lr +.size _armv8_sha1_probe,.-_armv8_sha1_probe + +.global _armv8_sha256_probe +.type _armv8_sha256_probe,%function +_armv8_sha256_probe: + .byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 + bx lr +.size _armv8_sha256_probe,.-_armv8_sha256_probe +.global _armv8_pmull_probe +.type _armv8_pmull_probe,%function +_armv8_pmull_probe: + .byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 + bx lr +.size _armv8_pmull_probe,.-_armv8_pmull_probe +#endif + .global OPENSSL_wipe_cpu .type OPENSSL_wipe_cpu,%function OPENSSL_wipe_cpu: +#if __ARM_MAX_ARCH__>=7 ldr r0,.LOPENSSL_armcap adr r1,.LOPENSSL_armcap ldr r0,[r1,r0] +#endif eor r2,r2,r2 eor r3,r3,r3 eor ip,ip,ip +#if __ARM_MAX_ARCH__>=7 tst r0,#1 beq .Lwipe_done - .byte 0x50,0x01,0x00,0xf3 @ veor q0, q0, q0 - .byte 0x52,0x21,0x02,0xf3 @ veor q1, q1, q1 - .byte 0x54,0x41,0x04,0xf3 @ veor q2, q2, q2 - .byte 0x56,0x61,0x06,0xf3 @ veor q3, q3, q3 - .byte 0xf0,0x01,0x40,0xf3 @ veor q8, q8, q8 - .byte 0xf2,0x21,0x42,0xf3 @ veor q9, q9, q9 - .byte 0xf4,0x41,0x44,0xf3 @ veor q10, q10, q10 - .byte 0xf6,0x61,0x46,0xf3 @ veor q11, q11, q11 - .byte 0xf8,0x81,0x48,0xf3 @ veor q12, q12, q12 - .byte 0xfa,0xa1,0x4a,0xf3 @ veor q13, q13, q13 - .byte 0xfc,0xc1,0x4c,0xf3 @ veor q14, q14, q14 - .byte 0xfe,0xe1,0x4e,0xf3 @ veor q14, q14, q14 + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + veor q8, q8, q8 + veor q9, q9, q9 + veor q10, q10, q10 + veor q11, q11, q11 + veor q12, q12, q12 + veor q13, q13, q13 + veor q14, q14, q14 + veor q15, q15, q15 .Lwipe_done: +#endif mov r0,sp #if __ARM_ARCH__>=5 bx lr @@ -200,8 +188,10 @@ OPENSSL_instrument_bus2: .size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 .align 5 +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-.LOPENSSL_armcap +#endif #if __ARM_ARCH__>=6 .align 5 #else diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index b781afb..8f529c9 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -40,10 +40,6 @@ $code=<<___; .text .code 32 - -#if __ARM_ARCH__>=7 -.fpu neon -#endif ___ ################ # private interface to mul_1x1_ialu @@ -142,20 +138,80 @@ ___ # BN_ULONG a1,BN_ULONG a0, # BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0?b1b0 { -my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12)); -my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31)); - $code.=<<___; .global bn_GF2m_mul_2x2 .type bn_GF2m_mul_2x2,%function .align 5 bn_GF2m_mul_2x2: -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 ldr r12,.LOPENSSL_armcap .Lpic: ldr r12,[pc,r12] tst r12,#1 - beq .Lialu + bne .LNEON +#endif +___ +$ret="r10"; # reassigned 1st argument +$code.=<<___; + stmdb sp!,{r4-r10,lr} + mov $ret,r0 @ reassign 1st argument + mov $b,r3 @ $b=b1 + ldr r3,[sp,#32] @ load b0 + mov $mask,#7<<2 + sub sp,sp,#32 @ allocate tab[8] + + bl mul_1x1_ialu @ a1?b1 + str $lo,[$ret,#8] + str $hi,[$ret,#12] + + eor $b,$b,r3 @ flip b0 and b1 + eor $a,$a,r2 @ flip a0 and a1 + eor r3,r3,$b + eor r2,r2,$a + eor $b,$b,r3 + eor $a,$a,r2 + bl mul_1x1_ialu @ a0?b0 + str $lo,[$ret] + str $hi,[$ret,#4] + eor $a,$a,r2 + eor $b,$b,r3 + bl mul_1x1_ialu @ (a1+a0)?(b1+b0) +___ + at r=map("r$_",(6..9)); +$code.=<<___; + ldmia $ret,{@r[0]- at r[3]} + eor $lo,$lo,$hi + eor $hi,$hi, at r[1] + eor $lo,$lo, at r[0] + eor $hi,$hi, at r[2] + eor $lo,$lo, at r[3] + eor $hi,$hi, at r[3] + str $hi,[$ret,#8] + eor $lo,$lo,$hi + add sp,sp,#32 @ destroy tab[8] + str $lo,[$ret,#4] + +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r10,pc} +#else + ldmia sp!,{r4-r10,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +___ +} +{ +my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12)); +my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31)); + +$code.=<<___; +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + +.align 5 +.LNEON: ldr r12, [sp] @ 5th argument vmov.32 $a, r2, r1 vmov.32 $b, r12, r3 @@ -203,62 +259,12 @@ bn_GF2m_mul_2x2: vst1.32 {$r}, [r0] ret @ bx lr -.align 4 -.Lialu: #endif ___ } -$ret="r10"; # reassigned 1st argument $code.=<<___; - stmdb sp!,{r4-r10,lr} - mov $ret,r0 @ reassign 1st argument - mov $b,r3 @ $b=b1 - ldr r3,[sp,#32] @ load b0 - mov $mask,#7<<2 - sub sp,sp,#32 @ allocate tab[8] - - bl mul_1x1_ialu @ a1?b1 - str $lo,[$ret,#8] - str $hi,[$ret,#12] - - eor $b,$b,r3 @ flip b0 and b1 - eor $a,$a,r2 @ flip a0 and a1 - eor r3,r3,$b - eor r2,r2,$a - eor $b,$b,r3 - eor $a,$a,r2 - bl mul_1x1_ialu @ a0?b0 - str $lo,[$ret] - str $hi,[$ret,#4] - - eor $a,$a,r2 - eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)?(b1+b0) -___ - at r=map("r$_",(6..9)); -$code.=<<___; - ldmia $ret,{@r[0]- at r[3]} - eor $lo,$lo,$hi - eor $hi,$hi, at r[1] - eor $lo,$lo, at r[0] - eor $hi,$hi, at r[2] - eor $lo,$lo, at r[3] - eor $hi,$hi, at r[3] - str $hi,[$ret,#8] - eor $lo,$lo,$hi - add sp,sp,#32 @ destroy tab[8] - str $lo,[$ret,#4] - -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r10,pc} -#else - ldmia sp!,{r4-r10,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif .size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: .word OPENSSL_armcap_P-(.Lpic+8) @@ -266,7 +272,9 @@ $code.=<<___; .asciz "GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by " .align 5 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ foreach (split("\n",$code)) { diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 72bad8e..1d330e9 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -72,7 +72,7 @@ $code=<<___; .text .code 32 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: .word OPENSSL_armcap_P-bn_mul_mont @@ -85,7 +85,7 @@ $code=<<___; bn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 tst ip,#7 bne .Lialu adr r0,bn_mul_mont @@ -256,7 +256,8 @@ my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5)); my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9)); $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type bn_mul8x_mont_neon,%function @@ -663,7 +664,7 @@ ___ $code.=<<___; .asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by " .align 2 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 #endif ___ diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index ba3d43b..ddd856e 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1036,7 +1036,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ #if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) #include "arm_arch.h" -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 # if defined(BSAES_ASM) # define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) # endif diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 0023bf9..77fbf34 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -365,7 +365,8 @@ ___ } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .global gcm_init_neon diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 261dc59..4038d9c 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -675,7 +675,7 @@ void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len # endif # elif defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" -# if __ARM_ARCH__>=7 +# if __ARM_MAX_ARCH__>=7 # define GHASH_ASM_ARM # define GCM_FUNCREF_4BIT # define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 50bd07b..b2c3032 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -174,7 +174,7 @@ $code=<<___; .align 5 sha1_block_data_order: -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 sub r3,pc,#8 @ sha1_block_data_order ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P @@ -264,8 +264,10 @@ $code.=<<___; .LK_20_39: .word 0x6ed9eba1 .LK_40_59: .word 0x8f1bbcdc .LK_60_79: .word 0xca62c1d6 +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha1_block_data_order +#endif .asciz "SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 5 ___ @@ -476,7 +478,8 @@ sub Xloop() } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type sha1_block_data_order_neon,%function @@ -563,7 +566,7 @@ my @Kxx=map("q$_",(8..11)); my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14)); $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .type sha1_block_data_order_armv8,%function .align 5 sha1_block_data_order_armv8: @@ -637,7 +640,9 @@ $code.=<<___; ___ }}} $code.=<<___; +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ { my %opcode = ( diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 505ca8f..b0ae936 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -177,8 +177,10 @@ K256: .word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .size K256,.-K256 .word 0 @ terminator +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha256_block_data_order +#endif .align 5 .global sha256_block_data_order @@ -186,7 +188,7 @@ K256: sha256_block_data_order: sub r3,pc,#8 @ sha256_block_data_order add $len,$inp,$len,lsl#6 @ len to point at the end of inp -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P tst r12,#ARMV8_SHA256 @@ -423,7 +425,8 @@ sub body_00_15 () { } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type sha256_block_data_order_neon,%function @@ -545,7 +548,7 @@ my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15)); my $Ktbl="r3"; $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .type sha256_block_data_order_armv8,%function .align 5 sha256_block_data_order_armv8: @@ -616,7 +619,9 @@ ___ $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 2 +#if __ARM_MARCH_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ { my %opcode = ( diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 1d5275b..fb7dc50 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -237,16 +237,20 @@ WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha512_block_data_order .skip 32-4 +#else +.skip 32 +#endif .global sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: sub r3,pc,#8 @ sha512_block_data_order add $len,$inp,$len,lsl#7 @ len to point at the end of inp -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P tst r12,#1 @@ -551,7 +555,8 @@ ___ } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .align 4 @@ -592,7 +597,9 @@ $code.=<<___; .size sha512_block_data_order,.-sha512_block_data_order .asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " .align 2 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; hooks/post-receive -- OpenSSL source code From emilia at openssl.org Mon Jan 5 12:56:30 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 5 Jan 2015 13:56:30 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. cb2bc0543a27c48b165ca54069378155d69c41ee Message-ID: <20150105125630.C0B131DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via cb2bc0543a27c48b165ca54069378155d69c41ee (commit) from c1669e1c205dc8e695fb0c10a655f434e758b9f7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb2bc0543a27c48b165ca54069378155d69c41ee Author: Emilia Kasper Date: Mon Jan 5 13:46:26 2015 +0100 Add a clang build target for linux-x86_64 This change documents the world as-is, by turning all warnings on, and then turning warnings that trigger off again. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configure | 5 ++- TABLE | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 106 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 6246822..8756dcb 100755 --- a/Configure +++ b/Configure @@ -107,6 +107,8 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -398,6 +400,7 @@ my %table=( "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", @@ -1649,7 +1652,7 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /$wopt/) diff --git a/TABLE b/TABLE index 3cd660c..f41cb03 100644 --- a/TABLE +++ b/TABLE @@ -1462,6 +1462,40 @@ $ranlib = $arflags = $multilib = +*** darwin64-debug-test-64-clang +$cc = clang +$cflags = -arch x86_64 -DL_ENDIAN -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = MACOSX +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = e_padlock-x86_64.o +$perlasm_scheme = macosx +$dso_scheme = dlfcn +$shared_target= darwin-shared +$shared_cflag = -fPIC -fno-common +$shared_ldflag = -arch x86_64 -dynamiclib +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib +$ranlib = +$arflags = +$multilib = + *** darwin64-ppc-cc $cc = cc $cflags = -arch ppc64 -O3 -DB_ENDIAN @@ -3060,6 +3094,40 @@ $ranlib = $arflags = $multilib = +*** debug-test-64-clang +$cc = clang +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$unistd = +$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT +$sys_id = +$lflags = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = e_padlock-x86_64.o +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= bsd-gcc-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + *** debug-ulf $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations @@ -4794,6 +4862,40 @@ $ranlib = $arflags = $multilib = 64 +*** linux-x86_64-clang +$cc = clang +$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = e_padlock-x86_64.o +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + *** linux-x86_64-icc $cc = icc $cflags = -DL_ENDIAN -DTERMIO -O2 hooks/post-receive -- OpenSSL source code From emilia at openssl.org Mon Jan 5 13:40:55 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 5 Jan 2015 14:40:55 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-137-gbfaf796 Message-ID: <20150105134056.2C5891DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via bfaf796241d60132442db35bebda88dbafef53a1 (commit) from c02e2d6a715f3c3be1138f7b11bbf21a4d5bfb35 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfaf796241d60132442db35bebda88dbafef53a1 Author: Emilia Kasper Date: Mon Jan 5 13:46:26 2015 +0100 Add a clang build target for linux-x86_64 This change documents the world as-is, by turning all warnings on, and then turning warnings that trigger off again. Reviewed-by: Andy Polyakov Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configure | 5 ++++- TABLE | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index 3102afd..4d943e1 100755 --- a/Configure +++ b/Configure @@ -105,6 +105,8 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; + my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; @@ -371,6 +373,7 @@ my %table=( "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", @@ -1605,7 +1608,7 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { my $wopt; - die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /$wopt/) diff --git a/TABLE b/TABLE index ab3d104..8d4966b 100644 --- a/TABLE +++ b/TABLE @@ -4828,6 +4828,40 @@ $ranlib = $arflags = $multilib = 64 +*** linux-x86_64-clang +$cc = clang +$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL +$cpuid_obj = x86_64cpuid.o +$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o +$des_obj = +$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o +$bf_obj = +$md5_obj = md5-x86_64.o +$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o +$cast_obj = +$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o +$rmd160_obj = +$rc5_obj = +$wp_obj = wp-x86_64.o +$cmll_obj = cmll-x86_64.o cmll_misc.o +$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o +$engines_obj = +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = -m64 +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = 64 + *** linux-x86_64-icc $cc = icc $cflags = -DL_ENDIAN -DTERMIO -O2 hooks/post-receive -- OpenSSL source code From matt at openssl.org Mon Jan 5 14:32:01 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 5 Jan 2015 15:32:01 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 32b07f5a80d22b34cfcd6df76d425bed771b0146 Message-ID: <20150105143201.8B8941DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 32b07f5a80d22b34cfcd6df76d425bed771b0146 (commit) via e783bae26ae50c1210d525f9c1a548e62066d670 (commit) from cb2bc0543a27c48b165ca54069378155d69c41ee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32b07f5a80d22b34cfcd6df76d425bed771b0146 Author: Matt Caswell Date: Mon Dec 22 11:34:24 2014 +0000 Additional fix required for no-srtp to work RT3638 Reviewed-by: Emilia K?sper commit e783bae26ae50c1210d525f9c1a548e62066d670 Author: Piotr Sikora Date: Mon Dec 22 11:15:51 2014 +0000 Fix building with no-srtp RT3638 Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 10 ++++++++++ apps/s_server.c | 10 ++++++++++ ssl/d1_srtp.c | 2 +- ssl/ssl_lib.c | 4 ++++ ssl/t1_lib.c | 8 ++++++++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/apps/s_client.c b/apps/s_client.c index fe14b36..d650cc4 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -368,7 +368,9 @@ static void sc_usage(void) BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); #endif BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +#ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +#endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } @@ -508,7 +510,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) } #endif +#ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif # ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ @@ -1089,11 +1093,13 @@ static char *jpake_secret = NULL; jpake_secret = *++argv; } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1323,6 +1329,8 @@ bad: BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } +#endif +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif @@ -2300,6 +2308,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); @@ -2307,6 +2316,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif SSL_SESSION_print(bio,SSL_get_session(s)); if (keymatexportlabel != NULL) diff --git a/apps/s_server.c b/apps/s_server.c index 1e40769..6690646 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -545,7 +545,9 @@ static void sv_usage(void) # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); # endif +# ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +# endif BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); @@ -965,7 +967,9 @@ static char *jpake_secret = NULL; #ifndef OPENSSL_NO_SRP static srpsrvparm srp_callback_parm; #endif +#ifndef OPENSSL_NO_SRTP static char *srtp_profiles = NULL; +#endif int MAIN(int argc, char *argv[]) { @@ -1488,11 +1492,13 @@ int MAIN(int argc, char *argv[]) jpake_secret = *(++argv); } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1774,8 +1780,10 @@ bad: else SSL_CTX_sess_set_cache_size(ctx,128); +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); +#endif #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); @@ -2727,6 +2735,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "\n"); } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(con); @@ -2735,6 +2744,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index f18f4a0..ae51b58 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -115,12 +115,12 @@ Copyright (C) 2011, RTFM, Inc. */ -#ifndef OPENSSL_NO_SRTP #include #include #include "ssl_locl.h" +#ifndef OPENSSL_NO_SRTP static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d09bb7d..347ca5e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -631,8 +631,10 @@ void SSL_free(SSL *s) OPENSSL_free(s->next_proto_negotiated); #endif +#ifndef OPENSSL_NO_SRTP if (s->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); +#endif OPENSSL_free(s); } @@ -2145,8 +2147,10 @@ void SSL_CTX_free(SSL_CTX *a) a->comp_methods = NULL; #endif +#ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); +#endif #ifndef OPENSSL_NO_PSK if (a->psk_identity_hint) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2180c54..f399bc0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1501,6 +1501,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c ret += s->alpn_client_proto_list_len; } +#ifndef OPENSSL_NO_SRTP if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -1519,6 +1520,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret += el; } +#endif custom_ext_init(&s->cert->cli_ext); /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, &ret, limit, al)) @@ -1681,6 +1683,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } #endif +#ifndef OPENSSL_NO_SRTP if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1699,6 +1702,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret+=el; } +#endif if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) @@ -2470,6 +2474,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } /* session ticket processed earlier */ +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) && type == TLSEXT_TYPE_use_srtp) { @@ -2477,6 +2482,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char al)) return 0; } +#endif #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; @@ -2813,12 +2819,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char } } #endif +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) return 0; } +#endif #ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) { hooks/post-receive -- OpenSSL source code From matt at openssl.org Mon Jan 5 14:32:12 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 5 Jan 2015 15:32:12 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-139-g6ee7de1 Message-ID: <20150105143212.9884F1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998 (commit) via 7b0194db42bdbd2b060f730195fa4ffed630829f (commit) from bfaf796241d60132442db35bebda88dbafef53a1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998 Author: Matt Caswell Date: Mon Dec 22 11:34:24 2014 +0000 Additional fix required for no-srtp to work RT3638 Reviewed-by: Emilia K?sper commit 7b0194db42bdbd2b060f730195fa4ffed630829f Author: Piotr Sikora Date: Mon Dec 22 11:15:51 2014 +0000 Fix building with no-srtp RT3638 Reviewed-by: Emilia K?sper Conflicts: ssl/t1_lib.c ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 10 ++++++++++ apps/s_server.c | 10 ++++++++++ ssl/d1_srtp.c | 2 +- ssl/ssl_lib.c | 4 ++++ ssl/t1_lib.c | 8 ++++++++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/apps/s_client.c b/apps/s_client.c index e6e8a07..d27ee3d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -375,7 +375,9 @@ static void sc_usage(void) # endif BIO_printf(bio_err," -alpn arg - enable ALPN extension, considering named protocols supported (comma-separated list)\n"); BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); +#ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +#endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n"); } @@ -515,7 +517,9 @@ static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) } #endif +#ifndef OPENSSL_NO_SRTP char *srtp_profiles = NULL; +#endif # ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ @@ -1087,11 +1091,13 @@ static char *jpake_secret = NULL; jpake_secret = *++argv; } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1313,6 +1319,8 @@ bad: BIO_printf(bio_c_out, "PSK key given or JPAKE in use, setting client callback\n"); SSL_CTX_set_psk_client_callback(ctx, psk_client_cb); } +#endif +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif @@ -2332,6 +2340,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile=SSL_get_selected_srtp_profile(s); @@ -2339,6 +2348,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_printf(bio,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif SSL_SESSION_print(bio,SSL_get_session(s)); if (keymatexportlabel != NULL) diff --git a/apps/s_server.c b/apps/s_server.c index c608fbb..d824a83 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -583,7 +583,9 @@ static void sv_usage(void) # ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); # endif +# ifndef OPENSSL_NO_SRTP BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); +# endif BIO_printf(bio_err," -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n"); #endif BIO_printf(bio_err," -keymatexport label - Export keying material using label\n"); @@ -997,7 +999,9 @@ static char *jpake_secret = NULL; #ifndef OPENSSL_NO_SRP static srpsrvparm srp_callback_parm; #endif +#ifndef OPENSSL_NO_SRTP static char *srtp_profiles = NULL; +#endif int MAIN(int argc, char *argv[]) { @@ -1498,11 +1502,13 @@ int MAIN(int argc, char *argv[]) jpake_secret = *(++argv); } #endif +#ifndef OPENSSL_NO_SRTP else if (strcmp(*argv,"-use_srtp") == 0) { if (--argc < 1) goto bad; srtp_profiles = *(++argv); } +#endif else if (strcmp(*argv,"-keymatexport") == 0) { if (--argc < 1) goto bad; @@ -1780,8 +1786,10 @@ bad: else SSL_CTX_sess_set_cache_size(ctx,128); +#ifndef OPENSSL_NO_SRTP if (srtp_profiles != NULL) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); +#endif #if 0 if (cipher == NULL) cipher=getenv("SSL_CIPHER"); @@ -2713,6 +2721,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out, "\n"); } #endif +#ifndef OPENSSL_NO_SRTP { SRTP_PROTECTION_PROFILE *srtp_profile = SSL_get_selected_srtp_profile(con); @@ -2721,6 +2730,7 @@ static int init_ssl_connection(SSL *con) BIO_printf(bio_s_out,"SRTP Extension negotiated, profile=%s\n", srtp_profile->name); } +#endif if (SSL_cache_hit(con)) BIO_printf(bio_s_out,"Reused session-id\n"); if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) & TLS1_FLAGS_TLS_PADDING_BUG) diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index ac1bef0..49bd9b1 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -115,13 +115,13 @@ Copyright (C) 2011, RTFM, Inc. */ -#ifndef OPENSSL_NO_SRTP #include #include #include "ssl_locl.h" #include "srtp.h" +#ifndef OPENSSL_NO_SRTP static SRTP_PROTECTION_PROFILE srtp_known_profiles[]= { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d56459f..cd4ea68 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -641,8 +641,10 @@ void SSL_free(SSL *s) OPENSSL_free(s->next_proto_negotiated); #endif +#ifndef OPENSSL_NO_SRTP if (s->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); +#endif OPENSSL_free(s); } @@ -2139,8 +2141,10 @@ void SSL_CTX_free(SSL_CTX *a) a->comp_methods = NULL; #endif +#ifndef OPENSSL_NO_SRTP if (a->srtp_profiles) sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); +#endif #ifndef OPENSSL_NO_PSK if (a->psk_identity_hint) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4deab88..a4bbb02 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1552,6 +1552,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c ret += s->alpn_client_proto_list_len; } +#ifndef OPENSSL_NO_SRTP if(SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -1570,6 +1571,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret += el; } +#endif custom_ext_init(&s->cert->cli_ext); /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, &ret, limit, al)) @@ -1726,6 +1728,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } #endif +#ifndef OPENSSL_NO_SRTP if(SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1744,6 +1747,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c } ret+=el; } +#endif if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG)) @@ -2484,6 +2488,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char } /* session ticket processed earlier */ +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) && type == TLSEXT_TYPE_use_srtp) { @@ -2491,6 +2496,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char al)) return 0; } +#endif data+=size; } @@ -2854,12 +2860,14 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char } } #endif +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if(ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) return 0; } +#endif /* If this extension type was not otherwise handled, but * matches a custom_cli_ext_record, then send it to the c * callback */ hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 14:35:45 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 15:35:45 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 684400ce192dac51df3d3e92b61830a6ef90be3e Message-ID: <20150105143545.6A6BD1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 684400ce192dac51df3d3e92b61830a6ef90be3e (commit) from 32b07f5a80d22b34cfcd6df76d425bed771b0146 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 684400ce192dac51df3d3e92b61830a6ef90be3e Author: Dr. Stephen Henson Date: Sat Dec 20 15:09:50 2014 +0000 Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: CHANGES | 37 +++++++++++++++++++++++++++++++++++++ crypto/asn1/a_verify.c | 12 ++++++++++++ crypto/dsa/dsa_asn1.c | 14 +++++++++++++- crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++- crypto/x509/x_all.c | 2 ++ 5 files changed, 78 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0f37df7..c076df8 100644 --- a/CHANGES +++ b/CHANGES @@ -659,6 +659,43 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index aacf476..fdeeef6 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -150,6 +156,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 55c75b5..58559e5 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -177,13 +177,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index ae14625..7191b8a 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -86,13 +87,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index b2223ce..d722950 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -73,6 +73,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 14:36:53 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 15:36:53 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-95-ga856553 Message-ID: <20150105143653.EC81B1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via a8565530e27718760220df469f0a071c85b9e731 (commit) from 9e9ee7e37f3da6f5c8aecfee9a2919d417842890 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a8565530e27718760220df469f0a071c85b9e731 Author: Dr. Stephen Henson Date: Sat Dec 20 15:09:50 2014 +0000 Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia K?sper (cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e) ----------------------------------------------------------------------- Summary of changes: CHANGES | 37 +++++++++++++++++++++++++++++++++++++ crypto/asn1/a_verify.c | 12 ++++++++++++ crypto/dsa/dsa_asn1.c | 14 +++++++++++++- crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++- crypto/x509/x_all.c | 2 ++ 5 files changed, 78 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index c3bb940..c91552c 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,43 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index fc84cd3..a571009 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 6058534..473af87 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index ef9acf7..2836efe 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index e06602d..fef55f8 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -72,6 +72,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 14:36:53 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 15:36:53 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-140-g85cfc18 Message-ID: <20150105143654.065F41DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 85cfc188c06bd046420ae70dd6e302f9efe022a9 (commit) from 6ee7de1eb3cb3a47a824cf5de1e6a2522fb1e998 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 85cfc188c06bd046420ae70dd6e302f9efe022a9 Author: Dr. Stephen Henson Date: Sat Dec 20 15:09:50 2014 +0000 Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia K?sper (cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e) ----------------------------------------------------------------------- Summary of changes: CHANGES | 37 +++++++++++++++++++++++++++++++++++++ crypto/asn1/a_verify.c | 12 ++++++++++++ crypto/dsa/dsa_asn1.c | 14 +++++++++++++- crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++- crypto/x509/x_all.c | 2 ++ 5 files changed, 78 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index edf0ee3..5b2f388 100644 --- a/CHANGES +++ b/CHANGES @@ -365,6 +365,43 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index fc84cd3..a571009 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 6058534..473af87 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index ef9acf7..2836efe 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index b2223ce..d722950 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -73,6 +73,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 14:54:22 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 15:54:22 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 4c52816d35681c0533c25fdd3abb4b7c6962302d Message-ID: <20150105145423.171C11DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 4c52816d35681c0533c25fdd3abb4b7c6962302d (commit) from 684400ce192dac51df3d3e92b61830a6ef90be3e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4c52816d35681c0533c25fdd3abb4b7c6962302d Author: Dr. Stephen Henson Date: Sun Dec 14 23:14:15 2014 +0000 Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_type.c | 2 +- crypto/asn1/asn1.h | 2 +- crypto/asn1/x_algor.c | 11 +++++++++++ crypto/x509/x509.h | 1 + 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index a45d2f9..5e1bc76 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { int result = -1; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index fc87e0c..9adee69 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -783,7 +783,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 274e456..57cc956 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -142,3 +142,14 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } + +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 46c1d44..1376ddb 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -772,6 +772,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 14:55:19 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 15:55:19 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-96-g5951cc0 Message-ID: <20150105145519.6CBD01DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 5951cc004b96cd681ffdf39d3fc9238a1ff597ae (commit) from a8565530e27718760220df469f0a071c85b9e731 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5951cc004b96cd681ffdf39d3fc9238a1ff597ae Author: Dr. Stephen Henson Date: Sun Dec 14 23:14:15 2014 +0000 Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. Reviewed-by: Emilia K?sper (cherry picked from commit 4c52816d35681c0533c25fdd3abb4b7c6962302d) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_type.c | 2 +- crypto/asn1/asn1.h | 2 +- crypto/asn1/x_algor.c | 11 +++++++++++ crypto/x509/x509.h | 1 + 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index a45d2f9..5e1bc76 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { int result = -1; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 672c97f..3c45d5d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 274e456..57cc956 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -142,3 +142,14 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } + +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 092dd74..ed767f8 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -768,6 +768,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 14:55:19 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 15:55:19 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-141-gaace6db Message-ID: <20150105145519.799D51DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via aace6dbcb34ba40e9b5ef2da11d3d3e724599ca9 (commit) from 85cfc188c06bd046420ae70dd6e302f9efe022a9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit aace6dbcb34ba40e9b5ef2da11d3d3e724599ca9 Author: Dr. Stephen Henson Date: Sun Dec 14 23:14:15 2014 +0000 Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. Reviewed-by: Emilia K?sper (cherry picked from commit 4c52816d35681c0533c25fdd3abb4b7c6962302d) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_type.c | 2 +- crypto/asn1/asn1.h | 2 +- crypto/asn1/x_algor.c | 11 +++++++++++ crypto/x509/x509.h | 1 + 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index a45d2f9..5e1bc76 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { int result = -1; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 9bd30ac..df844e0 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -776,7 +776,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 274e456..57cc956 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -142,3 +142,14 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); } + +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 2fcc107..39ab669 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -772,6 +772,7 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 15:43:56 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 16:43:56 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_0_9_8-stable updated. OpenSSL_0_9_8zc-18-g7fae32f Message-ID: <20150105154356.BF5491DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_0_9_8-stable has been updated via 7fae32f6d69baf27ef69d92499c59c8a3277f3e3 (commit) via 5260f1a483d453ecf7aec9d1ec4be96432eec4d3 (commit) from 1cb10d9c7d95e36fcc8ed0ade3eafda90e5e3172 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7fae32f6d69baf27ef69d92499c59c8a3277f3e3 Author: Kurt Roeckx Date: Mon Dec 15 17:15:16 2014 +0100 Return error when a bit string indicates an invalid amount of bits left Reviewed-by: Matt Caswell (cherry picked from commit 86edf13b1c97526c0cf63c37342aaa01f5442688) commit 5260f1a483d453ecf7aec9d1ec4be96432eec4d3 Author: Dr. Stephen Henson Date: Wed Dec 17 14:34:36 2014 +0000 Reject invalid constructed encodings. According to X6.90 null, object identifier, boolean, integer and enumerated types can only have primitive encodings: return an error if any of these are received with a constructed encoding. Reviewed-by: Emilia K?sper (cherry picked from commit f5e4b6b5b566320a8d774f9475540f7d0e6a704d) Conflicts: crypto/asn1/asn1_err.c ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_bitstr.c | 7 ++++++- crypto/asn1/asn1.h | 2 ++ crypto/asn1/asn1_err.c | 4 +++- crypto/asn1/tasn_dec.c | 8 ++++++++ 4 files changed, 19 insertions(+), 2 deletions(-) diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 0fb9ce0..665fc09 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -136,11 +136,16 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, p= *pp; i= *(p++); + if (i > 7) + { + i=ASN1_R_INVALID_BIT_STRING_BITS_LEFT; + goto err; + } /* We do this to preserve the settings. If we modify * the settings, via the _set_bit function, we will recalculate * on output */ ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ - ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ + ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|i); /* set */ if (len-- > 1) /* using one because of the bits left byte */ { diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index d9d5443..aeb3f4c 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -1260,6 +1260,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_ILLEGAL_TIME_VALUE 184 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 +#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 #define ASN1_R_INVALID_DIGIT 130 #define ASN1_R_INVALID_MIME_TYPE 200 @@ -1308,6 +1309,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 218 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index ba88eb3..92b4f8f 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -235,6 +235,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) ,"illegal time value"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"}, +{ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),"invalid bit string bits left"}, {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"}, {ERR_REASON(ASN1_R_INVALID_DIGIT) ,"invalid digit"}, {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) ,"invalid mime type"}, @@ -283,6 +284,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, {ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, +{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index a228c0d..b81d151 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -866,6 +866,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } else if (cst) { + if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN + || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER + || utype == V_ASN1_ENUMERATED) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ASN1_R_TYPE_NOT_PRIMITIVE); + return 0; + } buf.length = 0; buf.max = 0; buf.data = NULL; hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 15:43:56 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 16:43:56 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-55-g208a601 Message-ID: <20150105154357.20E401DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 208a6012be3077d83df4475f32dd1b1446f3a02e (commit) via d7f8a7cafd9458a18de16c7662b9f7d07c1efe49 (commit) via 0f1c30b00d3ede3e735dd9c740cf4cd5881c59cb (commit) from c4b969639a4ace587f67b7cda86f8fbdcb0e79ce (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 208a6012be3077d83df4475f32dd1b1446f3a02e Author: Dr. Stephen Henson Date: Sat Dec 20 15:09:50 2014 +0000 Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia K?sper (cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e) Conflicts: CHANGES crypto/dsa/dsa_asn1.c commit d7f8a7cafd9458a18de16c7662b9f7d07c1efe49 Author: Dr. Stephen Henson Date: Sun Dec 14 23:14:15 2014 +0000 Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. Reviewed-by: Emilia K?sper (cherry picked from commit 4c52816d35681c0533c25fdd3abb4b7c6962302d) Conflicts: crypto/asn1/x_algor.c crypto/x509/x509.h commit 0f1c30b00d3ede3e735dd9c740cf4cd5881c59cb Author: Dr. Stephen Henson Date: Wed Dec 17 14:34:36 2014 +0000 Reject invalid constructed encodings. According to X6.90 null, object identifier, boolean, integer and enumerated types can only have primitive encodings: return an error if any of these are received with a constructed encoding. Reviewed-by: Emilia K?sper (cherry picked from commit f5e4b6b5b566320a8d774f9475540f7d0e6a704d) Conflicts: crypto/asn1/asn1_err.c ----------------------------------------------------------------------- Summary of changes: CHANGES | 37 ++++++++++++++++++++++++++++++++++++- crypto/asn1/a_type.c | 2 +- crypto/asn1/a_verify.c | 12 ++++++++++++ crypto/asn1/asn1.h | 3 ++- crypto/asn1/asn1_err.c | 3 ++- crypto/asn1/tasn_dec.c | 8 ++++++++ crypto/asn1/x_algor.c | 10 ++++++++++ crypto/dsa/dsa_vrf.c | 14 +++++++++++++- crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++- crypto/x509/x509.h | 1 + crypto/x509/x_all.c | 2 ++ 11 files changed, 101 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 7c96384..8e8646e 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,42 @@ Changes between 1.0.0o and 1.0.0p [xx XXX xxxx] - *) + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] Changes between 1.0.0n and 1.0.0o [15 Oct 2014] diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index a45d2f9..5e1bc76 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -113,7 +113,7 @@ IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) /* Returns 0 if they are equal, != 0 otherwise. */ -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b) +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) { int result = -1; diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 097ec81..a75c8c9 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -142,6 +148,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); /* Convert signature OID into digest and public key OIDs */ diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index f6f491f..689ef8a 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -777,7 +777,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); -int ASN1_TYPE_cmp(ASN1_TYPE *a, ASN1_TYPE *b); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); @@ -1377,6 +1377,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_TIME_NOT_ASCII_FORMAT 193 #define ASN1_R_TOO_LONG 155 #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 +#define ASN1_R_TYPE_NOT_PRIMITIVE 218 #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 #define ASN1_R_UNEXPECTED_EOC 159 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 35293f2..59a35e1 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2009 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -293,6 +293,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]= {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"}, {ERR_REASON(ASN1_R_TOO_LONG) ,"too long"}, {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"}, +{ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) ,"type not primitive"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"}, {ERR_REASON(ASN1_R_UNEXPECTED_EOC) ,"unexpected eoc"}, diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 87d7dfd..2cbfa81 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -870,6 +870,14 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } else if (cst) { + if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN + || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER + || utype == V_ASN1_ENUMERATED) + { + ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, + ASN1_R_TYPE_NOT_PRIMITIVE); + return 0; + } buf.length = 0; buf.max = 0; buf.data = NULL; diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 99e5342..acc41ba 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -128,3 +128,13 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, } } +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index 226a75f..9a6905b 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -77,13 +77,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index ef9acf7..2836efe 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index e6f8a40..2900777 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -763,6 +763,7 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 8ec88c2..3571bf0 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -72,6 +72,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } hooks/post-receive -- OpenSSL source code From emilia at openssl.org Mon Jan 5 16:32:23 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 5 Jan 2015 17:32:23 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 61aa44ca99473f9cabdfb2d3b35abd0b473437d1 Message-ID: <20150105163223.515971DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 61aa44ca99473f9cabdfb2d3b35abd0b473437d1 (commit) from 4c52816d35681c0533c25fdd3abb4b7c6962302d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61aa44ca99473f9cabdfb2d3b35abd0b473437d1 Author: Adam Langley Date: Mon Jan 5 17:28:33 2015 +0100 Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/ssl_lib.c | 15 +++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/CHANGES b/CHANGES index c076df8..c444b24 100644 --- a/CHANGES +++ b/CHANGES @@ -659,6 +659,13 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 347ca5e..1552fd9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3194,6 +3194,21 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; + + /* + * Inherit the session ID context as it is typically set from the + * parent SSL_CTX, and can vary with the CTX. + * Note that per-SSL SSL_set_session_id_context() will not persist + * if called before SSL_set_SSL_CTX. + */ + ssl->sid_ctx_length = ctx->sid_ctx_length; + /* + * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), + * so setter APIs must prevent invalid lengths from entering the system. + */ + OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); + memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + return(ssl->ctx); } hooks/post-receive -- OpenSSL source code From emilia at openssl.org Mon Jan 5 16:39:00 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 5 Jan 2015 17:39:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-142-gd9b277e Message-ID: <20150105163900.0C00C1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via d9b277e085988598945463b0ad12a6321556252b (commit) from aace6dbcb34ba40e9b5ef2da11d3d3e724599ca9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d9b277e085988598945463b0ad12a6321556252b Author: Adam Langley Date: Mon Jan 5 17:28:33 2015 +0100 Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz (cherry picked from commit 61aa44ca99473f9cabdfb2d3b35abd0b473437d1) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/ssl_lib.c | 15 +++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/CHANGES b/CHANGES index 5b2f388..1880a46 100644 --- a/CHANGES +++ b/CHANGES @@ -365,6 +365,13 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index cd4ea68..64c9eab 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3198,6 +3198,21 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; + + /* + * Inherit the session ID context as it is typically set from the + * parent SSL_CTX, and can vary with the CTX. + * Note that per-SSL SSL_set_session_id_context() will not persist + * if called before SSL_set_SSL_CTX. + */ + ssl->sid_ctx_length = ctx->sid_ctx_length; + /* + * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), + * so setter APIs must prevent invalid lengths from entering the system. + */ + OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); + memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + return(ssl->ctx); } hooks/post-receive -- OpenSSL source code From emilia at openssl.org Mon Jan 5 16:39:11 2015 From: emilia at openssl.org (Emilia Kasper) Date: Mon, 5 Jan 2015 17:39:11 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-97-g2357cd2 Message-ID: <20150105163911.ACA7A1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 2357cd2e200dbc964e81e867194dd3be8fc00d7e (commit) from 5951cc004b96cd681ffdf39d3fc9238a1ff597ae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2357cd2e200dbc964e81e867194dd3be8fc00d7e Author: Adam Langley Date: Mon Jan 5 17:28:33 2015 +0100 Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. From BoringSSL commit https://boringssl.googlesource.com/boringssl/+/a5dc545bbcffd9c24cebe65e9ab5ce72d4535e3a Reviewed-by: Rich Salz (cherry picked from commit 61aa44ca99473f9cabdfb2d3b35abd0b473437d1) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/ssl_lib.c | 15 +++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/CHANGES b/CHANGES index c91552c..bfb75be 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Ensure that the session ID context of an SSL is updated when its + SSL_CTX is updated via SSL_set_SSL_CTX. + + The session ID context is typically set from the parent SSL_CTX, + and can vary with the CTX. + [Adam Langley] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2fab2f1..707ec6b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2982,6 +2982,21 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) if (ssl->ctx != NULL) SSL_CTX_free(ssl->ctx); /* decrement reference count */ ssl->ctx = ctx; + + /* + * Inherit the session ID context as it is typically set from the + * parent SSL_CTX, and can vary with the CTX. + * Note that per-SSL SSL_set_session_id_context() will not persist + * if called before SSL_set_SSL_CTX. + */ + ssl->sid_ctx_length = ctx->sid_ctx_length; + /* + * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), + * so setter APIs must prevent invalid lengths from entering the system. + */ + OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); + memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + return(ssl->ctx); } hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 16:47:52 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 17:47:52 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_0_9_8-stable updated. OpenSSL_0_9_8zc-21-gec2fede Message-ID: <20150105164752.37C141DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_0_9_8-stable has been updated via ec2fede9467ae1a65f452d3a39f7fbc4891d9285 (commit) via 63f3c9e715955f0cdc83698d8a3dfb1b80064407 (commit) via c22e2dd6e52899926d1f1ee3a2b5b9570d03130f (commit) from 7fae32f6d69baf27ef69d92499c59c8a3277f3e3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ec2fede9467ae1a65f452d3a39f7fbc4891d9285 Author: Dr. Stephen Henson Date: Sat Dec 20 15:09:50 2014 +0000 Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a certificate the fingerprint can be changed without breaking the signature. Although no details of the signed portion of the certificate can be changed this can cause problems with some applications: e.g. those using the certificate fingerprint for blacklists. 1. Reject signatures with non zero unused bits. If the BIT STRING containing the signature has non zero unused bits reject the signature. All current signature algorithms require zero unused bits. 2. Check certificate algorithm consistency. Check the AlgorithmIdentifier inside TBS matches the one in the certificate signature. NB: this will result in signature failure errors for some broken certificates. 3. Check DSA/ECDSA signatures use DER. Reencode DSA/ECDSA signatures and compare with the original received signature. Return an error if there is a mismatch. This will reject various cases including garbage after signature (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS program for discovering this case) and use of BER or invalid ASN.1 INTEGERs (negative or with leading zeroes). CVE-2014-8275 Reviewed-by: Emilia K?sper (cherry picked from commit 208a6012be3077d83df4475f32dd1b1446f3a02e) Conflicts: crypto/dsa/dsa_vrf.c commit 63f3c9e715955f0cdc83698d8a3dfb1b80064407 Author: Dr. Stephen Henson Date: Mon Jan 5 15:35:55 2015 +0000 Update ordinals. Reviewed-by: Emilia K?sper commit c22e2dd6e52899926d1f1ee3a2b5b9570d03130f Author: Dr. Stephen Henson Date: Sun Dec 14 23:14:15 2014 +0000 Add ASN1_TYPE_cmp and X509_ALGOR_cmp. (these are needed for certificate fingerprint fixes) Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: CHANGES | 37 ++++++++++++++++++++++++++++++++++++- crypto/asn1/a_type.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ crypto/asn1/a_verify.c | 12 ++++++++++++ crypto/asn1/asn1.h | 1 + crypto/asn1/x_algor.c | 10 ++++++++++ crypto/dsa/dsa_asn1.c | 16 ++++++++++++++-- crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++- crypto/x509/x509.h | 1 + crypto/x509/x_all.c | 2 ++ util/libeay.num | 2 ++ 10 files changed, 138 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index d236eea..60a4596 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,42 @@ Changes between 0.9.8zc and 0.9.8zd [xx XXX xxxx] - *) + *) Fix various certificate fingerprint issues. + + By using non-DER or invalid encodings outside the signed portion of a + certificate the fingerprint can be changed without breaking the signature. + Although no details of the signed portion of the certificate can be changed + this can cause problems with some applications: e.g. those using the + certificate fingerprint for blacklists. + + 1. Reject signatures with non zero unused bits. + + If the BIT STRING containing the signature has non zero unused bits reject + the signature. All current signature algorithms require zero unused bits. + + 2. Check certificate algorithm consistency. + + Check the AlgorithmIdentifier inside TBS matches the one in the + certificate signature. NB: this will result in signature failure + errors for some broken certificates. + + Thanks to Konrad Kraszewski from Google for reporting this issue. + + 3. Check DSA/ECDSA signatures use DER. + + Reencode DSA/ECDSA signatures and compare with the original received + signature. Return an error if there is a mismatch. + + This will reject various cases including garbage after signature + (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS + program for discovering this case) and use of BER or invalid ASN.1 INTEGERs + (negative or with leading zeroes). + + Further analysis was conducted and fixes were developed by Stephen Henson + of the OpenSSL core team. + + (CVE-2014-8275) + [Steve Henson] Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014] diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 36becea..b7a95ad 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -108,3 +108,49 @@ int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value) IMPLEMENT_STACK_OF(ASN1_TYPE) IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) + +/* Returns 0 if they are equal, != 0 otherwise. */ +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) + { + int result = -1; + + if (!a || !b || a->type != b->type) return -1; + + switch (a->type) + { + case V_ASN1_OBJECT: + result = OBJ_cmp(a->value.object, b->value.object); + break; + case V_ASN1_NULL: + result = 0; /* They do not have content. */ + break; + case V_ASN1_INTEGER: + case V_ASN1_NEG_INTEGER: + case V_ASN1_ENUMERATED: + case V_ASN1_NEG_ENUMERATED: + case V_ASN1_BIT_STRING: + case V_ASN1_OCTET_STRING: + case V_ASN1_SEQUENCE: + case V_ASN1_SET: + case V_ASN1_NUMERICSTRING: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_VIDEOTEXSTRING: + case V_ASN1_IA5STRING: + case V_ASN1_UTCTIME: + case V_ASN1_GENERALIZEDTIME: + case V_ASN1_GRAPHICSTRING: + case V_ASN1_VISIBLESTRING: + case V_ASN1_GENERALSTRING: + case V_ASN1_UNIVERSALSTRING: + case V_ASN1_BMPSTRING: + case V_ASN1_UTF8STRING: + case V_ASN1_OTHER: + default: + result = ASN1_STRING_cmp((ASN1_STRING *) a->value.ptr, + (ASN1_STRING *) b->value.ptr); + break; + } + + return result; + } diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 7ded69b..3ef363d 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -89,6 +89,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } + + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + goto err; + } inl=i2d(data,NULL); buf_in=OPENSSL_malloc((unsigned int)inl); @@ -144,6 +150,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat return -1; } + if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) + { + ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + return -1; + } + EVP_MD_CTX_init(&ctx); i=OBJ_obj2nid(a->algorithm); type=EVP_get_digestbyname(OBJ_nid2sn(i)); diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index aeb3f4c..bd7af2d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -769,6 +769,7 @@ DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) int ASN1_TYPE_get(ASN1_TYPE *a); void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); +int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); ASN1_OBJECT * ASN1_OBJECT_new(void ); void ASN1_OBJECT_free(ASN1_OBJECT *a); diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index 99e5342..acc41ba 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -128,3 +128,13 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, } } +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) + { + int rv; + rv = OBJ_cmp(a->algorithm, b->algorithm); + if (rv) + return rv; + if (!a->parameter && !b->parameter) + return 0; + return ASN1_TYPE_cmp(a->parameter, b->parameter); + } diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index bc7d7a0..08d4772 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -200,7 +200,11 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int siglen, DSA *dsa) { DSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; + #ifdef OPENSSL_FIPS if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) { @@ -211,10 +215,18 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len, s = DSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; + if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_DSA_SIG(s, &der); + if (derlen != siglen || memcmp(sigbuf, der, derlen)) + goto err; ret=DSA_do_verify(dgst,dgst_len,s,dsa); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } DSA_SIG_free(s); return(ret); } - diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index ef9acf7..2836efe 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,7 @@ */ #include "ecs_locl.h" +#include "cryptlib.h" #ifndef OPENSSL_NO_ENGINE #include #endif @@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len, const unsigned char *sigbuf, int sig_len, EC_KEY *eckey) { ECDSA_SIG *s; + const unsigned char *p = sigbuf; + unsigned char *der = NULL; + int derlen = -1; int ret=-1; s = ECDSA_SIG_new(); if (s == NULL) return(ret); - if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err; + if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err; + /* Ensure signature uses DER and doesn't have trailing garbage */ + derlen = i2d_ECDSA_SIG(s, &der); + if (derlen != sig_len || memcmp(sigbuf, der, derlen)) + goto err; ret=ECDSA_do_verify(dgst, dgst_len, s, eckey); err: + if (derlen > 0) + { + OPENSSL_cleanse(der, derlen); + OPENSSL_free(der); + } ECDSA_SIG_free(s); return(ret); } diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index c34689a..e77ee69 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -870,6 +870,7 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, X509_ALGOR *algor); +int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); X509_NAME *X509_NAME_dup(X509_NAME *xn); X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index c7b07f7..f4c68fc 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -73,6 +73,8 @@ int X509_verify(X509 *a, EVP_PKEY *r) { + if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature)) + return 0; return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, a->signature,a->cert_info,r)); } diff --git a/util/libeay.num b/util/libeay.num index f3b7776..b2f9e45 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: +X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: BN_mod_exp_mont_word 2401 EXIST::FUNCTION: @@ -3730,3 +3731,4 @@ JPAKE_STEP2_init 4113 EXIST::FUNCTION:JPAKE pqueue_size 4114 EXIST::FUNCTION: OPENSSL_uni2asc 4115 EXIST:NETWARE:FUNCTION: OPENSSL_asc2uni 4116 EXIST:NETWARE:FUNCTION: +ASN1_TYPE_cmp 4428 EXIST::FUNCTION: hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 16:51:05 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 17:51:05 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-56-g31c65a7 Message-ID: <20150105165107.2C51E1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 31c65a7bc0de7ff1446645d41af388893362f579 (commit) from 208a6012be3077d83df4475f32dd1b1446f3a02e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 31c65a7bc0de7ff1446645d41af388893362f579 Author: Dr. Stephen Henson Date: Mon Jan 5 16:50:31 2015 +0000 update ordinals Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index c9967c1..a992e0d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: +X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: BN_mod_exp_mont_word 2401 EXIST::FUNCTION: hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 16:52:18 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 17:52:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-98-g2175744 Message-ID: <20150105165218.1FC711DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 2175744952f5c8eaa2749f347629891497a1bcca (commit) from 2357cd2e200dbc964e81e867194dd3be8fc00d7e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2175744952f5c8eaa2749f347629891497a1bcca Author: Dr. Stephen Henson Date: Mon Jan 5 16:50:31 2015 +0000 update ordinals Reviewed-by: Emilia K?sper (cherry picked from commit 31c65a7bc0de7ff1446645d41af388893362f579) ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index aa86b2b..3821c9c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: +X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: BN_mod_exp_mont_word 2401 EXIST::FUNCTION: hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 16:52:18 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 17:52:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. c05febfa4f861666726a7a29b23e8dbbf1744e61 Message-ID: <20150105165218.9DDE41DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via c05febfa4f861666726a7a29b23e8dbbf1744e61 (commit) from 61aa44ca99473f9cabdfb2d3b35abd0b473437d1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c05febfa4f861666726a7a29b23e8dbbf1744e61 Author: Dr. Stephen Henson Date: Mon Jan 5 16:50:31 2015 +0000 update ordinals Reviewed-by: Emilia K?sper (cherry picked from commit 31c65a7bc0de7ff1446645d41af388893362f579) ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index fa12145..bd57fbd 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: +X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: BN_mod_exp_mont_word 2401 EXIST::FUNCTION: hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 16:52:18 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 5 Jan 2015 17:52:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-143-gd96c249 Message-ID: <20150105165218.34C781DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via d96c24926d74aacbabe70f9ef49a0d260d9e2fad (commit) from d9b277e085988598945463b0ad12a6321556252b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d96c24926d74aacbabe70f9ef49a0d260d9e2fad Author: Dr. Stephen Henson Date: Mon Jan 5 16:50:31 2015 +0000 update ordinals Reviewed-by: Emilia K?sper (cherry picked from commit 31c65a7bc0de7ff1446645d41af388893362f579) ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index c98b918..4a11d78 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1807,6 +1807,7 @@ ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: +X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: EVP_CIPHER_CTX_ctrl 2400 EXIST::FUNCTION: BN_mod_exp_mont_word 2401 EXIST::FUNCTION: hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Mon Jan 5 21:07:06 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 5 Jan 2015 22:07:06 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. b5526482ef81ee7906b967e326d23a45fbcf3abc Message-ID: <20150105210708.CDD721DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via b5526482ef81ee7906b967e326d23a45fbcf3abc (commit) from c05febfa4f861666726a7a29b23e8dbbf1744e61 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5526482ef81ee7906b967e326d23a45fbcf3abc Author: Rich Salz Date: Mon Jan 5 16:05:54 2015 -0500 RT3546: Remove #define IRIX_CC_BUG Leftovers from commit 448155e9bbda27cbba365ff549a7e2044a8a399f Remove now-unused #define's Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: e_os.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/e_os.h b/e_os.h index 1d27b63..c6ca774 100644 --- a/e_os.h +++ b/e_os.h @@ -626,13 +626,6 @@ extern char *sys_errlist[]; extern int sys_nerr; /***********************************************/ -#ifdef sgi -#define IRIX_CC_BUG /* all version of IRIX I've tested (4.* 5.*) */ -#endif -#ifdef OPENSSL_SYS_SNI -#define IRIX_CC_BUG /* CDS++ up to V2.0Bsomething suffered from the same bug.*/ -#endif - #if defined(OPENSSL_SYS_WINDOWS) # define strcasecmp _stricmp # define strncasecmp _strnicmp hooks/post-receive -- OpenSSL source code From steve at openssl.org Mon Jan 5 23:34:40 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 00:34:40 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. b15f8769644b00ef7283521593360b7b2135cb63 Message-ID: <20150105233440.A58151DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via b15f8769644b00ef7283521593360b7b2135cb63 (commit) from b5526482ef81ee7906b967e326d23a45fbcf3abc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b15f8769644b00ef7283521593360b7b2135cb63 Author: Dr. Stephen Henson Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/s3_clnt.c | 18 +++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index c444b24..0252eb5 100644 --- a/CHANGES +++ b/CHANGES @@ -659,6 +659,13 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan for reporting this issue. + (CVE-2014-3572) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4ca2774..2313fbc 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1376,6 +1376,8 @@ int ssl3_get_key_exchange(SSL *s) int encoded_pt_len = 0; #endif + EVP_MD_CTX_init(&md_ctx); + /* use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped */ n=s->method->ssl_get_message(s, @@ -1386,14 +1388,26 @@ int ssl3_get_key_exchange(SSL *s) &ok); if (!ok) return((int)n); + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg_k & (SSL_kDHE|SSL_kECDHE)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } #ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems later.*/ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) + if (alg_k & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1438,9 +1452,7 @@ int ssl3_get_key_exchange(SSL *s) /* Total length of the parameters including the length prefix */ param_len=0; - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; - EVP_MD_CTX_init(&md_ctx); al=SSL_AD_DECODE_ERROR; hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 00:07:04 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 01:07:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_0_9_8-stable updated. OpenSSL_0_9_8zc-22-ge42a2ab Message-ID: <20150106000704.C38371DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_0_9_8-stable has been updated via e42a2abadc90664e2615dc63ba7f79cf163f780a (commit) from ec2fede9467ae1a65f452d3a39f7fbc4891d9285 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e42a2abadc90664e2615dc63ba7f79cf163f780a Author: Dr. Stephen Henson Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) Conflicts: CHANGES ssl/s3_clnt.c ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/s3_clnt.c | 15 +++++++++++++-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 60a4596..75da406 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 0.9.8zc and 0.9.8zd [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan for reporting this issue. + (CVE-2014-3572) + [Steve Henson] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4828937..256fc94 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1123,8 +1123,21 @@ int ssl3_get_key_exchange(SSL *s) if (!ok) return((int)n); + alg=s->s3->tmp.new_cipher->algorithms; + EVP_MD_CTX_init(&md_ctx); + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg & (SSL_kEDH|SSL_kECDHE)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } s->s3->tmp.reuse_message=1; return(1); } @@ -1162,8 +1175,6 @@ int ssl3_get_key_exchange(SSL *s) /* Total length of the parameters including the length prefix */ param_len=0; - alg=s->s3->tmp.new_cipher->algorithms; - EVP_MD_CTX_init(&md_ctx); al=SSL_AD_DECODE_ERROR; #ifndef OPENSSL_NO_RSA hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 00:07:04 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 01:07:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-57-g802a070 Message-ID: <20150106000704.D67151DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 802a070bb6452dd9df49e550e0f3b16777e5232b (commit) from 31c65a7bc0de7ff1446645d41af388893362f579 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 802a070bb6452dd9df49e550e0f3b16777e5232b Author: Dr. Stephen Henson Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) Conflicts: CHANGES ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/s3_clnt.c | 18 +++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 8e8646e..519869b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 1.0.0o and 1.0.0p [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan for reporting this issue. + (CVE-2014-3572) + [Steve Henson] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index e614f96..f2e9e54 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1191,6 +1191,8 @@ int ssl3_get_key_exchange(SSL *s) int encoded_pt_len = 0; #endif + EVP_MD_CTX_init(&md_ctx); + /* use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped */ n=s->method->ssl_get_message(s, @@ -1201,14 +1203,26 @@ int ssl3_get_key_exchange(SSL *s) &ok); if (!ok) return((int)n); + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg_k & (SSL_kEDH|SSL_kEECDH)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } #ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems later.*/ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) + if (alg_k & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1253,9 +1267,7 @@ int ssl3_get_key_exchange(SSL *s) /* Total length of the parameters including the length prefix */ param_len=0; - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; - EVP_MD_CTX_init(&md_ctx); al=SSL_AD_DECODE_ERROR; hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 00:07:04 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 01:07:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-99-gef28c6d Message-ID: <20150106000704.E70291DF10F@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via ef28c6d6767a6a30df5add36171894c96628fe98 (commit) from 2175744952f5c8eaa2749f347629891497a1bcca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ef28c6d6767a6a30df5add36171894c96628fe98 Author: Dr. Stephen Henson Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/s3_clnt.c | 18 +++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index bfb75be..8d3e6ff 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,13 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan for reporting this issue. + (CVE-2014-3572) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7a95d5a..43ffc77 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1277,6 +1277,8 @@ int ssl3_get_key_exchange(SSL *s) int encoded_pt_len = 0; #endif + EVP_MD_CTX_init(&md_ctx); + /* use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped */ n=s->method->ssl_get_message(s, @@ -1287,14 +1289,26 @@ int ssl3_get_key_exchange(SSL *s) &ok); if (!ok) return((int)n); + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg_k & (SSL_kEDH|SSL_kEECDH)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } #ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems later.*/ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) + if (alg_k & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1339,9 +1353,7 @@ int ssl3_get_key_exchange(SSL *s) /* Total length of the parameters including the length prefix */ param_len=0; - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; - EVP_MD_CTX_init(&md_ctx); al=SSL_AD_DECODE_ERROR; hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 00:07:04 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 01:07:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-144-g4aaf1e4 Message-ID: <20150106000705.0763D1DF110@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 4aaf1e493cb86efa64f6a486a27d38da6bce23af (commit) from d96c24926d74aacbabe70f9ef49a0d260d9e2fad (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4aaf1e493cb86efa64f6a486a27d38da6bce23af Author: Dr. Stephen Henson Date: Fri Oct 24 12:30:33 2014 +0100 ECDH downgrade bug fix. Fix bug where an OpenSSL client would accept a handshake using an ephemeral ECDH ciphersuites with the server key exchange message omitted. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2014-3572 Reviewed-by: Matt Caswell (cherry picked from commit b15f8769644b00ef7283521593360b7b2135cb63) ----------------------------------------------------------------------- Summary of changes: CHANGES | 7 +++++++ ssl/s3_clnt.c | 18 +++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 1880a46..8ce7697 100644 --- a/CHANGES +++ b/CHANGES @@ -365,6 +365,13 @@ Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + *) Abort handshake if server key exchange message is omitted for ephemeral + ECDH ciphersuites. + + Thanks to Karthikeyan Bhargavan for reporting this issue. + (CVE-2014-3572) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 47cb93d..6de971b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1363,6 +1363,8 @@ int ssl3_get_key_exchange(SSL *s) int encoded_pt_len = 0; #endif + EVP_MD_CTX_init(&md_ctx); + /* use same message size as in ssl3_get_certificate_request() * as ServerKeyExchange message may be skipped */ n=s->method->ssl_get_message(s, @@ -1373,14 +1375,26 @@ int ssl3_get_key_exchange(SSL *s) &ok); if (!ok) return((int)n); + alg_k=s->s3->tmp.new_cipher->algorithm_mkey; + if (s->s3->tmp.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) { + /* + * Can't skip server key exchange if this is an ephemeral + * ciphersuite. + */ + if (alg_k & (SSL_kDHE|SSL_kECDHE)) + { + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); + al = SSL_AD_UNEXPECTED_MESSAGE; + goto f_err; + } #ifndef OPENSSL_NO_PSK /* In plain PSK ciphersuite, ServerKeyExchange can be omitted if no identity hint is sent. Set session->sess_cert anyway to avoid problems later.*/ - if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK) + if (alg_k & SSL_kPSK) { s->session->sess_cert=ssl_sess_cert_new(); if (s->ctx->psk_identity_hint) @@ -1425,9 +1439,7 @@ int ssl3_get_key_exchange(SSL *s) /* Total length of the parameters including the length prefix */ param_len=0; - alg_k=s->s3->tmp.new_cipher->algorithm_mkey; alg_a=s->s3->tmp.new_cipher->algorithm_auth; - EVP_MD_CTX_init(&md_ctx); al=SSL_AD_DECODE_ERROR; hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 02:07:44 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 03:07:44 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. ce325c60c74b0fa784f5872404b722e120e5cab0 Message-ID: <20150106020745.3B6EA1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via ce325c60c74b0fa784f5872404b722e120e5cab0 (commit) from b15f8769644b00ef7283521593360b7b2135cb63 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ce325c60c74b0fa784f5872404b722e120e5cab0 Author: Dr. Stephen Henson Date: Thu Oct 23 17:09:57 2014 +0100 Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/ssl/SSL_CTX_set_options.pod | 10 +--------- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- ssl/d1_srvr.c | 21 ++++++--------------- ssl/s3_clnt.c | 7 +++++++ ssl/s3_srvr.c | 21 ++++++--------------- ssl/ssl.h | 5 ++--- 7 files changed, 38 insertions(+), 57 deletions(-) diff --git a/CHANGES b/CHANGES index 0252eb5..c9c19c3 100644 --- a/CHANGES +++ b/CHANGES @@ -666,6 +666,14 @@ (CVE-2014-3572) [Steve Henson] + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 1594fb6..593435c 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -151,15 +151,7 @@ temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with DHE (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index b23e43a..94c55b8 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index bcadd31..8a5c5a1 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -472,24 +472,15 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if ( /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2313fbc..aa9dcbb 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1636,6 +1636,13 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + /* Temporary RSA keys only allowed in export ciphersuites */ + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6c0bdcf..e5a32ee 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -453,20 +453,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or @@ -480,7 +471,7 @@ int ssl3_accept(SSL *s) * server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp + if ( /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/ssl.h b/ssl/ssl.h index 31d01b6..98661d0 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -606,9 +606,8 @@ struct ssl_session_st #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 02:35:19 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 03:35:19 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. fb76ad8d43e37b399f22932c8ccc85578fcdf7b5 Message-ID: <20150106023519.520821DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via fb76ad8d43e37b399f22932c8ccc85578fcdf7b5 (commit) from ce325c60c74b0fa784f5872404b722e120e5cab0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fb76ad8d43e37b399f22932c8ccc85578fcdf7b5 Author: Dr. Stephen Henson Date: Tue Jan 6 02:17:07 2015 +0000 fix compilation error Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 2 +- ssl/s3_srvr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 8a5c5a1..059385c 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -480,7 +480,7 @@ int dtls1_accept(SSL *s) /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if ( + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e5a32ee..90e95d6 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -471,7 +471,7 @@ int ssl3_accept(SSL *s) * server certificate contains the server's * public key for key exchange. */ - if ( + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK hooks/post-receive -- OpenSSL source code From appro at openssl.org Tue Jan 6 10:10:40 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 6 Jan 2015 11:10:40 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 4fec91506975f62a2f93be71a46acc7fae7eef45 Message-ID: <20150106101040.B99F41DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 4fec91506975f62a2f93be71a46acc7fae7eef45 (commit) from fb76ad8d43e37b399f22932c8ccc85578fcdf7b5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4fec91506975f62a2f93be71a46acc7fae7eef45 Author: Andy Polyakov Date: Tue Jan 6 11:10:01 2015 +0100 CHANGES: mention "universal" ARM support. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ crypto/bn/bn_lib.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index c9c19c3..f8dfbd4 100644 --- a/CHANGES +++ b/CHANGES @@ -337,6 +337,14 @@ Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 886de0d..2f6ab61 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -265,7 +265,7 @@ void BN_free(BIGNUM *a) OPENSSL_free(a); else { -#ifndef OPENSSL_NO_DEPRECATED +#ifdef OPENSSL_USE_DEPRECATED a->flags|=BN_FLG_FREE; #endif a->d = NULL; hooks/post-receive -- OpenSSL source code From appro at openssl.org Tue Jan 6 10:22:30 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 6 Jan 2015 11:22:30 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-146-gcaeed71 Message-ID: <20150106102230.538AC1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via caeed719fe3fd619415755f245ab8a904978d99d (commit) via f4868c99213c2b67d84e4506571216d23aa2d9fb (commit) from 4aaf1e493cb86efa64f6a486a27d38da6bce23af (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit caeed719fe3fd619415755f245ab8a904978d99d Author: Andy Polyakov Date: Tue Jan 6 11:10:01 2015 +0100 CHANGES: mention "universal" ARM support. Reviewed-by: Matt Caswell (cherry picked from commit 4fec91506975f62a2f93be71a46acc7fae7eef45) commit f4868c99213c2b67d84e4506571216d23aa2d9fb Author: Andy Polyakov Date: Fri Nov 7 22:48:22 2014 +0100 Remove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. Reviewed-by: Ard Biesheuvel Reviewed-by: Matt Caswell (cherry picked from commit c1669e1c205dc8e695fb0c10a655f434e758b9f7) ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 +++ Configure | 30 +++++++- crypto/aes/asm/aesv8-armx.pl | 8 ++- crypto/aes/asm/bsaes-armv7.pl | 8 ++- crypto/arm_arch.h | 12 ++++ crypto/armcap.c | 7 +- crypto/armv4cpuid.S | 140 +++++++++++++++++------------------- crypto/bn/asm/armv4-gf2m.pl | 128 +++++++++++++++++---------------- crypto/bn/asm/armv4-mont.pl | 9 +-- crypto/bn/bn_lib.c | 2 +- crypto/evp/e_aes.c | 2 +- crypto/modes/asm/ghash-armv4.pl | 3 +- crypto/modes/gcm128.c | 2 +- crypto/sha/asm/sha1-armv4-large.pl | 11 ++- crypto/sha/asm/sha256-armv4.pl | 11 ++- crypto/sha/asm/sha512-armv4.pl | 11 ++- 16 files changed, 232 insertions(+), 160 deletions(-) diff --git a/CHANGES b/CHANGES index 8ce7697..ccaab05 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,14 @@ (CVE-2014-3566) [Adam Langley, Bodo Moeller] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] diff --git a/Configure b/Configure index 4d943e1..0850d90 100755 --- a/Configure +++ b/Configure @@ -351,8 +351,34 @@ my %table=( # throw in -D[BL]_ENDIAN, whichever appropriate... "linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# It's believed that majority of ARM toolchains predefine appropriate -march. -# If you compiler does not, do complement config command line with one! + +####################################################################### +# Note that -march is not among compiler options in below linux-armv4 +# target line. Not specifying one is intentional to give you choice to: +# +# a) rely on your compiler default by not specifying one; +# b) specify your target platform explicitly for optimal performance, +# e.g. -march=armv6 or -march=armv7-a; +# c) build "universal" binary that targets *range* of platforms by +# specifying minimum and maximum supported architecture; +# +# As for c) option. It actually makes no sense to specify maximum to be +# less than ARMv7, because it's the least requirement for run-time +# switch between platform-specific code paths. And without run-time +# switch performance would be equivalent to one for minimum. Secondly, +# there are some natural limitations that you'd have to accept and +# respect. Most notably you can *not* build "universal" binary for +# big-endian platform. This is because ARMv7 processor always picks +# instructions in little-endian order. Another similar limitation is +# that -mthumb can't "cross" -march=armv6t2 boundary, because that's +# where it became Thumb-2. Well, this limitation is a bit artificial, +# because it's not really impossible, but it's deemed too tricky to +# support. And of course you have to be sure that your binutils are +# actually up to the task of handling maximum target platform. With all +# this in mind here is an example of how to configure "universal" build: +# +# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 +# "linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 923c7f6..1e93f86 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -35,11 +35,13 @@ $prefix="aes_v8"; $code=<<___; #include "arm_arch.h" -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .text ___ -$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); -$code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); +$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); +$code.=".arch armv7-a\n.fpu neon\n.code 32\n" if ($flavour !~ /64/); + #^^^^^^ this is done to simplify adoption by not depending + # on latest binutils. # Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax, # NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index f3d96d9..fcc81d1 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -702,13 +702,17 @@ $code.=<<___; # define BSAES_ASM_EXTENDED_KEY # define XTS_CHAIN_TWEAK # define __ARM_ARCH__ __LINUX_ARM_ARCH__ +# define __ARM_MAX_ARCH__ __LINUX_ARM_ARCH__ #endif #ifdef __thumb__ # define adrl adr #endif -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + .text .syntax unified @ ARMv7-capable assembler is expected to handle this #ifdef __thumb2__ @@ -717,8 +721,6 @@ $code.=<<___; .code 32 #endif -.fpu neon - .type _bsaes_decrypt8,%function .align 4 _bsaes_decrypt8: diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index 6fa8724..d137c92 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -52,6 +52,18 @@ #include #endif +#if !defined(__ARM_MAX_ARCH__) +# define __ARM_MAX_ARCH__ __ARM_ARCH__ +#endif + +#if __ARM_MAX_ARCH__<__ARM_ARCH__ +# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" +#elif __ARM_MAX_ARCH__!=__ARM_ARCH__ +# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) +# error "can't build universal big-endian binary" +# endif +#endif + #if !__ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index 7e46d07..24f7a08 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -7,8 +7,12 @@ #include "arm_arch.h" -unsigned int OPENSSL_armcap_P; +unsigned int OPENSSL_armcap_P=0; +#if __ARM_MAX_ARCH__<7 +void OPENSSL_cpuid_setup(void) {} +unsigned long OPENSSL_rdtsc(void) { return 0; } +#else static sigset_t all_masked; static sigjmp_buf ill_jmp; @@ -155,3 +159,4 @@ void OPENSSL_cpuid_setup(void) sigaction (SIGILL,&ill_oact,NULL); sigprocmask(SIG_SETMASK,&oset,NULL); } +#endif diff --git a/crypto/armv4cpuid.S b/crypto/armv4cpuid.S index 0059311..65010ae 100644 --- a/crypto/armv4cpuid.S +++ b/crypto/armv4cpuid.S @@ -3,69 +3,6 @@ .text .code 32 -@ Special note about using .byte directives to encode instructions. -@ Initial reason for hand-coding instructions was to allow module to -@ be compilable by legacy tool-chains. At later point it was pointed -@ out that since ARMv7, instructions are always encoded in little-endian -@ order, therefore one has to opt for endian-neutral presentation. -@ Contemporary tool-chains offer .inst directive for this purpose, -@ but not legacy ones. Therefore .byte. But there is an exception, -@ namely ARMv7-R profile still allows for big-endian encoding even for -@ instructions. This raises the question what if probe instructions -@ appear executable to such processor operating in big-endian order? -@ They have to be chosen in a way that avoids this problem. As failed -@ NEON probe disables a number of other probes we have to ensure that -@ only NEON probe instruction doesn't appear executable in big-endian -@ order, therefore 'vorr q8,q8,q8', and not some other register. The -@ only probe that is not bypassed on failed NEON probe is _armv7_tick, -@ where you'll spot 'mov r0,r6' that serves this purpose. Basic idea is -@ that if fetched in alternative byte oder instruction should crash to -@ denote lack of probed capability... - -.align 5 -.global _armv7_neon_probe -.type _armv7_neon_probe,%function -_armv7_neon_probe: - .byte 0xf0,0x01,0x60,0xf2 @ vorr q8,q8,q8 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv7_neon_probe,.-_armv7_neon_probe - -.global _armv7_tick -.type _armv7_tick,%function -_armv7_tick: - .byte 0x06,0x00,0xa0,0xe1 @ mov r0,r6 - .byte 0x1e,0x0f,0x51,0xec @ mrrc p15,1,r0,r1,c14 @ CNTVCT - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr - nop -.size _armv7_tick,.-_armv7_tick - -.global _armv8_aes_probe -.type _armv8_aes_probe,%function -_armv8_aes_probe: - .byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_aes_probe,.-_armv8_aes_probe - -.global _armv8_sha1_probe -.type _armv8_sha1_probe,%function -_armv8_sha1_probe: - .byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_sha1_probe,.-_armv8_sha1_probe - -.global _armv8_sha256_probe -.type _armv8_sha256_probe,%function -_armv8_sha256_probe: - .byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_sha256_probe,.-_armv8_sha256_probe -.global _armv8_pmull_probe -.type _armv8_pmull_probe,%function -_armv8_pmull_probe: - .byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 - .byte 0x1e,0xff,0x2f,0xe1 @ bx lr -.size _armv8_pmull_probe,.-_armv8_pmull_probe - .align 5 .global OPENSSL_atomic_add .type OPENSSL_atomic_add,%function @@ -139,30 +76,81 @@ OPENSSL_cleanse: #endif .size OPENSSL_cleanse,.-OPENSSL_cleanse +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + +.align 5 +.global _armv7_neon_probe +.type _armv7_neon_probe,%function +_armv7_neon_probe: + vorr q0,q0,q0 + bx lr +.size _armv7_neon_probe,.-_armv7_neon_probe + +.global _armv7_tick +.type _armv7_tick,%function +_armv7_tick: + mrrc p15,1,r0,r1,c14 @ CNTVCT + bx lr +.size _armv7_tick,.-_armv7_tick + +.global _armv8_aes_probe +.type _armv8_aes_probe,%function +_armv8_aes_probe: + .byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 + bx lr +.size _armv8_aes_probe,.-_armv8_aes_probe + +.global _armv8_sha1_probe +.type _armv8_sha1_probe,%function +_armv8_sha1_probe: + .byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 + bx lr +.size _armv8_sha1_probe,.-_armv8_sha1_probe + +.global _armv8_sha256_probe +.type _armv8_sha256_probe,%function +_armv8_sha256_probe: + .byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 + bx lr +.size _armv8_sha256_probe,.-_armv8_sha256_probe +.global _armv8_pmull_probe +.type _armv8_pmull_probe,%function +_armv8_pmull_probe: + .byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 + bx lr +.size _armv8_pmull_probe,.-_armv8_pmull_probe +#endif + .global OPENSSL_wipe_cpu .type OPENSSL_wipe_cpu,%function OPENSSL_wipe_cpu: +#if __ARM_MAX_ARCH__>=7 ldr r0,.LOPENSSL_armcap adr r1,.LOPENSSL_armcap ldr r0,[r1,r0] +#endif eor r2,r2,r2 eor r3,r3,r3 eor ip,ip,ip +#if __ARM_MAX_ARCH__>=7 tst r0,#1 beq .Lwipe_done - .byte 0x50,0x01,0x00,0xf3 @ veor q0, q0, q0 - .byte 0x52,0x21,0x02,0xf3 @ veor q1, q1, q1 - .byte 0x54,0x41,0x04,0xf3 @ veor q2, q2, q2 - .byte 0x56,0x61,0x06,0xf3 @ veor q3, q3, q3 - .byte 0xf0,0x01,0x40,0xf3 @ veor q8, q8, q8 - .byte 0xf2,0x21,0x42,0xf3 @ veor q9, q9, q9 - .byte 0xf4,0x41,0x44,0xf3 @ veor q10, q10, q10 - .byte 0xf6,0x61,0x46,0xf3 @ veor q11, q11, q11 - .byte 0xf8,0x81,0x48,0xf3 @ veor q12, q12, q12 - .byte 0xfa,0xa1,0x4a,0xf3 @ veor q13, q13, q13 - .byte 0xfc,0xc1,0x4c,0xf3 @ veor q14, q14, q14 - .byte 0xfe,0xe1,0x4e,0xf3 @ veor q14, q14, q14 + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + veor q8, q8, q8 + veor q9, q9, q9 + veor q10, q10, q10 + veor q11, q11, q11 + veor q12, q12, q12 + veor q13, q13, q13 + veor q14, q14, q14 + veor q15, q15, q15 .Lwipe_done: +#endif mov r0,sp #if __ARM_ARCH__>=5 bx lr @@ -200,8 +188,10 @@ OPENSSL_instrument_bus2: .size OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2 .align 5 +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-.LOPENSSL_armcap +#endif #if __ARM_ARCH__>=6 .align 5 #else diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index b781afb..8f529c9 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -40,10 +40,6 @@ $code=<<___; .text .code 32 - -#if __ARM_ARCH__>=7 -.fpu neon -#endif ___ ################ # private interface to mul_1x1_ialu @@ -142,20 +138,80 @@ ___ # BN_ULONG a1,BN_ULONG a0, # BN_ULONG b1,BN_ULONG b0); # r[3..0]=a1a0?b1b0 { -my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12)); -my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31)); - $code.=<<___; .global bn_GF2m_mul_2x2 .type bn_GF2m_mul_2x2,%function .align 5 bn_GF2m_mul_2x2: -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 ldr r12,.LOPENSSL_armcap .Lpic: ldr r12,[pc,r12] tst r12,#1 - beq .Lialu + bne .LNEON +#endif +___ +$ret="r10"; # reassigned 1st argument +$code.=<<___; + stmdb sp!,{r4-r10,lr} + mov $ret,r0 @ reassign 1st argument + mov $b,r3 @ $b=b1 + ldr r3,[sp,#32] @ load b0 + mov $mask,#7<<2 + sub sp,sp,#32 @ allocate tab[8] + + bl mul_1x1_ialu @ a1?b1 + str $lo,[$ret,#8] + str $hi,[$ret,#12] + + eor $b,$b,r3 @ flip b0 and b1 + eor $a,$a,r2 @ flip a0 and a1 + eor r3,r3,$b + eor r2,r2,$a + eor $b,$b,r3 + eor $a,$a,r2 + bl mul_1x1_ialu @ a0?b0 + str $lo,[$ret] + str $hi,[$ret,#4] + eor $a,$a,r2 + eor $b,$b,r3 + bl mul_1x1_ialu @ (a1+a0)?(b1+b0) +___ + at r=map("r$_",(6..9)); +$code.=<<___; + ldmia $ret,{@r[0]- at r[3]} + eor $lo,$lo,$hi + eor $hi,$hi, at r[1] + eor $lo,$lo, at r[0] + eor $hi,$hi, at r[2] + eor $lo,$lo, at r[3] + eor $hi,$hi, at r[3] + str $hi,[$ret,#8] + eor $lo,$lo,$hi + add sp,sp,#32 @ destroy tab[8] + str $lo,[$ret,#4] + +#if __ARM_ARCH__>=5 + ldmia sp!,{r4-r10,pc} +#else + ldmia sp!,{r4-r10,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet + bx lr @ interoperable with Thumb ISA:-) +#endif +___ +} +{ +my ($r,$t0,$t1,$t2,$t3)=map("q$_",(0..3,8..12)); +my ($a,$b,$k48,$k32,$k16)=map("d$_",(26..31)); + +$code.=<<___; +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a +.fpu neon + +.align 5 +.LNEON: ldr r12, [sp] @ 5th argument vmov.32 $a, r2, r1 vmov.32 $b, r12, r3 @@ -203,62 +259,12 @@ bn_GF2m_mul_2x2: vst1.32 {$r}, [r0] ret @ bx lr -.align 4 -.Lialu: #endif ___ } -$ret="r10"; # reassigned 1st argument $code.=<<___; - stmdb sp!,{r4-r10,lr} - mov $ret,r0 @ reassign 1st argument - mov $b,r3 @ $b=b1 - ldr r3,[sp,#32] @ load b0 - mov $mask,#7<<2 - sub sp,sp,#32 @ allocate tab[8] - - bl mul_1x1_ialu @ a1?b1 - str $lo,[$ret,#8] - str $hi,[$ret,#12] - - eor $b,$b,r3 @ flip b0 and b1 - eor $a,$a,r2 @ flip a0 and a1 - eor r3,r3,$b - eor r2,r2,$a - eor $b,$b,r3 - eor $a,$a,r2 - bl mul_1x1_ialu @ a0?b0 - str $lo,[$ret] - str $hi,[$ret,#4] - - eor $a,$a,r2 - eor $b,$b,r3 - bl mul_1x1_ialu @ (a1+a0)?(b1+b0) -___ - at r=map("r$_",(6..9)); -$code.=<<___; - ldmia $ret,{@r[0]- at r[3]} - eor $lo,$lo,$hi - eor $hi,$hi, at r[1] - eor $lo,$lo, at r[0] - eor $hi,$hi, at r[2] - eor $lo,$lo, at r[3] - eor $hi,$hi, at r[3] - str $hi,[$ret,#8] - eor $lo,$lo,$hi - add sp,sp,#32 @ destroy tab[8] - str $lo,[$ret,#4] - -#if __ARM_ARCH__>=5 - ldmia sp!,{r4-r10,pc} -#else - ldmia sp!,{r4-r10,lr} - tst lr,#1 - moveq pc,lr @ be binary compatible with V4, yet - bx lr @ interoperable with Thumb ISA:-) -#endif .size bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: .word OPENSSL_armcap_P-(.Lpic+8) @@ -266,7 +272,9 @@ $code.=<<___; .asciz "GF(2^m) Multiplication for ARMv4/NEON, CRYPTOGAMS by " .align 5 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ foreach (split("\n",$code)) { diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index 72bad8e..1d330e9 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -72,7 +72,7 @@ $code=<<___; .text .code 32 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .align 5 .LOPENSSL_armcap: .word OPENSSL_armcap_P-bn_mul_mont @@ -85,7 +85,7 @@ $code=<<___; bn_mul_mont: ldr ip,[sp,#4] @ load num stmdb sp!,{r0,r2} @ sp points at argument block -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 tst ip,#7 bne .Lialu adr r0,bn_mul_mont @@ -256,7 +256,8 @@ my ($rptr,$aptr,$bptr,$nptr,$n0,$num)=map("r$_",(0..5)); my ($tinptr,$toutptr,$inner,$outer)=map("r$_",(6..9)); $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type bn_mul8x_mont_neon,%function @@ -663,7 +664,7 @@ ___ $code.=<<___; .asciz "Montgomery multiplication for ARMv4/NEON, CRYPTOGAMS by " .align 2 -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 #endif ___ diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index d5a211e..cac632d 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,7 +263,7 @@ void BN_free(BIGNUM *a) OPENSSL_free(a); else { -#ifndef OPENSSL_NO_DEPRECATED +#ifdef OPENSSL_USE_DEPRECATED a->flags|=BN_FLG_FREE; #endif a->d = NULL; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 2a18a56..36091e4 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -911,7 +911,7 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ #if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__)) #include "arm_arch.h" -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 # if defined(BSAES_ASM) # define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) # endif diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 0023bf9..77fbf34 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -365,7 +365,8 @@ ___ } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .global gcm_init_neon diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 878c993..24ad40a 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -675,7 +675,7 @@ void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len # endif # elif defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" -# if __ARM_ARCH__>=7 +# if __ARM_MAX_ARCH__>=7 # define GHASH_ASM_ARM # define GCM_FUNCREF_4BIT # define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 50bd07b..b2c3032 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -174,7 +174,7 @@ $code=<<___; .align 5 sha1_block_data_order: -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 sub r3,pc,#8 @ sha1_block_data_order ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P @@ -264,8 +264,10 @@ $code.=<<___; .LK_20_39: .word 0x6ed9eba1 .LK_40_59: .word 0x8f1bbcdc .LK_60_79: .word 0xca62c1d6 +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha1_block_data_order +#endif .asciz "SHA1 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 5 ___ @@ -476,7 +478,8 @@ sub Xloop() } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type sha1_block_data_order_neon,%function @@ -563,7 +566,7 @@ my @Kxx=map("q$_",(8..11)); my ($W0,$W1,$ABCD_SAVE)=map("q$_",(12..14)); $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .type sha1_block_data_order_armv8,%function .align 5 sha1_block_data_order_armv8: @@ -637,7 +640,9 @@ $code.=<<___; ___ }}} $code.=<<___; +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ { my %opcode = ( diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 505ca8f..b0ae936 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -177,8 +177,10 @@ K256: .word 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 .size K256,.-K256 .word 0 @ terminator +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha256_block_data_order +#endif .align 5 .global sha256_block_data_order @@ -186,7 +188,7 @@ K256: sha256_block_data_order: sub r3,pc,#8 @ sha256_block_data_order add $len,$inp,$len,lsl#6 @ len to point at the end of inp -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P tst r12,#ARMV8_SHA256 @@ -423,7 +425,8 @@ sub body_00_15 () { } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .type sha256_block_data_order_neon,%function @@ -545,7 +548,7 @@ my ($W0,$W1,$ABCD_SAVE,$EFGH_SAVE)=map("q$_",(12..15)); my $Ktbl="r3"; $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .type sha256_block_data_order_armv8,%function .align 5 sha256_block_data_order_armv8: @@ -616,7 +619,9 @@ ___ $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 2 +#if __ARM_MARCH_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ { my %opcode = ( diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 1d5275b..fb7dc50 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -237,16 +237,20 @@ WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c) WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 +#if __ARM_MAX_ARCH__>=7 .LOPENSSL_armcap: .word OPENSSL_armcap_P-sha512_block_data_order .skip 32-4 +#else +.skip 32 +#endif .global sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: sub r3,pc,#8 @ sha512_block_data_order add $len,$inp,$len,lsl#7 @ len to point at the end of inp -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P tst r12,#1 @@ -551,7 +555,8 @@ ___ } $code.=<<___; -#if __ARM_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 +.arch armv7-a .fpu neon .align 4 @@ -592,7 +597,9 @@ $code.=<<___; .size sha512_block_data_order,.-sha512_block_data_order .asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by " .align 2 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 +#endif ___ $code =~ s/\`([^\`]*)\`/eval $1/gem; hooks/post-receive -- OpenSSL source code From appro at openssl.org Tue Jan 6 11:12:32 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 6 Jan 2015 12:12:32 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 219338115bea8a0450f39af2026c281375448310 Message-ID: <20150106111232.893F01DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 219338115bea8a0450f39af2026c281375448310 (commit) from 4fec91506975f62a2f93be71a46acc7fae7eef45 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 219338115bea8a0450f39af2026c281375448310 Author: Andy Polyakov Date: Tue Jan 6 12:11:01 2015 +0100 Revert "CHANGES: mention "universal" ARM support." This reverts commit 4fec91506975f62a2f93be71a46acc7fae7eef45. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 -------- crypto/bn/bn_lib.c | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index f8dfbd4..c9c19c3 100644 --- a/CHANGES +++ b/CHANGES @@ -337,14 +337,6 @@ Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] - *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. - ARMv5 through ARMv8, as opposite to "locking" it to single one. - So far those who have to target multiple plaforms would compromise - and argue that binary targeting say ARMv5 would still execute on - ARMv8. "Universal" build resolves this compromise by providing - near-optimal performance even on newer platforms. - [Andy Polyakov] - *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 2f6ab61..886de0d 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -265,7 +265,7 @@ void BN_free(BIGNUM *a) OPENSSL_free(a); else { -#ifdef OPENSSL_USE_DEPRECATED +#ifndef OPENSSL_NO_DEPRECATED a->flags|=BN_FLG_FREE; #endif a->d = NULL; hooks/post-receive -- OpenSSL source code From appro at openssl.org Tue Jan 6 11:12:32 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 6 Jan 2015 12:12:32 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-147-g2996157 Message-ID: <20150106111232.63F601DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 2996157127bb5f607efa35001951439fa440b7ca (commit) from caeed719fe3fd619415755f245ab8a904978d99d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2996157127bb5f607efa35001951439fa440b7ca Author: Andy Polyakov Date: Tue Jan 6 12:12:15 2015 +0100 Revert "CHANGES: mention "universal" ARM support." This reverts commit caeed719fe3fd619415755f245ab8a904978d99d. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 -------- crypto/bn/bn_lib.c | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index ccaab05..8ce7697 100644 --- a/CHANGES +++ b/CHANGES @@ -43,14 +43,6 @@ (CVE-2014-3566) [Adam Langley, Bodo Moeller] - *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. - ARMv5 through ARMv8, as opposite to "locking" it to single one. - So far those who have to target multiple plaforms would compromise - and argue that binary targeting say ARMv5 would still execute on - ARMv8. "Universal" build resolves this compromise by providing - near-optimal performance even on newer platforms. - [Andy Polyakov] - *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index cac632d..d5a211e 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -263,7 +263,7 @@ void BN_free(BIGNUM *a) OPENSSL_free(a); else { -#ifdef OPENSSL_USE_DEPRECATED +#ifndef OPENSSL_NO_DEPRECATED a->flags|=BN_FLG_FREE; #endif a->d = NULL; hooks/post-receive -- OpenSSL source code From appro at openssl.org Tue Jan 6 11:15:55 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 6 Jan 2015 12:15:55 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-148-g1cfd7cf Message-ID: <20150106111555.121141DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 1cfd7cf3ccd86566845b416fd87167536cc8cd90 (commit) from 2996157127bb5f607efa35001951439fa440b7ca (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1cfd7cf3ccd86566845b416fd87167536cc8cd90 Author: Andy Polyakov Date: Tue Jan 6 12:13:36 2015 +0100 CHANGES: mention "universal" ARM support. This is re-commit without unrelated modification. Reviewed-by: Matt Caswell (cherry picked from commit 0548505f4cbd49b9724fab28881e096f9d951e6f) ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGES b/CHANGES index 8ce7697..ccaab05 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,14 @@ (CVE-2014-3566) [Adam Langley, Bodo Moeller] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] hooks/post-receive -- OpenSSL source code From appro at openssl.org Tue Jan 6 11:15:55 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 6 Jan 2015 12:15:55 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 0548505f4cbd49b9724fab28881e096f9d951e6f Message-ID: <20150106111555.375B61DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 0548505f4cbd49b9724fab28881e096f9d951e6f (commit) from 219338115bea8a0450f39af2026c281375448310 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0548505f4cbd49b9724fab28881e096f9d951e6f Author: Andy Polyakov Date: Tue Jan 6 12:13:36 2015 +0100 CHANGES: mention "universal" ARM support. This is re-commit without unrelated modification. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGES b/CHANGES index c9c19c3..f8dfbd4 100644 --- a/CHANGES +++ b/CHANGES @@ -337,6 +337,14 @@ Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] + *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. + ARMv5 through ARMv8, as opposite to "locking" it to single one. + So far those who have to target multiple plaforms would compromise + and argue that binary targeting say ARMv5 would still execute on + ARMv8. "Universal" build resolves this compromise by providing + near-optimal performance even on newer platforms. + [Andy Polyakov] + *) Accelerated NIST P-256 elliptic curve implementation for x86_64 (other platforms pending). [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov] hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 13:10:58 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 14:10:58 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-149-g4b4c1fc Message-ID: <20150106131059.000601DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6 (commit) from 1cfd7cf3ccd86566845b416fd87167536cc8cd90 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6 Author: Dr. Stephen Henson Date: Thu Oct 23 17:09:57 2014 +0100 Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/ssl/SSL_CTX_set_options.pod | 10 +--------- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- ssl/d1_srvr.c | 21 ++++++--------------- ssl/s3_clnt.c | 7 +++++++ ssl/s3_srvr.c | 21 ++++++--------------- ssl/ssl.h | 5 ++--- 7 files changed, 38 insertions(+), 57 deletions(-) diff --git a/CHANGES b/CHANGES index ccaab05..0ccd742 100644 --- a/CHANGES +++ b/CHANGES @@ -380,6 +380,14 @@ (CVE-2014-3572) [Steve Henson] + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 7551755..e80a72c 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -158,15 +158,7 @@ temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with DHE (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index b23e43a..94c55b8 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use DHE (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index ce73f24..8e8f94c 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -472,24 +472,15 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6de971b..77f61f1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1623,6 +1623,13 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + /* Temporary RSA keys only allowed in export ciphersuites */ + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 01c9828..9a10a7c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -446,20 +446,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or @@ -473,7 +464,7 @@ int ssl3_accept(SSL *s) * server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/ssl.h b/ssl/ssl.h index d51ae38..3e56a5f 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -622,9 +622,8 @@ struct ssl_session_st #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 13:46:44 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 14:46:44 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_0_9_8-stable updated. OpenSSL_0_9_8zc-23-g72f1815 Message-ID: <20150106134644.C86BE1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_0_9_8-stable has been updated via 72f181539118828ca966a0f8d03f6428e2bcf0d6 (commit) from e42a2abadc90664e2615dc63ba7f79cf163f780a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 72f181539118828ca966a0f8d03f6428e2bcf0d6 Author: Dr. Stephen Henson Date: Thu Oct 23 17:09:57 2014 +0100 Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: CHANGES doc/ssl/SSL_CTX_set_options.pod ssl/d1_srvr.c ssl/s3_srvr.c ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/ssl/SSL_CTX_set_options.pod | 10 +--------- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- ssl/d1_srvr.c | 16 ++-------------- ssl/s3_clnt.c | 7 +++++++ ssl/s3_srvr.c | 16 ++-------------- ssl/ssl.h | 5 ++--- 7 files changed, 30 insertions(+), 55 deletions(-) diff --git a/CHANGES b/CHANGES index 75da406..ea460d6 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,14 @@ (CVE-2014-3572) [Steve Henson] + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index a2a570b..307b157 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -152,15 +152,7 @@ temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with EDH (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 534643c..8794eb7 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 0e6bf46..0e9bb20 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -371,23 +371,11 @@ int dtls1_accept(SSL *s) /* clear this, it may get reset by * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(l & SSL_KRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp - || (l & (SSL_DH|SSL_kFZA)) + if ((l & (SSL_DH|SSL_kFZA)) || ((l & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 256fc94..2402a06 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1180,6 +1180,13 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg & SSL_kRSA) { + /* Temporary RSA keys only allowed in export ciphersuites */ + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ca3e77a..18832e9 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -355,18 +355,7 @@ int ssl3_accept(SSL *s) /* clear this, it may get reset by * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(l & SSL_KRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or @@ -378,8 +367,7 @@ int ssl3_accept(SSL *s) * server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp - || (l & SSL_kECDHE) + if ((l & SSL_kECDHE) || (l & (SSL_DH|SSL_kFZA)) || ((l & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL diff --git a/ssl/ssl.h b/ssl/ssl.h index 4ea0d80..8420100 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -526,9 +526,8 @@ typedef struct ssl_session_st #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 13:46:44 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 14:46:44 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-100-g37580f4 Message-ID: <20150106134644.E514B1DF10F@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 37580f43b5a39f5f4e920d17273fab9713d3a744 (commit) from ef28c6d6767a6a30df5add36171894c96628fe98 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 37580f43b5a39f5f4e920d17273fab9713d3a744 Author: Dr. Stephen Henson Date: Thu Oct 23 17:09:57 2014 +0100 Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: doc/ssl/SSL_CTX_set_options.pod ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/ssl/SSL_CTX_set_options.pod | 10 +--------- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- ssl/d1_srvr.c | 21 ++++++--------------- ssl/s3_clnt.c | 7 +++++++ ssl/s3_srvr.c | 21 ++++++--------------- ssl/ssl.h | 5 ++--- 7 files changed, 38 insertions(+), 57 deletions(-) diff --git a/CHANGES b/CHANGES index 8d3e6ff..594d7c5 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,14 @@ (CVE-2014-3572) [Steve Henson] + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 6e6b5e6..e80a72c 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -158,15 +158,7 @@ temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with EDH (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 534643c..8794eb7 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index e40701e..da4c21e 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -454,24 +454,15 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 43ffc77..023c679 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1537,6 +1537,13 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + /* Temporary RSA keys only allowed in export ciphersuites */ + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ac2cc3d..d883f86 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -447,20 +447,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or @@ -474,7 +465,7 @@ int ssl3_accept(SSL *s) * server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/ssl.h b/ssl/ssl.h index a6a1c77..2ba5923 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -596,9 +596,8 @@ struct ssl_session_st #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 13:46:44 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 14:46:44 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-58-g08a8877 Message-ID: <20150106134644.D66161DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 08a88774bd8463bedf7fe440a165d3d98b702361 (commit) from 802a070bb6452dd9df49e550e0f3b16777e5232b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 08a88774bd8463bedf7fe440a165d3d98b702361 Author: Dr. Stephen Henson Date: Thu Oct 23 17:09:57 2014 +0100 Only allow ephemeral RSA keys in export ciphersuites. OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: CHANGES doc/ssl/SSL_CTX_set_options.pod ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/ssl/SSL_CTX_set_options.pod | 10 +--------- doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod | 23 ++++++++--------------- ssl/d1_srvr.c | 21 ++++++--------------- ssl/s3_clnt.c | 7 +++++++ ssl/s3_srvr.c | 21 ++++++--------------- ssl/ssl.h | 5 ++--- 7 files changed, 38 insertions(+), 57 deletions(-) diff --git a/CHANGES b/CHANGES index 519869b..0fbac88 100644 --- a/CHANGES +++ b/CHANGES @@ -11,6 +11,14 @@ (CVE-2014-3572) [Steve Henson] + *) Remove non-export ephemeral RSA code on client and server. This code + violated the TLS standard by allowing the use of temporary RSA keys in + non-export ciphersuites and could be used by a server to effectively + downgrade the RSA key length used to a value smaller than the server + certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + (CVE-2015-0204) + [Steve Henson] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 36bfa59..0de9786 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -152,15 +152,7 @@ temporary/ephemeral DH parameters are used. =item SSL_OP_EPHEMERAL_RSA -Always use ephemeral (temporary) RSA key when doing RSA operations -(see L). -According to the specifications this is only done, when a RSA key -can only be used for signature operations (namely under export ciphers -with restricted RSA keylength). By setting this option, ephemeral -RSA keys are always used. This option breaks compatibility with the -SSL/TLS specifications and may lead to interoperability problems with -clients and should therefore never be used. Ciphers with EDH (ephemeral -Diffie-Hellman) key exchange should be used instead. +This option is no longer implemented and is treated as no op. =item SSL_OP_CIPHER_SERVER_PREFERENCE diff --git a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod index 534643c..8794eb7 100644 --- a/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod @@ -74,21 +74,14 @@ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead in order to achieve forward secrecy (see L). -On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default -and must be explicitly enabled using the SSL_OP_EPHEMERAL_RSA option of -L, violating the TLS/SSL -standard. When ephemeral RSA key exchange is required for export ciphers, -it will automatically be used without this option! - -An application may either directly specify the key or can supply the key via -a callback function. The callback approach has the advantage, that the -callback may generate the key only in case it is actually needed. As the -generation of a RSA key is however costly, it will lead to a significant -delay in the handshake procedure. Another advantage of the callback function -is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA -usage) while the explicit setting of the key is only useful for key size of -512 bits to satisfy the export restricted ciphers and does give away key length -if a longer key would be allowed. +An application may either directly specify the key or can supply the key via a +callback function. The callback approach has the advantage, that the callback +may generate the key only in case it is actually needed. As the generation of a +RSA key is however costly, it will lead to a significant delay in the handshake +procedure. Another advantage of the callback function is that it can supply +keys of different size while the explicit setting of the key is only useful for +key size of 512 bits to satisfy the export restricted ciphers and does give +away key length if a longer key would be allowed. The B is called with the B needed and the B information. The B flag is set, when the diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index f52c735..08b1ab2 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -373,24 +373,15 @@ int dtls1_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange or * RSA but we have a sign only certificate */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f2e9e54..98617c2 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1328,6 +1328,13 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { + /* Temporary RSA keys only allowed in export ciphersuites */ + if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } if ((rsa=RSA_new()) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 20c6fa0..0dce557 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -380,20 +380,11 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_KEY_EXCH_B: alg_k = s->s3->tmp.new_cipher->algorithm_mkey; - /* clear this, it may get reset by - * send_server_key_exchange */ - if ((s->options & SSL_OP_EPHEMERAL_RSA) -#ifndef OPENSSL_NO_KRB5 - && !(alg_k & SSL_kKRB5) -#endif /* OPENSSL_NO_KRB5 */ - ) - /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key - * even when forbidden by protocol specs - * (handshake may fail as clients are not required to - * be able to handle this) */ - s->s3->tmp.use_rsa_tmp=1; - else - s->s3->tmp.use_rsa_tmp=0; + /* + * clear this, it may get reset by + * send_server_key_exchange + */ + s->s3->tmp.use_rsa_tmp=0; /* only send if a DH key exchange, fortezza or @@ -407,7 +398,7 @@ int ssl3_accept(SSL *s) * server certificate contains the server's * public key for key exchange. */ - if (s->s3->tmp.use_rsa_tmp + if (0 /* PSK: send ServerKeyExchange if PSK identity * hint if provided */ #ifndef OPENSSL_NO_PSK diff --git a/ssl/ssl.h b/ssl/ssl.h index 4f4fc82..a143bff 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -560,9 +560,8 @@ typedef struct ssl_session_st #define SSL_OP_SINGLE_ECDH_USE 0x00080000L /* If set, always create a new key when using tmp_dh parameters */ #define SSL_OP_SINGLE_DH_USE 0x00100000L -/* Set to always use the tmp_rsa key when doing RSA operations, - * even when this violates protocol specs */ -#define SSL_OP_EPHEMERAL_RSA 0x00200000L +/* Does nothing: retained for compatibiity */ +#define SSL_OP_EPHEMERAL_RSA 0x0 /* Set on servers to choose the cipher according to the server's * preferences */ #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L hooks/post-receive -- OpenSSL source code From matt at openssl.org Tue Jan 6 15:41:07 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 6 Jan 2015 16:41:07 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. b691154e18c0367643696db3cf73debe9ddfa9ae Message-ID: <20150106154109.63BB71DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via b691154e18c0367643696db3cf73debe9ddfa9ae (commit) from 0548505f4cbd49b9724fab28881e096f9d951e6f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b691154e18c0367643696db3cf73debe9ddfa9ae Author: Matt Caswell Date: Tue Jan 6 15:32:01 2015 +0000 Remove blank line from start of cflags character array in buildinf.h Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkbuildinf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index ca02d7b..9d7b81c 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -19,7 +19,7 @@ my $ctr = 0; foreach my $c (split //, $cflags) { # Max 18 characters per line if (($ctr++ % 18) == 0) { - if ($ctr != 0) { + if ($ctr != 1) { print "\n"; } print " "; hooks/post-receive -- OpenSSL source code From matt at openssl.org Tue Jan 6 15:41:21 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 6 Jan 2015 16:41:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-150-g8dc461e Message-ID: <20150106154121.255B91DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 8dc461eccfec6d4d3b5e55d0cb9a7ce3e546d380 (commit) from 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8dc461eccfec6d4d3b5e55d0cb9a7ce3e546d380 Author: Matt Caswell Date: Tue Jan 6 15:32:01 2015 +0000 Remove blank line from start of cflags character array in buildinf.h Reviewed-by: Richard Levitte (cherry picked from commit b691154e18c0367643696db3cf73debe9ddfa9ae) ----------------------------------------------------------------------- Summary of changes: util/mkbuildinf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index ca02d7b..9d7b81c 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -19,7 +19,7 @@ my $ctr = 0; foreach my $c (split //, $cflags) { # Max 18 characters per line if (($ctr++ % 18) == 0) { - if ($ctr != 0) { + if ($ctr != 1) { print "\n"; } print " "; hooks/post-receive -- OpenSSL source code From matt at openssl.org Tue Jan 6 15:41:34 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 6 Jan 2015 16:41:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-101-gcb951e3 Message-ID: <20150106154134.7DEA01DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via cb951e336bafb0f98896e12fda41af6b6eef5fb2 (commit) from 37580f43b5a39f5f4e920d17273fab9713d3a744 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb951e336bafb0f98896e12fda41af6b6eef5fb2 Author: Matt Caswell Date: Tue Jan 6 15:32:01 2015 +0000 Remove blank line from start of cflags character array in buildinf.h Reviewed-by: Richard Levitte (cherry picked from commit b691154e18c0367643696db3cf73debe9ddfa9ae) ----------------------------------------------------------------------- Summary of changes: util/mkbuildinf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index ca02d7b..9d7b81c 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -19,7 +19,7 @@ my $ctr = 0; foreach my $c (split //, $cflags) { # Max 18 characters per line if (($ctr++ % 18) == 0) { - if ($ctr != 0) { + if ($ctr != 1) { print "\n"; } print " "; hooks/post-receive -- OpenSSL source code From matt at openssl.org Tue Jan 6 15:41:46 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 6 Jan 2015 16:41:46 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-59-g64eec8f Message-ID: <20150106154146.0E9C91DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 64eec8f898f014d796f5f5ebed4db8a5a38cad52 (commit) from 08a88774bd8463bedf7fe440a165d3d98b702361 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64eec8f898f014d796f5f5ebed4db8a5a38cad52 Author: Matt Caswell Date: Tue Jan 6 15:32:01 2015 +0000 Remove blank line from start of cflags character array in buildinf.h Reviewed-by: Richard Levitte (cherry picked from commit b691154e18c0367643696db3cf73debe9ddfa9ae) ----------------------------------------------------------------------- Summary of changes: util/mkbuildinf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index ca02d7b..9d7b81c 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -19,7 +19,7 @@ my $ctr = 0; foreach my $c (split //, $cflags) { # Max 18 characters per line if (($ctr++ % 18) == 0) { - if ($ctr != 0) { + if ($ctr != 1) { print "\n"; } print " "; hooks/post-receive -- OpenSSL source code From matt at openssl.org Tue Jan 6 15:45:57 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 6 Jan 2015 16:45:57 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 3a83462dfea67566ba9bcedee266dc93d2e911e2 Message-ID: <20150106154557.8D3231DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 3a83462dfea67566ba9bcedee266dc93d2e911e2 (commit) from b691154e18c0367643696db3cf73debe9ddfa9ae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3a83462dfea67566ba9bcedee266dc93d2e911e2 Author: Matt Caswell Date: Mon Jan 5 00:34:00 2015 +0000 Further comment amendments to preserve formatting prior to source reformat Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 3 ++- apps/ca.c | 2 +- apps/pkcs7.c | 3 ++- apps/req.c | 2 +- apps/s_cb.c | 2 +- crypto/bio/b_sock.c | 3 ++- crypto/bio/bf_null.c | 6 ++++-- crypto/bio/bss_rtcp.c | 3 ++- crypto/bn/bn_ctx.c | 3 ++- crypto/des/des_old.c | 3 ++- crypto/des/set_key.c | 6 ++++-- crypto/ec/ec2_mult.c | 6 ++++-- crypto/ec/ec2_oct.c | 3 ++- crypto/ec/ecp_nistp224.c | 9 ++++++--- crypto/ec/ecp_nistp256.c | 6 ++++-- crypto/ec/ecp_nistp521.c | 6 ++++-- crypto/ec/ecp_smpl.c | 5 +++-- crypto/ecdh/ech_ossl.c | 3 ++- crypto/engine/eng_openssl.c | 3 ++- crypto/md5/md5_locl.h | 2 +- crypto/objects/objects.h | 3 ++- crypto/ocsp/ocsp_ext.c | 3 ++- crypto/pem/pem.h | 9 ++++++--- crypto/rand/rand_win.c | 3 ++- crypto/rc2/rc2_ecb.c | 3 ++- crypto/stack/stack.c | 3 ++- crypto/threads/mttest.c | 7 ++++--- crypto/threads/th-lock.c | 3 ++- crypto/ui/ui_openssl.c | 3 ++- crypto/x509/x509_vfy.c | 3 ++- crypto/x509v3/pcy_tree.c | 3 ++- crypto/x509v3/v3_lib.c | 3 ++- crypto/x509v3/v3_pku.c | 2 +- engines/e_sureware.c | 3 ++- ssl/kssl.c | 3 ++- ssl/s3_both.c | 3 ++- ssl/s3_cbc.c | 3 ++- ssl/ssl_lib.c | 3 ++- ssl/ssl_sess.c | 3 ++- ssl/ssltest.c | 9 ++++++--- ssl/t1_enc.c | 3 ++- 41 files changed, 102 insertions(+), 55 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 4eb322a..80762c1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2917,7 +2917,8 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) #endif #ifndef OPENSSL_NO_TLSEXT -/* next_protos_parse parses a comma separated list of strings into a string +/*- + * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. * err: (maybe NULL) on failure, an error message line is written to this BIO. diff --git a/apps/ca.c b/apps/ca.c index 6e8fa27..1778f95 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -655,7 +655,7 @@ bad: oid_bio=BIO_new_file(p,"r"); if (oid_bio == NULL) { - /* + /*- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); ERR_print_errors(bio_err); */ diff --git a/apps/pkcs7.c b/apps/pkcs7.c index ae6cd33..0106461 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -71,7 +71,8 @@ #undef PROG #define PROG pkcs7_main -/* -inform arg - input format - default PEM (DER or PEM) +/*- + * -inform arg - input format - default PEM (DER or PEM) * -outform arg - output format - default PEM * -in arg - input file - default stdin * -out arg - output file - default stdout diff --git a/apps/req.c b/apps/req.c index cc1b631..686fac4 100644 --- a/apps/req.c +++ b/apps/req.c @@ -506,7 +506,7 @@ bad: oid_bio=BIO_new_file(p,"r"); if (oid_bio == NULL) { - /* + /*- BIO_printf(bio_err,"problems opening %s for extra oid's\n",p); ERR_print_errors(bio_err); */ diff --git a/apps/s_cb.c b/apps/s_cb.c index 0a6d0ce..7720144 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -230,7 +230,7 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file) return(0); } - /* + /*- In theory this is no longer needed ssl=SSL_new(ctx); x509=SSL_get_certificate(ssl); diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e96667d..f13d2ac 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -549,7 +549,8 @@ int BIO_socket_ioctl(int fd, long type, void *arg) i=ioctlsocket(fd,type,(char *)arg); #else # if defined(OPENSSL_SYS_VMS) - /* 2011-02-18 SMS. + /*- + * 2011-02-18 SMS. * VMS ioctl() can't tolerate a 64-bit "void *arg", but we * observe that all the consumers pass in an "unsigned long *", * so we arrange a local copy with a short pointer, and use diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index c1bf39a..e179e6d 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -102,9 +102,11 @@ static int nullf_new(BIO *bi) static int nullf_free(BIO *a) { if (a == NULL) return(0); -/* a->ptr=NULL; + /*- + a->ptr=NULL; a->init=0; - a->flags=0;*/ + a->flags=0; + */ return(1); } diff --git a/crypto/bio/bss_rtcp.c b/crypto/bio/bss_rtcp.c index d0cd1a9..c65cff4 100644 --- a/crypto/bio/bss_rtcp.c +++ b/crypto/bio/bss_rtcp.c @@ -56,7 +56,8 @@ * [including the GNU Public Licence.] */ -/* Written by David L. Jones +/*- + * Written by David L. Jones * Date: 22-JUL-1996 * Revised: 25-SEP-1997 Update for 0.8.1, BIO_CTRL_SET -> BIO_C_SET_FD */ diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index d5eb022..09b9d1a 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -67,7 +67,8 @@ #include "cryptlib.h" #include "bn_lcl.h" -/* TODO list +/*- + * TODO list * * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and * check they can be safely removed. diff --git a/crypto/des/des_old.c b/crypto/des/des_old.c index 7c33ed7..3d42014 100644 --- a/crypto/des/des_old.c +++ b/crypto/des/des_old.c @@ -1,6 +1,7 @@ /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */ -/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING +/*- + * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * The function names in here are deprecated and are only present to * provide an interface compatible with libdes. OpenSSL now provides diff --git a/crypto/des/set_key.c b/crypto/des/set_key.c index 37dec3c..897b926 100644 --- a/crypto/des/set_key.c +++ b/crypto/des/set_key.c @@ -152,7 +152,8 @@ int DES_is_weak_key(const_DES_cblock *key) return(0); } -/* NOW DEFINED IN des_local.h +/*- + * NOW DEFINED IN des_local.h * See ecb_encrypt.c for a pseudo description of these macros. * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ * (b)^=(t),\ @@ -322,7 +323,8 @@ int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) } } -/* return 0 if key parity is odd (correct), +/*- + * return 0 if key parity is odd (correct), * return -1 if key parity error, * return -2 if illegal weak key. */ diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index c261b81..3f99e17 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -77,7 +77,8 @@ #ifndef OPENSSL_NO_EC2M -/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective +/*- + * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective * coordinates. * Uses algorithm Mdouble in appendix of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over @@ -109,7 +110,8 @@ static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx return ret; } -/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery +/*- + * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery * projective coordinates. * Uses algorithm Madd in appendix of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 0b1fbea..4788a1e 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -73,7 +73,8 @@ #ifndef OPENSSL_NO_EC2M -/* Calculates and sets the affine coordinates of an EC_POINT from the given +/*- + * Calculates and sets the affine coordinates of an EC_POINT from the given * compressed coordinates. Uses algorithm 2.3.4 of SEC 1. * Note that the simple implementation only uses affine coordinates. * diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 4c76827..192bb1d 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -341,7 +341,8 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) } /******************************************************************************/ -/* FIELD OPERATIONS +/*- + * FIELD OPERATIONS * * Field operations, using the internal representation of field elements. * NB! These operations are specific to our point multiplication and cannot be @@ -516,7 +517,8 @@ static void felem_mul(widefelem out, const felem in1, const felem in2) out[6] = ((widelimb) in1[3]) * in2[3]; } -/* Reduce seven 128-bit coefficients to four 64-bit coefficients. +/*- + * Reduce seven 128-bit coefficients to four 64-bit coefficients. * Requires in[i] < 2^126, * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */ static void felem_reduce(felem out, const widefelem in) @@ -748,7 +750,8 @@ copy_conditional(felem out, const felem in, limb icopy) } /******************************************************************************/ -/* ELLIPTIC CURVE POINT OPERATIONS +/*- + * ELLIPTIC CURVE POINT OPERATIONS * * Points are represented in Jacobian projective coordinates: * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3), diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index cd87161..1df0249 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -175,8 +175,10 @@ static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in) } -/* Field operations - * ---------------- */ +/*- + * Field operations + * ---------------- + */ static void smallfelem_one(smallfelem out) { diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 7ff3a0b..613c5ab 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -207,8 +207,10 @@ static BIGNUM *felem_to_BN(BIGNUM *out, const felem in) } -/* Field operations - * ---------------- */ +/*- + * Field operations + * ---------------- + */ static void felem_one(felem out) { diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index bd9f7df..1657369 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -114,13 +114,14 @@ const EC_METHOD *EC_GFp_simple_method(void) } -/* Most method functions in this file are designed to work with +/* + * Most method functions in this file are designed to work with * non-trivial representations of field elements if necessary * (see ecp_mont.c): while standard modular addition and subtraction * are used, the field_mul and field_sqr methods will be used for * multiplication, and field_encode and field_decode (if defined) * will be used for converting between representations. - + * * Functions ec_GFp_simple_points_make_affine() and * ec_GFp_simple_point_get_affine_coordinates() specifically assume * that if a non-trivial representation is used, it is a Montgomery diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index a50e13d..0596341 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -101,7 +101,8 @@ const ECDH_METHOD *ECDH_OpenSSL(void) } -/* This implementation is based on the following primitives in the IEEE 1363 standard: +/*- + * This implementation is based on the following primitives in the IEEE 1363 standard: * - ECKAS-DH1 * - ECSVDP-DH * Finally an optional KDF is applied. diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index db055a6..b9ea840 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -222,7 +222,8 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn) #endif /* ENGINE_DYNAMIC_SUPPORT */ #ifdef TEST_ENG_OPENSSL_RC4 -/* This section of code compiles an "alternative implementation" of two modes of +/*- + * This section of code compiles an "alternative implementation" of two modes of * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4" * should under normal circumstances go via this support rather than the default * EVP support. There are other symbols to tweak the testing; diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h index 432f523..3313956 100644 --- a/crypto/md5/md5_locl.h +++ b/crypto/md5/md5_locl.h @@ -97,7 +97,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num); #include "md32_common.h" -/* +/*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) */ diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index 42d2457..3f14af9 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -604,7 +604,8 @@ #define NID_pbeWithMD5AndCast5_CBC 112 #define OBJ_pbeWithMD5AndCast5_CBC 1L,2L,840L,113533L,7L,66L,12L -/* This is one sun will soon be using :-( +/*- + * This is one sun will soon be using :-( * id-dsa-with-sha1 ID ::= { * iso(1) member-body(2) us(840) x9-57 (10040) x9cm(4) 3 } */ diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index ec884cb..fcacdf0 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -361,7 +361,8 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len); } -/* Check nonce validity in a request and response. +/*- + * Check nonce validity in a request and response. * Return value reflects result: * 1: nonces present and equal. * 2: nonces both absent. diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 5fb903e..7c9b92a 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -176,7 +176,8 @@ typedef struct pem_ctx_st struct { int cipher; - /* unused, and wrong size + /*- + unused, and wrong size unsigned char iv[8]; */ } DEK_info; @@ -185,7 +186,8 @@ typedef struct pem_ctx_st int num_recipient; PEM_USER **recipient; - /* XXX(ben): don#t think this is used! + /*- + XXX(ben): don#t think this is used! STACK *x509_chain; / * certificate chain */ EVP_MD *md; /* signature type */ @@ -196,7 +198,8 @@ typedef struct pem_ctx_st EVP_CIPHER *dec; /* date encryption cipher */ int key_len; /* key length */ unsigned char *key; /* key */ - /* unused, and wrong size + /*- + unused, and wrong size unsigned char iv[8]; */ diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index e7cbd05..ba87f95 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -434,7 +434,8 @@ int RAND_poll(void) FreeLibrary(user); } - /* Toolhelp32 snapshot: enumerate processes, threads, modules and heap + /*- + * Toolhelp32 snapshot: enumerate processes, threads, modules and heap * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm * (Win 9x and 2000 only, not available on NT) * diff --git a/crypto/rc2/rc2_ecb.c b/crypto/rc2/rc2_ecb.c index fff86c7..4214233 100644 --- a/crypto/rc2/rc2_ecb.c +++ b/crypto/rc2/rc2_ecb.c @@ -62,7 +62,8 @@ const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT; -/* RC2 as implemented frm a posting from +/*- + * RC2 as implemented frm a posting from * Newsgroups: sci.crypt * Sender: pgut01 at cs.auckland.ac.nz (Peter Gutmann) * Subject: Specification for Ron Rivests Cipher No.2 diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 980bb68..e88746c 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -56,7 +56,8 @@ * [including the GNU Public Licence.] */ -/* Code for stacks +/*- + * Code for stacks * Author - Eric Young v 1.0 * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the * lowest index for the searched item. diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index fc686dd..8de4ff0 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -863,7 +863,7 @@ void solaris_locking_callback(int mode, int type, char *file, int line) (type&CRYPTO_READ)?"r":"w",file,line); #endif - /* + /*- if (CRYPTO_LOCK_SSL_CERT == type) fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", CRYPTO_thread_id(), @@ -871,7 +871,8 @@ void solaris_locking_callback(int mode, int type, char *file, int line) */ if (mode & CRYPTO_LOCK) { - /* if (mode & CRYPTO_READ) + /*- + if (mode & CRYPTO_READ) rw_rdlock(&(lock_cs[type])); else rw_wrlock(&(lock_cs[type])); */ @@ -1067,7 +1068,7 @@ void pthreads_locking_callback(int mode, int type, char *file, (mode&CRYPTO_LOCK)?"l":"u", (type&CRYPTO_READ)?"r":"w",file,line); #endif -/* +/*- if (CRYPTO_LOCK_SSL_CERT == type) fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", CRYPTO_thread_id(), diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 14aae5f..8daa98c 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -97,7 +97,8 @@ static unsigned long irix_thread_id(void ); static unsigned long solaris_thread_id(void ); static unsigned long pthreads_thread_id(void ); -/* usage: +/*- + * usage: * CRYPTO_thread_setup(); * application code * CRYPTO_thread_cleanup(); diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 9ec8883..72d85ee 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -56,7 +56,8 @@ * */ -/* The lowest level part of this file was previously in crypto/des/read_pwd.c, +/*- + * The lowest level part of this file was previously in crypto/des/read_pwd.c, * Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) * All rights reserved. * diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 88bff63..1144640 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1335,7 +1335,8 @@ static int check_crl_chain(X509_STORE_CTX *ctx, return 0; } -/* Check for match between two dist point names: three separate cases. +/*- + * Check for match between two dist point names: three separate cases. * 1. Both are relative names and compare X509_NAME types. * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES. * 3. Both are full names and compare two GENERAL_NAMES. diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 361bc32..d37b310 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -133,7 +133,8 @@ static void tree_print(char *str, X509_POLICY_TREE *tree, #endif -/* Initialize policy tree. Return values: +/*- + * Initialize policy tree. Return values: * 0 Some internal error occurred. * -1 Inconsistent or invalid extensions in certificates. * 1 Tree initialized OK. diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 0f1e1d4..cb7aa1b 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -176,7 +176,8 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) return method->d2i(NULL, &p, ext->value->length); } -/* Get critical flag and decoded version of extension from a NID. +/*- + * Get critical flag and decoded version of extension from a NID. * The "idx" variable returns the last found extension and can * be used to retrieve multiple extensions of the same NID. * However multiple extensions with the same NID is usually diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c index 076f3ff..f531df9 100644 --- a/crypto/x509v3/v3_pku.c +++ b/crypto/x509v3/v3_pku.c @@ -97,7 +97,7 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, return 1; } -/* +/*- static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values) X509V3_EXT_METHOD *method; X509V3_CTX *ctx; diff --git a/engines/e_sureware.c b/engines/e_sureware.c index 958b152..aa6fb00 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -1,4 +1,5 @@ -/* Written by Corinne Dive-Reclus(cdive at baltimore.com) +/*- +* Written by Corinne Dive-Reclus(cdive at baltimore.com) * * * Redistribution and use in source and binary forms, with or without diff --git a/ssl/kssl.c b/ssl/kssl.c index 7009a58..3ae19d2 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -907,7 +907,8 @@ static size_t *populate_cksumlens(void) return cklens; } -/* Return pointer to start of real authenticator within authenticator, or +/*- + * Return pointer to start of real authenticator within authenticator, or * return NULL on error. * Decrypted authenticator looks like this: * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 845c803..4e698bd 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -588,7 +588,8 @@ int ssl_verify_alarm_type(long type) } #ifndef OPENSSL_NO_BUF_FREELISTS -/* On some platforms, malloc() performance is bad enough that you can't just +/*- + * On some platforms, malloc() performance is bad enough that you can't just * free() and malloc() buffers all the time, so we need to use freelists from * unused buffers. Currently, each freelist holds memory chunks of only a * given size (list->chunklen); other sized chunks are freed and malloced. diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index 9910306..0019ee6 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -723,7 +723,8 @@ void tls_fips_digest_extra( if (EVP_CIPHER_CTX_mode(cipher_ctx) != EVP_CIPH_CBC_MODE) return; block_size = EVP_MD_CTX_block_size(mac_ctx); - /* We are in FIPS mode if we get this far so we know we have only SHA* + /*- + * We are in FIPS mode if we get this far so we know we have only SHA* * digests and TLS to deal with. * Minimum digest padding length is 17 for SHA384/SHA512 and 9 * otherwise. diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 1552fd9..d42f50b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1924,7 +1924,8 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->quiet_shutdown=0; /* ret->cipher=NULL;*/ -/* ret->s2->challenge=NULL; +/*- + ret->s2->challenge=NULL; ret->master_key=NULL; ret->s2->conn_id=NULL; */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 493b0fd..5b31695 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -425,7 +425,8 @@ int ssl_get_new_session(SSL *s, int session) return(1); } -/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this +/*- + * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this * connection. It is only called by servers. * * session_id: points at the session ID in the ClientHello. This code will diff --git a/ssl/ssltest.c b/ssl/ssltest.c index c699b61..8129259 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -375,7 +375,8 @@ static const char *alpn_server; static const char *alpn_expected; static unsigned char *alpn_selected; -/* next_protos_parse parses a comma separated list of strings into a string +/*- + * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. * outlen: (output) set to the length of the resulting buffer on success. * err: (maybe NULL) on failure, an error message line is written to this BIO. @@ -2374,7 +2375,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (SSL_in_init(s_ssl)) printf("server waiting in SSL_accept - %s\n", SSL_state_string_long(s_ssl)); -/* else if (s_write) +/*- + else if (s_write) printf("server:SSL_write()\n"); else printf("server:SSL_read()\n"); */ @@ -2385,7 +2387,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) if (SSL_in_init(c_ssl)) printf("client waiting in SSL_connect - %s\n", SSL_state_string_long(c_ssl)); -/* else if (c_write) +/*- + else if (c_write) printf("client:SSL_write()\n"); else printf("client:SSL_read()\n"); */ diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index dd29306..a1042f5 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -694,7 +694,8 @@ err: return(ret); } -/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. +/*- + * tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively. * * Returns: * 0: (in non-constant time) if the record is publically invalid (i.e. too hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 16:49:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 17:49:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 41cd41c4416f545a18ead37e09e437c75fa07c95 Message-ID: <20150106164921.055B31DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 41cd41c4416f545a18ead37e09e437c75fa07c95 (commit) from 3a83462dfea67566ba9bcedee266dc93d2e911e2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 41cd41c4416f545a18ead37e09e437c75fa07c95 Author: Martin Brejcha Date: Sun Nov 16 17:04:40 2014 +0000 Fix memory leak. Fix memory leak by freeing up saved_message.data if it is not NULL. PR#3489 Reviewed-by: Stephen Henson Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index d45dd95..d9deb37 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1097,7 +1097,12 @@ static int dgram_sctp_free(BIO *a) return 0; data = (bio_dgram_sctp_data *)a->ptr; - if(data != NULL) OPENSSL_free(data); + if(data != NULL) + { + if(data->saved_message.data != NULL) + OPENSSL_free(data->saved_message.data); + OPENSSL_free(data); + } return(1); } @@ -1214,6 +1219,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) dgram_sctp_write(data->saved_message.bio, data->saved_message.data, data->saved_message.length); OPENSSL_free(data->saved_message.data); + data->saved_message.data = NULL; data->saved_message.length = 0; } @@ -1385,9 +1391,11 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { data->saved_message.bio = b; - data->saved_message.length = inl; + if (data->saved_message.data) + OPENSSL_free(data->saved_message.data); data->saved_message.data = OPENSSL_malloc(inl); memcpy(data->saved_message.data, in, inl); + data->saved_message.length = inl; return inl; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 16:50:01 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 17:50:01 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-102-g61052e8 Message-ID: <20150106165001.D13011DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 61052e891e0686ac3b08dd3b0e0b20fd4c786cc4 (commit) from cb951e336bafb0f98896e12fda41af6b6eef5fb2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 61052e891e0686ac3b08dd3b0e0b20fd4c786cc4 Author: Martin Brejcha Date: Sun Nov 16 17:04:40 2014 +0000 Fix memory leak. Fix memory leak by freeing up saved_message.data if it is not NULL. PR#3489 Reviewed-by: Stephen Henson Reviewed-by: Tim Hudson (cherry picked from commit 41cd41c4416f545a18ead37e09e437c75fa07c95) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 53588e1..0decf94 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1046,7 +1046,12 @@ static int dgram_sctp_free(BIO *a) return 0; data = (bio_dgram_sctp_data *)a->ptr; - if(data != NULL) OPENSSL_free(data); + if(data != NULL) + { + if(data->saved_message.data != NULL) + OPENSSL_free(data->saved_message.data); + OPENSSL_free(data); + } return(1); } @@ -1163,6 +1168,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) dgram_sctp_write(data->saved_message.bio, data->saved_message.data, data->saved_message.length); OPENSSL_free(data->saved_message.data); + data->saved_message.data = NULL; data->saved_message.length = 0; } @@ -1334,9 +1340,11 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { data->saved_message.bio = b; - data->saved_message.length = inl; + if (data->saved_message.data) + OPENSSL_free(data->saved_message.data); data->saved_message.data = OPENSSL_malloc(inl); memcpy(data->saved_message.data, in, inl); + data->saved_message.length = inl; return inl; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 16:50:01 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 17:50:01 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-151-gbe6e766 Message-ID: <20150106165001.DD9321DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via be6e766953c2a8bb62a9c4423c7f6ce9460bc83f (commit) from 8dc461eccfec6d4d3b5e55d0cb9a7ce3e546d380 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit be6e766953c2a8bb62a9c4423c7f6ce9460bc83f Author: Martin Brejcha Date: Sun Nov 16 17:04:40 2014 +0000 Fix memory leak. Fix memory leak by freeing up saved_message.data if it is not NULL. PR#3489 Reviewed-by: Stephen Henson Reviewed-by: Tim Hudson (cherry picked from commit 41cd41c4416f545a18ead37e09e437c75fa07c95) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index a8b9c09..81bade0 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1094,7 +1094,12 @@ static int dgram_sctp_free(BIO *a) return 0; data = (bio_dgram_sctp_data *)a->ptr; - if(data != NULL) OPENSSL_free(data); + if(data != NULL) + { + if(data->saved_message.data != NULL) + OPENSSL_free(data->saved_message.data); + OPENSSL_free(data); + } return(1); } @@ -1211,6 +1216,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) dgram_sctp_write(data->saved_message.bio, data->saved_message.data, data->saved_message.length); OPENSSL_free(data->saved_message.data); + data->saved_message.data = NULL; data->saved_message.length = 0; } @@ -1382,9 +1388,11 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { data->saved_message.bio = b; - data->saved_message.length = inl; + if (data->saved_message.data) + OPENSSL_free(data->saved_message.data); data->saved_message.data = OPENSSL_malloc(inl); memcpy(data->saved_message.data, in, inl); + data->saved_message.length = inl; return inl; } hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Tue Jan 6 17:18:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 6 Jan 2015 18:18:12 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. a09474dd2df89d5719b58bf6b3110344ea046ab9 Message-ID: <20150106171813.2227B1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via a09474dd2df89d5719b58bf6b3110344ea046ab9 (commit) from 41cd41c4416f545a18ead37e09e437c75fa07c95 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a09474dd2df89d5719b58bf6b3110344ea046ab9 Author: Rich Salz Date: Tue Jan 6 12:16:24 2015 -0500 Some cleanup of L<> markup in pod files Show only the #define, not the values, in BIO_f_buffer. Data abstraction and we can remove a "see also" entry. Remove internal forward reference to NOTES in EVP_EncryptInit; just say "see below" as we do in the other pages. Add missing (3) in pem.pod so the L<> entry is consistent. Fix entry to point to the "master" page, not the symlink'd one. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/crypto/BIO_f_buffer.pod | 13 ++++++------- doc/crypto/EVP_EncryptInit.pod | 3 ++- doc/crypto/pem.pod | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/doc/crypto/BIO_f_buffer.pod b/doc/crypto/BIO_f_buffer.pod index c0dccf1..4b525ef 100644 --- a/doc/crypto/BIO_f_buffer.pod +++ b/doc/crypto/BIO_f_buffer.pod @@ -10,11 +10,11 @@ BIO_f_buffer - buffering BIO BIO_METHOD * BIO_f_buffer(void); - #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) - #define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0) - #define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1) - #define BIO_set_buffer_size(b,size) BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL) - #define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf) + #define BIO_get_buffer_num_lines(b) + #define BIO_set_read_buffer_size(b,size) + #define BIO_set_write_buffer_size(b,size) + #define BIO_set_buffer_size(b,size) + #define BIO_set_buffer_read_data(b,buf,num) =head1 DESCRIPTION @@ -70,5 +70,4 @@ L, L, L, L, -L, -L +L. diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index d4b6af3..6940de6 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -133,7 +133,8 @@ room. The actual number of bytes written is placed in B. If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the "final" data, that is any data that remains in a partial block. -It uses L (aka PKCS padding). The encrypted +It uses standard block padding (aka PKCS padding) as described in +the NOTES section, below. The encrypted final data is written to B which should have sufficient space for one cipher block. The number of bytes written is placed in B. After this function is called the encryption operation is finished and no further diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 21e9fe3..b35a7d7 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -477,4 +477,4 @@ The write routines return 1 for success or 0 for failure. =head1 SEE ALSO -L, L +L, L hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Tue Jan 6 18:51:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 6 Jan 2015 19:51:50 +0100 (CET) Subject: [openssl-commits] [web] OpenSSL Web Pages branch master updated. 784cd8c7ab3c6594f02c1c4c6f1830ece16928cf Message-ID: <20150106185150.5B8CF1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL Web Pages ". The branch, master has been updated via 784cd8c7ab3c6594f02c1c4c6f1830ece16928cf (commit) via 701f74aa55842791569fc1b8d4c902b2b9c387ef (commit) from 8c31b889d64732b86d2ab6cb047559df4c1edb9a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 784cd8c7ab3c6594f02c1c4c6f1830ece16928cf Author: Rich Salz Date: Tue Jan 6 13:50:04 2015 -0500 Replace git.openssl.org links with github ones. Change all links that referred to gitweb and git.openssl.org to instead have github links. commit 701f74aa55842791569fc1b8d4c902b2b9c387ef Author: Rich Salz Date: Tue Jan 6 07:59:29 2015 -0500 Remove gitweb tab; use github folks :) ----------------------------------------------------------------------- Summary of changes: news/openssl-1.0.2-notes.wml | 9 ++++++--- news/openssl-notes.wml | 9 ++++++--- news/openssl-old-notes.wml | 8 ++++++-- news/vulnerabilities.xsl | 2 +- openssl.wml | 7 +++++-- source/.wmlsnb | 1 - source/repos.wml | 9 +++------ 7 files changed, 27 insertions(+), 18 deletions(-) diff --git a/news/openssl-1.0.2-notes.wml b/news/openssl-1.0.2-notes.wml index f5ddd66..935a89c 100644 --- a/news/openssl-1.0.2-notes.wml +++ b/news/openssl-1.0.2-notes.wml @@ -8,11 +8,14 @@ Version 1.0.2 of the OpenSSL toolkit is now in beta. Major changes and known issues are summarised below. This page will be updated regularly as problems are reported and fixed. +

-Additional details of changes to OpenSSL 1.0.2 can be found in the ChangeLog. +Additional details of changes can be found in the + +change log..

-A complete list of changes to OpenSSL 1.0.2 can be found in the git repository commit log. +The complete list of changes can be found in the +commit log.

- diff --git a/news/openssl-notes.wml b/news/openssl-notes.wml index b990025..9452174 100644 --- a/news/openssl-notes.wml +++ b/news/openssl-notes.wml @@ -8,10 +8,13 @@ The major changes for all branches of the OpenSSL toolkit are summarised below. The contents reflect the state of the NEWS file inside the git repository. -Additional details of changes to all versions of OpenSSL can be found in the ChangeLog.

-A complete list of changes to OpenSSL can be found in the git repository commit log. +Additional details of changes can be found in the + +change log.. +

+The complete list of changes can be found in the +commit log.

- diff --git a/news/openssl-old-notes.wml b/news/openssl-old-notes.wml index 1b446b1..9c2f238 100644 --- a/news/openssl-old-notes.wml +++ b/news/openssl-old-notes.wml @@ -10,10 +10,14 @@ toolkit are summarised below. The contents reflect the state of the NEWS file inside the git repository. Note: these branches are considered obsolete and are no longer maintained.

-Additional details of changes to OpenSSL 0.9.7 and earlier can be found in the ChangeLog. +Additional details of changes to OpenSSL 0.9.7 and earlier can be found in the + +change log.

-A complete list of changes to OpenSSL 0.9.7 and earlier can be found in the git repository commit log. +A complete list of changes to OpenSSL 0.9.7 and earlier can be found in the + +commit log.

diff --git a/news/vulnerabilities.xsl b/news/vulnerabilities.xsl index 81ae9ac..008532e 100644 --- a/news/vulnerabilities.xsl +++ b/news/vulnerabilities.xsl @@ -81,7 +81,7 @@ receive security updates

Fixed in OpenSSL - (git commit) + (git commit) diff --git a/openssl.wml b/openssl.wml index b223977..5b8216d 100644 --- a/openssl.wml +++ b/openssl.wml @@ -423,9 +423,12 @@ The major changes and known issues for the $minversion branch of the OpenSSL toolkit are summarised below. The contents reflect the current state of the NEWS file inside the git repository.

-Additional details of changes can be found in the ChangeLog for OpenSSL $minversion. +Additional details of changes can be found in the + +change log..

-A complete list of changes to OpenSSL $minversion can be found in the git repository commit log. +The complete list of changes can be found in the +commit log.

END diff --git a/source/.wmlsnb b/source/.wmlsnb index a99d046..e9cfd83 100644 --- a/source/.wmlsnb +++ b/source/.wmlsnb @@ -8,6 +8,5 @@ - diff --git a/source/repos.wml b/source/repos.wml index 52fb38c..7b62ea0 100644 --- a/source/repos.wml +++ b/source/repos.wml @@ -10,12 +10,9 @@

Git repository

The OpenSSL package is developed in a Git-based repository. -It is available via Git mechanisms at git.openssl.org and as snapshot -tarballs through FTP on ftp.openssl.org for those people who either want to -always stay at the bleeding edge or even want to participate in the -development of OpenSSL. But use such repository snapshots only when you like -to see OpenSSL dump core and you can help yourself in case of problems, of -course. +It is available via Git mechanisms at git.openssl.org or at + +https://github.com/openssl/openssl on GitHub.

Fetching Git repository snapshot tarballs

hooks/post-receive -- OpenSSL Web Pages From rsalz at openssl.org Tue Jan 6 20:30:21 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 6 Jan 2015 21:30:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 Message-ID: <20150106203022.0F7831DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 (commit) from a09474dd2df89d5719b58bf6b3110344ea046ab9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 Author: Dr. Stephen Henson Date: Tue Jan 6 15:29:28 2015 -0500 RT3662: Allow leading . in nameConstraints Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_ncons.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 06520fe..25c1855 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -405,7 +405,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) if (dns->length > base->length) { dnsptr += dns->length - base->length; - if (dnsptr[-1] != '.') + if (*baseptr != '.' && dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; } hooks/post-receive -- OpenSSL source code From rsalz at openssl.org Tue Jan 6 20:33:53 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 6 Jan 2015 21:33:53 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-152-g129344a Message-ID: <20150106203353.4AC151DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via 129344a8fbecb681510bc87668b377535fb92032 (commit) from be6e766953c2a8bb62a9c4423c7f6ce9460bc83f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 129344a8fbecb681510bc87668b377535fb92032 Author: Dr. Stephen Henson Date: Tue Jan 6 15:29:28 2015 -0500 RT3662: Allow leading . in nameConstraints Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz (cherry picked from commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_ncons.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index a01dc64..3b0f1bd 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -401,7 +401,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) if (dns->length > base->length) { dnsptr += dns->length - base->length; - if (dnsptr[-1] != '.') + if (*baseptr != '.' && dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 21:04:24 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 22:04:24 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. cb62ab4b17818fe66d2fed0a7fe71969131c811b Message-ID: <20150106210424.BFBFD1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via cb62ab4b17818fe66d2fed0a7fe71969131c811b (commit) from 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cb62ab4b17818fe66d2fed0a7fe71969131c811b Author: Dr. Stephen Henson Date: Tue Jan 6 20:55:38 2015 +0000 use correct function name Reviewed-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index fdeeef6..e85d4d2 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -158,7 +158,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 21:05:47 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 22:05:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_0_9_8-stable updated. OpenSSL_0_9_8zc-24-g11f719d Message-ID: <20150106210547.36F4F1DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_0_9_8-stable has been updated via 11f719da38c5e9aa509aa518d11f71355cca7cd1 (commit) from 72f181539118828ca966a0f8d03f6428e2bcf0d6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 11f719da38c5e9aa509aa518d11f71355cca7cd1 Author: Dr. Stephen Henson Date: Tue Jan 6 20:55:38 2015 +0000 use correct function name Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit cb62ab4b17818fe66d2fed0a7fe71969131c811b) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 3ef363d..a04aa8b 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -152,7 +152,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 21:05:47 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 22:05:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-60-g9f028e4 Message-ID: <20150106210547.43F171DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 9f028e4a788b9531bbfc66a3bf2b9cba36a167eb (commit) from 64eec8f898f014d796f5f5ebed4db8a5a38cad52 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9f028e4a788b9531bbfc66a3bf2b9cba36a167eb Author: Dr. Stephen Henson Date: Tue Jan 6 20:55:38 2015 +0000 use correct function name Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit cb62ab4b17818fe66d2fed0a7fe71969131c811b) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index a75c8c9..39206c2 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -150,7 +150,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 21:05:47 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 22:05:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-103-g178c562 Message-ID: <20150106210547.6C1CD1DF10F@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 178c562a4621162dbe19a7c34fa2ad558684f40e (commit) from 61052e891e0686ac3b08dd3b0e0b20fd4c786cc4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 178c562a4621162dbe19a7c34fa2ad558684f40e Author: Dr. Stephen Henson Date: Tue Jan 6 20:55:38 2015 +0000 use correct function name Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit cb62ab4b17818fe66d2fed0a7fe71969131c811b) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index a571009..78dde1d 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -154,7 +154,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 21:05:47 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 22:05:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-153-gc7c2a56 Message-ID: <20150106210547.8B4381DF10D@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via c7c2a56a1b3bf481b2c6b91906477b53fe118702 (commit) from 129344a8fbecb681510bc87668b377535fb92032 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c7c2a56a1b3bf481b2c6b91906477b53fe118702 Author: Dr. Stephen Henson Date: Tue Jan 6 20:55:38 2015 +0000 use correct function name Reviewed-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit cb62ab4b17818fe66d2fed0a7fe71969131c811b) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_verify.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index a571009..78dde1d 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -154,7 +154,7 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } hooks/post-receive -- OpenSSL source code From emilia at openssl.org Tue Jan 6 22:19:23 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 6 Jan 2015 23:19:23 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-104-gd5e16a7 Message-ID: <20150106221924.483E01DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via d5e16a711e2fbd5b59516eea9adc5c5fc3258f88 (commit) from 178c562a4621162dbe19a7c34fa2ad558684f40e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d5e16a711e2fbd5b59516eea9adc5c5fc3258f88 Author: Emilia Kasper Date: Tue Jan 6 15:41:04 2015 +0100 Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Reviewed-by: Tim Hudson (cherry picked from commit ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 707ec6b..4a62b4a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2978,24 +2978,31 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) } ssl_cert_free(ocert); } - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - ssl->ctx = ctx; /* - * Inherit the session ID context as it is typically set from the - * parent SSL_CTX, and can vary with the CTX. - * Note that per-SSL SSL_set_session_id_context() will not persist - * if called before SSL_set_SSL_CTX. - */ - ssl->sid_ctx_length = ctx->sid_ctx_length; - /* * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), * so setter APIs must prevent invalid lengths from entering the system. */ - OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); - memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); + + /* + * If the session ID context matches that of the parent SSL_CTX, + * inherit it from the new SSL_CTX as well. If however the context does + * not match (i.e., it was set per-ssl with SSL_set_session_id_context), + * leave it unchanged. + */ + if ((ssl->ctx != NULL) && + (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && + (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) + { + ssl->sid_ctx_length = ctx->sid_ctx_length; + memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + } + + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + if (ssl->ctx != NULL) + SSL_CTX_free(ssl->ctx); /* decrement reference count */ + ssl->ctx = ctx; return(ssl->ctx); } hooks/post-receive -- OpenSSL source code From emilia at openssl.org Tue Jan 6 22:19:24 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 6 Jan 2015 23:19:24 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-154-ged736dd Message-ID: <20150106221924.CE79A1DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via ed736ddd74549ef80f17d5675e8aaf54da572336 (commit) from c7c2a56a1b3bf481b2c6b91906477b53fe118702 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ed736ddd74549ef80f17d5675e8aaf54da572336 Author: Emilia Kasper Date: Tue Jan 6 15:41:04 2015 +0100 Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Reviewed-by: Tim Hudson (cherry picked from commit ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 64c9eab..c44bcd2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3194,24 +3194,31 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) } ssl_cert_free(ocert); } - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - ssl->ctx = ctx; /* - * Inherit the session ID context as it is typically set from the - * parent SSL_CTX, and can vary with the CTX. - * Note that per-SSL SSL_set_session_id_context() will not persist - * if called before SSL_set_SSL_CTX. - */ - ssl->sid_ctx_length = ctx->sid_ctx_length; - /* * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), * so setter APIs must prevent invalid lengths from entering the system. */ - OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); - memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); + + /* + * If the session ID context matches that of the parent SSL_CTX, + * inherit it from the new SSL_CTX as well. If however the context does + * not match (i.e., it was set per-ssl with SSL_set_session_id_context), + * leave it unchanged. + */ + if ((ssl->ctx != NULL) && + (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && + (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) + { + ssl->sid_ctx_length = ctx->sid_ctx_length; + memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + } + + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + if (ssl->ctx != NULL) + SSL_CTX_free(ssl->ctx); /* decrement reference count */ + ssl->ctx = ctx; return(ssl->ctx); } hooks/post-receive -- OpenSSL source code From emilia at openssl.org Tue Jan 6 22:19:24 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 6 Jan 2015 23:19:24 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01 Message-ID: <20150106221925.11FD81DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01 (commit) from cb62ab4b17818fe66d2fed0a7fe71969131c811b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01 Author: Emilia Kasper Date: Tue Jan 6 15:41:04 2015 +0100 Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d42f50b..f9f91e6 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3191,24 +3191,31 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx) } ssl_cert_free(ocert); } - CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); - if (ssl->ctx != NULL) - SSL_CTX_free(ssl->ctx); /* decrement reference count */ - ssl->ctx = ctx; /* - * Inherit the session ID context as it is typically set from the - * parent SSL_CTX, and can vary with the CTX. - * Note that per-SSL SSL_set_session_id_context() will not persist - * if called before SSL_set_SSL_CTX. - */ - ssl->sid_ctx_length = ctx->sid_ctx_length; - /* * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH), * so setter APIs must prevent invalid lengths from entering the system. */ - OPENSSL_assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx); - memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + OPENSSL_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)); + + /* + * If the session ID context matches that of the parent SSL_CTX, + * inherit it from the new SSL_CTX as well. If however the context does + * not match (i.e., it was set per-ssl with SSL_set_session_id_context), + * leave it unchanged. + */ + if ((ssl->ctx != NULL) && + (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) && + (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) + { + ssl->sid_ctx_length = ctx->sid_ctx_length; + memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx)); + } + + CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); + if (ssl->ctx != NULL) + SSL_CTX_free(ssl->ctx); /* decrement reference count */ + ssl->ctx = ctx; return(ssl->ctx); } hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 22:41:18 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 23:41:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch master updated. 4138e3882556c762d77eb827b8be98507cde48df Message-ID: <20150106224118.B2EE81DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, master has been updated via 4138e3882556c762d77eb827b8be98507cde48df (commit) from ac8e9cbe14b59dacfe4ac52bc5ff06f8003e9b01 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4138e3882556c762d77eb827b8be98507cde48df Author: Dr. Stephen Henson Date: Tue Jan 6 21:12:15 2015 +0000 use correct credit in CHANGES Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index f8dfbd4..ef87df3 100644 --- a/CHANGES +++ b/CHANGES @@ -670,7 +670,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -678,7 +679,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 22:45:03 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 23:45:03 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_0-stable updated. OpenSSL_1_0_0o-61-g65c63da Message-ID: <20150106224504.090E11DF10B@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_0-stable has been updated via 65c63da207543cd3d1de7ef20355b7ac364af8dd (commit) from 9f028e4a788b9531bbfc66a3bf2b9cba36a167eb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 65c63da207543cd3d1de7ef20355b7ac364af8dd Author: Dr. Stephen Henson Date: Tue Jan 6 21:12:15 2015 +0000 use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0fbac88..bc92912 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -15,7 +16,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 22:45:04 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 23:45:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_2-stable updated. OpenSSL_1_0_2-beta3-155-ga936ba1 Message-ID: <20150106224504.1DF4A1DF10F@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_2-stable has been updated via a936ba11480a33db5d65f54da23b6e815e2a4b93 (commit) from ed736ddd74549ef80f17d5675e8aaf54da572336 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a936ba11480a33db5d65f54da23b6e815e2a4b93 Author: Dr. Stephen Henson Date: Tue Jan 6 21:12:15 2015 +0000 use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0ccd742..0ca93f2 100644 --- a/CHANGES +++ b/CHANGES @@ -376,7 +376,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -384,7 +385,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] hooks/post-receive -- OpenSSL source code From steve at openssl.org Tue Jan 6 22:45:04 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 6 Jan 2015 23:45:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL source code branch OpenSSL_1_0_1-stable updated. OpenSSL_1_0_1j-105-g293c1e2 Message-ID: <20150106224504.13FB31DF10E@openssl.net> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "OpenSSL source code". The branch, OpenSSL_1_0_1-stable has been updated via 293c1e22354e76ea1576477ba2a1209bf0973abb (commit) from d5e16a711e2fbd5b59516eea9adc5c5fc3258f88 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 293c1e22354e76ea1576477ba2a1209bf0973abb Author: Dr. Stephen Henson Date: Tue Jan 6 21:12:15 2015 +0000 use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 594d7c5..437c23c 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -15,7 +16,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] hooks/post-receive -- OpenSSL source code From levitte at openssl.org Wed Jan 7 15:46:45 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 7 Jan 2015 16:46:45 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150107154645.F30FE1DF10D@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via 4fb433d221b18c50bc341b642c5b78757ed77a6b (commit) from 293c1e22354e76ea1576477ba2a1209bf0973abb (commit) - Log ----------------------------------------------------------------- commit 4fb433d221b18c50bc341b642c5b78757ed77a6b Author: Richard Levitte Date: Wed Jan 7 03:03:37 2015 +0100 VMS fixups for 1.0.1 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: makevms.com | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/makevms.com b/makevms.com index 11db2f1..e4f5a86 100755 --- a/makevms.com +++ b/makevms.com @@ -646,9 +646,10 @@ $ if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " " $ CFLAGS = CFLAGS+ "/DEFINE=ZLIB" $ endif $! -$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'""" -$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'""" -$ WRITE H_FILE "#define DATE ""''TIME'"" " +$ WRITE H_FILE "#define CFLAGS" +$ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";" +$ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD' ''VMS_VERSION'""" +$ WRITE H_FILE "#define DATE ""built on: ''TIME'"" " $! $! Close The [.CRYPTO._xxx]BUILDINF.H File. $! From levitte at openssl.org Wed Jan 7 16:14:05 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 7 Jan 2015 17:14:05 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150107161405.A214D1DF10D@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via cfb5d6c10a00a1874dbc5eeff762b7e502f711e6 (commit) from a936ba11480a33db5d65f54da23b6e815e2a4b93 (commit) - Log ----------------------------------------------------------------- commit cfb5d6c10a00a1874dbc5eeff762b7e502f711e6 Author: Richard Levitte Date: Wed Jan 7 02:15:35 2015 +0100 VMS fixups for 1.0.2 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: makevms.com | 7 ++++--- ssl/ssl-lib.com | 2 +- test/cms-test.pl | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/makevms.com b/makevms.com index f1183ef..9624ef2 100755 --- a/makevms.com +++ b/makevms.com @@ -651,9 +651,10 @@ $ if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " " $ CFLAGS = CFLAGS+ "/DEFINE=ZLIB" $ endif $! -$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'""" -$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'""" -$ WRITE H_FILE "#define DATE ""''TIME'"" " +$ WRITE H_FILE "#define CFLAGS" +$ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";" +$ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD' ''VMS_VERSION'""" +$ WRITE H_FILE "#define DATE ""built on: ''TIME'"" " $! $! Close The [.CRYPTO._xxx]BUILDINF.H File. $! diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 31ebb6b..43fea17 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -218,7 +218,7 @@ $ LIB_SSL = "s2_meth, s2_srvr, s2_clnt, s2_lib, s2_enc, s2_pkt,"+ - "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ - "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ - "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ - - "d1_both,d1_enc,d1_srtp,"+ - + "d1_both,d1_srtp,"+ - "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - "ssl_ciph,ssl_stat,ssl_rsa,"+ - "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ - diff --git a/test/cms-test.pl b/test/cms-test.pl index acd9315..f55fd69 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -106,7 +106,7 @@ else die "Error checking for EC support\n"; } -system ("$ossl_path no-ec2m >/dev/null"); +system ("$ossl_path no-ec2m > $null_path"); if ($? == 0) { $no_ec2m = 1; @@ -120,7 +120,7 @@ else die "Error checking for EC2M support\n"; } -system ("$ossl_path no-ecdh >/dev/null"); +system ("$ossl_path no-ecdh > $null_path"); if ($? == 0) { $no_ecdh = 1; From appro at openssl.org Wed Jan 7 17:39:58 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 7 Jan 2015 18:39:58 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150107173959.18DEA1DF10D@openssl.net> The branch master has been updated via e464403d0bda2f1f74eb68582e4988e591c32433 (commit) from 4138e3882556c762d77eb827b8be98507cde48df (commit) - Log ----------------------------------------------------------------- commit e464403d0bda2f1f74eb68582e4988e591c32433 Author: Andy Polyakov Date: Mon Jan 5 22:56:47 2015 +0100 Fix irix-cc build. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aes-mips.pl | 2 +- crypto/dh/dh_kdf.c | 2 +- crypto/sha/asm/sha1-mips.pl | 2 +- crypto/sha/asm/sha512-mips.pl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index 1d8afe9..a82d8af 100644 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl @@ -79,7 +79,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2; # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index dbdd0b9..cabc7a1 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -131,7 +131,7 @@ static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr, return 0; if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) return 0; - if (memcmp(p, ctr, 4)) + if (CRYPTO_memcmp(p, ctr, 4)) return 0; *pctr = p; return derlen; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index 73bf060..3408493 100644 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl @@ -68,7 +68,7 @@ if ($flavour =~ /64|n32/i) { # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index 8962309..b468cfb 100644 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl @@ -72,7 +72,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2; # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; From appro at openssl.org Wed Jan 7 17:43:24 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 7 Jan 2015 18:43:24 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150107174324.2EFC51DF10D@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via f16f3ac55973ac687e773a38dbae3f030e3e3fb2 (commit) from 4fb433d221b18c50bc341b642c5b78757ed77a6b (commit) - Log ----------------------------------------------------------------- commit f16f3ac55973ac687e773a38dbae3f030e3e3fb2 Author: Andy Polyakov Date: Mon Jan 5 22:56:47 2015 +0100 Fix irix-cc build. Reviewed-by: Matt Caswell (cherry picked from commit e464403d0bda2f1f74eb68582e4988e591c32433) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aes-mips.pl | 2 +- crypto/sha/asm/sha1-mips.pl | 2 +- crypto/sha/asm/sha512-mips.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index e523954..537c8d3 100644 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl @@ -70,7 +70,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2; # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index f1a702f..197bc6b 100644 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl @@ -64,7 +64,7 @@ if ($flavour =~ /64|n32/i) { # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index ffa053b..6807a2c 100644 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl @@ -68,7 +68,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2; # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; From appro at openssl.org Wed Jan 7 17:43:24 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 7 Jan 2015 18:43:24 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150107174324.3F4551DF10E@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via 2d63d0c84acfdf14d4870a7d04d1b27b000e579c (commit) from cfb5d6c10a00a1874dbc5eeff762b7e502f711e6 (commit) - Log ----------------------------------------------------------------- commit 2d63d0c84acfdf14d4870a7d04d1b27b000e579c Author: Andy Polyakov Date: Mon Jan 5 22:56:47 2015 +0100 Fix irix-cc build. Reviewed-by: Matt Caswell (cherry picked from commit e464403d0bda2f1f74eb68582e4988e591c32433) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aes-mips.pl | 2 +- crypto/dh/dh_kdf.c | 2 +- crypto/sha/asm/sha1-mips.pl | 2 +- crypto/sha/asm/sha512-mips.pl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl index 1fdc6bf..4de3ee2 100644 --- a/crypto/aes/asm/aes-mips.pl +++ b/crypto/aes/asm/aes-mips.pl @@ -79,7 +79,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2; # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index dbdd0b9..cabc7a1 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -131,7 +131,7 @@ static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr, return 0; if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING)) return 0; - if (memcmp(p, ctr, 4)) + if (CRYPTO_memcmp(p, ctr, 4)) return 0; *pctr = p; return derlen; diff --git a/crypto/sha/asm/sha1-mips.pl b/crypto/sha/asm/sha1-mips.pl index 73bf060..3408493 100644 --- a/crypto/sha/asm/sha1-mips.pl +++ b/crypto/sha/asm/sha1-mips.pl @@ -68,7 +68,7 @@ if ($flavour =~ /64|n32/i) { # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; diff --git a/crypto/sha/asm/sha512-mips.pl b/crypto/sha/asm/sha512-mips.pl index 8962309..b468cfb 100644 --- a/crypto/sha/asm/sha512-mips.pl +++ b/crypto/sha/asm/sha512-mips.pl @@ -72,7 +72,7 @@ $pf = ($flavour =~ /nubi/i) ? $t0 : $t2; # ###################################################################### -$big_endian=(`echo MIPSEL | $ENV{CC} -E -P -`=~/MIPSEL/)?1:0; +$big_endian=(`echo MIPSEL | $ENV{CC} -E -`=~/MIPSEL/)?1:0 if ($ENV{CC}); for (@ARGV) { $output=$_ if (/^\w[\w\-]*\.\w+$/); } open STDOUT,">$output"; From steve at openssl.org Wed Jan 7 18:10:14 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 7 Jan 2015 19:10:14 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150107181014.E8CDD1DF10D@openssl.net> The branch master has been updated via 4a4d4158572fd8b3dc641851b8378e791df7972d (commit) from e464403d0bda2f1f74eb68582e4988e591c32433 (commit) - Log ----------------------------------------------------------------- commit 4a4d4158572fd8b3dc641851b8378e791df7972d Author: Dr. Stephen Henson Date: Wed Jan 7 17:36:17 2015 +0000 fix error discrepancy Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index aa9dcbb..ced326b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1640,7 +1640,7 @@ int ssl3_get_key_exchange(SSL *s) if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } if ((rsa=RSA_new()) == NULL) From steve at openssl.org Wed Jan 7 18:13:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 7 Jan 2015 19:13:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150107181320.34A4B1DF10F@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via ffd14272c4c82f68a07b2e2192538adb560fa684 (commit) from f16f3ac55973ac687e773a38dbae3f030e3e3fb2 (commit) - Log ----------------------------------------------------------------- commit ffd14272c4c82f68a07b2e2192538adb560fa684 Author: Dr. Stephen Henson Date: Wed Jan 7 17:36:17 2015 +0000 fix error discrepancy Reviewed-by: Matt Caswell (cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 023c679..7692716 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1541,7 +1541,7 @@ int ssl3_get_key_exchange(SSL *s) if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } if ((rsa=RSA_new()) == NULL) From steve at openssl.org Wed Jan 7 18:13:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 7 Jan 2015 19:13:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150107181320.2C6401DF10E@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via f66f76a24a5bb3c1e51dce56c9e6de23d72a5531 (commit) from 65c63da207543cd3d1de7ef20355b7ac364af8dd (commit) - Log ----------------------------------------------------------------- commit f66f76a24a5bb3c1e51dce56c9e6de23d72a5531 Author: Dr. Stephen Henson Date: Wed Jan 7 17:36:17 2015 +0000 fix error discrepancy Reviewed-by: Matt Caswell (cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 98617c2..66e091e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1332,7 +1332,7 @@ int ssl3_get_key_exchange(SSL *s) if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } if ((rsa=RSA_new()) == NULL) From steve at openssl.org Wed Jan 7 18:13:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 7 Jan 2015 19:13:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150107181320.3D12C1DF110@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via f33ab61b5f9adee5e607f31241b7762dc10adabf (commit) from 2d63d0c84acfdf14d4870a7d04d1b27b000e579c (commit) - Log ----------------------------------------------------------------- commit f33ab61b5f9adee5e607f31241b7762dc10adabf Author: Dr. Stephen Henson Date: Wed Jan 7 17:36:17 2015 +0000 fix error discrepancy Reviewed-by: Matt Caswell (cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 77f61f1..dd38732 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1627,7 +1627,7 @@ int ssl3_get_key_exchange(SSL *s) if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } if ((rsa=RSA_new()) == NULL) From steve at openssl.org Wed Jan 7 18:13:20 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 7 Jan 2015 19:13:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150107181320.24DEF1DF10D@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via df70302441a507da88d1761c47e80295247521a8 (commit) via 9c6c664041f8ac0306090e079448f1c4fa41556e (commit) from 11f719da38c5e9aa509aa518d11f71355cca7cd1 (commit) - Log ----------------------------------------------------------------- commit df70302441a507da88d1761c47e80295247521a8 Author: Dr. Stephen Henson Date: Wed Jan 7 17:36:17 2015 +0000 fix error discrepancy Reviewed-by: Matt Caswell (cherry picked from commit 4a4d4158572fd8b3dc641851b8378e791df7972d) commit 9c6c664041f8ac0306090e079448f1c4fa41556e Author: Dr. Stephen Henson Date: Tue Jan 6 21:12:15 2015 +0000 use correct credit in CHANGES Reviewed-by: Matt Caswell (cherry picked from commit 4138e3882556c762d77eb827b8be98507cde48df) Conflicts: CHANGES ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 ++++-- ssl/s3_clnt.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index ea460d6..573f2b7 100644 --- a/CHANGES +++ b/CHANGES @@ -7,7 +7,8 @@ *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. - Thanks to Karthikeyan Bhargavan for reporting this issue. + Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for + reporting this issue. (CVE-2014-3572) [Steve Henson] @@ -15,7 +16,8 @@ violated the TLS standard by allowing the use of temporary RSA keys in non-export ciphersuites and could be used by a server to effectively downgrade the RSA key length used to a value smaller than the server - certificate. Thanks for Karthikeyan Bhargavan for reporting this issue. + certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at + INRIA or reporting this issue. (CVE-2015-0204) [Steve Henson] diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2402a06..3352e2d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1184,7 +1184,7 @@ int ssl3_get_key_exchange(SSL *s) if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)) { al=SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); goto f_err; } if ((rsa=RSA_new()) == NULL) From matt at openssl.org Thu Jan 8 15:23:00 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:23:00 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150108152300.192D51DF10D@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via 8437225d341fc3b278a6236cd9ecc0f0c0dfb34e (commit) via b4a57c4c419a578d1a16862a6b445c34003b4c52 (commit) via faa8038edde3fa0c99e3d1eeb3a6372e51a2371c (commit) via e02863b5ac8f6fc581e75e24e53b4ef5ea0b15ca (commit) via 04685bc949e90a877656cf5020b6d4f90a9636a6 (commit) via 98a0f9660d374f58f79ee0efcc8c1672a805e8e8 (commit) via 45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b (commit) via 8d7aab986b499f34d9e1bc58fbfd77f05c38116e (commit) via e078642ddea29bbb6ba29788a6a513796387fbbb (commit) from ffd14272c4c82f68a07b2e2192538adb560fa684 (commit) - Log ----------------------------------------------------------------- commit 8437225d341fc3b278a6236cd9ecc0f0c0dfb34e Author: Matt Caswell Date: Thu Jan 8 14:07:43 2015 +0000 Prepare for 1.0.1l-dev Reviewed-by: Stephen Henson commit b4a57c4c419a578d1a16862a6b445c34003b4c52 Author: Matt Caswell Date: Thu Jan 8 14:03:40 2015 +0000 Prepare for 1.0.1k release Reviewed-by: Stephen Henson commit faa8038edde3fa0c99e3d1eeb3a6372e51a2371c Author: Matt Caswell Date: Thu Jan 8 14:03:39 2015 +0000 make update Reviewed-by: Stephen Henson commit e02863b5ac8f6fc581e75e24e53b4ef5ea0b15ca Author: Matt Caswell Date: Thu Jan 8 13:07:08 2015 +0000 CHANGES and NEWS updates for release Reviewed-by: Tim Hudson Reviewed-by: Steve Henson commit 04685bc949e90a877656cf5020b6d4f90a9636a6 Author: Matt Caswell Date: Wed Jan 7 14:18:13 2015 +0000 A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson commit 98a0f9660d374f58f79ee0efcc8c1672a805e8e8 Author: Dr. Stephen Henson Date: Thu Oct 23 20:36:17 2014 +0100 Unauthenticated DH client certificate fix. Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell commit 45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b Author: Matt Caswell Date: Sat Jan 3 00:54:35 2015 +0000 Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: Dr Steve Henson commit 8d7aab986b499f34d9e1bc58fbfd77f05c38116e Author: Dr. Stephen Henson Date: Sat Jan 3 00:45:13 2015 +0000 Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell commit e078642ddea29bbb6ba29788a6a513796387fbbb Author: Andy Polyakov Date: Mon Jan 5 14:52:56 2015 +0100 Fix for CVE-2014-3570. Reviewed-by: Emilia Kasper (cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de) (with 1.0.1-specific addendum) ----------------------------------------------------------------------- Summary of changes: CHANGES | 51 +- NEWS | 13 +- README | 2 +- crypto/bn/asm/mips.pl | 611 +++--------- crypto/bn/asm/mips3.s | 2201 -------------------------------------------- crypto/bn/asm/x86_64-gcc.c | 34 +- crypto/bn/bn_asm.c | 16 +- crypto/bn/bntest.c | 102 +- crypto/ecdsa/Makefile | 13 +- crypto/opensslv.h | 6 +- openssl.spec | 2 +- ssl/d1_pkt.c | 35 +- ssl/s3_pkt.c | 2 + ssl/s3_srvr.c | 2 +- 14 files changed, 334 insertions(+), 2756 deletions(-) delete mode 100644 crypto/bn/asm/mips3.s diff --git a/CHANGES b/CHANGES index 437c23c..e79234a 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,34 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + Changes between 1.0.1k and 1.0.1l [xx XXX xxxx] + + *) + + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. @@ -21,6 +48,17 @@ (CVE-2015-0204) [Steve Henson] + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. @@ -65,6 +103,17 @@ (CVE-2014-8275) [Steve Henson] + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable diff --git a/NEWS b/NEWS index 23b28eb..f71f241 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,21 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [under development] + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [under development] o + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2015-0206 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2015-0205 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] o Fix for CVE-2014-3513 diff --git a/README b/README index 734e1f8..988f295 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1k-dev + OpenSSL 1.0.1l-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index d2f3ef7..215c9a7 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1872,6 +1872,41 @@ ___ ($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); +sub add_c2 () { +my ($hi,$lo,$c0,$c1,$c2, + $warm, # !$warm denotes first call with specific sequence of + # $c_[XYZ] when there is no Z-carry to accumulate yet; + $an,$bn # these two are arguments for multiplication which + # result is used in *next* step [which is why it's + # commented as "forward multiplication" below]; + )=@_; +$code.=<<___; + mflo $lo + mfhi $hi + $ADDU $c0,$lo + sltu $at,$c0,$lo + $MULTU $an,$bn # forward multiplication + $ADDU $c0,$lo + $ADDU $at,$hi + sltu $lo,$c0,$lo + $ADDU $c1,$at + $ADDU $hi,$lo +___ +$code.=<<___ if (!$warm); + sltu $c2,$c1,$at + $ADDU $c1,$hi + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +$code.=<<___ if ($warm); + sltu $at,$c1,$at + $ADDU $c1,$hi + $ADDU $c2,$at + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +} + $code.=<<___; .align 5 @@ -1920,21 +1955,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -1945,67 +1969,19 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2016,97 +1992,23 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3); - $ADDU $c_2,$at - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2117,112 +2019,25 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); +$code.=<<___; $ST $c_2,7*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2233,82 +2048,21 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); +$code.=<<___; $ST $c_1,9*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2319,52 +2073,17 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); +$code.=<<___; $ST $c_3,11*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2375,21 +2094,10 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); +$code.=<<___; $ST $c_2,13*$BNSZ($a0) mflo $t_1 @@ -2457,21 +2165,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2482,52 +2179,17 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2538,21 +2200,10 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) mflo $t_1 diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s deleted file mode 100644 index dca4105..0000000 --- a/crypto/bn/asm/mips3.s +++ /dev/null @@ -1,2201 +0,0 @@ -.rdata -.asciiz "mips3.s, Version 1.1" -.asciiz "MIPS III/IV ISA artwork by Andy Polyakov " - -/* - * ==================================================================== - * Written by Andy Polyakov for the OpenSSL - * project. - * - * Rights for redistribution and usage in source and binary forms are - * granted according to the OpenSSL license. Warranty of any kind is - * disclaimed. - * ==================================================================== - */ - -/* - * This is my modest contributon to the OpenSSL project (see - * http://www.openssl.org/ for more information about it) and is - * a drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c - * module. For updates see http://fy.chalmers.se/~appro/hpe/. - * - * The module is designed to work with either of the "new" MIPS ABI(5), - * namely N32 or N64, offered by IRIX 6.x. It's not ment to work under - * IRIX 5.x not only because it doesn't support new ABIs but also - * because 5.x kernels put R4x00 CPU into 32-bit mode and all those - * 64-bit instructions (daddu, dmultu, etc.) found below gonna only - * cause illegal instruction exception:-( - * - * In addition the code depends on preprocessor flags set up by MIPSpro - * compiler driver (either as or cc) and therefore (probably?) can't be - * compiled by the GNU assembler. GNU C driver manages fine though... - * I mean as long as -mmips-as is specified or is the default option, - * because then it simply invokes /usr/bin/as which in turn takes - * perfect care of the preprocessor definitions. Another neat feature - * offered by the MIPSpro assembler is an optimization pass. This gave - * me the opportunity to have the code looking more regular as all those - * architecture dependent instruction rescheduling details were left to - * the assembler. Cool, huh? - * - * Performance improvement is astonishing! 'apps/openssl speed rsa dsa' - * goes way over 3 times faster! - * - * - */ -#include -#include - -#if _MIPS_ISA>=4 -#define MOVNZ(cond,dst,src) \ - movn dst,src,cond -#else -#define MOVNZ(cond,dst,src) \ - .set noreorder; \ - bnezl cond,.+8; \ - move dst,src; \ - .set reorder -#endif - -.text - -.set noat -.set reorder - -#define MINUS4 v1 - -.align 5 -LEAF(bn_mul_add_words) - .set noreorder - bgtzl a2,.L_bn_mul_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_add_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_add_words_tail - -.L_bn_mul_add_words_loop: - dmultu t0,a3 - ld t1,0(a0) - ld t2,8(a1) - ld t3,8(a0) - ld ta0,16(a1) - ld ta1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 /* All manuals say it "compares 32-bit - * values", but it seems to work fine - * even on 64-bit registers. */ - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - - dmultu t2,a3 - ld ta2,24(a1) - ld ta3,24(a0) - daddu t3,v0 - sltu v0,t3,v0 - mflo AT - mfhi t2 - daddu t3,AT - daddu v0,t2 - sltu AT,t3,AT - sd t3,8(a0) - daddu v0,AT - - dmultu ta0,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - daddu ta1,v0 - sltu v0,ta1,v0 - mflo AT - mfhi ta0 - daddu ta1,AT - daddu v0,ta0 - sltu AT,ta1,AT - sd ta1,-16(a0) - daddu v0,AT - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - daddu ta3,v0 - sltu v0,ta3,v0 - mflo AT - mfhi ta2 - daddu ta3,AT - daddu v0,ta2 - sltu AT,ta3,AT - sd ta3,-8(a0) - daddu v0,AT - .set noreorder - bgtzl ta0,.L_bn_mul_add_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_add_words_return: - jr ra - -.L_bn_mul_add_words_tail: - dmultu t0,a3 - ld t1,0(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,0(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,8(a1) - dmultu t0,a3 - ld t1,8(a0) - subu a2,1 - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,8(a0) - daddu v0,AT - beqz a2,.L_bn_mul_add_words_return - - ld t0,16(a1) - dmultu t0,a3 - ld t1,16(a0) - daddu t1,v0 - sltu v0,t1,v0 - mflo AT - mfhi t0 - daddu t1,AT - daddu v0,t0 - sltu AT,t1,AT - sd t1,16(a0) - daddu v0,AT - jr ra -END(bn_mul_add_words) - -.align 5 -LEAF(bn_mul_words) - .set noreorder - bgtzl a2,.L_bn_mul_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_mul_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_mul_words_tail - -.L_bn_mul_words_loop: - dmultu t0,a3 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - - dmultu t2,a3 - subu a2,4 - PTR_ADD a0,32 - PTR_ADD a1,32 - mflo AT - mfhi t2 - daddu v0,AT - sltu t3,v0,AT - sd v0,-24(a0) - daddu v0,t3,t2 - - dmultu ta0,a3 - mflo AT - mfhi ta0 - daddu v0,AT - sltu ta1,v0,AT - sd v0,-16(a0) - daddu v0,ta1,ta0 - - - dmultu ta2,a3 - and ta0,a2,MINUS4 - mflo AT - mfhi ta2 - daddu v0,AT - sltu ta3,v0,AT - sd v0,-8(a0) - daddu v0,ta3,ta2 - .set noreorder - bgtzl ta0,.L_bn_mul_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_mul_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_mul_words_return: - jr ra - -.L_bn_mul_words_tail: - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,0(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,8(a1) - dmultu t0,a3 - subu a2,1 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,8(a0) - daddu v0,t1,t0 - beqz a2,.L_bn_mul_words_return - - ld t0,16(a1) - dmultu t0,a3 - mflo AT - mfhi t0 - daddu v0,AT - sltu t1,v0,AT - sd v0,16(a0) - daddu v0,t1,t0 - jr ra -END(bn_mul_words) - -.align 5 -LEAF(bn_sqr_words) - .set noreorder - bgtzl a2,.L_bn_sqr_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sqr_words_proceed: - li MINUS4,-4 - and ta0,a2,MINUS4 - move v0,zero - beqz ta0,.L_bn_sqr_words_tail - -.L_bn_sqr_words_loop: - dmultu t0,t0 - ld t2,8(a1) - ld ta0,16(a1) - ld ta2,24(a1) - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - - dmultu t2,t2 - subu a2,4 - PTR_ADD a0,64 - PTR_ADD a1,32 - mflo t3 - mfhi t2 - sd t3,-48(a0) - sd t2,-40(a0) - - dmultu ta0,ta0 - mflo ta1 - mfhi ta0 - sd ta1,-32(a0) - sd ta0,-24(a0) - - - dmultu ta2,ta2 - and ta0,a2,MINUS4 - mflo ta3 - mfhi ta2 - sd ta3,-16(a0) - sd ta2,-8(a0) - - .set noreorder - bgtzl ta0,.L_bn_sqr_words_loop - ld t0,0(a1) - - bnezl a2,.L_bn_sqr_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sqr_words_return: - move v0,zero - jr ra - -.L_bn_sqr_words_tail: - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,0(a0) - sd t0,8(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,8(a1) - dmultu t0,t0 - subu a2,1 - mflo t1 - mfhi t0 - sd t1,16(a0) - sd t0,24(a0) - beqz a2,.L_bn_sqr_words_return - - ld t0,16(a1) - dmultu t0,t0 - mflo t1 - mfhi t0 - sd t1,32(a0) - sd t0,40(a0) - jr ra -END(bn_sqr_words) - -.align 5 -LEAF(bn_add_words) - .set noreorder - bgtzl a3,.L_bn_add_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_add_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_add_words_tail - -.L_bn_add_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - daddu ta0,t0 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,-32(a0) - daddu v0,t8 - - daddu ta1,t1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,-24(a0) - daddu v0,t9 - - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,-16(a0) - daddu v0,t8 - - daddu ta3,t3 - sltu t9,ta3,t3 - daddu t3,ta3,v0 - sltu v0,t3,ta3 - sd t3,-8(a0) - daddu v0,t9 - - .set noreorder - bgtzl AT,.L_bn_add_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_add_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_add_words_return: - jr ra - -.L_bn_add_words_tail: - ld ta0,0(a2) - daddu ta0,t0 - subu a3,1 - sltu t8,ta0,t0 - daddu t0,ta0,v0 - sltu v0,t0,ta0 - sd t0,0(a0) - daddu v0,t8 - beqz a3,.L_bn_add_words_return - - ld t1,8(a1) - ld ta1,8(a2) - daddu ta1,t1 - subu a3,1 - sltu t9,ta1,t1 - daddu t1,ta1,v0 - sltu v0,t1,ta1 - sd t1,8(a0) - daddu v0,t9 - beqz a3,.L_bn_add_words_return - - ld t2,16(a1) - ld ta2,16(a2) - daddu ta2,t2 - sltu t8,ta2,t2 - daddu t2,ta2,v0 - sltu v0,t2,ta2 - sd t2,16(a0) - daddu v0,t8 - jr ra -END(bn_add_words) - -.align 5 -LEAF(bn_sub_words) - .set noreorder - bgtzl a3,.L_bn_sub_words_proceed - ld t0,0(a1) - jr ra - move v0,zero - .set reorder - -.L_bn_sub_words_proceed: - li MINUS4,-4 - and AT,a3,MINUS4 - move v0,zero - beqz AT,.L_bn_sub_words_tail - -.L_bn_sub_words_loop: - ld ta0,0(a2) - subu a3,4 - ld t1,8(a1) - and AT,a3,MINUS4 - ld t2,16(a1) - PTR_ADD a2,32 - ld t3,24(a1) - PTR_ADD a0,32 - ld ta1,-24(a2) - PTR_ADD a1,32 - ld ta2,-16(a2) - ld ta3,-8(a2) - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - sd ta0,-32(a0) - MOVNZ (t0,v0,t8) - - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - sd ta1,-24(a0) - MOVNZ (t1,v0,t9) - - - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - sd ta2,-16(a0) - MOVNZ (t2,v0,t8) - - sltu t9,t3,ta3 - dsubu t3,ta3 - dsubu ta3,t3,v0 - sd ta3,-8(a0) - MOVNZ (t3,v0,t9) - - .set noreorder - bgtzl AT,.L_bn_sub_words_loop - ld t0,0(a1) - - bnezl a3,.L_bn_sub_words_tail - ld t0,0(a1) - .set reorder - -.L_bn_sub_words_return: - jr ra - -.L_bn_sub_words_tail: - ld ta0,0(a2) - subu a3,1 - sltu t8,t0,ta0 - dsubu t0,ta0 - dsubu ta0,t0,v0 - MOVNZ (t0,v0,t8) - sd ta0,0(a0) - beqz a3,.L_bn_sub_words_return - - ld t1,8(a1) - subu a3,1 - ld ta1,8(a2) - sltu t9,t1,ta1 - dsubu t1,ta1 - dsubu ta1,t1,v0 - MOVNZ (t1,v0,t9) - sd ta1,8(a0) - beqz a3,.L_bn_sub_words_return - - ld t2,16(a1) - ld ta2,16(a2) - sltu t8,t2,ta2 - dsubu t2,ta2 - dsubu ta2,t2,v0 - MOVNZ (t2,v0,t8) - sd ta2,16(a0) - jr ra -END(bn_sub_words) - -#undef MINUS4 - -.align 5 -LEAF(bn_div_3_words) - .set reorder - move a3,a0 /* we know that bn_div_words doesn't - * touch a3, ta2, ta3 and preserves a2 - * so that we can save two arguments - * and return address in registers - * instead of stack:-) - */ - ld a0,(a3) - move ta2,a1 - ld a1,-8(a3) - bne a0,a2,.L_bn_div_3_words_proceed - li v0,-1 - jr ra -.L_bn_div_3_words_proceed: - move ta3,ra - bal bn_div_words - move ra,ta3 - dmultu ta2,v0 - ld t2,-16(a3) - move ta0,zero - mfhi t1 - mflo t0 - sltu t8,t1,v1 -.L_bn_div_3_words_inner_loop: - bnez t8,.L_bn_div_3_words_inner_loop_done - sgeu AT,t2,t0 - seq t9,t1,v1 - and AT,t9 - sltu t3,t0,ta2 - daddu v1,a2 - dsubu t1,t3 - dsubu t0,ta2 - sltu t8,t1,v1 - sltu ta0,v1,a2 - or t8,ta0 - .set noreorder - beqzl AT,.L_bn_div_3_words_inner_loop - dsubu v0,1 - .set reorder -.L_bn_div_3_words_inner_loop_done: - jr ra -END(bn_div_3_words) - -.align 5 -LEAF(bn_div_words) - .set noreorder - bnezl a2,.L_bn_div_words_proceed - move v1,zero - jr ra - li v0,-1 /* I'd rather signal div-by-zero - * which can be done with 'break 7' */ - -.L_bn_div_words_proceed: - bltz a2,.L_bn_div_words_body - move t9,v1 - dsll a2,1 - bgtz a2,.-4 - addu t9,1 - - .set reorder - negu t1,t9 - li t2,-1 - dsll t2,t1 - and t2,a0 - dsrl AT,a1,t1 - .set noreorder - bnezl t2,.+8 - break 6 /* signal overflow */ - .set reorder - dsll a0,t9 - dsll a1,t9 - or a0,AT - -#define QT ta0 -#define HH ta1 -#define DH v1 -.L_bn_div_words_body: - dsrl DH,a2,32 - sgeu AT,a0,a2 - .set noreorder - bnezl AT,.+8 - dsubu a0,a2 - .set reorder - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div1 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div1: - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop1: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v0,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop1_done - dsubu t1,v0 - dsubu t0,a2 - b .L_bn_div_words_inner_loop1 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop1_done: - - dsll a1,32 - dsubu a0,t3,t0 - dsll v0,QT,32 - - li QT,-1 - dsrl HH,a0,32 - dsrl QT,32 /* q=0xffffffff */ - beq DH,HH,.L_bn_div_words_skip_div2 - ddivu zero,a0,DH - mflo QT -.L_bn_div_words_skip_div2: -#undef DH - dmultu a2,QT - dsll t3,a0,32 - dsrl AT,a1,32 - or t3,AT - mflo t0 - mfhi t1 -.L_bn_div_words_inner_loop2: - sltu t2,t3,t0 - seq t8,HH,t1 - sltu AT,HH,t1 - and t2,t8 - sltu v1,t0,a2 - or AT,t2 - .set noreorder - beqz AT,.L_bn_div_words_inner_loop2_done - dsubu t1,v1 - dsubu t0,a2 - b .L_bn_div_words_inner_loop2 - dsubu QT,1 - .set reorder -.L_bn_div_words_inner_loop2_done: -#undef HH - - dsubu a0,t3,t0 - or v0,QT - dsrl v1,a0,t9 /* v1 contains remainder if anybody wants it */ - dsrl a2,t9 /* restore a2 */ - jr ra -#undef QT -END(bn_div_words) - -#define a_0 t0 -#define a_1 t1 -#define a_2 t2 -#define a_3 t3 -#define b_0 ta0 -#define b_1 ta1 -#define b_2 ta2 -#define b_3 ta3 - -#define a_4 s0 -#define a_5 s2 -#define a_6 s4 -#define a_7 a1 /* once we load a[7] we don't need a anymore */ -#define b_4 s1 -#define b_5 s3 -#define b_6 s5 -#define b_7 a2 /* once we load b[7] we don't need b anymore */ - -#define t_1 t8 -#define t_2 t9 - -#define c_1 v0 -#define c_2 v1 -#define c_3 a3 - -#define FRAME_SIZE 48 - -.align 5 -LEAF(bn_mul_comba8) - .set noreorder - PTR_SUB sp,FRAME_SIZE - .frame sp,64,ra - .set reorder - ld a_0,0(a1) /* If compiled with -mips3 option on - * R5000 box assembler barks on this - * line with "shouldn't have mult/div - * as last instruction in bb (R10K - * bug)" warning. If anybody out there - * has a clue about how to circumvent - * this do send me a note. - * - */ - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - sd s0,0(sp) - sd s1,8(sp) - sd s2,16(sp) - sd s3,24(sp) - sd s4,32(sp) - sd s5,40(sp) - mflo c_1 - mfhi c_2 - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - ld b_4,32(a2) - ld b_5,40(a2) - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - ld b_6,48(a2) - ld b_7,56(a2) - sd c_1,0(a0) /* r[0]=c1; */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) /* r[1]=c2; */ - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) /* r[2]=c3; */ - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) /* r[3]=c1; */ - - dmultu a_4,b_0 /* mul_add_c(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_0,b_4 /* mul_add_c(a[0],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) /* r[4]=c2; */ - - dmultu a_0,b_5 /* mul_add_c(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_1,b_4 /* mul_add_c(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_1 /* mul_add_c(a[4],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_0 /* mul_add_c(a[5],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) /* r[5]=c3; */ - - dmultu a_6,b_0 /* mul_add_c(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_5,b_1 /* mul_add_c(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_2 /* mul_add_c(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_4 /* mul_add_c(a[2],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,b_5 /* mul_add_c(a[1],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_0,b_6 /* mul_add_c(a[0],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) /* r[6]=c1; */ - - dmultu a_0,b_7 /* mul_add_c(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_1,b_6 /* mul_add_c(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,b_5 /* mul_add_c(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_4 /* mul_add_c(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_3 /* mul_add_c(a[4],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_2 /* mul_add_c(a[5],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,b_1 /* mul_add_c(a[6],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_7,b_0 /* mul_add_c(a[7],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) /* r[7]=c2; */ - - dmultu a_7,b_1 /* mul_add_c(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_6,b_2 /* mul_add_c(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,b_3 /* mul_add_c(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,b_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_3,b_5 /* mul_add_c(a[3],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,b_6 /* mul_add_c(a[2],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,b_7 /* mul_add_c(a[1],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) /* r[8]=c3; */ - - dmultu a_2,b_7 /* mul_add_c(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_3,b_6 /* mul_add_c(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,b_5 /* mul_add_c(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_4 /* mul_add_c(a[5],b[4],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,b_3 /* mul_add_c(a[6],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_7,b_2 /* mul_add_c(a[7],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) /* r[9]=c1; */ - - dmultu a_7,b_3 /* mul_add_c(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_6,b_4 /* mul_add_c(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,b_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_4,b_6 /* mul_add_c(a[4],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,b_7 /* mul_add_c(a[3],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) /* r[10]=c2; */ - - dmultu a_4,b_7 /* mul_add_c(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_5,b_6 /* mul_add_c(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,b_5 /* mul_add_c(a[6],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_7,b_4 /* mul_add_c(a[7],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) /* r[11]=c3; */ - - dmultu a_7,b_5 /* mul_add_c(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_6,b_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,b_7 /* mul_add_c(a[5],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) /* r[12]=c1; */ - - dmultu a_6,b_7 /* mul_add_c(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_7,b_6 /* mul_add_c(a[7],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) /* r[13]=c2; */ - - dmultu a_7,b_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - ld s0,0(sp) - ld s1,8(sp) - ld s2,16(sp) - ld s3,24(sp) - ld s4,32(sp) - ld s5,40(sp) - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) /* r[14]=c3; */ - sd c_1,120(a0) /* r[15]=c1; */ - - PTR_ADD sp,FRAME_SIZE - - jr ra -END(bn_mul_comba8) - -.align 5 -LEAF(bn_mul_comba4) - .set reorder - ld a_0,0(a1) - ld b_0,0(a2) - ld a_1,8(a1) - ld a_2,16(a1) - dmultu a_0,b_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_3,24(a1) - ld b_1,8(a2) - ld b_2,16(a2) - ld b_3,24(a2) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,b_1 /* mul_add_c(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - dmultu a_1,b_0 /* mul_add_c(a[1],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - sd c_2,8(a0) - - dmultu a_2,b_0 /* mul_add_c(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - dmultu a_1,b_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_0,b_2 /* mul_add_c(a[0],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,b_3 /* mul_add_c(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu c_3,c_2,t_2 - dmultu a_1,b_2 /* mul_add_c(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_2,b_1 /* mul_add_c(a[2],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,b_0 /* mul_add_c(a[3],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,b_1 /* mul_add_c(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu c_1,c_3,t_2 - dmultu a_2,b_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,b_3 /* mul_add_c(a[1],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,b_3 /* mul_add_c(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu c_2,c_1,t_2 - dmultu a_3,b_2 /* mul_add_c(a[3],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,b_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_mul_comba4) - -#undef a_4 -#undef a_5 -#undef a_6 -#undef a_7 -#define a_4 b_0 -#define a_5 b_1 -#define a_6 b_2 -#define a_7 b_3 - -.align 5 -LEAF(bn_sqr_comba8) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - ld a_4,32(a1) - ld a_5,40(a1) - ld a_6,48(a1) - ld a_7,56(a1) - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,48(a0) - - dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,56(a0) - - dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,64(a0) - - dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,72(a0) - - dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,80(a0) - - dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,88(a0) - - dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,96(a0) - - dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,104(a0) - - dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sd c_3,112(a0) - sd c_1,120(a0) - - jr ra -END(bn_sqr_comba8) - -.align 5 -LEAF(bn_sqr_comba4) - .set reorder - ld a_0,0(a1) - ld a_1,8(a1) - ld a_2,16(a1) - ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ - mflo c_1 - mfhi c_2 - sd c_1,0(a0) - - dmultu a_0,a_1 /* mul_add_c2(a[0],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu c_3,t_2,AT - sd c_2,8(a0) - - dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,16(a0) - - dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT - sd c_1,24(a0) - - dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ - mflo t_1 - mfhi t_2 - daddu c_2,t_1 - sltu AT,c_2,t_1 - daddu t_2,AT - daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT - sd c_2,32(a0) - - dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ - mflo t_1 - mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 - daddu c_3,t_1 - sltu AT,c_3,t_1 - daddu t_2,AT - daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT - sd c_3,40(a0) - - dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ - mflo t_1 - mfhi t_2 - daddu c_1,t_1 - sltu AT,c_1,t_1 - daddu t_2,AT - daddu c_2,t_2 - sd c_1,48(a0) - sd c_2,56(a0) - - jr ra -END(bn_sqr_comba4) diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 31476ab..2d39407 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ #define mul_add_c(a,b,c0,c1,c2) { \ @@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) BN_ULONG ta=(a),tb=(b),t0; \ t1 = BN_UMULT_HIGH(ta,tb); \ t0 = ta * tb; \ - t2 = t1+t1; c2 += (t2neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { - fprintf(stderr,"Square test failed!\n"); - return 0; - } + BN_div(d,e,c,a,ctx); + BN_sub(d,d,a); + if(!BN_is_zero(d) || !BN_is_zero(e)) + { + fprintf(stderr,"Square test failed!\n"); + goto err; + } } - BN_free(&a); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return(1); + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; +err: + if (a != NULL) BN_free(a); + if (c != NULL) BN_free(c); + if (d != NULL) BN_free(d); + if (e != NULL) BN_free(e); + return ret; } int test_mont(BIO *bp, BN_CTX *ctx) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index e89e0c0..60c876d 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -126,15 +126,16 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h +ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c diff --git a/crypto/opensslv.h b/crypto/opensslv.h index adba89b..b68d355 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -29,11 +29,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x100010b0L +#define OPENSSL_VERSION_NUMBER 0x100010c0L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1k-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips-dev xx XXX xxxx" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1k-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-dev xx XXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 707dd2c..70cfc7d 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl #Version: %{libmaj}.%{libmin}.%{librel} -Version: 1.0.1k +Version: 1.0.1l Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index edd17df..0059fe2 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -212,7 +212,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) return 0; - + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) @@ -247,18 +247,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } return(1); @@ -314,8 +318,9 @@ dtls1_process_buffered_records(SSL *s) dtls1_get_unprocessed_record(s); if ( ! dtls1_process_record(s)) return(0); - dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num); + if(dtls1_buffer_record(s, &(s->d1->processed_rcds), + s->s3->rrec.seq_num)<0) + return -1; } } @@ -530,7 +535,6 @@ printf("\n"); /* we have pulled in a full packet so zero things */ s->packet_length=0; - dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ return(1); f_err: @@ -563,7 +567,8 @@ int dtls1_get_record(SSL *s) /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - dtls1_process_buffered_records(s); + if(dtls1_process_buffered_records(s)<0) + return -1; /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -642,8 +647,6 @@ again: /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i=rr->length; n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* this packet contained a partial record, dump it */ if ( n != i) { @@ -678,7 +681,8 @@ again: * would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && + s->packet_length > DTLS1_RT_HEADER_LENGTH && + s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; @@ -701,7 +705,9 @@ again: { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) + return -1; + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ } rr->length = 0; s->packet_length = 0; @@ -714,6 +720,7 @@ again: s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ return(1); @@ -865,7 +872,11 @@ start: * buffer the application data for later processing rather * than dropping the connection. */ - dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0) + { + SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } rr->length = 0; goto start; } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index d1cd752..1ec9e6e 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -183,6 +183,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * at once (as long as it fits into the buffer). */ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { + if (left == 0 && extend) + return 0; if (left > 0 && n > left) n = left; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d883f86..fadca74 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3014,7 +3014,7 @@ int ssl3_get_cert_verify(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type & EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); From matt at openssl.org Thu Jan 8 15:23:20 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:23:20 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150108152320.1BC161DF10D@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via a98051fb47eed17baced30fa70e009f4c9608635 (commit) via 225628f280d79dda31d135f96e231807d06e38c3 (commit) via ca39b261bf54dc8138d93f3b07c6cc61d2e11f6c (commit) via c1beec0e6dd4325210f4e42ddf2fb97c32dda45b (commit) via b095884a58876ccd3e65f620b7f80d61b4bce687 (commit) via f7fe3d235abf201343c20a59f9d9c8957acc62ff (commit) via b2688c91613566db1f42edd4b45f6e17146531b9 (commit) via bf6fa208b5c081c041f267c4c0352c686fa8d8a5 (commit) via eb37b6aa41c2916c386bce5872b0f90dc22b4247 (commit) from f66f76a24a5bb3c1e51dce56c9e6de23d72a5531 (commit) - Log ----------------------------------------------------------------- commit a98051fb47eed17baced30fa70e009f4c9608635 Author: Matt Caswell Date: Thu Jan 8 14:23:38 2015 +0000 Prepare for 1.0.0q-dev Reviewed-by: Stephen Henson commit 225628f280d79dda31d135f96e231807d06e38c3 Author: Matt Caswell Date: Thu Jan 8 14:21:42 2015 +0000 Prepare for 1.0.0p release Reviewed-by: Stephen Henson commit ca39b261bf54dc8138d93f3b07c6cc61d2e11f6c Author: Matt Caswell Date: Thu Jan 8 14:21:42 2015 +0000 make update Reviewed-by: Stephen Henson commit c1beec0e6dd4325210f4e42ddf2fb97c32dda45b Author: Matt Caswell Date: Thu Jan 8 13:31:01 2015 +0000 CHANGES and NEWS updates for release Reviewed-by: Tim Hudson Reviewed-by: Steve Henson commit b095884a58876ccd3e65f620b7f80d61b4bce687 Author: Matt Caswell Date: Wed Jan 7 14:18:13 2015 +0000 A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson (cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862) commit f7fe3d235abf201343c20a59f9d9c8957acc62ff Author: Dr. Stephen Henson Date: Thu Oct 23 20:36:17 2014 +0100 Unauthenticated DH client certificate fix. Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell commit b2688c91613566db1f42edd4b45f6e17146531b9 Author: Matt Caswell Date: Sat Jan 3 00:54:35 2015 +0000 Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Conflicts: ssl/d1_pkt.c Reviewed-by: Dr Stephen Henson commit bf6fa208b5c081c041f267c4c0352c686fa8d8a5 Author: Dr. Stephen Henson Date: Sat Jan 3 00:45:13 2015 +0000 Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell commit eb37b6aa41c2916c386bce5872b0f90dc22b4247 Author: Andy Polyakov Date: Mon Jan 5 14:52:56 2015 +0100 Fix for CVE-2014-3570. Reviewed-by: Emilia Kasper ----------------------------------------------------------------------- Summary of changes: CHANGES | 53 ++++- NEWS | 13 +- README | 2 +- crypto/bn/asm/mips3.s | 514 ++++++++++++++++++++++---------------------- crypto/bn/asm/x86_64-gcc.c | 34 ++- crypto/bn/bn_asm.c | 16 +- crypto/bn/bntest.c | 102 ++++++--- crypto/ecdsa/Makefile | 13 +- crypto/opensslv.h | 6 +- openssl.spec | 2 +- ssl/d1_pkt.c | 35 +-- ssl/s3_pkt.c | 2 + ssl/s3_srvr.c | 2 +- 13 files changed, 461 insertions(+), 333 deletions(-) diff --git a/CHANGES b/CHANGES index bc92912..e52cb9e 100644 --- a/CHANGES +++ b/CHANGES @@ -2,8 +2,35 @@ OpenSSL CHANGES _______________ - Changes between 1.0.0o and 1.0.0p [xx XXX xxxx] - + Changes between 1.0.0p and 1.0.0q [xx XXX xxxx] + + *) + + Changes between 1.0.0o and 1.0.0p [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. @@ -21,6 +48,28 @@ (CVE-2015-0204) [Steve Henson] + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + *) Fix various certificate fingerprint issues. By using non-DER or invalid encodings outside the signed portion of a diff --git a/NEWS b/NEWS index 84cef1a..0a8846b 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,21 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [under development] + Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [under development] o + Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2015-0206 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2015-0205 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + Major changes between OpenSSL 1.0.0n and OpenSSL 1.0.0o [15 Oct 2014] o Fix for CVE-2014-3513 diff --git a/README b/README index 8ee9bb1..9bc6659 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.0p-dev + OpenSSL 1.0.0q-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s index dca4105..8ced51b 100644 --- a/crypto/bn/asm/mips3.s +++ b/crypto/bn/asm/mips3.s @@ -1584,17 +1584,17 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1609,63 +1609,63 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,24(a0) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1680,93 +1680,93 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,40(a0) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1781,108 +1781,108 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 sd c_2,56(a0) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1897,78 +1897,78 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,72(a0) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1983,48 +1983,48 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,88(a0) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -2039,17 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2070,9 +2070,9 @@ LEAF(bn_sqr_comba4) .set reorder ld a_0,0(a1) ld a_1,8(a1) + dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ ld a_2,16(a1) ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ mflo c_1 mfhi c_2 sd c_1,0(a0) @@ -2093,17 +2093,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -2118,48 +2118,48 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,24(a0) dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -2174,17 +2174,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,40(a0) dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 31476ab..2d39407 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -273,6 +273,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ #define mul_add_c(a,b,c0,c1,c2) { \ @@ -287,10 +291,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) BN_ULONG ta=(a),tb=(b),t0; \ t1 = BN_UMULT_HIGH(ta,tb); \ t0 = ta * tb; \ - t2 = t1+t1; c2 += (t2neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { - fprintf(stderr,"Square test failed!\n"); - return 0; - } + BN_div(d,e,c,a,ctx); + BN_sub(d,d,a); + if(!BN_is_zero(d) || !BN_is_zero(e)) + { + fprintf(stderr,"Square test failed!\n"); + goto err; + } } - BN_free(&a); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return(1); + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; +err: + if (a != NULL) BN_free(a); + if (c != NULL) BN_free(c); + if (d != NULL) BN_free(d); + if (e != NULL) BN_free(e); + return ret; } int test_mont(BIO *bp, BN_CTX *ctx) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index e89e0c0..60c876d 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -126,15 +126,16 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h +ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 87a6a81..b871e00 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x10000100L +#define OPENSSL_VERSION_NUMBER 0x10000110L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0p-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0q-fips-dev xx XXX xxxx" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0p-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0q-dev xx XXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 1804d20..a6e807f 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.0p +Version: 1.0.0q Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 8004528..003d620 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -212,7 +212,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) return 0; - + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) @@ -239,18 +239,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } return(1); @@ -306,8 +310,9 @@ dtls1_process_buffered_records(SSL *s) dtls1_get_unprocessed_record(s); if ( ! dtls1_process_record(s)) return(0); - dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num); + if(dtls1_buffer_record(s, &(s->d1->processed_rcds), + s->s3->rrec.seq_num)<0) + return -1; } } @@ -522,7 +527,6 @@ printf("\n"); /* we have pulled in a full packet so zero things */ s->packet_length=0; - dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ return(1); f_err: @@ -555,7 +559,8 @@ int dtls1_get_record(SSL *s) /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - dtls1_process_buffered_records(s); + if(dtls1_process_buffered_records(s)<0) + return -1; /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -634,8 +639,6 @@ again: /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i=rr->length; n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* this packet contained a partial record, dump it */ if ( n != i) { @@ -665,7 +668,8 @@ again: * would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && + s->packet_length > DTLS1_RT_HEADER_LENGTH && + s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; @@ -685,7 +689,9 @@ again: { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) + return -1; + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ } rr->length = 0; s->packet_length = 0; @@ -698,6 +704,7 @@ again: s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ return(1); @@ -830,7 +837,11 @@ start: * buffer the application data for later processing rather * than dropping the connection. */ - dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0) + { + SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } rr->length = 0; goto start; } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 92a65c3..000f326 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -182,6 +182,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * at once (as long as it fits into the buffer). */ if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER) { + if (left == 0 && extend) + return 0; if (left > 0 && n > left) n = left; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 0dce557..df51bf9 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2765,7 +2765,7 @@ int ssl3_get_cert_verify(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type & EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); From matt at openssl.org Thu Jan 8 15:23:39 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:23:39 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150108152339.3C2F91DF10D@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via bc253b0902b171895b93ab2e63971ce6f32e9c51 (commit) via b873409efee1731171f78d8eb456b57aa4b7d0ff (commit) via f89250f2f2017e2627a9cf5b2c468e78e78bdf49 (commit) via 1dc6a5441a2759e7e17995ef61ba7fc9011920a7 (commit) via a4aa18879917d9bd45f52ac110c69303a852b7db (commit) via 50befdb659585b9840264c77708d2dc638624137 (commit) via 46bf0ba87665c5aa215673d87e9ee7dd4ce28359 (commit) via 4b4c0a19211bf73d81de52de697a1a9dc60aed82 (commit) from df70302441a507da88d1761c47e80295247521a8 (commit) - Log ----------------------------------------------------------------- commit bc253b0902b171895b93ab2e63971ce6f32e9c51 Author: Matt Caswell Date: Thu Jan 8 14:36:15 2015 +0000 Prepare for 0.9.8ze-dev Reviewed-by: Stephen Henson commit b873409efee1731171f78d8eb456b57aa4b7d0ff Author: Matt Caswell Date: Thu Jan 8 14:33:47 2015 +0000 Prepare for 0.9.8zd release Reviewed-by: Stephen Henson commit f89250f2f2017e2627a9cf5b2c468e78e78bdf49 Author: Matt Caswell Date: Thu Jan 8 14:33:47 2015 +0000 make update Reviewed-by: Stephen Henson commit 1dc6a5441a2759e7e17995ef61ba7fc9011920a7 Author: Matt Caswell Date: Thu Jan 8 13:37:28 2015 +0000 CHANGES and NEWS updates for release Reviewed-by: Tim Hudson Reviewed-by: Steve Henson commit a4aa18879917d9bd45f52ac110c69303a852b7db Author: Dr. Stephen Henson Date: Tue Jan 6 14:28:34 2015 +0000 Fix typo. Fix typo in ssl3_get_cert_verify: we can only skip certificate verify message if certificate is absent. NB: OpenSSL 0.9.8 is NOT vulnerable to CVE-2015-0205 as it doesn't support DH certificates and this typo prohibits skipping of certificate verify message for sign only certificates anyway. Reviewed-by: Matt Caswell commit 50befdb659585b9840264c77708d2dc638624137 Author: Matt Caswell Date: Sat Jan 3 00:54:35 2015 +0000 Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Conflicts: ssl/d1_pkt.c Reviewed-by: Dr Stephen Henson commit 46bf0ba87665c5aa215673d87e9ee7dd4ce28359 Author: Dr. Stephen Henson Date: Sat Jan 3 00:45:13 2015 +0000 Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell Conflicts: ssl/s3_pkt.c commit 4b4c0a19211bf73d81de52de697a1a9dc60aed82 Author: Andy Polyakov Date: Mon Jan 5 14:52:56 2015 +0100 Fix for CVE-2014-3570. Reviewed-by: Emilia Kasper (cherry picked from commit e793809ba50c1e90ab592fb640a856168e50f3de) ----------------------------------------------------------------------- Summary of changes: CHANGES | 31 ++- NEWS | 11 +- README | 2 +- crypto/bn/asm/mips3.s | 514 ++++++++++++++++++++++---------------------- crypto/bn/asm/x86_64-gcc.c | 34 ++- crypto/bn/bn_asm.c | 16 +- crypto/bn/bntest.c | 102 ++++++--- crypto/ecdsa/Makefile | 13 +- crypto/opensslv.h | 6 +- openssl.spec | 2 +- ssl/d1_pkt.c | 5 +- ssl/s3_pkt.c | 2 + ssl/s3_srvr.c | 2 +- 13 files changed, 417 insertions(+), 323 deletions(-) diff --git a/CHANGES b/CHANGES index 573f2b7..5779dfc 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,25 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8zc and 0.9.8zd [xx XXX xxxx] + Changes between 0.9.8zd and 0.9.8ze [xx XXX xxxx] + + *) + + Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. @@ -58,6 +76,17 @@ (CVE-2014-8275) [Steve Henson] + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + Changes between 0.9.8zb and 0.9.8zc [15 Oct 2014] *) Session Ticket Memory Leak. diff --git a/NEWS b/NEWS index 45ae0f5..19ba9d4 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [under development] + Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [under development] o + Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + Major changes between OpenSSL 0.9.8zb and OpenSSL 0.9.8zc [15 Oct 2014]: o Fix for CVE-2014-3513 diff --git a/README b/README index 4032362..e3f71f7 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8zd-dev + OpenSSL 0.9.8ze-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/bn/asm/mips3.s b/crypto/bn/asm/mips3.s index dca4105..8ced51b 100644 --- a/crypto/bn/asm/mips3.s +++ b/crypto/bn/asm/mips3.s @@ -1584,17 +1584,17 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1609,63 +1609,63 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_1,a_2 /* mul_add_c2(a[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,24(a0) dmultu a_4,a_0 /* mul_add_c2(a[4],b[0],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1680,93 +1680,93 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_5 /* mul_add_c2(a[0],b[5],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_4 /* mul_add_c2(a[1],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,40(a0) dmultu a_6,a_0 /* mul_add_c2(a[6],b[0],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_5,a_1 /* mul_add_c2(a[5],b[1],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_4,a_2 /* mul_add_c2(a[4],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -1781,108 +1781,108 @@ LEAF(bn_sqr_comba8) dmultu a_0,a_7 /* mul_add_c2(a[0],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_1,a_6 /* mul_add_c2(a[1],b[6],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_5 /* mul_add_c2(a[2],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_3,a_4 /* mul_add_c2(a[3],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 sd c_2,56(a0) dmultu a_7,a_1 /* mul_add_c2(a[7],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_6,a_2 /* mul_add_c2(a[6],b[2],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_5,a_3 /* mul_add_c2(a[5],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_4,a_4 /* mul_add_c(a[4],b[4],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -1897,78 +1897,78 @@ LEAF(bn_sqr_comba8) dmultu a_2,a_7 /* mul_add_c2(a[2],b[7],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_3,a_6 /* mul_add_c2(a[3],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_4,a_5 /* mul_add_c2(a[4],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,72(a0) dmultu a_7,a_3 /* mul_add_c2(a[7],b[3],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_6,a_4 /* mul_add_c2(a[6],b[4],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_1,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu AT,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_5,a_5 /* mul_add_c(a[5],b[5],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -1983,48 +1983,48 @@ LEAF(bn_sqr_comba8) dmultu a_4,a_7 /* mul_add_c2(a[4],b[7],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_5,a_6 /* mul_add_c2(a[5],b[6],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_2,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu AT,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,88(a0) dmultu a_7,a_5 /* mul_add_c2(a[7],b[5],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_6,a_6 /* mul_add_c(a[6],b[6],c1,c2,c3); */ mflo t_1 mfhi t_2 @@ -2039,17 +2039,17 @@ LEAF(bn_sqr_comba8) dmultu a_6,a_7 /* mul_add_c2(a[6],b[7],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 sd c_2,104(a0) dmultu a_7,a_7 /* mul_add_c(a[7],b[7],c3,c1,c2); */ @@ -2070,9 +2070,9 @@ LEAF(bn_sqr_comba4) .set reorder ld a_0,0(a1) ld a_1,8(a1) + dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ ld a_2,16(a1) ld a_3,24(a1) - dmultu a_0,a_0 /* mul_add_c(a[0],b[0],c1,c2,c3); */ mflo c_1 mfhi c_2 sd c_1,0(a0) @@ -2093,17 +2093,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_0 /* mul_add_c2(a[2],b[0],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 dmultu a_1,a_1 /* mul_add_c(a[1],b[1],c3,c1,c2); */ mflo t_1 mfhi t_2 @@ -2118,48 +2118,48 @@ LEAF(bn_sqr_comba4) dmultu a_0,a_3 /* mul_add_c2(a[0],b[3],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt c_3,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu c_3,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 - daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 dmultu a_1,a_2 /* mul_add_c(a2[1],b[2],c1,c2,c3); */ mflo t_1 mfhi t_2 - slt AT,t_2,zero - daddu c_3,AT - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_1,t_1 sltu AT,c_1,t_1 - daddu t_2,AT + daddu c_1,t_1 + daddu AT,t_2 + sltu t_1,c_1,t_1 + daddu c_2,AT + daddu t_2,t_1 + sltu AT,c_2,AT daddu c_2,t_2 - sltu AT,c_2,t_2 daddu c_3,AT + sltu t_2,c_2,t_2 + daddu c_3,t_2 sd c_1,24(a0) dmultu a_3,a_1 /* mul_add_c2(a[3],b[1],c2,c3,c1); */ mflo t_1 mfhi t_2 - slt c_1,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_2,t_1 sltu AT,c_2,t_1 - daddu t_2,AT + daddu c_2,t_1 + daddu AT,t_2 + sltu t_1,c_2,t_1 + daddu c_3,AT + daddu t_2,t_1 + sltu c_1,c_3,AT daddu c_3,t_2 - sltu AT,c_3,t_2 - daddu c_1,AT + sltu t_2,c_3,t_2 + daddu c_1,t_2 dmultu a_2,a_2 /* mul_add_c(a[2],b[2],c2,c3,c1); */ mflo t_1 mfhi t_2 @@ -2174,17 +2174,17 @@ LEAF(bn_sqr_comba4) dmultu a_2,a_3 /* mul_add_c2(a[2],b[3],c3,c1,c2); */ mflo t_1 mfhi t_2 - slt c_2,t_2,zero - dsll t_2,1 - slt a2,t_1,zero - daddu t_2,a2 - dsll t_1,1 daddu c_3,t_1 sltu AT,c_3,t_1 - daddu t_2,AT + daddu c_3,t_1 + daddu AT,t_2 + sltu t_1,c_3,t_1 + daddu c_1,AT + daddu t_2,t_1 + sltu c_2,c_1,AT daddu c_1,t_2 - sltu AT,c_1,t_2 - daddu c_2,AT + sltu t_2,c_1,t_2 + daddu c_2,t_2 sd c_3,40(a0) dmultu a_3,a_3 /* mul_add_c(a[3],b[3],c1,c2,c3); */ diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 2d80f19..eba8304 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -269,6 +269,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ #define mul_add_c(a,b,c0,c1,c2) { \ @@ -283,10 +287,10 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) BN_ULONG ta=(a),tb=(b),t0; \ t1 = BN_UMULT_HIGH(ta,tb); \ t0 = ta * tb; \ - t2 = t1+t1; c2 += (t2neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { - fprintf(stderr,"Square test failed!\n"); - return 0; - } + BN_div(d,e,c,a,ctx); + BN_sub(d,d,a); + if(!BN_is_zero(d) || !BN_is_zero(e)) + { + fprintf(stderr,"Square test failed!\n"); + goto err; + } } - BN_free(&a); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return(1); + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; +err: + if (a != NULL) BN_free(a); + if (c != NULL) BN_free(c); + if (d != NULL) BN_free(d); + if (e != NULL) BN_free(e); + return ret; } int test_mont(BIO *bp, BN_CTX *ctx) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index 49e2681..6a1b4ef 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -128,11 +128,12 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h +ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h @@ -140,4 +141,4 @@ ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ecs_vrf.o: ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../cryptlib.h ecs_locl.h ecs_vrf.c diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 78b46b2..b850c62 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009081d0L +#define OPENSSL_VERSION_NUMBER 0x009081e0L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8ze-fips-dev xx XXX xxxx" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zd-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8ze-dev xx XXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index f233d81..1d77739 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 0.9.8zd +Version: 0.9.8ze Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index d12604e..bc478c2 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -595,8 +595,6 @@ again: /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i=rr->length; n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* this packet contained a partial record, dump it */ if ( n != i) { @@ -626,7 +624,8 @@ again: * would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && + s->packet_length > DTLS1_RT_HEADER_LENGTH && + s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && ! dtls1_record_replay_check(s, bitmap, &(rr->seq_num))) { rr->length = 0; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index a3b45fb..1adc301 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -147,6 +147,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * at once (as long as it fits into the buffer). */ if (SSL_version(s) == DTLS1_VERSION) { + if (s->s3->rbuf.left == 0 && extend) + return 0; if ( s->s3->rbuf.left > 0 && n > s->s3->rbuf.left) n = s->s3->rbuf.left; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 18832e9..496ae80 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2400,7 +2400,7 @@ int ssl3_get_cert_verify(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type | EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); From matt at openssl.org Thu Jan 8 15:23:56 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:23:56 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8zd create Message-ID: <20150108152356.649C11DF10D@openssl.net> The annotated tag OpenSSL_0_9_8zd has been created at 58f95e3a7db8e68ffabef77a5669d5767376197c (tag) tagging b873409efee1731171f78d8eb456b57aa4b7d0ff (commit) replaces OpenSSL_0_9_8zc tagged by Matt Caswell on Thu Jan 8 14:33:47 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 0.9.8zd release tag Andy Polyakov (4): e_os.h: allow inline functions to be compiled by legacy compilers. e_os.h: refine inline override logic (to address warnings in debug build). md32_common.h: address compiler warning in HOST_c2l. Fix for CVE-2014-3570. Bodo Moeller (2): When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV. Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. Dr. Stephen Henson (12): Don't try 1**0 test with FIPS. Reject invalid constructed encodings. Add ASN1_TYPE_cmp and X509_ALGOR_cmp. Update ordinals. Fix various certificate fingerprint issues. ECDH downgrade bug fix. Only allow ephemeral RSA keys in export ciphersuites. use correct function name use correct credit in CHANGES fix error discrepancy Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. Fix typo. Emilia Kasper (1): Revert "RT3425: constant-time evp_enc" Kurt Cancemi (1): RT3547: Add missing static qualifier Kurt Roeckx (4): Keep old method in case of an unsupported protocol Fix warning Fix warning about negative unsigned intergers Return error when a bit string indicates an invalid amount of bits left Matt Caswell (5): Prepare for 0.9.8zd-dev Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. CHANGES and NEWS updates for release make update Prepare for 0.9.8zd release Richard Levitte (1): Include "constant_time_locl.h" rather than "../constant_time_locl.h". The different -I compiler parameters will take care of the rest... Samuel Neves (1): Use only unsigned arithmetic in constant-time operations Tim Hudson (2): Add constant_time_locl.h to HEADERS, so the Win32 compile picks it up correctly. no-ssl2 with no-ssl3 does not mean drop the ssl lib ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 8 15:23:56 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:23:56 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0p create Message-ID: <20150108152356.9449B1DF10E@openssl.net> The annotated tag OpenSSL_1_0_0p has been created at 89c5e025a461db9be4cd4a4625fdf80e3f098e61 (tag) tagging 225628f280d79dda31d135f96e231807d06e38c3 (commit) replaces OpenSSL_1_0_0o tagged by Matt Caswell on Thu Jan 8 14:21:42 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.0p release tag Adam Langley (1): Premaster secret handling fixes Alok Menghrajani (2): Fixes a minor typo in the EVP docs. Improves the proxy certificates howto doc. Andr? Guerreiro (1): Add documentation on -timeout option in the ocsp utility Andy Polyakov (3): e_os.h: allow inline functions to be compiled by legacy compilers. e_os.h: refine inline override logic (to address warnings in debug build). Fix for CVE-2014-3570. Bodo Moeller (2): When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV. Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. Dr. Stephen Henson (12): Fix cross reference table generator. Reject invalid constructed encodings. Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. Fix various certificate fingerprint issues. update ordinals ECDH downgrade bug fix. Only allow ephemeral RSA keys in export ciphersuites. use correct function name use correct credit in CHANGES fix error discrepancy Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. Unauthenticated DH client certificate fix. Emilia Kasper (1): Revert "RT3425: constant-time evp_enc" Kurt Cancemi (1): RT3547: Add missing static qualifier Kurt Roeckx (3): Keep old method in case of an unsupported protocol Fix warning about negative unsigned intergers Return error when a bit string indicates an invalid amount of bits left Matt Caswell (38): Prepare for 1.0.0p-dev Fix free of garbage pointer. PR#3595 Corrected comments in ssl.h about SSLv23_method and friends Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask Tidy up ocsp help output Remove duplicated code Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST Add checks to the return value of EVP_Cipher to prevent silent encryption failure. Check EVP_Cipher return values for SSL2 Fixed warning in ssl2_enc Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes. The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits. Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first. Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use. If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead. Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using Remove "#if 0" code Remove incorrect code inadvertently introduced through commit 59669b6ab. Fix memory leak in SSL_new if errors occur. Fixed memory leak in the event of a failure of BUF_MEM_grow Fix use of NULL memory pointer in X509_VERIFY_PARAM_new in the event of a malloc failure. Fixed memory leak if BUF_MEM_grow fails Fix memory leak in s2_srvr.c if BUF_MEM_grow fails Check return value of ssl3_output_cert_chain Checkout return value of dtls1_output_cert_chain DTLS fixes for signed/unsigned issues Remove extraneous white space, and add some braces Add OPENSSL_NO_ECDH guards Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings. Remove blank line from start of cflags character array in buildinf.h Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. CHANGES and NEWS updates for release make update Prepare for 1.0.0p release Michal Bozon (1): Correct timestamp output when clock_precision_digits > 0 Richard Levitte (3): Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces. [PR3597] Advance to the next state variant when reusing messages. Check for FindNextFile when defining it rather than FindFirstFile Samuel Neves (1): Use only unsigned arithmetic in constant-time operations Tim Hudson (1): no-ssl2 with no-ssl3 does not mean drop the ssl lib ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 8 15:23:56 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:23:56 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1k create Message-ID: <20150108152356.AD7251DF10F@openssl.net> The annotated tag OpenSSL_1_0_1k has been created at 06d3e7b7f9acd0bb66af9a29eb37635c6e59f526 (tag) tagging b4a57c4c419a578d1a16862a6b445c34003b4c52 (commit) replaces OpenSSL_1_0_1j tagged by Matt Caswell on Thu Jan 8 14:03:40 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.1k release tag Adam Langley (2): Premaster secret handling fixes Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. Alok Menghrajani (3): Fixes a minor typo in the EVP docs. Improves the proxy certificates howto doc. Improves certificates HOWTO Andr? Guerreiro (1): Add documentation on -timeout option in the ocsp utility Andy Polyakov (5): e_os.h: allow inline functions to be compiled by legacy compilers. e_os.h: refine inline override logic (to address warnings in debug build). md32_common.h: address compiler warning in HOST_c2l. Fix irix-cc build. Fix for CVE-2014-3570. Bodo Moeller (2): When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV. Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. Bodo M?ller (1): Backport regression test David Benjamin (1): Do not resume a session if the negotiated protocol version does not match the session's version (server). Dominik Neubauer (1): typo in s_client Dr. Stephen Henson (14): Fix cross reference table generator. New option no-ssl3-method which removes SSLv3_*method Reject invalid constructed encodings. Clear existing extension state. Fix various certificate fingerprint issues. Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. update ordinals ECDH downgrade bug fix. Only allow ephemeral RSA keys in export ciphersuites. use correct function name use correct credit in CHANGES fix error discrepancy Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. Unauthenticated DH client certificate fix. Emilia Kasper (14): Fix ssltest logic when some protocols are compiled out. Tighten session ticket handling Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Set s->hit when resuming from external pre-shared secret. Remove ssl3_check_finished. Always require an advertised NewSessionTicket message. Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. Reject elliptic curve lists of odd lengths. Fix unused variable warning Check for invalid divisors in BN_div. Build fixes Revert "RT3425: constant-time evp_enc" Add a comment noting the padding oracle. Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Guenter (1): NetWare compilation fix. Jan Hykel (1): Don't use msg on error. Kurt Cancemi (1): RT3547: Add missing static qualifier Kurt Roeckx (7): Keep old method in case of an unsupported protocol Fix warning about negative unsigned intergers Use the SSLv23 method by default Return error when a bit string indicates an invalid amount of bits left Fix memory leak in the apps dlfcn: always define _GNU_SOURCE Make "run" volatile Martin Brejcha (1): Fix memory leak. Matt Caswell (43): Prepare for 1.0.1k-dev Fix free of garbage pointer. PR#3595 Added OPENSSL_NO_EC2M guards around the preferred EC curve list Corrected comments in ssl.h about SSLv23_method and friends Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask Add include of ssl.h which is required by srtp.h Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell Tidy up ocsp help output Remove duplicated code Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST Add checks to the return value of EVP_Cipher to prevent silent encryption failure. Check EVP_Cipher return values for SSL2 Fixed warning in ssl2_enc Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes. The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits. Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first. Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use. If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead. Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using Remove "#if 0" code Remove incorrect code inadvertently introduced through commit 59669b6ab. Fix memory leak in SSL_new if errors occur. Fixed memory leak in the event of a failure of BUF_MEM_grow Fix use of NULL memory pointer in X509_VERIFY_PARAM_new in the event of a malloc failure. Fixed memory leak if BUF_MEM_grow fails Fix memory leak in s2_srvr.c if BUF_MEM_grow fails Check return value of ssl3_output_cert_chain Checkout return value of dtls1_output_cert_chain DTLS fixes for signed/unsigned issues Remove extraneous white space, and add some braces Add OPENSSL_NO_ECDH guards Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings. Remove blank line from start of cflags character array in buildinf.h Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. CHANGES and NEWS updates for release make update Prepare for 1.0.1k release Michael Tuexen (1): Fix incorrect OPENSSL_assert() usage. Michal Bozon (1): Correct timestamp output when clock_precision_digits > 0 Rich Salz (1): RT2914: NULL check missing in X509_name_canon Richard Levitte (11): Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces. [PR3597] Advance to the next state variant when reusing messages. Check for FindNextFile when defining it rather than FindFirstFile Clear warnings/errors within BN_CTX_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within KSSL_DEBUG code sections Clear warnings/errors within TLS_DEBUG code sections Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) Small typo VMS fixups for 1.0.1 Russell Coker (1): Fix datarace reported by valgrind/helgrind Samuel Neves (1): Use only unsigned arithmetic in constant-time operations Thorsten Glaser (1): Document openssl dgst -hmac option Tim Hudson (1): no-ssl2 with no-ssl3 does not mean drop the ssl lib ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 8 15:40:28 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:40:28 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150108154029.694231DF10D@openssl.net> The branch master has been updated via 2646b54a6d06ff05dac9513298ce21ffbad71e46 (commit) from 784cd8c7ab3c6594f02c1c4c6f1830ece16928cf (commit) - Log ----------------------------------------------------------------- commit 2646b54a6d06ff05dac9513298ce21ffbad71e46 Author: Matt Caswell Date: Thu Jan 8 14:43:04 2015 +0000 Updates for latest release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 4 + news/secadv_20150108.txt | 218 +++++++++++++++++++ news/vulnerabilities.xml | 535 +++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 756 insertions(+), 1 deletion(-) create mode 100644 news/secadv_20150108.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index a4f7be7..09de9a3 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,7 @@ +15-Oct-2014: Security Advisory: eight security fixes +15-Oct-2014: OpenSSL 1.0.1k is now available, including bug and security fixes +15-Oct-2014: OpenSSL 1.0.0p is now available, including bug and security fixes +15-Oct-2014: OpenSSL 0.9.8zd is now available, including bug and security fixes 15-Oct-2014: Security Advisory: four security fixes 15-Oct-2014: OpenSSL 1.0.1j is now available, including bug and security fixes 15-Oct-2014: OpenSSL 1.0.0o is now available, including bug and security fixes diff --git a/news/secadv_20150108.txt b/news/secadv_20150108.txt new file mode 100644 index 0000000..a4e68a8 --- /dev/null +++ b/news/secadv_20150108.txt @@ -0,0 +1,218 @@ +OpenSSL Security Advisory [08 Jan 2015] +======================================= + +DTLS segmentation fault in dtls1_get_record (CVE-2014-3571) +=========================================================== + +Severity: Moderate + +A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due +to a NULL pointer dereference. This could lead to a Denial Of Service attack. + +This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. +OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. +OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd. + +This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of +Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL +core team. + +DTLS memory leak in dtls1_buffer_record (CVE-2015-0206) +======================================================= + +Severity: Moderate + +A memory leak can occur in the dtls1_buffer_record function under certain +conditions. In particular this could occur if an attacker sent repeated DTLS +records with the same sequence number but for the next epoch. The memory leak +could be exploited by an attacker in a Denial of Service attack through memory +exhaustion. + +This issue affects OpenSSL versions: 1.0.1 and 1.0.0. + +OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k. +OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p. + +This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also +provided an initial patch. Further analysis was performed by Matt Caswell of the +OpenSSL development team, who also developed the final patch. + +no-ssl3 configuration sets method to NULL (CVE-2014-3569) +========================================================= + +Severity: Low + +When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is +received the ssl method would be set to NULL which could later result in +a NULL pointer dereference. + +This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. +OpenSSL 0.9.8 users should upgrade to 0.9.8zd. + +This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The +fix was developed by Kurt Roeckx. + + +ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572) +========================================================== + +Severity: Low + +An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite +using an ECDSA certificate if the server key exchange message is omitted. This +effectively removes forward secrecy from the ciphersuite. + +This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. +OpenSSL 0.9.8 users should upgrade to 0.9.8zd. + +This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan +Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen +Henson of the OpenSSL core team. + + +RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) +============================================================== + +Severity: Low + +An OpenSSL client will accept the use of an RSA temporary key in a non-export +RSA key exchange ciphersuite. A server could present a weak temporary key +and downgrade the security of the session. + +This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. +OpenSSL 0.9.8 users should upgrade to 0.9.8zd. + +This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan +Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen +Henson of the OpenSSL core team. + + +DH client certificates accepted without verification [Server] (CVE-2015-0205) +============================================================================= + +Severity: Low + +An OpenSSL server will accept a DH certificate for client authentication +without the certificate verify message. This effectively allows a client +to authenticate without the use of a private key. This only affects servers +which trust a client certificate authority which issues certificates +containing DH keys: these are extremely rare and hardly ever encountered. + +This issue affects OpenSSL versions: 1.0.1 and 1.0.0. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. + +This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan +Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen +Henson of the OpenSSL core team. + + +Certificate fingerprints can be modified (CVE-2014-8275) +======================================================== + +Severity: Low + +OpenSSL accepts several non-DER-variations of certificate signature +algorithm and signature encodings. OpenSSL also does not enforce a +match between the signature algorithm between the signed and unsigned +portions of the certificate. By modifying the contents of the +signature algorithm or the encoding of the signature, it is possible +to change the certificate's fingerprint. + +This does not allow an attacker to forge certificates, and does not +affect certificate verification or OpenSSL servers/clients in any +other way. It also does not affect common revocation mechanisms. Only +custom applications that rely on the uniqueness of the fingerprint +(e.g. certificate blacklists) may be affected. + +This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and +0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. +OpenSSL 0.9.8 users should upgrade to 0.9.8zd. + +One variant of this issue was discovered by Antti Karjalainen and +Tuomo Untinen from the Codenomicon CROSS program and reported to +OpenSSL on 1st December 2014 by NCSC-FI Vulnerability +Co-ordination. Another variant was independently reported to OpenSSL +on 12th December 2014 by Konrad Kraszewski from Google. Further +analysis was conducted and fixes were developed by Stephen Henson of +the OpenSSL core team. + +Bignum squaring may produce incorrect results (CVE-2014-3570) +============================================================= + +Severity: Low + +Bignum squaring (BN_sqr) may produce incorrect results on some +platforms, including x86_64. This bug occurs at random with a very +low probability, and is not known to be exploitable in any way, though +its exact impact is difficult to determine. The following has been +determined: + +*) The probability of BN_sqr producing an incorrect result at random +is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and +1/2^128 on affected 64-bit platforms. +*) On most platforms, RSA follows a different code path and RSA +operations are not affected at all. For the remaining platforms +(e.g. OpenSSL built without assembly support), pre-existing +countermeasures thwart bug attacks [1]. +*) Static ECDH is theoretically affected: it is possible to construct +elliptic curve points that would falsely appear to be on the given +curve. However, there is no known computationally feasible way to +construct such points with low order, and so the security of static +ECDH private keys is believed to be unaffected. +*) Other routines known to be theoretically affected are modular +exponentiation, primality testing, DSA, RSA blinding, JPAKE and +SRP. No exploits are known and straightforward bug attacks fail - +either the attacker cannot control when the bug triggers, or no +private key material is involved. + +This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. +OpenSSL 0.9.8 users should upgrade to 0.9.8zd. + +This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille +(Blockstream) who also suggested an initial fix. Further analysis was +conducted by the OpenSSL development team and Adam Langley of +Google. The final fix was developed by Andy Polyakov of the OpenSSL +core team. + +[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf + +Note +==== + +As per our previous announcements and our Release Strategy +(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions +1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these +releases will be provided after that date. Users of these releases are advised +to upgrade. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv_20150108.txt + +Note: the online version of the advisory may be updated with additional +details over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/about/secpolicy.html + diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 64dc737..e64221e 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,7 +5,540 @@ 1.0.0 on 20100329 --> - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A carefully crafted DTLS message can cause a segmentation fault in OpenSSL + due to a NULL pointer dereference. This could lead to a Denial Of Service + attack. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + A memory leak can occur in the dtls1_buffer_record function under certain + conditions. In particular this could occur if an attacker sent repeated + DTLS records with the same sequence number but for the next epoch. The + memory leak could be exploited by an attacker in a Denial of Service + attack through memory exhaustion. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is + received the ssl method would be set to NULL which could later result in + a NULL pointer dereference. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An OpenSSL client will accept a handshake using an ephemeral ECDH + ciphersuite using an ECDSA certificate if the server key exchange message + is omitted. This effectively removes forward secrecy from the ciphersuite. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An OpenSSL client will accept the use of an RSA temporary key in a + non-export RSA key exchange ciphersuite. A server could present a weak + temporary key and downgrade the security of the session. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client + to authenticate without the use of a private key. This only affects + servers which trust a client certificate authority which issues + certificates containing DH keys: these are extremely rare and hardly ever + encountered. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + OpenSSL accepts several non-DER-variations of certificate signature + algorithm and signature encodings. OpenSSL also does not enforce a + match between the signature algorithm between the signed and unsigned + portions of the certificate. By modifying the contents of the + signature algorithm or the encoding of the signature, it is possible + to change the certificate's fingerprint. + + This does not allow an attacker to forge certificates, and does not + affect certificate verification or OpenSSL servers/clients in any other + way. It also does not affect common revocation mechanisms. Only custom + applications that rely on the uniqueness of the fingerprint (e.g. + certificate blacklists) may be affected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Bignum squaring (BN_sqr) may produce incorrect results on some platforms, + including x86_64. This bug occurs at random with a very low probability, + and is not known to be exploitable in any way, though its exact impact is + difficult to determine. The following has been determined: + + *) The probability of BN_sqr producing an incorrect result at random is + very low: 1/2^64 on the single affected 32-bit platform (MIPS) and 1/2^128 + on affected 64-bit platforms. + *) On most platforms, RSA follows a different code path and RSA operations + are not affected at all. For the remaining platforms (e.g. OpenSSL built + without assembly support), pre-existing countermeasures thwart bug + attacks [1]. + *) Static ECDH is theoretically affected: it is possible to construct + elliptic curve points that would falsely appear to be on the given curve. + However, there is no known computationally feasible way to construct such + points with low order, and so the security of static ECDH private keys is + believed to be unaffected. + *) Other routines known to be theoretically affected are modular + exponentiation, primality testing, DSA, RSA blinding, JPAKE and SRP. No + exploits are known and straightforward bug attacks fail - either the + attacker cannot control when the bug triggers, or no private key material + is involved. + + + + + From matt at openssl.org Thu Jan 8 15:48:13 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:48:13 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150108154813.C8DDB1DF10D@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via 7c6a3cf2375f5881ef3f3a58ac0fbd0b4663abd1 (commit) via be3fb8d15dd5a233eab0c454677d538e64d17f82 (commit) via fb73f12a9cfc377e3046228cc69351a40716c396 (commit) via 25d738c3a46339730e990391ca6399158636473e (commit) via 49446ea62f34ed2986e7bd89431928e09bfb8709 (commit) from f33ab61b5f9adee5e607f31241b7762dc10adabf (commit) - Log ----------------------------------------------------------------- commit 7c6a3cf2375f5881ef3f3a58ac0fbd0b4663abd1 Author: Matt Caswell Date: Wed Jan 7 14:18:13 2015 +0000 A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson (cherry picked from commit 652ff0f4796eecd8729b4690f2076d1c7ccb2862) commit be3fb8d15dd5a233eab0c454677d538e64d17f82 Author: Dr. Stephen Henson Date: Thu Oct 23 20:36:17 2014 +0100 Unauthenticated DH client certificate fix. Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell commit fb73f12a9cfc377e3046228cc69351a40716c396 Author: Matt Caswell Date: Sat Jan 3 00:54:35 2015 +0000 Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: Dr Stephen Henson commit 25d738c3a46339730e990391ca6399158636473e Author: Dr. Stephen Henson Date: Sat Jan 3 00:45:13 2015 +0000 Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell commit 49446ea62f34ed2986e7bd89431928e09bfb8709 Author: Andy Polyakov Date: Mon Jan 5 15:20:54 2015 +0100 Fix for CVE-2014-3570 (with minor bn_asm.c revamp). Reviewed-by: Emilia Kasper (cherry picked from commit 56df92efb6893abe323307939425957ce878c8f0) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/mips.pl | 611 ++++++++++---------------------------------- crypto/bn/asm/x86_64-gcc.c | 101 ++++---- crypto/bn/bn_asm.c | 241 ++++++++--------- crypto/bn/bntest.c | 102 ++++++-- ssl/d1_pkt.c | 35 ++- ssl/s3_pkt.c | 2 + ssl/s3_srvr.c | 2 +- 7 files changed, 405 insertions(+), 689 deletions(-) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index b311e7c..acafde5 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1872,6 +1872,41 @@ ___ ($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); +sub add_c2 () { +my ($hi,$lo,$c0,$c1,$c2, + $warm, # !$warm denotes first call with specific sequence of + # $c_[XYZ] when there is no Z-carry to accumulate yet; + $an,$bn # these two are arguments for multiplication which + # result is used in *next* step [which is why it's + # commented as "forward multiplication" below]; + )=@_; +$code.=<<___; + mflo $lo + mfhi $hi + $ADDU $c0,$lo + sltu $at,$c0,$lo + $MULTU $an,$bn # forward multiplication + $ADDU $c0,$lo + $ADDU $at,$hi + sltu $lo,$c0,$lo + $ADDU $c1,$at + $ADDU $hi,$lo +___ +$code.=<<___ if (!$warm); + sltu $c2,$c1,$at + $ADDU $c1,$hi + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +$code.=<<___ if ($warm); + sltu $at,$c1,$at + $ADDU $c1,$hi + $ADDU $c2,$at + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +} + $code.=<<___; .align 5 @@ -1920,21 +1955,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -1945,67 +1969,19 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2016,97 +1992,23 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3); - $ADDU $c_2,$at - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2117,112 +2019,25 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); +$code.=<<___; $ST $c_2,7*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2233,82 +2048,21 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); +$code.=<<___; $ST $c_1,9*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2319,52 +2073,17 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); +$code.=<<___; $ST $c_3,11*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2375,21 +2094,10 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); +$code.=<<___; $ST $c_2,13*$BNSZ($a0) mflo $t_1 @@ -2457,21 +2165,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2482,52 +2179,17 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2538,21 +2200,10 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) mflo $t_1 diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index 7d97c0b..a2f3e1b 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -276,77 +276,76 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ -#define mul_add_c(a,b,c0,c1,c2) { \ - BN_ULONG ta=(a),tb=(b); \ - t1 = ta * tb; \ - t2 = BN_UMULT_HIGH(ta,tb); \ - c0 += t1; t2 += (c0neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { - fprintf(stderr,"Square test failed!\n"); - return 0; - } + BN_div(d,e,c,a,ctx); + BN_sub(d,d,a); + if(!BN_is_zero(d) || !BN_is_zero(e)) + { + fprintf(stderr,"Square test failed!\n"); + goto err; + } } - BN_free(&a); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return(1); + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; +err: + if (a != NULL) BN_free(a); + if (c != NULL) BN_free(c); + if (d != NULL) BN_free(d); + if (e != NULL) BN_free(e); + return ret; } int test_mont(BIO *bp, BN_CTX *ctx) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index dc5b6f4..082b3fb 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -212,7 +212,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) return 0; - + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) @@ -247,18 +247,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } return(1); @@ -314,8 +318,9 @@ dtls1_process_buffered_records(SSL *s) dtls1_get_unprocessed_record(s); if ( ! dtls1_process_record(s)) return(0); - dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num); + if(dtls1_buffer_record(s, &(s->d1->processed_rcds), + s->s3->rrec.seq_num)<0) + return -1; } } @@ -530,7 +535,6 @@ printf("\n"); /* we have pulled in a full packet so zero things */ s->packet_length=0; - dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ return(1); f_err: @@ -563,7 +567,8 @@ int dtls1_get_record(SSL *s) /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - dtls1_process_buffered_records(s); + if(dtls1_process_buffered_records(s)<0) + return -1; /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -645,8 +650,6 @@ again: /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i=rr->length; n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* this packet contained a partial record, dump it */ if ( n != i) { @@ -681,7 +684,8 @@ again: * would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && + s->packet_length > DTLS1_RT_HEADER_LENGTH && + s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; @@ -704,7 +708,9 @@ again: { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) + return -1; + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ } rr->length = 0; s->packet_length = 0; @@ -717,6 +723,7 @@ again: s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ return(1); @@ -868,7 +875,11 @@ start: * buffer the application data for later processing rather * than dropping the connection. */ - dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0) + { + SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } rr->length = 0; goto start; } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 0804d55..6a2ec5c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -197,6 +197,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * at once (as long as it fits into the buffer). */ if (SSL_IS_DTLS(s)) { + if (left == 0 && extend) + return 0; if (left > 0 && n > left) n = left; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9a10a7c..230a36f 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3016,7 +3016,7 @@ int ssl3_get_cert_verify(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type & EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); From matt at openssl.org Thu Jan 8 15:50:17 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 16:50:17 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150108155018.076B81DF10D@openssl.net> The branch master has been updated via 103b171d8fc282ef435f8de9afbf7782e312961f (commit) via 1421e0c584ae9120ca1b88098f13d6d2e90b83a3 (commit) via a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 (commit) via 248385c606620b29ecc96ca9d3603463f879652b (commit) via feba02f3919495e1b960c33ba849e10e77d0785d (commit) from 4a4d4158572fd8b3dc641851b8378e791df7972d (commit) - Log ----------------------------------------------------------------- commit 103b171d8fc282ef435f8de9afbf7782e312961f Author: Matt Caswell Date: Wed Jan 7 14:18:13 2015 +0000 A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Thanks to Chris Mueller for reporting this issue and providing initial analysis and a patch. Further analysis and the final patch was performed by Matt Caswell from the OpenSSL development team. CVE-2015-0206 Reviewed-by: Dr Stephen Henson commit 1421e0c584ae9120ca1b88098f13d6d2e90b83a3 Author: Dr. Stephen Henson Date: Thu Oct 23 20:36:17 2014 +0100 Unauthenticated DH client certificate fix. Fix to prevent use of DH client certificates without sending certificate verify message. If we've used a client certificate to generate the premaster secret ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is never called. We can only skip the certificate verify message in ssl3_get_cert_verify if the client didn't send a certificate. Thanks to Karthikeyan Bhargavan for reporting this issue. CVE-2015-0205 Reviewed-by: Matt Caswell commit a7a44ba55cb4f884c6bc9ceac90072dea38e66d0 Author: Andy Polyakov Date: Mon Jan 5 15:20:54 2015 +0100 Fix for CVE-2014-3570 (with minor bn_asm.c revamp). Reviewed-by: Emilia Kasper commit 248385c606620b29ecc96ca9d3603463f879652b Author: Matt Caswell Date: Sat Jan 3 00:54:35 2015 +0000 Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. Reviewed-by: Dr Stephen Henson commit feba02f3919495e1b960c33ba849e10e77d0785d Author: Dr. Stephen Henson Date: Sat Jan 3 00:45:13 2015 +0000 Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. CVE-2014-3571 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/mips.pl | 611 ++++++++++---------------------------------- crypto/bn/asm/x86_64-gcc.c | 101 ++++---- crypto/bn/bn_asm.c | 241 ++++++++--------- crypto/bn/bntest.c | 102 ++++++-- ssl/d1_pkt.c | 35 ++- ssl/s3_pkt.c | 2 + ssl/s3_srvr.c | 2 +- 7 files changed, 405 insertions(+), 689 deletions(-) diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl index b311e7c..acafde5 100644 --- a/crypto/bn/asm/mips.pl +++ b/crypto/bn/asm/mips.pl @@ -1872,6 +1872,41 @@ ___ ($a_4,$a_5,$a_6,$a_7)=($b_0,$b_1,$b_2,$b_3); +sub add_c2 () { +my ($hi,$lo,$c0,$c1,$c2, + $warm, # !$warm denotes first call with specific sequence of + # $c_[XYZ] when there is no Z-carry to accumulate yet; + $an,$bn # these two are arguments for multiplication which + # result is used in *next* step [which is why it's + # commented as "forward multiplication" below]; + )=@_; +$code.=<<___; + mflo $lo + mfhi $hi + $ADDU $c0,$lo + sltu $at,$c0,$lo + $MULTU $an,$bn # forward multiplication + $ADDU $c0,$lo + $ADDU $at,$hi + sltu $lo,$c0,$lo + $ADDU $c1,$at + $ADDU $hi,$lo +___ +$code.=<<___ if (!$warm); + sltu $c2,$c1,$at + $ADDU $c1,$hi + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +$code.=<<___ if ($warm); + sltu $at,$c1,$at + $ADDU $c1,$hi + $ADDU $c2,$at + sltu $hi,$c1,$hi + $ADDU $c2,$hi +___ +} + $code.=<<___; .align 5 @@ -1920,21 +1955,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -1945,67 +1969,19 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c2(a[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_0 # mul_add_c2(a[4],b[0],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_0); # mul_add_c2(a[4],b[0],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2016,97 +1992,23 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_4 # mul_add_c2(a[1],b[4],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_2,$a_3 # mul_add_c2(a[2],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $MULTU $a_6,$a_0 # mul_add_c2(a[6],b[0],c1,c2,c3); - $ADDU $c_2,$at - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_4); # mul_add_c2(a[1],b[4],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_2,$a_3); # mul_add_c2(a[2],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_6,$a_0); # mul_add_c2(a[6],b[0],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_1 # mul_add_c2(a[5],b[1],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_2 # mul_add_c2(a[4],b[2],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_5,$a_1); # mul_add_c2(a[5],b[1],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_2); # mul_add_c2(a[4],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2117,112 +2019,25 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,6*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_6 # mul_add_c2(a[1],b[6],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_2,$a_5 # mul_add_c2(a[2],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_3,$a_4 # mul_add_c2(a[3],b[4],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_7,$a_1 # mul_add_c2(a[7],b[1],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_1,$a_6); # mul_add_c2(a[1],b[6],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_2,$a_5); # mul_add_c2(a[2],b[5],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_3,$a_4); # mul_add_c2(a[3],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_7,$a_1); # mul_add_c2(a[7],b[1],c3,c1,c2); +$code.=<<___; $ST $c_2,7*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_2 # mul_add_c2(a[6],b[2],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_5,$a_3 # mul_add_c2(a[5],b[3],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_4,$a_4 # mul_add_c(a[4],b[4],c3,c1,c2); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_6,$a_2); # mul_add_c2(a[6],b[2],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_5,$a_3); # mul_add_c2(a[5],b[3],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_4,$a_4); # mul_add_c(a[4],b[4],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2233,82 +2048,21 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,8*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_6 # mul_add_c2(a[3],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_4,$a_5 # mul_add_c2(a[4],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_7,$a_3 # mul_add_c2(a[7],b[3],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_3,$a_6); # mul_add_c2(a[3],b[6],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_4,$a_5); # mul_add_c2(a[4],b[5],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_7,$a_3); # mul_add_c2(a[7],b[3],c2,c3,c1); +$code.=<<___; $ST $c_1,9*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_4 # mul_add_c2(a[6],b[4],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_1,$at - $MULTU $a_5,$a_5 # mul_add_c(a[5],b[5],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_6,$a_4); # mul_add_c2(a[6],b[4],c2,c3,c1); + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,1, + $a_5,$a_5); # mul_add_c(a[5],b[5],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2319,52 +2073,17 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,10*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_5,$a_6 # mul_add_c2(a[5],b[6],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_2,$at - $MULTU $a_7,$a_5 # mul_add_c2(a[7],b[5],c1,c2,c3); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_5,$a_6); # mul_add_c2(a[5],b[6],c3,c1,c2); + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,1, + $a_7,$a_5); # mul_add_c2(a[7],b[5],c1,c2,c3); +$code.=<<___; $ST $c_3,11*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_6,$a_6 # mul_add_c(a[6],b[6],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_6,$a_6); # mul_add_c(a[6],b[6],c1,c2,c3); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_1,$t_1 @@ -2375,21 +2094,10 @@ $code.=<<___; sltu $at,$c_2,$t_2 $ADDU $c_3,$at $ST $c_1,12*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_7,$a_7 # mul_add_c(a[7],b[7],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_7,$a_7); # mul_add_c(a[7],b[7],c3,c1,c2); +$code.=<<___; $ST $c_2,13*$BNSZ($a0) mflo $t_1 @@ -2457,21 +2165,10 @@ $code.=<<___; sltu $at,$c_2,$t_1 $ADDU $c_3,$t_2,$at $ST $c_2,$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_1 # mul_add_c(a[1],b[1],c3,c1,c2); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_1,$a_1); # mul_add_c(a[1],b[1],c3,c1,c2); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_3,$t_1 @@ -2482,52 +2179,17 @@ $code.=<<___; sltu $at,$c_1,$t_2 $ADDU $c_2,$at $ST $c_3,2*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_3,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_1,$a_2 # mul_add_c(a2[1],b[2],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at - mflo $t_1 - mfhi $t_2 - slt $at,$t_2,$zero - $ADDU $c_3,$at - $MULTU $a_3,$a_1 # mul_add_c2(a[3],b[1],c2,c3,c1); - $SLL $t_2,1 - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_1,$t_1 - sltu $at,$c_1,$t_1 - $ADDU $t_2,$at - $ADDU $c_2,$t_2 - sltu $at,$c_2,$t_2 - $ADDU $c_3,$at +___ + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,0, + $a_1,$a_2); # mul_add_c2(a2[1],b[2],c1,c2,c3); + &add_c2($t_2,$t_1,$c_1,$c_2,$c_3,1, + $a_3,$a_1); # mul_add_c2(a[3],b[1],c2,c3,c1); +$code.=<<___; $ST $c_1,3*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_1,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_2,$a_2 # mul_add_c(a[2],b[2],c2,c3,c1); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_2,$t_1 - sltu $at,$c_2,$t_1 - $ADDU $t_2,$at - $ADDU $c_3,$t_2 - sltu $at,$c_3,$t_2 - $ADDU $c_1,$at +___ + &add_c2($t_2,$t_1,$c_2,$c_3,$c_1,0, + $a_2,$a_2); # mul_add_c(a[2],b[2],c2,c3,c1); +$code.=<<___; mflo $t_1 mfhi $t_2 $ADDU $c_2,$t_1 @@ -2538,21 +2200,10 @@ $code.=<<___; sltu $at,$c_3,$t_2 $ADDU $c_1,$at $ST $c_2,4*$BNSZ($a0) - - mflo $t_1 - mfhi $t_2 - slt $c_2,$t_2,$zero - $SLL $t_2,1 - $MULTU $a_3,$a_3 # mul_add_c(a[3],b[3],c1,c2,c3); - slt $a2,$t_1,$zero - $ADDU $t_2,$a2 - $SLL $t_1,1 - $ADDU $c_3,$t_1 - sltu $at,$c_3,$t_1 - $ADDU $t_2,$at - $ADDU $c_1,$t_2 - sltu $at,$c_1,$t_2 - $ADDU $c_2,$at +___ + &add_c2($t_2,$t_1,$c_3,$c_1,$c_2,0, + $a_3,$a_3); # mul_add_c(a[3],b[3],c1,c2,c3); +$code.=<<___; $ST $c_3,5*$BNSZ($a0) mflo $t_1 diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c index c6d12f4..7f7e5c2 100644 --- a/crypto/bn/asm/x86_64-gcc.c +++ b/crypto/bn/asm/x86_64-gcc.c @@ -276,77 +276,76 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ +/* + * Keep in mind that carrying into high part of multiplication result + * can not overflow, because it cannot be all-ones. + */ #if 0 /* original macros are kept for reference purposes */ -#define mul_add_c(a,b,c0,c1,c2) { \ - BN_ULONG ta=(a),tb=(b); \ - t1 = ta * tb; \ - t2 = BN_UMULT_HIGH(ta,tb); \ - c0 += t1; t2 += (c0neg=rand_neg(); + BN_sqr(c,a,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) - { - fprintf(stderr,"Square test failed!\n"); - return 0; - } + BN_div(d,e,c,a,ctx); + BN_sub(d,d,a); + if(!BN_is_zero(d) || !BN_is_zero(e)) + { + fprintf(stderr,"Square test failed!\n"); + goto err; + } } - BN_free(&a); - BN_free(&c); - BN_free(&d); - BN_free(&e); - return(1); + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000008000000000000001FFFFFFFFFFFFFFFE0000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + + /* Regression test for a BN_sqr overflow bug. */ + BN_hex2bn(&a, + "80000000000000000000000080000001FFFFFFFE000000000000000000000000"); + BN_sqr(c, a, ctx); + if (bp != NULL) + { + if (!results) + { + BN_print(bp,a); + BIO_puts(bp," * "); + BN_print(bp,a); + BIO_puts(bp," - "); + } + BN_print(bp,c); + BIO_puts(bp,"\n"); + } + BN_mul(d, a, a, ctx); + if (BN_cmp(c, d)) + { + fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " + "different results!\n"); + goto err; + } + ret = 1; +err: + if (a != NULL) BN_free(a); + if (c != NULL) BN_free(c); + if (d != NULL) BN_free(d); + if (e != NULL) BN_free(e); + return ret; } int test_mont(BIO *bp, BN_CTX *ctx) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 208d244..a8a06b4 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -212,7 +212,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) /* Limit the size of the queue to prevent DOS attacks */ if (pqueue_size(queue->q) >= 100) return 0; - + rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) @@ -247,18 +247,22 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); + if (rdata->rbuf.buf != NULL) + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); - return(0); + return(-1); } return(1); @@ -314,8 +318,9 @@ dtls1_process_buffered_records(SSL *s) dtls1_get_unprocessed_record(s); if ( ! dtls1_process_record(s)) return(0); - dtls1_buffer_record(s, &(s->d1->processed_rcds), - s->s3->rrec.seq_num); + if(dtls1_buffer_record(s, &(s->d1->processed_rcds), + s->s3->rrec.seq_num)<0) + return -1; } } @@ -529,7 +534,6 @@ printf("\n"); /* we have pulled in a full packet so zero things */ s->packet_length=0; - dtls1_record_bitmap_update(s, &(s->d1->bitmap));/* Mark receipt of record. */ return(1); f_err: @@ -563,7 +567,8 @@ int dtls1_get_record(SSL *s) /* The epoch may have changed. If so, process all the * pending records. This is a non-blocking operation. */ - dtls1_process_buffered_records(s); + if(dtls1_process_buffered_records(s)<0) + return -1; /* if we're renegotiating, then there may be buffered records */ if (dtls1_get_processed_record(s)) @@ -645,8 +650,6 @@ again: /* now s->packet_length == DTLS1_RT_HEADER_LENGTH */ i=rr->length; n=ssl3_read_n(s,i,i,1); - if (n <= 0) return(n); /* error or non-blocking io */ - /* this packet contained a partial record, dump it */ if ( n != i) { @@ -681,7 +684,8 @@ again: * would be dropped unnecessarily. */ if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && - *p == SSL3_MT_CLIENT_HELLO) && + s->packet_length > DTLS1_RT_HEADER_LENGTH && + s->packet[DTLS1_RT_HEADER_LENGTH] == SSL3_MT_CLIENT_HELLO) && !dtls1_record_replay_check(s, bitmap)) { rr->length = 0; @@ -704,7 +708,9 @@ again: { if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) { - dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->unprocessed_rcds), rr->seq_num)<0) + return -1; + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ } rr->length = 0; s->packet_length = 0; @@ -717,6 +723,7 @@ again: s->packet_length = 0; /* dump this record */ goto again; /* get another record */ } + dtls1_record_bitmap_update(s, bitmap);/* Mark receipt of record. */ return(1); @@ -870,7 +877,11 @@ start: * buffer the application data for later processing rather * than dropping the connection. */ - dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num); + if(dtls1_buffer_record(s, &(s->d1->buffered_app_data), rr->seq_num)<0) + { + SSLerr(SSL_F_DTLS1_READ_BYTES, ERR_R_INTERNAL_ERROR); + return -1; + } rr->length = 0; goto start; } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 2de10d6..3d8f821 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -197,6 +197,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) * at once (as long as it fits into the buffer). */ if (SSL_IS_DTLS(s)) { + if (left == 0 && extend) + return 0; if (left > 0 && n > left) n = left; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 90e95d6..8550c1b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3056,7 +3056,7 @@ int ssl3_get_cert_verify(SSL *s) if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { s->s3->tmp.reuse_message=1; - if ((peer != NULL) && (type & EVP_PKT_SIGN)) + if (peer != NULL) { al=SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); From matt at openssl.org Thu Jan 8 16:00:59 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 17:00:59 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150108160059.E7C101DF10D@openssl.net> The branch master has been updated via 3e97d052d4f31b055807d9455b4cb5e24fd40d33 (commit) from 2646b54a6d06ff05dac9513298ce21ffbad71e46 (commit) - Log ----------------------------------------------------------------- commit 3e97d052d4f31b055807d9455b4cb5e24fd40d33 Author: Matt Caswell Date: Thu Jan 8 16:00:49 2015 +0000 Fix newsflash errors ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/news/newsflash.txt b/news/newsflash.txt index 09de9a3..bf4b63c 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,7 +1,7 @@ -15-Oct-2014: Security Advisory: eight security fixes -15-Oct-2014: OpenSSL 1.0.1k is now available, including bug and security fixes -15-Oct-2014: OpenSSL 1.0.0p is now available, including bug and security fixes -15-Oct-2014: OpenSSL 0.9.8zd is now available, including bug and security fixes +08-Jan-2015: Security Advisory: eight security fixes +08-Jan-2015: OpenSSL 1.0.1k is now available, including bug and security fixes +08-Jan-2015: OpenSSL 1.0.0p is now available, including bug and security fixes +08-Jan-2015: OpenSSL 0.9.8zd is now available, including bug and security fixes 15-Oct-2014: Security Advisory: four security fixes 15-Oct-2014: OpenSSL 1.0.1j is now available, including bug and security fixes 15-Oct-2014: OpenSSL 1.0.0o is now available, including bug and security fixes From rsalz at openssl.org Thu Jan 8 16:02:46 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 8 Jan 2015 17:02:46 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150108160246.604C01DF10D@openssl.net> The branch master has been updated via 21d6947dfff228310cc94eed18e4d62253a6fba9 (commit) from 3e97d052d4f31b055807d9455b4cb5e24fd40d33 (commit) - Log ----------------------------------------------------------------- commit 21d6947dfff228310cc94eed18e4d62253a6fba9 Author: Rich Salz Date: Thu Jan 8 11:01:00 2015 -0500 Copy LICENSE to source/ to be less brittle. Copy the LICENSE file to source/license.inc and have the wml include that file. Slightly less brittle/breakable. ----------------------------------------------------------------------- Summary of changes: Makefile | 3 ++- source/license.wml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e464bd4..9bbca1a 100644 --- a/Makefile +++ b/Makefile @@ -21,8 +21,9 @@ manpages: sh ./run-pod2html.sh $(PODSHOME) generated: + cp -f $(SNAP)/LICENSE source/license.inc + cp -f $(PODSHOME)/HOWTO/*.txt docs/HOWTO/. perl run-changelog.pl <$(SNAP)/CHANGES >news/changelog.inc perl run-faq.pl <$(SNAP)/FAQ >support/faq.inc perl run-fundingfaq.pl < support/funding/support-faq.txt >support/funding/support-faq.inc - cp $(PODSHOME)/HOWTO/*.txt docs/HOWTO/. ( cd news && xsltproc vulnerabilities.xsl vulnerabilities.xml > vulnerabilities.wml ) diff --git a/source/license.wml b/source/license.wml index d1bbcba..88143d9 100644 --- a/source/license.wml +++ b/source/license.wml @@ -8,5 +8,5 @@ This is a copy of the current LICENSE file inside the CVS repository.

-#include "LICENSE"
+#include "license.inc"
 
From rsalz at openssl.org Thu Jan 8 17:13:00 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 8 Jan 2015 18:13:00 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150108171300.915261DF10D@openssl.net> The branch master has been updated via 90c9a7f255d693c0d8489dff0cec443b1fcc229c (commit) from 21d6947dfff228310cc94eed18e4d62253a6fba9 (commit) - Log ----------------------------------------------------------------- commit 90c9a7f255d693c0d8489dff0cec443b1fcc229c Author: Rich Salz Date: Thu Jan 8 12:12:46 2015 -0500 Add "make relupd" to replace the old script. ----------------------------------------------------------------------- Summary of changes: Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Makefile b/Makefile index 9bbca1a..f054394 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,7 @@ SNAP=/v/openssl/checkouts/openssl PODSHOME=$(SNAP)/doc FORCE=#-f +QUIET=--quiet DIRS= about docs news source support @@ -27,3 +28,13 @@ generated: perl run-faq.pl <$(SNAP)/FAQ >support/faq.inc perl run-fundingfaq.pl < support/funding/support-faq.txt >support/funding/support-faq.inc ( cd news && xsltproc vulnerabilities.xsl vulnerabilities.xml > vulnerabilities.wml ) + +# Update release notes (and other items, but relnotes is the use-case) +relupd: + ( cd $(SNAP)/.. ; for dir in openssl* ; do \ + echo Updating $$dir ; cd $$dir ; git pull $(QUIET) ; cd .. ; \ + done ) + git pull $(QUIET) + $(MAKE) simple + + From rsalz at openssl.org Thu Jan 8 17:16:32 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 8 Jan 2015 18:16:32 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150108171632.BCD321DF10D@openssl.net> The branch master has been updated via 680f5d8250c435f89bb473cfcab802dd5644269d (commit) from 90c9a7f255d693c0d8489dff0cec443b1fcc229c (commit) - Log ----------------------------------------------------------------- commit 680f5d8250c435f89bb473cfcab802dd5644269d Author: Rich Salz Date: Thu Jan 8 12:16:20 2015 -0500 Add sudo to get permissions right. ----------------------------------------------------------------------- Summary of changes: Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index f054394..e1adf92 100644 --- a/Makefile +++ b/Makefile @@ -32,9 +32,9 @@ generated: # Update release notes (and other items, but relnotes is the use-case) relupd: ( cd $(SNAP)/.. ; for dir in openssl* ; do \ - echo Updating $$dir ; cd $$dir ; git pull $(QUIET) ; cd .. ; \ + echo Updating $$dir ; cd $$dir ; sudo -u openssl git pull $(QUIET) ; cd .. ; \ done ) git pull $(QUIET) - $(MAKE) simple + sudo -u www-data $(MAKE) simple From mark at openssl.org Thu Jan 8 18:50:20 2015 From: mark at openssl.org (Mark J. Cox) Date: Thu, 8 Jan 2015 19:50:20 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150108185021.28F491DF10D@openssl.net> The branch master has been updated via e2bc74627350eee8a3006d405d7ae2f378bb29b4 (commit) from 680f5d8250c435f89bb473cfcab802dd5644269d (commit) - Log ----------------------------------------------------------------- commit e2bc74627350eee8a3006d405d7ae2f378bb29b4 Author: Mark J. Cox Date: Thu Jan 8 18:50:01 2015 +0000 CVE repeated and not needed ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index e64221e..2a4b5d8 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -7,7 +7,7 @@ - + @@ -77,7 +77,7 @@ - + @@ -119,7 +119,7 @@ - + @@ -189,7 +189,7 @@ - + @@ -259,7 +259,7 @@ - + @@ -329,7 +329,7 @@ - + @@ -372,7 +372,7 @@ - + @@ -451,7 +451,7 @@ - + From matt at openssl.org Thu Jan 8 19:30:22 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 20:30:22 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150108193023.1D1F31DF10D@openssl.net> The branch master has been updated via 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb (commit) from 103b171d8fc282ef435f8de9afbf7782e312961f (commit) - Log ----------------------------------------------------------------- commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb Author: Matt Caswell Date: Thu Jan 8 19:05:43 2015 +0000 Fix build failure on Windows due to undefined cflags identifier Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 2 +- util/mkbuildinf.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/cversion.c b/crypto/cversion.c index 0336ada..881957e 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -77,7 +77,7 @@ const char *SSLeay_version(int t) if (t == SSLEAY_CFLAGS) { #ifdef CFLAGS - return(cflags); + return(CFLAGS); #else return("compiler: information not available"); #endif diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index 9d7b81c..ffa8a39 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -7,7 +7,7 @@ $date = localtime(); print <<"END_OUTPUT"; #ifndef MK1MF_BUILD /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ - #define CFLAGS + #define CFLAGS cflags /* * Generate CFLAGS as an array of individual characters. This is a * workaround for the situation where CFLAGS gets too long for a C90 string From matt at openssl.org Thu Jan 8 19:30:33 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 20:30:33 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150108193033.E265C1DF10D@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via 5cee72382c5e79d4c7c021fac1aeeb244c5c19fa (commit) from 7c6a3cf2375f5881ef3f3a58ac0fbd0b4663abd1 (commit) - Log ----------------------------------------------------------------- commit 5cee72382c5e79d4c7c021fac1aeeb244c5c19fa Author: Matt Caswell Date: Thu Jan 8 19:05:43 2015 +0000 Fix build failure on Windows due to undefined cflags identifier Reviewed-by: Tim Hudson (cherry picked from commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb) ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 2 +- util/mkbuildinf.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/cversion.c b/crypto/cversion.c index 0336ada..881957e 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -77,7 +77,7 @@ const char *SSLeay_version(int t) if (t == SSLEAY_CFLAGS) { #ifdef CFLAGS - return(cflags); + return(CFLAGS); #else return("compiler: information not available"); #endif diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index 9d7b81c..ffa8a39 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -7,7 +7,7 @@ $date = localtime(); print <<"END_OUTPUT"; #ifndef MK1MF_BUILD /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ - #define CFLAGS + #define CFLAGS cflags /* * Generate CFLAGS as an array of individual characters. This is a * workaround for the situation where CFLAGS gets too long for a C90 string From matt at openssl.org Thu Jan 8 19:30:43 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 20:30:43 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150108193043.8B9601DF10D@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via 56cd7404499669a32126b5fee2ff75a97fea43f7 (commit) from 8437225d341fc3b278a6236cd9ecc0f0c0dfb34e (commit) - Log ----------------------------------------------------------------- commit 56cd7404499669a32126b5fee2ff75a97fea43f7 Author: Matt Caswell Date: Thu Jan 8 19:05:43 2015 +0000 Fix build failure on Windows due to undefined cflags identifier Reviewed-by: Tim Hudson (cherry picked from commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb) ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 2 +- util/mkbuildinf.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/cversion.c b/crypto/cversion.c index 0336ada..881957e 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -77,7 +77,7 @@ const char *SSLeay_version(int t) if (t == SSLEAY_CFLAGS) { #ifdef CFLAGS - return(cflags); + return(CFLAGS); #else return("compiler: information not available"); #endif diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index 9d7b81c..ffa8a39 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -7,7 +7,7 @@ $date = localtime(); print <<"END_OUTPUT"; #ifndef MK1MF_BUILD /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ - #define CFLAGS + #define CFLAGS cflags /* * Generate CFLAGS as an array of individual characters. This is a * workaround for the situation where CFLAGS gets too long for a C90 string From matt at openssl.org Thu Jan 8 19:30:53 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 8 Jan 2015 20:30:53 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150108193053.99D3B1DF10D@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via 181ae2badb8620c65075b70d5ca1f9c18891d290 (commit) from a98051fb47eed17baced30fa70e009f4c9608635 (commit) - Log ----------------------------------------------------------------- commit 181ae2badb8620c65075b70d5ca1f9c18891d290 Author: Matt Caswell Date: Thu Jan 8 19:05:43 2015 +0000 Fix build failure on Windows due to undefined cflags identifier Reviewed-by: Tim Hudson (cherry picked from commit 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb) ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 2 +- util/mkbuildinf.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/cversion.c b/crypto/cversion.c index 0336ada..881957e 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -77,7 +77,7 @@ const char *SSLeay_version(int t) if (t == SSLEAY_CFLAGS) { #ifdef CFLAGS - return(cflags); + return(CFLAGS); #else return("compiler: information not available"); #endif diff --git a/util/mkbuildinf.pl b/util/mkbuildinf.pl index 9d7b81c..ffa8a39 100755 --- a/util/mkbuildinf.pl +++ b/util/mkbuildinf.pl @@ -7,7 +7,7 @@ $date = localtime(); print <<"END_OUTPUT"; #ifndef MK1MF_BUILD /* auto-generated by util/mkbuildinf.pl for crypto/cversion.c */ - #define CFLAGS + #define CFLAGS cflags /* * Generate CFLAGS as an array of individual characters. This is a * workaround for the situation where CFLAGS gets too long for a C90 string From levitte at openssl.org Fri Jan 9 08:56:46 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 9 Jan 2015 09:56:46 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150109085646.CCBA41DF10D@openssl.net> The branch master has been updated via c6624ea273c5cca7f6c2b0b2000e3df727b08256 (commit) from e2bc74627350eee8a3006d405d7ae2f378bb29b4 (commit) - Log ----------------------------------------------------------------- commit c6624ea273c5cca7f6c2b0b2000e3df727b08256 Author: Richard Levitte Date: Fri Jan 9 09:56:29 2015 +0100 Lists are now reachable through https://mta.openssl.org ----------------------------------------------------------------------- Summary of changes: support/community.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/community.wml b/support/community.wml index 0ed2d92..c9dde79 100644 --- a/support/community.wml +++ b/support/community.wml @@ -56,7 +56,7 @@ https://groups.google.com/forum/#!forum/openssl-testing

Subscription

To join any list, visit -https://mta.opensslfoundation.net. +https://mta.openssl.org.

Archive

From matt at openssl.org Fri Jan 9 11:33:54 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 9 Jan 2015 12:33:54 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150109113354.575E21DF10D@openssl.net> The branch master has been updated via 448e6f060e3ae034282f18cb7868f372cf276aaf (commit) from 5c5e7e1a7eb114cf136e1ae4b6a413bc48ba41eb (commit) - Log ----------------------------------------------------------------- commit 448e6f060e3ae034282f18cb7868f372cf276aaf Author: Matt Caswell Date: Fri Jan 9 10:19:10 2015 +0000 Update .gitignore with windows files to be excluded from git Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: .gitignore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitignore b/.gitignore index 6428782..1d5e75b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Object files *.o +*.obj # editor artefacts *.swp @@ -86,3 +87,15 @@ tags TAGS cscope.out *.d + +# Windows +/tmp32dll +/out32dll +/inc32 +/MINFO +ms/bcb.mak +ms/libeay32.def +ms/nt.mak +ms/ntdll.mak +ms/ssleay32.def +ms/version32.rc From matt at openssl.org Fri Jan 9 11:34:05 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 9 Jan 2015 12:34:05 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150109113405.F173B1DF10D@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7 (commit) from 5cee72382c5e79d4c7c021fac1aeeb244c5c19fa (commit) - Log ----------------------------------------------------------------- commit 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7 Author: Matt Caswell Date: Fri Jan 9 10:19:10 2015 +0000 Update .gitignore with windows files to be excluded from git Reviewed-by: Tim Hudson Conflicts: .gitignore ----------------------------------------------------------------------- Summary of changes: .gitignore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitignore b/.gitignore index 9658a7a..d8dbed7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Object files *.o +*.obj # editor artefacts *.swp @@ -82,3 +83,15 @@ Makefile.save *.bak tags TAGS + +# Windows +/tmp32dll +/out32dll +/inc32 +/MINFO +ms/bcb.mak +ms/libeay32.def +ms/nt.mak +ms/ntdll.mak +ms/ssleay32.def +ms/version32.rc From matt at openssl.org Fri Jan 9 11:34:19 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 9 Jan 2015 12:34:19 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150109113419.864E61DF10D@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via cc6e9f9abb7e6f4c0280212ae382e7ddda82049c (commit) from 56cd7404499669a32126b5fee2ff75a97fea43f7 (commit) - Log ----------------------------------------------------------------- commit cc6e9f9abb7e6f4c0280212ae382e7ddda82049c Author: Matt Caswell Date: Fri Jan 9 10:19:10 2015 +0000 Update .gitignore with windows files to be excluded from git Reviewed-by: Tim Hudson Conflicts: .gitignore (cherry picked from commit 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7) ----------------------------------------------------------------------- Summary of changes: .gitignore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitignore b/.gitignore index 5a8a402..ce7e59e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Object files *.o +*.obj # editor artefacts *.swp @@ -77,3 +78,15 @@ Makefile.save *.bak tags TAGS + +# Windows +/tmp32dll +/out32dll +/inc32 +/MINFO +ms/bcb.mak +ms/libeay32.def +ms/nt.mak +ms/ntdll.mak +ms/ssleay32.def +ms/version32.rc From matt at openssl.org Fri Jan 9 11:34:32 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 9 Jan 2015 12:34:32 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150109113432.B6C531DF10D@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via e9cb6eb1d379c62b75e16d0e12a0b939323befc5 (commit) from 181ae2badb8620c65075b70d5ca1f9c18891d290 (commit) - Log ----------------------------------------------------------------- commit e9cb6eb1d379c62b75e16d0e12a0b939323befc5 Author: Matt Caswell Date: Fri Jan 9 10:19:10 2015 +0000 Update .gitignore with windows files to be excluded from git Reviewed-by: Tim Hudson Conflicts: .gitignore (cherry picked from commit 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7) ----------------------------------------------------------------------- Summary of changes: .gitignore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitignore b/.gitignore index 5a8a402..ce7e59e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Object files *.o +*.obj # editor artefacts *.swp @@ -77,3 +78,15 @@ Makefile.save *.bak tags TAGS + +# Windows +/tmp32dll +/out32dll +/inc32 +/MINFO +ms/bcb.mak +ms/libeay32.def +ms/nt.mak +ms/ntdll.mak +ms/ssleay32.def +ms/version32.rc From matt at openssl.org Fri Jan 9 11:34:48 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 9 Jan 2015 12:34:48 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150109113449.0B3A11DF10D@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via aa9296e331f8ad9770838ad8e9179e22b96feb08 (commit) from bc253b0902b171895b93ab2e63971ce6f32e9c51 (commit) - Log ----------------------------------------------------------------- commit aa9296e331f8ad9770838ad8e9179e22b96feb08 Author: Matt Caswell Date: Fri Jan 9 10:19:10 2015 +0000 Update .gitignore with windows files to be excluded from git Reviewed-by: Tim Hudson Conflicts: .gitignore (cherry picked from commit 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7) Conflicts: .gitignore ----------------------------------------------------------------------- Summary of changes: .gitignore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.gitignore b/.gitignore index a9fcf4e..d5c728a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ # Object files *.o +*.obj # editor artefacts *.swp @@ -75,3 +76,15 @@ lib Makefile.save *.bak + +# Windows +/tmp32dll +/out32dll +/inc32 +/MINFO +ms/bcb.mak +ms/libeay32.def +ms/nt.mak +ms/ntdll.mak +ms/ssleay32.def +ms/version32.rc From rsalz at openssl.org Tue Jan 13 15:06:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 13 Jan 2015 10:06:19 -0500 Subject: [openssl-commits] (no subject) Message-ID: <20150113150619.D4D7E202D3@mta.openssl.org> this is a test From matt at openssl.org Fri Jan 9 23:41:34 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 10 Jan 2015 00:41:34 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150109234134.17D741E1C59@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via 9793a0713f08a6ca85852410fa00a774b3b6c2ea (commit) from aa9296e331f8ad9770838ad8e9179e22b96feb08 (commit) - Log ----------------------------------------------------------------- commit 9793a0713f08a6ca85852410fa00a774b3b6c2ea Author: Matt Caswell Date: Fri Jan 9 23:01:20 2015 +0000 Further windows specific .gitignore entries Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b) ----------------------------------------------------------------------- Summary of changes: .gitignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index d5c728a..eca3192 100644 --- a/.gitignore +++ b/.gitignore @@ -48,6 +48,21 @@ *.s !/crypto/bn/asm/pa-risc2.s !/crypto/bn/asm/pa-risc2W.s +crypto/aes/asm/a_win32.asm +crypto/bf/asm/b_win32.asm +crypto/bn/asm/bn_win32.asm +crypto/bn/asm/co_win32.asm +crypto/bn/asm/mt_win32.asm +crypto/cast/asm/c_win32.asm +crypto/cpu_win32.asm +crypto/des/asm/d_win32.asm +crypto/des/asm/y_win32.asm +crypto/md5/asm/m5_win32.asm +crypto/rc4/asm/r4_win32.asm +crypto/rc5/asm/r5_win32.asm +crypto/ripemd/asm/rm_win32.asm +crypto/sha/asm/s1_win32.asm +crypto/sha/asm/sha512-sse2.asm # Executables /apps/openssl @@ -79,7 +94,9 @@ Makefile.save # Windows /tmp32dll +/tmp32dll.dbg /out32dll +/out32dll.dbg /inc32 /MINFO ms/bcb.mak From matt at openssl.org Fri Jan 9 23:41:46 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 10 Jan 2015 00:41:46 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150109234146.812F81E1C5A@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via b960060a0dbb73e95b0d13308f84a13438692fc2 (commit) from e9cb6eb1d379c62b75e16d0e12a0b939323befc5 (commit) - Log ----------------------------------------------------------------- commit b960060a0dbb73e95b0d13308f84a13438692fc2 Author: Matt Caswell Date: Fri Jan 9 23:01:20 2015 +0000 Further windows specific .gitignore entries Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b) ----------------------------------------------------------------------- Summary of changes: .gitignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index ce7e59e..fc1e643 100644 --- a/.gitignore +++ b/.gitignore @@ -48,6 +48,21 @@ *.s !/crypto/bn/asm/pa-risc2.s !/crypto/bn/asm/pa-risc2W.s +crypto/aes/asm/a_win32.asm +crypto/bf/asm/b_win32.asm +crypto/bn/asm/bn_win32.asm +crypto/bn/asm/co_win32.asm +crypto/bn/asm/mt_win32.asm +crypto/cast/asm/c_win32.asm +crypto/cpu_win32.asm +crypto/des/asm/d_win32.asm +crypto/des/asm/y_win32.asm +crypto/md5/asm/m5_win32.asm +crypto/rc4/asm/r4_win32.asm +crypto/rc5/asm/r5_win32.asm +crypto/ripemd/asm/rm_win32.asm +crypto/sha/asm/s1_win32.asm +crypto/sha/asm/sha512-sse2.asm # Executables /apps/openssl @@ -81,7 +96,9 @@ TAGS # Windows /tmp32dll +/tmp32dll.dbg /out32dll +/out32dll.dbg /inc32 /MINFO ms/bcb.mak From matt at openssl.org Fri Jan 9 23:41:59 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 10 Jan 2015 00:41:59 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150109234159.814341E1C5C@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via a97c208c5ad7e7e339eb4683819718100cd92b29 (commit) from cc6e9f9abb7e6f4c0280212ae382e7ddda82049c (commit) - Log ----------------------------------------------------------------- commit a97c208c5ad7e7e339eb4683819718100cd92b29 Author: Matt Caswell Date: Fri Jan 9 23:01:20 2015 +0000 Further windows specific .gitignore entries Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b) ----------------------------------------------------------------------- Summary of changes: .gitignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index ce7e59e..fc1e643 100644 --- a/.gitignore +++ b/.gitignore @@ -48,6 +48,21 @@ *.s !/crypto/bn/asm/pa-risc2.s !/crypto/bn/asm/pa-risc2W.s +crypto/aes/asm/a_win32.asm +crypto/bf/asm/b_win32.asm +crypto/bn/asm/bn_win32.asm +crypto/bn/asm/co_win32.asm +crypto/bn/asm/mt_win32.asm +crypto/cast/asm/c_win32.asm +crypto/cpu_win32.asm +crypto/des/asm/d_win32.asm +crypto/des/asm/y_win32.asm +crypto/md5/asm/m5_win32.asm +crypto/rc4/asm/r4_win32.asm +crypto/rc5/asm/r5_win32.asm +crypto/ripemd/asm/rm_win32.asm +crypto/sha/asm/s1_win32.asm +crypto/sha/asm/sha512-sse2.asm # Executables /apps/openssl @@ -81,7 +96,9 @@ TAGS # Windows /tmp32dll +/tmp32dll.dbg /out32dll +/out32dll.dbg /inc32 /MINFO ms/bcb.mak From matt at openssl.org Tue Jan 13 11:37:22 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 12:37:22 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150113113722.D0C071E20E4@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via 56abaa14e0ac762455277757001387070e6ded45 (commit) from 8b8a48d099e6ae985f80cbbdad566e2b8aaf96a3 (commit) - Log ----------------------------------------------------------------- commit 56abaa14e0ac762455277757001387070e6ded45 Author: Matt Caswell Date: Sat Jan 10 23:36:28 2015 +0000 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov (cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f) ----------------------------------------------------------------------- Summary of changes: crypto/ecdsa/ecs_vrf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 2836efe..188b9d5 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,7 +57,7 @@ */ #include "ecs_locl.h" -#include "cryptlib.h" +#include #ifndef OPENSSL_NO_ENGINE #include #endif From matt at openssl.org Fri Jan 9 23:42:09 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 10 Jan 2015 00:42:09 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150109234209.BF8A81E1C5E@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via cbbb952f3a3d25c30efc94401e4537da5bd985cc (commit) from 04f670cf3d8f22e0d197a071d2db536fb7ebd9c7 (commit) - Log ----------------------------------------------------------------- commit cbbb952f3a3d25c30efc94401e4537da5bd985cc Author: Matt Caswell Date: Fri Jan 9 23:01:20 2015 +0000 Further windows specific .gitignore entries Reviewed-by: Rich Salz Reviewed-by: Tim Hudson (cherry picked from commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b) ----------------------------------------------------------------------- Summary of changes: .gitignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index d8dbed7..2f572f3 100644 --- a/.gitignore +++ b/.gitignore @@ -53,6 +53,21 @@ *.s !/crypto/bn/asm/pa-risc2.s !/crypto/bn/asm/pa-risc2W.s +crypto/aes/asm/a_win32.asm +crypto/bf/asm/b_win32.asm +crypto/bn/asm/bn_win32.asm +crypto/bn/asm/co_win32.asm +crypto/bn/asm/mt_win32.asm +crypto/cast/asm/c_win32.asm +crypto/cpu_win32.asm +crypto/des/asm/d_win32.asm +crypto/des/asm/y_win32.asm +crypto/md5/asm/m5_win32.asm +crypto/rc4/asm/r4_win32.asm +crypto/rc5/asm/r5_win32.asm +crypto/ripemd/asm/rm_win32.asm +crypto/sha/asm/s1_win32.asm +crypto/sha/asm/sha512-sse2.asm # Executables /apps/openssl @@ -86,7 +101,9 @@ TAGS # Windows /tmp32dll +/tmp32dll.dbg /out32dll +/out32dll.dbg /inc32 /MINFO ms/bcb.mak From matt at openssl.org Tue Jan 13 11:37:10 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 12:37:10 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150113113710.5AE841E20E2@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via 36f309c50a4188edad08bc69420bd7a2d3d383e5 (commit) via 94e5cf36bd0a9805a6fd0433a6fd8167467c7f3b (commit) from 23df532ec481886880c42bea035c7b872b7b5091 (commit) - Log ----------------------------------------------------------------- commit 36f309c50a4188edad08bc69420bd7a2d3d383e5 Author: Matt Caswell Date: Tue Jan 13 10:20:12 2015 +0000 Make output from openssl version -f consistent with previous versions Reviewed-by: Andy Polyakov (cherry picked from commit 2d2671790ee12dedd92c97f35b6feb755b8d4374) commit 94e5cf36bd0a9805a6fd0433a6fd8167467c7f3b Author: Matt Caswell Date: Sat Jan 10 23:36:28 2015 +0000 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov (cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f) ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 2 +- crypto/ecdsa/ecs_vrf.c | 2 +- util/mk1mf.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 70e3b84..d6bc8e4 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -53,7 +53,7 @@ top: all: shared buildinf.h: ../Makefile - $(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h + $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 2836efe..188b9d5 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,7 +57,7 @@ */ #include "ecs_locl.h" -#include "cryptlib.h" +#include #ifndef OPENSSL_NO_ENGINE #include #endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index ecba6a2..dea5da7 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -598,7 +598,7 @@ open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT < The branch OpenSSL_1_0_2-stable has been updated via 36f694e09add27e5619abab9de2bbb0b6bf61037 (commit) via 635ca4446f9f508e9e71d4aeb40c748e1198996d (commit) from bd00b8dc65c403d249893e495fd3e4b89e60ca35 (commit) - Log ----------------------------------------------------------------- commit 36f694e09add27e5619abab9de2bbb0b6bf61037 Author: Matt Caswell Date: Tue Jan 13 10:20:12 2015 +0000 Make output from openssl version -f consistent with previous versions Reviewed-by: Andy Polyakov (cherry picked from commit 2d2671790ee12dedd92c97f35b6feb755b8d4374) commit 635ca4446f9f508e9e71d4aeb40c748e1198996d Author: Matt Caswell Date: Sat Jan 10 23:36:28 2015 +0000 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov (cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f) ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 2 +- crypto/ecdsa/ecs_vrf.c | 2 +- util/mk1mf.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 1969fc3..9a39e93 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -55,7 +55,7 @@ top: all: shared buildinf.h: ../Makefile - $(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h + $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 2836efe..188b9d5 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,7 +57,7 @@ */ #include "ecs_locl.h" -#include "cryptlib.h" +#include #ifndef OPENSSL_NO_ENGINE #include #endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 905d1db..7d4491f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -665,7 +665,7 @@ open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT < The branch master has been updated via 2d2671790ee12dedd92c97f35b6feb755b8d4374 (commit) via b1ffc6ca1c387efad0772c16dfe426afef45dc4f (commit) from 86d21d0b9577322ac5da0114c5fac16eb49b4cef (commit) - Log ----------------------------------------------------------------- commit 2d2671790ee12dedd92c97f35b6feb755b8d4374 Author: Matt Caswell Date: Tue Jan 13 10:20:12 2015 +0000 Make output from openssl version -f consistent with previous versions Reviewed-by: Andy Polyakov commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f Author: Matt Caswell Date: Sat Jan 10 23:36:28 2015 +0000 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 2 +- crypto/ecdsa/ecs_vrf.c | 2 +- util/mk1mf.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 5e6a0c3..1078240 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -64,7 +64,7 @@ fips: cryptlib.o thr_id.o uid.o $(CPUID_OBJ) done; buildinf.h: ../Makefile - $(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h + $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 7191b8a..2a350eb 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,7 +57,7 @@ */ #include "ecs_locl.h" -#include "cryptlib.h" +#include #ifndef OPENSSL_NO_ENGINE #include #endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index e3d6c30..f3f5d68 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -836,7 +836,7 @@ open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT < The branch OpenSSL_1_0_1-stable has been updated via 6099e629f55e3c4b363d1c84e7775816b21bb38c (commit) via 3570086760653bcdd0c2d6916320719df2f002d7 (commit) from acb341eb6e611e61c272e411ec9fb12228dbb752 (commit) - Log ----------------------------------------------------------------- commit 6099e629f55e3c4b363d1c84e7775816b21bb38c Author: Matt Caswell Date: Tue Jan 13 10:20:12 2015 +0000 Make output from openssl version -f consistent with previous versions Reviewed-by: Andy Polyakov (cherry picked from commit 2d2671790ee12dedd92c97f35b6feb755b8d4374) commit 3570086760653bcdd0c2d6916320719df2f002d7 Author: Matt Caswell Date: Sat Jan 10 23:36:28 2015 +0000 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Reviewed-by: Andy Polyakov (cherry picked from commit b1ffc6ca1c387efad0772c16dfe426afef45dc4f) ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 2 +- crypto/ecdsa/ecs_vrf.c | 2 +- util/mk1mf.pl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index 2b6397a..2355661 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -55,7 +55,7 @@ top: all: shared buildinf.h: ../Makefile - $(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h + $(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h x86cpuid.s: x86cpuid.pl perlasm/x86asm.pl $(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@ diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c index 2836efe..188b9d5 100644 --- a/crypto/ecdsa/ecs_vrf.c +++ b/crypto/ecdsa/ecs_vrf.c @@ -57,7 +57,7 @@ */ #include "ecs_locl.h" -#include "cryptlib.h" +#include #ifndef OPENSSL_NO_ENGINE #include #endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index d3f5424..550ef9f 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -625,7 +625,7 @@ open (OUT,">>crypto/buildinf.h") || die "Can't open buildinf.h"; printf OUT < The branch master has been updated via 41c9cfbc4ee7345547fb98cccb8511f082f0910b (commit) from 448e6f060e3ae034282f18cb7868f372cf276aaf (commit) - Log ----------------------------------------------------------------- commit 41c9cfbc4ee7345547fb98cccb8511f082f0910b Author: Matt Caswell Date: Fri Jan 9 23:01:20 2015 +0000 Further windows specific .gitignore entries Reviewed-by: Rich Salz Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: .gitignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.gitignore b/.gitignore index 1d5e75b..4a624e8 100644 --- a/.gitignore +++ b/.gitignore @@ -54,6 +54,21 @@ *.s !/crypto/bn/asm/pa-risc2.s !/crypto/bn/asm/pa-risc2W.s +crypto/aes/asm/a_win32.asm +crypto/bf/asm/b_win32.asm +crypto/bn/asm/bn_win32.asm +crypto/bn/asm/co_win32.asm +crypto/bn/asm/mt_win32.asm +crypto/cast/asm/c_win32.asm +crypto/cpu_win32.asm +crypto/des/asm/d_win32.asm +crypto/des/asm/y_win32.asm +crypto/md5/asm/m5_win32.asm +crypto/rc4/asm/r4_win32.asm +crypto/rc5/asm/r5_win32.asm +crypto/ripemd/asm/rm_win32.asm +crypto/sha/asm/s1_win32.asm +crypto/sha/asm/sha512-sse2.asm # Executables /apps/openssl @@ -90,7 +105,9 @@ cscope.out # Windows /tmp32dll +/tmp32dll.dbg /out32dll +/out32dll.dbg /inc32 /MINFO ms/bcb.mak From rsalz at openssl.org Mon Jan 12 15:54:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 12 Jan 2015 16:54:50 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150112155454.503EF1E1FDE@openssl.net> The branch master has been updated via 3ca5fed253c13a187b38293c6f5109f6904ca961 (commit) via 4cfe986029a188ac09c1456aa19031c24700a1da (commit) from c6624ea273c5cca7f6c2b0b2000e3df727b08256 (commit) - Log ----------------------------------------------------------------- commit 3ca5fed253c13a187b38293c6f5109f6904ca961 Merge: 4cfe986 c6624ea Author: Rich Salz Date: Mon Jan 12 10:54:27 2015 -0500 Merge branch 'master' of git.openssl.org:openssl-web commit 4cfe986029a188ac09c1456aa19031c24700a1da Author: Rich Salz Date: Mon Jan 12 10:53:51 2015 -0500 Add coding style ----------------------------------------------------------------------- Summary of changes: about/codingstyle.txt | 557 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 557 insertions(+) create mode 100644 about/codingstyle.txt diff --git a/about/codingstyle.txt b/about/codingstyle.txt new file mode 100644 index 0000000..e28cbcc --- /dev/null +++ b/about/codingstyle.txt @@ -0,0 +1,557 @@ + + OpenSSL coding style + +This document describes the coding style for the OpenSSL project. It is +is derived from the Linux kernel coding style, which can be found at: + + https://www.kernel.org/doc/Documentation/CodingStyle + +This Coding Style guide is not distributed as part of OpenSSL itself. Since +it is derived from the Linux Kernel Coding Style, it is distributed under +the terms of the kernel license, available here: + + https://www.kernel.org/pub/linux/kernel/COPYING + +Coding style is all about readability and maintainability using commonly +available tools. OpenSSL coding style is simple. Avoid tricky expressions. + + + Chapter 1: Indentation + +Indentation is four space characters. Do not use the tab character. + +Pre-processor directives use one space for indents: + + #if + # define + #else + # define + #endif + + + Chapter 2: Breaking long lines and strings + +Don't put multiple statements, or assignments, on a single line. + + if (condition) do_this(); + do_something_everytime(); + +The limit on the length of lines is 80 columns. Statements longer +than 80 columns must be broken into sensible chunks, unless exceeding +80 columns significantly increases readability and does not hide +information. Descendants are always substantially shorter than the parent +and are placed substantially to the right. The same applies to function +headers with a long argument list. Never break user-visible strings, +however, because that breaks the ability to grep for them. + + + Chapter 3: Placing Braces and Spaces + +The other issue that always comes up in C styling is the placement +of braces. Unlike the indent size, there are few technical reasons to +choose one placement strategy over the other, but the preferred way, +following Kernighan and Ritchie, is to put the opening brace last on the +line, and the closing brace first: + + if (x is true) { + we do y + } + +This applies to all non-function statement blocks (if, switch, for, +while, do): + + switch (suffix) { + case 'G': + case 'g': + mem <<= 30; + break; + case 'M': + case 'm': + mem <<= 20; + break; + case 'K': + case 'k': + mem <<= 10; + /* fall through */ + default: + break; + } + +Note, from the above example, that the way to indent a switch statement +is to align the switch and its subordinate case labels in the same column +instead of "double-indenting" the case bodies. + +There is one special case, however. Functions have the +opening brace at the beginning of the next line: + + int function(int x) + { + body of function + } + +Note that the closing brace is empty on a line of its own, EXCEPT in the +cases where it is followed by a continuation of the same statement, such +as a "while" in a do-statement or an "else" in an if-statement, like this: + + do { + ... + } while (condition); + +and + + if (x == y) { + ... + } else if (x > y) { + ... + } else { + ... + } + +In addition to being consistent with K&R, note that that this brace-placement +also minimizes the number of empty (or almost empty) lines. Since the +supply of new-lines on your screen is not a renewable resource (think +25-line terminal screens here), you have more empty lines to put comments on. + +Do not unnecessarily use braces around a single statement: + + if (condition) + action(); + +and + + if (condition) + do_this(); + else + do_that(); + +If one of the branches is a compound statement, then use braces on both parts: + + if (condition) { + do_this(); + do_that(); + } else { + otherwise(); + } + +Nested compound statements should often have braces for clarity, particularly +to avoid the dangling-else problem: + + if (condition) { + do_this(); + if (anothertest) + do_that(); + } else { + otherwise(); + } + + + Chapter 3.1: Spaces + +OpenSSL style for use of spaces depends (mostly) on whether the name is +a function or keyword. Use a space after most keywords: + + if, switch, case, for, do, while, return + +Do not use a space after sizeof, typeof, alignof, or __attribute__. +They look somewhat like functions and are usually used with parentheses +in OpenSSL, although they are not required in the language: + + s = sizeof(struct file); + +Do not add spaces around the inside of parenthesized expressions. +This example is wrong: + + s = sizeof( struct file ); + +When declaring pointer data or a function that returns a pointer type, the +the asterisk goes next to the data or function name, and not the type: + + char *openssl_banner; + unsigned long long memparse(char *ptr, char **retptr); + char *match_strdup(substring_t *s); + +Use one space on either side of binary and ternary operators, +such as this partial list: + + = + - < > * / % | & ^ <= >= == != ? : += + +Do not put a space after unary operators: + + & * + - ~ ! defined + +Do not put a space before the postfix increment and decrement unary +operators or after the prefix increment and decrement unary operators: + + foo++ + --bar + +Do not put a space around the '.' and "->" structure member operators: + foo.bar + foo->bar + +Do not leave trailing whitespace at the ends of lines. Some editors with +"smart" indentation will insert whitespace at the beginning of new lines +as appropriate, so you can start typing the next line of code right away. +But they may not remove that whitespace if you leave a blank line, however, +and you end up with lines containing trailing, or nothing but, whitespace. + +Git will warn you about patches that introduce trailing whitespace, and +can optionally strip the trailing whitespace; however, if applying +a series of patches, this may make later patches in the series fail by +changing their context lines. + + + Chapter 4: Naming + +C is a Spartan language, and so should your naming be. Do not use long +names like ThisVariableIsATemporaryCounter. Use a name like tmp, which +is much easier to write, and not more difficult to understand. + +Except when otherwise required, avoid mixed-case names. + +Do not encode the type into a name (so-called Hungarian notation). + +Global variables (to be used only if you REALLY need them) need to +have descriptive names, as do global functions. If you have a function +that counts the number of active users, you should call that +count_active_users() or similar, you should NOT call it cntusr(). + +Local variable names should be short, and to the point. If you have +some random integer loop counter, it should probably be called i. +Calling it loop_counter is non-productive, if there is no chance of it +being mis-understood. Similarly, tmp can be just about any type of +variable that is used to hold a temporary value. + +If you are afraid that someone might mix up your local variable names, +perhaps the function is too long; see Chapter 6. + + + Chapter 5: Typedefs + +OpenSSL uses typedef's extensively. For structures, they are all uppercase +and are usually declared like this: + + typedef struct name_st NAME; + +For examples, look in ossl_type.h, but note that there are many exceptions +such as BN_CTX. Typedef'd enum is used much less often and there is no +convention, so consider not using a typedef. When doing that, the enum +name is should be lowercase and the values (mostly) uppercase. + +The ASN.1 structures are an exception to this. The rationale is that if +a structure (and its fields) is already defined in a standard it's more +convenient to use a similar name. For example, in the CMS code, a CMS_ +prefix is used so ContentInfo becomes CMS_ContentInfo, RecipientInfo +becomes CMS_RecipientInfo etc. Some older code uses an all uppercase +name instead. For example, RecipientInfo for the PKCS#7 code uses +PKCS7_RECIP_INFO. + +Be careful about common names which might cause conflicts. For example, +Windows headers use X509 and X590_NAME. Consider using a prefix, as with +CMS_ContentInfo, if the name is common or generic. Of course, you often +don't find out until the code is ported to other platforms. + +A final word on struct's. OpenSSL has has historically made all struct +definitions public; this has caused problems with maintaining binary +compatibility and adding features. Our stated direction is to have struct's +be opaque and only expose pointers in the API. The actual struct definition +should be defined in a local header file that is not exported. + + + Chapter 6: Functions + +Ideally, functions should be short and sweet, and do just one thing. +A rule of thumb is that they should fit on one or two screenfuls of text +as we all know), and do one thing and do that well. + +The maximum length of a function is often inversely proportional to the +complexity and indentation level of that function. So, if you have a +conceptually simple function that is just one long (but simple) switch +statement, where you have to do lots of small things for a lot of different +cases, it's OK to have a longer function. + +If you have a complex function, however, consider using helper functions +with descriptive names. You can ask the compiler to in-line them if you +think it's performance-critical, and it will probably do a better job of +it than you would have done. + +Another measure of complexity is the number of local variables. If there are +more than five to 10, consider splitting it into smaller pieces. A human +brain can generally easily keep track of about seven different things, +anything more and it gets confused. Often things which are simple and +clear now are much less obvious two weeks from now, or to someone else. +An exception to this is the command-line applications which support many +options. + +In source files, separate functions with one blank line. + +In function prototypes, include parameter names with their data types. +Although this is not required by the C language, it is preferred in OpenSSL +because it is a simple way to add valuable information for the reader. +The name in the prototype declaration should match the name in the function +definition. + + + Chapter 7: Centralized exiting of functions + +The goto statement comes in handy when a function exits from multiple +locations and some common work such as cleanup has to be done. If there +is no cleanup needed then just return directly. The rationale for this is +as follows: + + - Unconditional statements are easier to understand and follow + - It can reduce excessive control structures and nesting + - It avoids errors caused by failing to updated multiple exit points + when the code is modified + - It saves the compiler work to optimize redundant code away ;) + +For example: + + int fun(int a) + { + int result = 0; + char *buffer = OPENSSL_malloc(SIZE); + + if (buffer == NULL) + return -1; + + if (condition1) { + while (loop1) { + ... + } + result = 1; + goto out; + } + ... + out: + OPENSSL_free(buffer); + return result; + } + + Chapter 8: Commenting + +Use the classic "/* ... */" comment markers. Don't use "// ..." markers. + +Comments are good, but there is also a danger of over-commenting. NEVER try +to explain HOW your code works in a comment. It is much better to write +the code so that it is obvious, and it's a waste of time to explain badly +written code. You want your comments to tell WHAT your code does, not HOW. + +The preferred style for long (multi-line) comments is: + + /*- + * This is the preferred style for multi-line + * comments in the OpenSSL source code. + * Please use it consistently. + * + * Description: A column of asterisks on the left side, + * with beginning and ending almost-blank lines. + */ + +Note the initial hypen to prevent indent from modifying the comment. +Use this if the comment has particular formatting that must be preserved. + +It's also important to comment data, whether they are basic types or +derived types. To this end, use just one data declaration per line (no +commas for multiple data declarations). This leaves you room for a small +comment on each item, explaining its use. + + + Chapter 9: Deleted + + + Chapter 10: Deleted + + + Chapter 11: Deleted + + + Chapter 12: Macros and Enums + +Names of macros defining constants and labels in enums are in uppercase: + + #define CONSTANT 0x12345 + +Enums are preferred when defining several related constants. + +Macro names should be in uppercase, but macros resembling functions may +be written in lower case. Generally, inline functions are preferable to +macros resembling functions. + +Macros with multiple statements should be enclosed in a do - while block: + + #define macrofun(a, b, c) \ + do { \ + if (a == 5) \ + do_this(b, c); \ + } while (0) + +Do not write macros that affect control flow: + + #define FOO(x) \ + do { \ + if (blah(x) < 0) \ + return -EBUGGERED; \ + } while(0) + +Do not write macros that depend on having a local variable with a magic name: + + #define FOO(val) bar(index, val) + +It is confusing to the reader and is prone to breakage from seemingly +innocent changes. + +Do not write macros that are l-values: + + FOO(x) = y + +This will cause problems if, e.g., FOO becomes an inline function. + +Be careful of precedence. Macros defining constants using expressions +must enclose the expression in parentheses: + + #define CONSTANT 0x4000 + #define CONSTEXP (CONSTANT | 3) + +Beware of similar issues with macros using parameters. The GNU cpp manual +deals with macros exhaustively. + + + Chapter 13: Deleted + + + Chapter 14: Allocating memory + +OpenSSL provides the following general purpose memory allocators: +OPENSSL_malloc(), OPENSSL_realloc(), OPENSSL_strdup() and OPENSSL_free(). +Please refer to the API documentation for further information about them. + + + Chapter 15: Deleted + + + Chapter 16: Function return values and names + +Functions can return values of many different kinds, and one of the +most common is a value indicating whether the function succeeded or +failed. Usually this is: + + 1: success + 0: failure + +Sometimes an additional value is used: + + -1: something bad (e.g., internal error or memory allocation failure) + +Other API's use the following pattern: + + >= 1: success, with value returning additional information + <= 0: failure with return value indicating why things failed + +Somtimes a return value of -1 can mean "should retry" (e.g., BIO, SSL, et al). + +Functions whose return value is the actual result of a computation, +rather than an indication of whether the computation succeeded, are not +subject to these rules. Generally they indicate failure by returning some +out-of-range result. The simplest example is functions that return pointers; +they use NULL to report failure. + + + Chapter 17: Deleted + + + Chapter 18: Editor modelines + +Some editors can interpret configuration information embedded in source +files, indicated with special markers. For example, emacs interprets +lines marked like this: + + -*- mode: c -*- + +Or like this: + + /* + Local Variables: + compile-command: "gcc -DMAGIC_DEBUG_FLAG foo.c" + End: + */ + +Vim interprets markers that look like this: + + /* vim:set sw=8 noet */ + +Do not include any of these in source files. People have their own personal +editor configurations, and your source files should not override them. +This includes markers for indentation and mode configuration. People may +use their own custom mode, or may have some other magic method for making +indentation work correctly. + + + Chapter 19: Processor-specific code + +In OpenSSL case the only reason to resort for processor-specific code +is for performance. As it still exists in general platform-independent +algorithm context, it has to be always backed up by neutral pure C one. This +implies certain limitations. The most common way to resolve this conflict +is to opt for short inline assembly function-like snippets, customarily +implemented as macros, so that they can be easily interchanged with other +platform-specific or neutral code. As with any macro, try to implement +it as single expression. + +You may need to mark your asm statement as volatile, to prevent GCC from +removing it if GCC doesn't notice any side effects. You don't always need +to do so, though, and doing so unnecessarily can limit optimization. + +When writing a single inline assembly statement containing multiple +instructions, put each instruction on a separate line in a separate quoted +string, and end each string except the last with \n\t to properly indent +the next instruction in the assembly output: + + asm ("magic %reg1, #42\n\t" + "more_magic %reg2, %reg3" + : /* outputs */ : /* inputs */ : /* clobbers */); + +Large, non-trivial assembly functions go in pure assembly modules, with +corresponding C prototypes defined in C. The preferred way to implement this +is so-called "perlasm": instead of writing real .s file, you write a perl +script that generates one. This allows use symbolic names for variables +(register as well as locals allocated on stack) that are independent on +specific assembler. It simplifies implementation of recurring instruction +sequences with regular permutation of inputs. By adhering to specific +coding rules, perlasm is also used to support multiple ABIs and assemblers, +see crypto/perlasm/x86_64-xlate.pl for an example. + +Another option for processor-specific primarily SIMD capabilities is +called compiler intrinsics. We avoid this, because it's not very much +less complicated than coding pure assembly, and it doesn't provide same +performance guarantee across different micro-architecture. Nor is it +portable enough to meet our multi-platform support goals. + + + Chapter 20: Portability + +To maximise portability the version of C defined in ISO/IEC 9899:1990 +should be used. This is more commonly referred to as C90. ISO/IEC 9899:1999 +(also known as C99) is not supported on some platforms that OpenSSL is +used on and therefore should be avoided. + + + Appendix A: References + +The C Programming Language, Second Edition +by Brian W. Kernighan and Dennis M. Ritchie. +Prentice Hall, Inc., 1988. +ISBN 0-13-110362-8 (paperback), 0-13-110370-9 (hardback). +URL: http://cm.bell-labs.com/cm/cs/cbook/ + +The Practice of Programming +by Brian W. Kernighan and Rob Pike. +Addison-Wesley, Inc., 1999. +ISBN 0-201-61586-X. +URL: http://cm.bell-labs.com/cm/cs/tpop/ + +GNU manuals - where in compliance with K&R and this text - for cpp, gcc, +gcc internals and indent, all available from http://www.gnu.org/manual/ + +WG14 is the international standardization working group for the programming +language C, URL: http://www.open-std.org/JTC1/SC22/WG14/ From kurt at openssl.org Sat Jan 10 16:02:18 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 10 Jan 2015 17:02:18 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150110160219.6B4A81E1D38@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via e81a83657cc9a708ea25d4fcde6e0e9d04dd3ac5 (commit) from cbbb952f3a3d25c30efc94401e4537da5bd985cc (commit) - Log ----------------------------------------------------------------- commit e81a83657cc9a708ea25d4fcde6e0e9d04dd3ac5 Author: Kurt Roeckx Date: Fri Jan 2 12:27:57 2015 +0100 Make build reproducible It contained a date on when it was build. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/cversion.c b/crypto/cversion.c index 881957e..d2c6e70 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -69,7 +69,11 @@ const char *SSLeay_version(int t) if (t == SSLEAY_BUILT_ON) { #ifdef DATE +# ifdef OPENSSL_USE_BUILD_DATE return(DATE); +# else + return("built on: reproducible build, date unspecified"); +# endif #else return("built on: date not available"); #endif From matt at openssl.org Tue Jan 13 09:27:36 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 10:27:36 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150113092736.2E0D61E20B6@openssl.net> The branch master has been updated via 964012dc5a7bfbde8794c4c49ed1aa40ee88f90d (commit) from 6d23cf97443bfedf755341b4f2d0d7fce254e020 (commit) - Log ----------------------------------------------------------------- commit 964012dc5a7bfbde8794c4c49ed1aa40ee88f90d Author: Matt Caswell Date: Tue Jan 13 00:01:39 2015 +0000 Ensure internal header files are used from mk1mf based builds Reviewed-by: Richard Levitte: ----------------------------------------------------------------------- Summary of changes: util/mk1mf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 08e0d3c..e3d6c30 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -729,7 +729,7 @@ L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs # Don't touch anything below this point ###################################################### -INC=-I\$(INC_D) -I\$(INCL_D) +INC=-I\$(INC_D) -I\$(INCL_D) -I\$(SRC_D)${o}crypto${o}include APP_CFLAGS=\$(INC) \$(CFLAG) \$(APP_CFLAG) LIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) SHLIB_CFLAGS=\$(INC) \$(CFLAG) \$(LIB_CFLAG) \$(SHLIB_CFLAG) From matt at openssl.org Tue Jan 13 09:33:37 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 10:33:37 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150113093337.24F8B1E20B8@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via 09caf4ffcd5c45bef9012aa53cc64ef5c8b1067f (commit) from 9793a0713f08a6ca85852410fa00a774b3b6c2ea (commit) - Log ----------------------------------------------------------------- commit 09caf4ffcd5c45bef9012aa53cc64ef5c8b1067f Author: Dr. Stephen Henson Date: Tue Feb 25 12:11:22 2014 +0000 Avoid Windows 8 Getversion deprecated errors. Windows 8 SDKs complain that GetVersion() is deprecated. We only use GetVersion like this: (GetVersion() < 0x80000000) which checks if the Windows version is NT based. Use a macro check_winnt() which uses GetVersion() on older SDK versions and true otherwise. (cherry picked from commit a4cc3c8041104896d51ae12ef7b678c31808ce52) Conflicts: apps/apps.c crypto/bio/bss_log.c Backported by Matt Caswell Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 2 +- crypto/rand/rand_win.c | 2 +- e_os.h | 7 +++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index dec3286..64d9793 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -512,7 +512,7 @@ void OPENSSL_showfatal (const char *fmta,...) #if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 /* this -------------v--- guards NT-specific calls */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0) + if (check_winnt() && OPENSSL_isservice() > 0) { HANDLE h = RegisterEventSource(0,_T("OPENSSL")); const TCHAR *pmsg=buf; ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0); diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 5d134e1..34ffcd2 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -750,7 +750,7 @@ static void readscreen(void) int y; /* y-coordinate of screen lines to grab */ int n = 16; /* number of screen lines to grab at a time */ - if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0) + if (check_winnt() && OPENSSL_isservice()>0) return; /* Create a screen DC and a memory DC compatible to screen DC */ diff --git a/e_os.h b/e_os.h index ca4044b..c75858b 100644 --- a/e_os.h +++ b/e_os.h @@ -360,6 +360,13 @@ static __inline unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif +/* Avoid Windows 8 SDK GetVersion deprecated problems */ +#if defined(_MSC_VER) && _MSC_VER>=1800 +# define check_winnt() (1) +#else +# define check_winnt() (GetVersion() < 0x80000000) +#endif + #else /* The non-microsoft world */ # ifdef OPENSSL_SYS_VMS From rsalz at openssl.org Sat Jan 10 21:03:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 10 Jan 2015 22:03:15 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150110210315.415741E1D76@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via 8fb2c9922a9c598fb34369a1f9f3cacb3a394eec (commit) from a97c208c5ad7e7e339eb4683819718100cd92b29 (commit) - Log ----------------------------------------------------------------- commit 8fb2c9922a9c598fb34369a1f9f3cacb3a394eec Author: Dr. Stephen Henson Date: Tue Jan 6 15:29:28 2015 -0500 RT3662: Allow leading . in nameConstraints Change by SteveH from original by John Denker (in the RT) Reviewed-by: Rich Salz (cherry picked from commit 77ff1f3b8bfaa348956c5096a2b829f2e767b4f1) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_ncons.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index a01dc64..3b0f1bd 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -401,7 +401,7 @@ static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base) if (dns->length > base->length) { dnsptr += dns->length - base->length; - if (dnsptr[-1] != '.') + if (*baseptr != '.' && dnsptr[-1] != '.') return X509_V_ERR_PERMITTED_VIOLATION; } From matt at openssl.org Tue Jan 13 13:11:17 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 14:11:17 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150113131117.39DE11E20F9@openssl.net> The branch master has been updated via fbc921fa3579045d3f2f1f94290fc73259d09e81 (commit) from 3ca5fed253c13a187b38293c6f5109f6904ca961 (commit) - Log ----------------------------------------------------------------- commit fbc921fa3579045d3f2f1f94290fc73259d09e81 Author: Matt Caswell Date: Tue Jan 13 13:09:22 2015 +0000 Add new binary distribution link ----------------------------------------------------------------------- Summary of changes: about/binaries.wml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/about/binaries.wml b/about/binaries.wml index dd3ee30..0f55b0f 100644 --- a/about/binaries.wml +++ b/about/binaries.wml @@ -23,6 +23,13 @@ packages.

    + +
+ +
    From rsalz at openssl.org Tue Jan 13 18:27:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 13 Jan 2015 19:27:19 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150113182719.AD7D21E213A@openssl.net> The branch master has been updated via 73c14ab2b0f527f40d84b2957ec3df20394c7864 (commit) from 95d779376fb8eb31051714998ac173a4d4822b1b (commit) - Log ----------------------------------------------------------------- commit 73c14ab2b0f527f40d84b2957ec3df20394c7864 Author: Rich Salz Date: Tue Jan 13 13:27:15 2015 -0500 minor tweak to date ----------------------------------------------------------------------- Summary of changes: about/codingstyle.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/about/codingstyle.txt b/about/codingstyle.txt index e28cbcc..0ffeedd 100644 --- a/about/codingstyle.txt +++ b/about/codingstyle.txt @@ -1,14 +1,15 @@ OpenSSL coding style + Jan 12 2015 This document describes the coding style for the OpenSSL project. It is is derived from the Linux kernel coding style, which can be found at: https://www.kernel.org/doc/Documentation/CodingStyle -This Coding Style guide is not distributed as part of OpenSSL itself. Since -it is derived from the Linux Kernel Coding Style, it is distributed under -the terms of the kernel license, available here: +This guide is not distributed as part of OpenSSL itself. Since it is +derived from the Linux Kernel Coding Style, it is distributed under the +terms of the kernel license, available here: https://www.kernel.org/pub/linux/kernel/COPYING From rsalz at openssl.org Mon Jan 12 17:40:20 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 12 Jan 2015 18:40:20 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150112174021.112461E1FF7@openssl.net> The branch master has been updated via 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374 (commit) from fcf64ba0ace1bb76c6e00ca7d0c7cf7f9bebe628 (commit) - Log ----------------------------------------------------------------- commit 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374 Author: Rich Salz Date: Mon Jan 12 12:39:00 2015 -0500 Allow multiple IDN xn-- indicators Update the X509v3 name parsing to allow multiple xn-- international domain name indicators in a name. Previously, only allowed one at the beginning of a name, which was wrong. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 35 ++++++++--------------------------- 1 file changed, 8 insertions(+), 27 deletions(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 10a7aa8..c9a6e79 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -752,7 +752,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, { int atstart = (state & LABEL_START); int atend = (i == len - 1 || p[i+i] == '.'); - /* + /*- * At most one wildcard per pattern. * No wildcards in IDNA labels. * No wildcards after the first label. @@ -769,45 +769,26 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, star = &p[i]; state &= ~LABEL_START; } - else if ((state & LABEL_START) != 0) - { - /* - * At the start of a label, skip any "xn--" and - * remain in the LABEL_START state, but set the - * IDNA label state - */ - if ((state & LABEL_IDNA) == 0 && len - i >= 4 - && strncasecmp((char *)&p[i], "xn--", 4) == 0) - { - i += 3; - state |= LABEL_IDNA; - continue; - } - /* Labels must start with a letter or digit */ - state &= ~LABEL_START; - if (('a' <= p[i] && p[i] <= 'z') - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) - continue; - return NULL; - } else if (('a' <= p[i] && p[i] <= 'z') || ('A' <= p[i] && p[i] <= 'Z') || ('0' <= p[i] && p[i] <= '9')) { - state &= LABEL_IDNA; - continue; + if ((state & LABEL_START) != 0 + && len - i >= 4 + && strncasecmp((char *)&p[i], "xn--", 4) == 0) + state |= LABEL_IDNA; + state &= ~(LABEL_HYPHEN|LABEL_START); } else if (p[i] == '.') { - if (state & (LABEL_HYPHEN | LABEL_START)) + if ((state & (LABEL_HYPHEN | LABEL_START)) != 0) return NULL; state = LABEL_START; ++dots; } else if (p[i] == '-') { - if (state & LABEL_HYPHEN) + if ((state & LABEL_HYPHEN) != 0) return NULL; state |= LABEL_HYPHEN; } From matt at openssl.org Tue Jan 13 10:00:51 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 11:00:51 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150113100051.EE5471E20C6@openssl.net> The branch OpenSSL_1_0_0-stable has been updated via 23df532ec481886880c42bea035c7b872b7b5091 (commit) from b960060a0dbb73e95b0d13308f84a13438692fc2 (commit) - Log ----------------------------------------------------------------- commit 23df532ec481886880c42bea035c7b872b7b5091 Author: Matt Caswell Date: Fri Jan 9 14:06:36 2015 +0000 Avoid deprecation problems in Visual Studio 13 Reviewed-by: Andy Polyakov (cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 61 ++---------------------------------------------- e_os.h | 4 +++- 2 files changed, 5 insertions(+), 60 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 34ffcd2..c37c416 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -196,12 +196,6 @@ int RAND_poll(void) DWORD w; int good = 0; - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; #if defined(OPENSSL_SYS_WINCE) # if defined(_WIN32_WCE) && _WIN32_WCE>=300 @@ -281,56 +275,6 @@ int RAND_poll(void) * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ - /* Wolfgang Marczy reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - - /* Close the Registry Key to allow Windows to cleanup/close - * the open handle - * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened - * when the RegQueryValueEx above is done. However, if - * it is not explicitly closed, it can cause disk - * partition manipulation problems. - */ - RegCloseKey(HKEY_PERFORMANCE_DATA); - } - if (buf) - free(buf); - } -#endif if (advapi) { @@ -383,7 +327,7 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + if ((!check_winnt() || !OPENSSL_isservice()) && (user = LoadLibrary(TEXT("USER32.DLL")))) { @@ -407,8 +351,7 @@ int RAND_poll(void) * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) + if (check_winnt() && !check_win_minplat(5)) cursor = 0; } if (cursor) diff --git a/e_os.h b/e_os.h index b66b895..fc1782a 100644 --- a/e_os.h +++ b/e_os.h @@ -371,11 +371,13 @@ static __inline unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif -/* Avoid Windows 8 SDK GetVersion deprecated problems */ +/* Avoid Visual Studio 13 GetVersion deprecated problems */ #if defined(_MSC_VER) && _MSC_VER>=1800 # define check_winnt() (1) +# define check_win_minplat(x) (1) #else # define check_winnt() (GetVersion() < 0x80000000) +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) #endif #else /* The non-microsoft world */ From matt at openssl.org Tue Jan 13 10:00:42 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 11:00:42 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150113100042.33FE41E20C4@openssl.net> The branch OpenSSL_1_0_1-stable has been updated via acb341eb6e611e61c272e411ec9fb12228dbb752 (commit) from 8fb2c9922a9c598fb34369a1f9f3cacb3a394eec (commit) - Log ----------------------------------------------------------------- commit acb341eb6e611e61c272e411ec9fb12228dbb752 Author: Matt Caswell Date: Fri Jan 9 14:06:36 2015 +0000 Avoid deprecation problems in Visual Studio 13 Reviewed-by: Andy Polyakov (cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 61 ++---------------------------------------------- e_os.h | 4 +++- 2 files changed, 5 insertions(+), 60 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 34ffcd2..c37c416 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -196,12 +196,6 @@ int RAND_poll(void) DWORD w; int good = 0; - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; #if defined(OPENSSL_SYS_WINCE) # if defined(_WIN32_WCE) && _WIN32_WCE>=300 @@ -281,56 +275,6 @@ int RAND_poll(void) * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ - /* Wolfgang Marczy reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - - /* Close the Registry Key to allow Windows to cleanup/close - * the open handle - * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened - * when the RegQueryValueEx above is done. However, if - * it is not explicitly closed, it can cause disk - * partition manipulation problems. - */ - RegCloseKey(HKEY_PERFORMANCE_DATA); - } - if (buf) - free(buf); - } -#endif if (advapi) { @@ -383,7 +327,7 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + if ((!check_winnt() || !OPENSSL_isservice()) && (user = LoadLibrary(TEXT("USER32.DLL")))) { @@ -407,8 +351,7 @@ int RAND_poll(void) * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) + if (check_winnt() && !check_win_minplat(5)) cursor = 0; } if (cursor) diff --git a/e_os.h b/e_os.h index 832272e..4df285b 100644 --- a/e_os.h +++ b/e_os.h @@ -368,11 +368,13 @@ static __inline unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif -/* Avoid Windows 8 SDK GetVersion deprecated problems */ +/* Avoid Visual Studio 13 GetVersion deprecated problems */ #if defined(_MSC_VER) && _MSC_VER>=1800 # define check_winnt() (1) +# define check_win_minplat(x) (1) #else # define check_winnt() (GetVersion() < 0x80000000) +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) #endif #else /* The non-microsoft world */ From matt at openssl.org Tue Jan 13 10:00:23 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 11:00:23 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150113100023.B571B1E20C1@openssl.net> The branch master has been updated via 86d21d0b9577322ac5da0114c5fac16eb49b4cef (commit) from 964012dc5a7bfbde8794c4c49ed1aa40ee88f90d (commit) - Log ----------------------------------------------------------------- commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef Author: Matt Caswell Date: Fri Jan 9 14:06:36 2015 +0000 Avoid deprecation problems in Visual Studio 13 Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 61 ++---------------------------------------------- e_os.h | 4 +++- 2 files changed, 5 insertions(+), 60 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index ba87f95..4d74150 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -198,12 +198,6 @@ int RAND_poll(void) DWORD w; int good = 0; - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; #if defined(OPENSSL_SYS_WINCE) # if defined(_WIN32_WCE) && _WIN32_WCE>=300 @@ -283,56 +277,6 @@ int RAND_poll(void) * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ - /* Wolfgang Marczy reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - - /* Close the Registry Key to allow Windows to cleanup/close - * the open handle - * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened - * when the RegQueryValueEx above is done. However, if - * it is not explicitly closed, it can cause disk - * partition manipulation problems. - */ - RegCloseKey(HKEY_PERFORMANCE_DATA); - } - if (buf) - free(buf); - } -#endif if (advapi) { @@ -385,7 +329,7 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + if ((!check_winnt() || !OPENSSL_isservice()) && (user = LoadLibrary(TEXT("USER32.DLL")))) { @@ -409,8 +353,7 @@ int RAND_poll(void) * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) + if (check_winnt() && !check_win_minplat(5)) cursor = 0; } if (cursor) diff --git a/e_os.h b/e_os.h index 5c8842a..28417b2 100644 --- a/e_os.h +++ b/e_os.h @@ -337,11 +337,13 @@ static __inline unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif -/* Avoid Windows 8 SDK GetVersion deprecated problems */ +/* Avoid Visual Studio 13 GetVersion deprecated problems */ #if defined(_MSC_VER) && _MSC_VER>=1800 # define check_winnt() (1) +# define check_win_minplat(x) (1) #else # define check_winnt() (GetVersion() < 0x80000000) +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) #endif #else /* The non-microsoft world */ From rsalz at openssl.org Mon Jan 12 17:40:38 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 12 Jan 2015 18:40:38 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150112174038.0D4E91E1FF8@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via 2194b36979e84ba9c0ea84ba458cab51df6bceb8 (commit) from e81a83657cc9a708ea25d4fcde6e0e9d04dd3ac5 (commit) - Log ----------------------------------------------------------------- commit 2194b36979e84ba9c0ea84ba458cab51df6bceb8 Author: Rich Salz Date: Mon Jan 12 12:39:00 2015 -0500 Allow multiple IDN xn-- indicators Update the X509v3 name parsing to allow multiple xn-- international domain name indicators in a name. Previously, only allowed one at the beginning of a name, which was wrong. Reviewed-by: Viktor Dukhovni (cherry picked from commit 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 35 ++++++++--------------------------- 1 file changed, 8 insertions(+), 27 deletions(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 10a7aa8..c9a6e79 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -752,7 +752,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, { int atstart = (state & LABEL_START); int atend = (i == len - 1 || p[i+i] == '.'); - /* + /*- * At most one wildcard per pattern. * No wildcards in IDNA labels. * No wildcards after the first label. @@ -769,45 +769,26 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, star = &p[i]; state &= ~LABEL_START; } - else if ((state & LABEL_START) != 0) - { - /* - * At the start of a label, skip any "xn--" and - * remain in the LABEL_START state, but set the - * IDNA label state - */ - if ((state & LABEL_IDNA) == 0 && len - i >= 4 - && strncasecmp((char *)&p[i], "xn--", 4) == 0) - { - i += 3; - state |= LABEL_IDNA; - continue; - } - /* Labels must start with a letter or digit */ - state &= ~LABEL_START; - if (('a' <= p[i] && p[i] <= 'z') - || ('A' <= p[i] && p[i] <= 'Z') - || ('0' <= p[i] && p[i] <= '9')) - continue; - return NULL; - } else if (('a' <= p[i] && p[i] <= 'z') || ('A' <= p[i] && p[i] <= 'Z') || ('0' <= p[i] && p[i] <= '9')) { - state &= LABEL_IDNA; - continue; + if ((state & LABEL_START) != 0 + && len - i >= 4 + && strncasecmp((char *)&p[i], "xn--", 4) == 0) + state |= LABEL_IDNA; + state &= ~(LABEL_HYPHEN|LABEL_START); } else if (p[i] == '.') { - if (state & (LABEL_HYPHEN | LABEL_START)) + if ((state & (LABEL_HYPHEN | LABEL_START)) != 0) return NULL; state = LABEL_START; ++dots; } else if (p[i] == '-') { - if (state & LABEL_HYPHEN) + if ((state & LABEL_HYPHEN) != 0) return NULL; state |= LABEL_HYPHEN; } From matt at openssl.org Tue Jan 13 10:00:32 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 11:00:32 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150113100032.BB1051E20C2@openssl.net> The branch OpenSSL_1_0_2-stable has been updated via bd00b8dc65c403d249893e495fd3e4b89e60ca35 (commit) from 2194b36979e84ba9c0ea84ba458cab51df6bceb8 (commit) - Log ----------------------------------------------------------------- commit bd00b8dc65c403d249893e495fd3e4b89e60ca35 Author: Matt Caswell Date: Fri Jan 9 14:06:36 2015 +0000 Avoid deprecation problems in Visual Studio 13 Reviewed-by: Andy Polyakov (cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef) ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 61 ++---------------------------------------------- e_os.h | 4 +++- 2 files changed, 5 insertions(+), 60 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 324e395..cd68c29 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -196,12 +196,6 @@ int RAND_poll(void) DWORD w; int good = 0; - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; #if defined(OPENSSL_SYS_WINCE) # if defined(_WIN32_WCE) && _WIN32_WCE>=300 @@ -281,56 +275,6 @@ int RAND_poll(void) * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ - /* Wolfgang Marczy reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - - /* Close the Registry Key to allow Windows to cleanup/close - * the open handle - * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened - * when the RegQueryValueEx above is done. However, if - * it is not explicitly closed, it can cause disk - * partition manipulation problems. - */ - RegCloseKey(HKEY_PERFORMANCE_DATA); - } - if (buf) - free(buf); - } -#endif if (advapi) { @@ -383,7 +327,7 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + if ((!check_winnt() || !OPENSSL_isservice()) && (user = LoadLibrary(TEXT("USER32.DLL")))) { @@ -407,8 +351,7 @@ int RAND_poll(void) * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) + if (check_winnt() && !check_win_minplat(5)) cursor = 0; } if (cursor) diff --git a/e_os.h b/e_os.h index 13694c4..73b8e21 100644 --- a/e_os.h +++ b/e_os.h @@ -371,11 +371,13 @@ static __inline unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif -/* Avoid Windows 8 SDK GetVersion deprecated problems */ +/* Avoid Visual Studio 13 GetVersion deprecated problems */ #if defined(_MSC_VER) && _MSC_VER>=1800 # define check_winnt() (1) +# define check_win_minplat(x) (1) #else # define check_winnt() (GetVersion() < 0x80000000) +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) #endif #else /* The non-microsoft world */ From matt at openssl.org Tue Jan 13 10:01:01 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 13 Jan 2015 11:01:01 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150113100101.C2E5D1E20C8@openssl.net> The branch OpenSSL_0_9_8-stable has been updated via 8b8a48d099e6ae985f80cbbdad566e2b8aaf96a3 (commit) from 09caf4ffcd5c45bef9012aa53cc64ef5c8b1067f (commit) - Log ----------------------------------------------------------------- commit 8b8a48d099e6ae985f80cbbdad566e2b8aaf96a3 Author: Matt Caswell Date: Fri Jan 9 14:06:36 2015 +0000 Avoid deprecation problems in Visual Studio 13 Reviewed-by: Andy Polyakov (cherry picked from commit 86d21d0b9577322ac5da0114c5fac16eb49b4cef) Conflicts: e_os.h ----------------------------------------------------------------------- Summary of changes: crypto/rand/rand_win.c | 61 ++---------------------------------------------- e_os.h | 6 +++-- 2 files changed, 6 insertions(+), 61 deletions(-) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 34ffcd2..c37c416 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -196,12 +196,6 @@ int RAND_poll(void) DWORD w; int good = 0; - /* Determine the OS version we are on so we can turn off things - * that do not work properly. - */ - OSVERSIONINFO osverinfo ; - osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ; - GetVersionEx( &osverinfo ) ; #if defined(OPENSSL_SYS_WINCE) # if defined(_WIN32_WCE) && _WIN32_WCE>=300 @@ -281,56 +275,6 @@ int RAND_poll(void) * at random times on Windows 2000. Reported by Jeffrey Altman. * Only use it on NT. */ - /* Wolfgang Marczy reports that - * the RegQueryValueEx call below can hang on NT4.0 (SP6). - * So we don't use this at all for now. */ -#if 0 - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) - { - /* Read Performance Statistics from NT/2000 registry - * The size of the performance data can vary from call - * to call so we must guess the size of the buffer to use - * and increase its size if we get an ERROR_MORE_DATA - * return instead of ERROR_SUCCESS. - */ - LONG rc=ERROR_MORE_DATA; - char * buf=NULL; - DWORD bufsz=0; - DWORD length; - - while (rc == ERROR_MORE_DATA) - { - buf = realloc(buf,bufsz+8192); - if (!buf) - break; - bufsz += 8192; - - length = bufsz; - rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"), - NULL, NULL, buf, &length); - } - if (rc == ERROR_SUCCESS) - { - /* For entropy count assume only least significant - * byte of each DWORD is random. - */ - RAND_add(&length, sizeof(length), 0); - RAND_add(buf, length, length / 4.0); - - /* Close the Registry Key to allow Windows to cleanup/close - * the open handle - * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened - * when the RegQueryValueEx above is done. However, if - * it is not explicitly closed, it can cause disk - * partition manipulation problems. - */ - RegCloseKey(HKEY_PERFORMANCE_DATA); - } - if (buf) - free(buf); - } -#endif if (advapi) { @@ -383,7 +327,7 @@ int RAND_poll(void) if (advapi) FreeLibrary(advapi); - if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT || + if ((!check_winnt() || !OPENSSL_isservice()) && (user = LoadLibrary(TEXT("USER32.DLL")))) { @@ -407,8 +351,7 @@ int RAND_poll(void) * on NT4 even though it exists in SP3 (or SP6) and * higher. */ - if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT && - osverinfo.dwMajorVersion < 5) + if (check_winnt() && !check_win_minplat(5)) cursor = 0; } if (cursor) diff --git a/e_os.h b/e_os.h index c75858b..d8ac803 100644 --- a/e_os.h +++ b/e_os.h @@ -360,12 +360,14 @@ static __inline unsigned int _strlen31(const char *str) # define DEFAULT_HOME "C:" # endif -/* Avoid Windows 8 SDK GetVersion deprecated problems */ +/* Avoid Visual Studio 13 GetVersion deprecated problems */ #if defined(_MSC_VER) && _MSC_VER>=1800 # define check_winnt() (1) +# define check_win_minplat(x) (1) #else # define check_winnt() (GetVersion() < 0x80000000) -#endif +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) +#endif #else /* The non-microsoft world */ From kurt at openssl.org Sat Jan 10 15:30:51 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 10 Jan 2015 16:30:51 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150110153051.39B6F1E1D32@openssl.net> The branch master has been updated via 264212b643c621d7e89079c1d2b76f87beec7ceb (commit) from 41c9cfbc4ee7345547fb98cccb8511f082f0910b (commit) - Log ----------------------------------------------------------------- commit 264212b643c621d7e89079c1d2b76f87beec7ceb Author: Kurt Roeckx Date: Fri Jan 2 12:27:57 2015 +0100 Make build reproducible It contained a date on when it was build. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/cversion.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/cversion.c b/crypto/cversion.c index 881957e..d2c6e70 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -69,7 +69,11 @@ const char *SSLeay_version(int t) if (t == SSLEAY_BUILT_ON) { #ifdef DATE +# ifdef OPENSSL_USE_BUILD_DATE return(DATE); +# else + return("built on: reproducible build, date unspecified"); +# endif #else return("built on: date not available"); #endif From rsalz at openssl.org Mon Jan 12 15:29:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 12 Jan 2015 16:29:02 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150112152902.CBC5E1E1FD7@openssl.net> The branch master has been updated via 9405a9a2e1594cea9c963c29d9898bb03cb0f24f (commit) from 732192a0796c4ecbef3b13ccc8ee8ab23e28f483 (commit) - Log ----------------------------------------------------------------- commit 9405a9a2e1594cea9c963c29d9898bb03cb0f24f Author: Rich Salz Date: Mon Jan 12 10:28:05 2015 -0500 RT478: Add uninstall make target Add INSTALLDIRS variable, list of directories where things get installed. Change install_html_docs to use perl mkdir-p script. Add uninstall, uninstall_sw, uninstall_docs, uninstall_html_docs to Makefile.org. The actions of these targets were figured out by "inverting" the install target. Recurse into subdirs to do uninstall as needed. Added uninstall targets whose actions were similarly figured out by "inverting" the install target. Also remove some 'space before tab' complaints in Makefile.org Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Makefile.org | 132 ++++++++++++++++++++++++++++++++++++++++++++++++------- apps/Makefile | 13 ++++++ crypto/Makefile | 2 + ssl/Makefile | 2 + test/Makefile | 2 + tools/Makefile | 12 +++++ 6 files changed, 146 insertions(+), 17 deletions(-) diff --git a/Makefile.org b/Makefile.org index f2460dc..2e4c76e 100644 --- a/Makefile.org +++ b/Makefile.org @@ -68,6 +68,8 @@ AR=ar $(ARFLAGS) r RANLIB= ranlib NM= nm PERL= perl +#RM= echo -- +RM= rm -f TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend @@ -181,6 +183,17 @@ WTARFILE= $(NAME)-win.tar EXHEADER= e_os2.h HEADER= e_os.h +# Directories created on install if they don't exist. +INSTALLDIRS= \ + $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/private + all: Makefile build_all openssl.pc libssl.pc libcrypto.pc # as we stick to -e, CLEARENV ensures that local variables in lower @@ -219,7 +232,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ PEX_LIBS='$(PEX_LIBS)' EX_LIBS='$(EX_LIBS)' \ CPUID_OBJ='$(CPUID_OBJ)' BN_ASM='$(BN_ASM)' \ - EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \ + EC_ASM='$(EC_ASM)' DES_ENC='$(DES_ENC)' \ AES_ENC='$(AES_ENC)' CMLL_ENC='$(CMLL_ENC)' \ BF_ENC='$(BF_ENC)' CAST_ENC='$(CAST_ENC)' \ RC4_ENC='$(RC4_ENC)' RC5_ENC='$(RC5_ENC)' \ @@ -243,13 +256,13 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ # This macro shouldn't be used directly, use RECURSIVE_BUILD_CMD or # BUILD_ONE_CMD instead. # -# BUILD_ONE_CMD is a macro to build a given target in a given -# subdirectory if that subdirectory is part of $(DIRS). It requires -# exactly the same shell variables as BUILD_CMD. -# # RECURSIVE_BUILD_CMD is a macro to build a given target in all # subdirectories defined in $(DIRS). It requires that the target # is given through the shell variable `target'. +# +# BUILD_ONE_CMD is a macro to build a given target in a given +# subdirectory if that subdirectory is part of $(DIRS). It requires +# exactly the same shell variables as BUILD_CMD. BUILD_CMD= if [ -d "$$dir" ]; then \ ( cd $$dir && echo "making $$target in $$dir..." && \ $(CLEARENV) && $(MAKE) -e $(BUILDENV) TOP=.. DIR=$$dir $$target \ @@ -614,15 +627,10 @@ dist_pem_h: install: all install_docs install_sw +uninstall: uninstall_sw uninstall_docs + install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALLDIRS) @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ @@ -664,9 +672,9 @@ install_sw: *ssl*) i=ssleay32.dll;; \ esac; \ echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ fi; \ fi; \ done; \ @@ -687,6 +695,45 @@ install_sw: cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc +uninstall_sw: + cd include/openssl && files=* && cd $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl && $(RM) $$files + @for i in $(LIBS) ;\ + do \ + test -f "$$i" && \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i && \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + done; + @if [ -n "$(SHARED_LIBS)" ]; then \ + tmp="$(SHARED_LIBS)"; \ + for i in $${tmp:-x}; \ + do \ + if [ -f "$$i" -o -f "$$i.a" ]; then \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + else \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ + fi; \ + if expr $(PLATFORM) : 'mingw' > /dev/null; then \ + case $$i in \ + *crypto*) i=libeay32.dll;; \ + *ssl*) i=ssleay32.dll;; \ + esac; \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + fi; \ + fi; \ + done; \ + fi + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc + @target=uninstall; $(RECURSIVE_BUILD_CMD) + install_html_docs: here="`pwd`"; \ filecase=; \ @@ -694,7 +741,7 @@ install_html_docs: filecase=-i; \ esac; \ for subdir in apps crypto ssl; do \ - mkdir -p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ + $(PERL) $(TOP)/util/mkdir-p $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir; \ for i in doc/$$subdir/*.pod; do \ fn=`basename $$i .pod`; \ echo "installing html/$$fn.$(HTMLSUFFIX)"; \ @@ -712,6 +759,24 @@ install_html_docs: done; \ done +uninstall_html_docs: + here="`pwd`"; \ + filecase=; \ + case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*|darwin*-*-cc) \ + filecase=-i; \ + esac; \ + for subdir in apps crypto ssl; do \ + for i in doc/$$subdir/*.pod; do \ + fn=`basename $$i .pod`; \ + $(RM) $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/$$fn.$(HTMLSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + grep -v $$filecase "^$$fn\$$" | \ + while read n; do \ + $(RM) $(INSTALL_PREFIX)$(HTMLDIR)/$$subdir/"$$n".$(HTMLSUFFIX); \ + done; \ + done; \ + done + install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ $(INSTALL_PREFIX)$(MANDIR)/man1 \ @@ -758,4 +823,37 @@ install_docs: done); \ done +uninstall_docs: + @here="`pwd`"; \ + filecase=; \ + case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*) \ + filecase=-i; \ + esac; \ + for i in doc/apps/*.pod; do \ + fn=`basename $$i .pod`; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ + echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ + while read n; do \ + echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \ + $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \ + done; \ + done; \ + for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + fn=`basename $$i .pod`; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ + echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ + $(PERL) util/extract-names.pl < $$i | \ + (grep -v $$filecase "^$$fn\$$"; true) | \ + (grep -v "[ ]"; true) | \ + while read n; do \ + echo $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \ + $(RM) $(INSTALL_PREFIX)$(MANDIR)/man$$sec/"$$n".$${sec}$(MANSUFFIX); \ + done; \ + done + # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/apps/Makefile b/apps/Makefile index 6ced2bd..4270659 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -117,6 +117,19 @@ install: chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \ mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf +uninstall: + @set -e; for i in $(EXE); \ + do \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + done; + @set -e; for i in $(SCRIPTS); \ + do \ + echo $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ + $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ + done + $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf + tags: ctags $(SRC) diff --git a/crypto/Makefile b/crypto/Makefile index d4c7712..5e6a0c3 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -124,6 +124,8 @@ install: done; @target=install; $(RECURSIVE_MAKE) +uninstall: + lint: @target=lint; $(RECURSIVE_MAKE) diff --git a/ssl/Makefile b/ssl/Makefile index 0a7a1a3..087f796 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -79,6 +79,8 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; +uninstall: + tags: ctags $(SRC) diff --git a/test/Makefile b/test/Makefile index 8d95239..176bf70 100644 --- a/test/Makefile +++ b/test/Makefile @@ -135,6 +135,8 @@ errors: install: +uninstall: + tags: ctags $(SRC) diff --git a/tools/Makefile b/tools/Makefile index 4ca835c..19950d1 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -33,6 +33,18 @@ install: mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ done; +uninstall: + @for i in $(APPS) ; \ + do \ + echo $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + $(RM) $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ + done; + @for i in $(MISC_APPS) ; \ + do \ + echo $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ + $(RM) $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ + done; + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO From rsalz at openssl.org Tue Jan 13 17:11:09 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 13 Jan 2015 18:11:09 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150113171109.37E081E2126@openssl.net> The branch master has been updated via 95d779376fb8eb31051714998ac173a4d4822b1b (commit) from fbc921fa3579045d3f2f1f94290fc73259d09e81 (commit) - Log ----------------------------------------------------------------- commit 95d779376fb8eb31051714998ac173a4d4822b1b Author: Rich Salz Date: Tue Jan 13 12:08:24 2015 -0500 Add coding style ----------------------------------------------------------------------- Summary of changes: about/.wmlsnb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/about/.wmlsnb b/about/.wmlsnb index 630a28c..03ecfd4 100644 --- a/about/.wmlsnb +++ b/about/.wmlsnb @@ -8,7 +8,8 @@ - + + From rsalz at openssl.org Mon Jan 12 22:31:11 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 12 Jan 2015 23:31:11 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150112223112.10D931E2029@openssl.net> The branch master has been updated via 6d23cf97443bfedf755341b4f2d0d7fce254e020 (commit) from 31d1d3741f16bd80ec25f72dcdbf6bbdc5664374 (commit) - Log ----------------------------------------------------------------- commit 6d23cf97443bfedf755341b4f2d0d7fce254e020 Author: Rich Salz Date: Mon Jan 12 17:29:26 2015 -0500 RT3548: Remove unsupported platforms This last one for this ticket. Removes WIN16. So long, MS_CALLBACK and MS_FAR. We won't miss you. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 1 + apps/apps.c | 2 +- apps/ciphers.c | 3 --- apps/dhparam.c | 4 ++-- apps/dsaparam.c | 4 ++-- apps/engine.c | 3 --- apps/gendh.c | 4 ++-- apps/genrsa.c | 4 ++-- apps/openssl.c | 4 ++-- apps/req.c | 3 --- apps/s_apps.h | 14 ++++++------- apps/s_cb.c | 14 ++++++------- apps/s_client.c | 10 +++------- apps/s_server.c | 11 ++++------ apps/s_socket.c | 51 +++-------------------------------------------- apps/s_time.c | 3 --- apps/ts.c | 8 ++++---- apps/verify.c | 4 ++-- apps/x509.c | 7 ++----- crypto/bio/b_sock.c | 3 +-- crypto/bio/bio_cb.c | 4 ++-- crypto/bio/bss_acpt.c | 6 ------ crypto/bio/bss_conn.c | 8 +------- crypto/bio/bss_file.c | 28 +++++++++++++------------- crypto/bio/bss_log.c | 20 +++++++++---------- crypto/bn/vms-helper.c | 2 +- crypto/cryptlib.c | 2 +- crypto/des/destest.c | 2 +- crypto/des/read_pwd.c | 25 +++-------------------- crypto/dh/dhtest.c | 10 ++-------- crypto/dsa/dsatest.c | 10 ++-------- crypto/ecdh/ecdhtest.c | 10 ++-------- crypto/lock.c | 14 ++++++------- crypto/rsa/rsa_sign.c | 2 +- crypto/thr_id.c | 12 ++++------- crypto/threads/mttest.c | 1 - crypto/txt_db/txt_db.c | 6 +++--- crypto/ui/ui_openssl.c | 23 +++++++-------------- demos/selfsign.c | 10 +--------- e_os.h | 8 -------- ssl/s3_both.c | 6 ------ ssl/s3_lib.c | 2 +- ssl/ssl_lib.c | 4 ---- ssl/ssltest.c | 16 +++++++-------- util/mkdef.pl | 41 ++++++++----------------------------- 45 files changed, 124 insertions(+), 305 deletions(-) diff --git a/CHANGES b/CHANGES index f697f3e..685f98c 100644 --- a/CHANGES +++ b/CHANGES @@ -37,6 +37,7 @@ NCR Tandem Cray + WIN16 [Rich Salz] *) Experimental support for a new, fast, unbiased prime candidate generator, diff --git a/apps/apps.c b/apps/apps.c index 80762c1..ac709a6 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -290,7 +290,7 @@ int str2fmt(char *s) return(FORMAT_UNDEF); } -#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_NETWARE) +#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_NETWARE) void program_name(char *in, char *out, int size) { int i,n; diff --git a/apps/ciphers.c b/apps/ciphers.c index 7de7dd3..0018360 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -59,9 +59,6 @@ #include #include #include -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif #include "apps.h" #include #include diff --git a/apps/dhparam.c b/apps/dhparam.c index 7982222..86bf19d 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -144,7 +144,7 @@ * -C */ -static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); +static int dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -551,7 +551,7 @@ end: } /* dh_cb is identical to dsa_cb in apps/dsaparam.c */ -static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) +static int dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index a922335..7a9ed82 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -101,7 +101,7 @@ static void timebomb_sigalarm(int foo) #endif -static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb); +static int dsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -468,7 +468,7 @@ end: OPENSSL_EXIT(ret); } -static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb) +static int dsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; diff --git a/apps/engine.c b/apps/engine.c index 9a02943..04d4f73 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -60,9 +60,6 @@ #include #include #include -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif #include "apps.h" #include #ifndef OPENSSL_NO_ENGINE diff --git a/apps/gendh.c b/apps/gendh.c index 4581bfa..ec68425 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -77,7 +77,7 @@ #undef PROG #define PROG gendh_main -static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb); +static int dh_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -218,7 +218,7 @@ end: OPENSSL_EXIT(ret); } -static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb) +static int dh_cb(int p, int n, BN_GENCB *cb) { char c='*'; diff --git a/apps/genrsa.c b/apps/genrsa.c index fe00af9..b0bba05 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -77,7 +77,7 @@ #undef PROG #define PROG genrsa_main -static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb); +static int genrsa_cb(int p, int n, BN_GENCB *cb); int MAIN(int, char **); @@ -312,7 +312,7 @@ err: OPENSSL_EXIT(ret); } -static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb) +static int genrsa_cb(int p, int n, BN_GENCB *cb) { char c='*'; diff --git a/apps/openssl.c b/apps/openssl.c index 7453e65..c438daf 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -698,13 +698,13 @@ static void list_md(BIO *out) EVP_MD_do_all_sorted(list_md_fn, out); } -static int MS_CALLBACK function_cmp(const FUNCTION *a, const FUNCTION *b) +static int function_cmp(const FUNCTION *a, const FUNCTION *b) { return strncmp(a->name,b->name,8); } static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION) -static unsigned long MS_CALLBACK function_hash(const FUNCTION *a) +static unsigned long function_hash(const FUNCTION *a) { return lh_strhash(a->name); } diff --git a/apps/req.c b/apps/req.c index 686fac4..e23c919 100644 --- a/apps/req.c +++ b/apps/req.c @@ -60,9 +60,6 @@ #include #include #include -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif #include "apps.h" #include #include diff --git a/apps/s_apps.h b/apps/s_apps.h index 9d16e45..625e1eb 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -157,7 +157,7 @@ int do_server_unix(const char *path, int *ret, unsigned char *context, int naccept); #endif #ifdef HEADER_X509_H -int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +int verify_callback(int ok, X509_STORE_CTX *ctx); #endif #ifdef HEADER_SSL_H int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); @@ -176,19 +176,19 @@ int should_retry(int i); int extract_port(const char *str, short *port_ptr); int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, +long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret); #ifdef HEADER_SSL_H -void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret); -void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); -void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, +void apps_ssl_info_callback(const SSL *s, int where, int ret); +void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); +void tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, void *arg); #endif -int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); -int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); +int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len); +int verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len); typedef struct ssl_excert_st SSL_EXCERT; diff --git a/apps/s_cb.c b/apps/s_cb.c index 7720144..758da23 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -135,7 +135,7 @@ int verify_return_error=0; unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; int cookie_initialized=0; -int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) +int verify_callback(int ok, X509_STORE_CTX *ctx) { X509 *err_cert; int err,depth; @@ -557,7 +557,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) } -long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, +long bio_dump_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) { BIO *out; @@ -581,7 +581,7 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, return(ret); } -void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret) +void apps_ssl_info_callback(const SSL *s, int where, int ret) { const char *str; int w; @@ -638,7 +638,7 @@ static const char *ssl_version_str(int version) } } -void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) +void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { BIO *bio = arg; const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= ""; @@ -868,7 +868,7 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * (void)BIO_flush(bio); } -void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, +void tlsext_cb(SSL *s, int client_server, int type, unsigned char *data, int len, void *arg) { @@ -981,7 +981,7 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type, (void)BIO_flush(bio); } -int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) +int generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; @@ -1069,7 +1069,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsign return 1; } -int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) +int verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len) { unsigned char *buffer, result[EVP_MAX_MD_SIZE]; unsigned int length, resultlength; diff --git a/apps/s_client.c b/apps/s_client.c index d650cc4..199a587 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -141,10 +141,6 @@ #include #include #include -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif - /* With IPv6, it looks like Digital has mixed up the proper order of recursive header file inclusion, resulting in the compiler complaining that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which @@ -384,7 +380,7 @@ typedef struct tlsextctx_st { } tlsextctx; -static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) +static int ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx * p = (tlsextctx *) arg; const char * hn= SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); @@ -454,7 +450,7 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) primality tests are rather cpu consuming. */ -static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) +static int ssl_srp_verify_param_cb(SSL *s, void *arg) { SRP_ARG *srp_arg = (SRP_ARG *)arg; BIGNUM *N = NULL, *g = NULL; @@ -489,7 +485,7 @@ static int MS_CALLBACK ssl_srp_verify_param_cb(SSL *s, void *arg) #define PWD_STRLEN 1024 -static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) +static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg) { SRP_ARG *srp_arg = (SRP_ARG *)arg; char *pass = (char *)OPENSSL_malloc(PWD_STRLEN+1); diff --git a/apps/s_server.c b/apps/s_server.c index 6690646..412091d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -148,9 +148,6 @@ #include #include -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif #if !defined(OPENSSL_SYS_NETWARE) /* conflicts with winsock2 stuff on netware */ #include @@ -193,7 +190,7 @@ typedef unsigned int u_int; #endif #ifndef OPENSSL_NO_RSA -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength); +static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength); #endif static int not_resumable_sess_cb(SSL *s, int is_forward_secure); static int sv_body(char *hostname, int s, int stype, unsigned char *context); @@ -367,7 +364,7 @@ typedef struct srpsrvparm_st (which would normally occur after a worker has finished) and we set the user parameters. */ -static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) +static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { srpsrvparm *p = (srpsrvparm *)arg; if (p->login == NULL && p->user == NULL ) @@ -721,7 +718,7 @@ typedef struct tlsextctx_st { } tlsextctx; -static int MS_CALLBACK ssl_servername_cb(SSL *s, int *ad, void *arg) +static int ssl_servername_cb(SSL *s, int *ad, void *arg) { tlsextctx * p = (tlsextctx *) arg; const char * servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); @@ -3411,7 +3408,7 @@ err: } #ifndef OPENSSL_NO_RSA -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) +static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) { BIGNUM *bn = NULL; static RSA *rsa_tmp=NULL; diff --git a/apps/s_socket.c b/apps/s_socket.c index f44050d..397cb1e 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -107,12 +107,6 @@ static int init_server_unix(int *sock, const char *path); static int do_accept_unix(int acc_sock, int *sock); #endif -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else -#define SOCKET_PROTOCOL IPPROTO_TCP -#endif - #if defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) static int wsa_init_done=0; #endif @@ -121,36 +115,6 @@ static int wsa_init_done=0; static struct WSAData wsa_state; static int wsa_init_done=0; -#ifdef OPENSSL_SYS_WIN16 -static HWND topWnd=0; -static FARPROC lpTopWndProc=NULL; -static FARPROC lpTopHookProc=NULL; -extern HINSTANCE _hInstance; /* nice global CRT provides */ - -static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam, - LPARAM lParam) - { - if (hwnd == topWnd) - { - switch(message) - { - case WM_DESTROY: - case WM_CLOSE: - SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc); - ssl_sock_cleanup(); - break; - } - } - return CallWindowProc(lpTopWndProc,hwnd,message,wParam,lParam); - } - -static BOOL CALLBACK enumproc(HWND hwnd,LPARAM lParam) - { - topWnd=hwnd; - return(FALSE); - } - -#endif /* OPENSSL_SYS_WIN32 */ #endif /* OPENSSL_SYS_WINDOWS */ #ifdef OPENSSL_SYS_WINDOWS @@ -199,14 +163,6 @@ static int ssl_sock_init(void) BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err); return(0); } - -#ifdef OPENSSL_SYS_WIN16 - EnumTaskWindows(GetCurrentTask(),enumproc,0L); - lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC); - lpTopHookProc=MakeProcInstance((FARPROC)topHookProc,_hInstance); - - SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopHookProc); -#endif /* OPENSSL_SYS_WIN16 */ } #elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) WORD wVerReq; @@ -263,7 +219,7 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port, them.sin_addr.s_addr=htonl(addr); if (type == SOCK_STREAM) - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); else /* ( type == SOCK_DGRAM) */ s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); @@ -412,7 +368,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) #endif if (type == SOCK_STREAM) - s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + s=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); else /* type == SOCK_DGRAM */ s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); @@ -667,8 +623,7 @@ static int host_ip(const char *str, unsigned char ip[4]) BIO_printf(bio_err,"gethostbyname failure\n"); goto err; } - /* cast to short because of win16 winsock definition */ - if ((short)he->h_addrtype != AF_INET) + if (he->h_addrtype != AF_INET) { BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); return(0); diff --git a/apps/s_time.c b/apps/s_time.c index 6542be2..dfe8df7 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -69,9 +69,6 @@ #define USE_SOCKETS #include "apps.h" -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif #include #include #include diff --git a/apps/ts.c b/apps/ts.c index ace13bd..2a1d666 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -103,7 +103,7 @@ static TS_RESP *read_PKCS7(BIO *in_bio); static TS_RESP *create_response(CONF *conf, const char *section, char *engine, char *queryfile, char *passin, char *inkey, char *signer, char *chain, const char *policy); -static ASN1_INTEGER * MS_CALLBACK serial_cb(TS_RESP_CTX *ctx, void *data); +static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data); static ASN1_INTEGER *next_serial(const char *serialfile); static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial); @@ -116,7 +116,7 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, char *ca_path, char *ca_file, char *untrusted); static X509_STORE *create_cert_store(char *ca_path, char *ca_file); -static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx); +static int verify_cb(int ok, X509_STORE_CTX *ctx); /* Main function definition. */ int MAIN(int, char **); @@ -876,7 +876,7 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine, return response; } -static ASN1_INTEGER * MS_CALLBACK serial_cb(TS_RESP_CTX *ctx, void *data) +static ASN1_INTEGER * serial_cb(TS_RESP_CTX *ctx, void *data) { const char *serial_file = (const char *) data; ASN1_INTEGER *serial = next_serial(serial_file); @@ -1128,7 +1128,7 @@ static X509_STORE *create_cert_store(char *ca_path, char *ca_file) return NULL; } -static int MS_CALLBACK verify_cb(int ok, X509_STORE_CTX *ctx) +static int verify_cb(int ok, X509_STORE_CTX *ctx) { /*- char buf[256]; diff --git a/apps/verify.c b/apps/verify.c index b9480bd..2b2224f 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -69,7 +69,7 @@ #undef PROG #define PROG verify_main -static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx); +static int cb(int ok, X509_STORE_CTX *ctx); static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, STACK_OF(X509_CRL) *crls, ENGINE *e, int show_chain); @@ -342,7 +342,7 @@ end: return(ret); } -static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx) +static int cb(int ok, X509_STORE_CTX *ctx) { int cert_error = X509_STORE_CTX_get_error(ctx); X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx); diff --git a/apps/x509.c b/apps/x509.c index 3bb2610..b3c2390 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -60,9 +60,6 @@ #include #include #include -#ifdef OPENSSL_NO_STDIO -#define APPS_WIN16 -#endif #include "apps.h" #include #include @@ -156,7 +153,7 @@ static const char *x509_usage[]={ NULL }; -static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx); +static int callb(int ok, X509_STORE_CTX *ctx); static int sign (X509 *x, EVP_PKEY *pkey,int days,int clrext, const EVP_MD *digest, CONF *conf, char *section); static int x509_certify (X509_STORE *ctx,char *CAfile,const EVP_MD *digest, @@ -1279,7 +1276,7 @@ end: return ret; } -static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx) +static int callb(int ok, X509_STORE_CTX *ctx) { int err; X509 *err_cert; diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index f13d2ac..f7e95ee 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -150,8 +150,7 @@ int BIO_get_host_ip(const char *str, unsigned char *ip) goto err; } - /* cast to short because of win16 winsock definition */ - if ((short)he->h_addrtype != AF_INET) + if (he->h_addrtype != AF_INET) { BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); goto err; diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 9bcbc32..dd21d02 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -63,7 +63,7 @@ #include #include -long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, +long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) { BIO *b; @@ -135,7 +135,7 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, b=(BIO *)bio->cb_arg; if (b != NULL) BIO_write(b,buf,strlen(buf)); -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +#if !defined(OPENSSL_NO_STDIO) else fputs(buf,stderr); #endif diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 0237c0f..1dd6776 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -64,12 +64,6 @@ #ifndef OPENSSL_NO_SOCK -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else -#define SOCKET_PROTOCOL IPPROTO_TCP -#endif - #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index d2c9695..5116604 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -64,12 +64,6 @@ #ifndef OPENSSL_NO_SOCK -#ifdef OPENSSL_SYS_WIN16 -#define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ -#else -#define SOCKET_PROTOCOL IPPROTO_TCP -#endif - #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ #undef FIONBIO @@ -209,7 +203,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) c->them.sin_addr.s_addr=htonl(l); c->state=BIO_CONN_S_CREATE_SOCKET; - ret=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); + ret=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); if (ret == INVALID_SOCKET) { SYSerr(SYS_F_SOCKET,get_last_socket_error()); diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index b954fe7..4a4e747 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -95,13 +95,13 @@ #if !defined(OPENSSL_NO_STDIO) -static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); -static int MS_CALLBACK file_read(BIO *h, char *buf, int size); -static int MS_CALLBACK file_puts(BIO *h, const char *str); -static int MS_CALLBACK file_gets(BIO *h, char *str, int size); -static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int MS_CALLBACK file_new(BIO *h); -static int MS_CALLBACK file_free(BIO *data); +static int file_write(BIO *h, const char *buf, int num); +static int file_read(BIO *h, char *buf, int size); +static int file_puts(BIO *h, const char *str); +static int file_gets(BIO *h, char *str, int size); +static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int file_new(BIO *h); +static int file_free(BIO *data); static BIO_METHOD methods_filep= { BIO_TYPE_FILE, @@ -202,7 +202,7 @@ BIO_METHOD *BIO_s_file(void) return(&methods_filep); } -static int MS_CALLBACK file_new(BIO *bi) +static int file_new(BIO *bi) { bi->init=0; bi->num=0; @@ -211,7 +211,7 @@ static int MS_CALLBACK file_new(BIO *bi) return(1); } -static int MS_CALLBACK file_free(BIO *a) +static int file_free(BIO *a) { if (a == NULL) return(0); if (a->shutdown) @@ -230,7 +230,7 @@ static int MS_CALLBACK file_free(BIO *a) return(1); } -static int MS_CALLBACK file_read(BIO *b, char *out, int outl) +static int file_read(BIO *b, char *out, int outl) { int ret=0; @@ -250,7 +250,7 @@ static int MS_CALLBACK file_read(BIO *b, char *out, int outl) return(ret); } -static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) +static int file_write(BIO *b, const char *in, int inl) { int ret=0; @@ -270,7 +270,7 @@ static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) return(ret); } -static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) +static long file_ctrl(BIO *b, int cmd, long num, void *ptr) { long ret=1; FILE *fp=(FILE *)b->ptr; @@ -440,7 +440,7 @@ static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) return(ret); } -static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) +static int file_gets(BIO *bp, char *buf, int size) { int ret=0; @@ -461,7 +461,7 @@ static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) return(ret); } -static int MS_CALLBACK file_puts(BIO *bp, const char *str) +static int file_puts(BIO *bp, const char *str) { int n,ret; diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 2227b2b..1cc413a 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -122,11 +122,11 @@ #define LOG_DAEMON OPC$M_NM_NTWORK #endif -static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); -static int MS_CALLBACK slg_puts(BIO *h, const char *str); -static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); -static int MS_CALLBACK slg_new(BIO *h); -static int MS_CALLBACK slg_free(BIO *data); +static int slg_write(BIO *h, const char *buf, int num); +static int slg_puts(BIO *h, const char *str); +static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); +static int slg_new(BIO *h); +static int slg_free(BIO *data); static void xopenlog(BIO* bp, char* name, int level); static void xsyslog(BIO* bp, int priority, const char* string); static void xcloselog(BIO* bp); @@ -149,7 +149,7 @@ BIO_METHOD *BIO_s_log(void) return(&methods_slg); } -static int MS_CALLBACK slg_new(BIO *bi) +static int slg_new(BIO *bi) { bi->init=1; bi->num=0; @@ -158,14 +158,14 @@ static int MS_CALLBACK slg_new(BIO *bi) return(1); } -static int MS_CALLBACK slg_free(BIO *a) +static int slg_free(BIO *a) { if (a == NULL) return(0); xcloselog(a); return(1); } -static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) +static int slg_write(BIO *b, const char *in, int inl) { int ret= inl; char* buf; @@ -218,7 +218,7 @@ static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) return(ret); } -static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) +static long slg_ctrl(BIO *b, int cmd, long num, void *ptr) { switch (cmd) { @@ -232,7 +232,7 @@ static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) return(0); } -static int MS_CALLBACK slg_puts(BIO *bp, const char *str) +static int slg_puts(BIO *bp, const char *str) { int n,ret; diff --git a/crypto/bn/vms-helper.c b/crypto/bn/vms-helper.c index 4b63149..ca6e5ba 100644 --- a/crypto/bn/vms-helper.c +++ b/crypto/bn/vms-helper.c @@ -60,7 +60,7 @@ bn_div_words_abort(int i) { #ifdef BN_DEBUG -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +#if !defined(OPENSSL_NO_STDIO) fprintf(stderr,"Division would overflow (%d)\n",i); #endif abort(); diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 07f68e6..00cb337 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -117,7 +117,7 @@ #include "cryptlib.h" #include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_WIN32) static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 31e0156..2cbfdb5 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -60,7 +60,7 @@ #include #include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_SYS_WINDOWS) +#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINDOWS) #ifndef OPENSSL_SYS_MSDOS #define OPENSSL_SYS_MSDOS #endif diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 9ad8f51..f5f1026 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -77,12 +77,6 @@ /* #define SIGACTION */ /* Define this if you have sigaction() */ -#ifdef WIN16TTY -#undef OPENSSL_SYS_WIN16 -#undef _WINDOWS -#include -#endif - /* 06-Apr-92 Luke Brennan Support for VMS */ #include "des_locl.h" #include "cryptlib.h" @@ -195,7 +189,7 @@ static void read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_MSDOS) static int noecho_fgets(char *buf, int size, FILE *tty); #endif #ifdef SIGACTION @@ -225,16 +219,7 @@ int des_read_pw(char *buf, char *buff, int size, const char *prompt, int verify) return(0); } -#elif defined(OPENSSL_SYS_WIN16) - -int des_read_pw(char *buf, char *buff, int size, char *prompt, int verify) - { - memset(buf,0,size); - memset(buff,0,size); - return(0); - } - -#else /* !OPENSSL_SYS_WINCE && !OPENSSL_SYS_WIN16 */ +#else /* !OPENSSL_SYS_WINCE */ static void read_till_nl(FILE *in) { @@ -473,11 +458,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty) break; } size--; -#ifdef WIN16TTY - i=_inchar(); -#else i=getch(); -#endif if (i == '\r') i='\n'; *(p++)=i; if (i == '\n') @@ -501,4 +482,4 @@ static int noecho_fgets(char *buf, int size, FILE *tty) return(strlen(buf)); } #endif -#endif /* !OPENSSL_SYS_WINCE && !WIN16 */ +#endif /* !OPENSSL_SYS_WINCE */ diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index f4c2fd9..7452afb 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -77,13 +77,7 @@ int main(int argc, char *argv[]) #else #include -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif - -static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg); +static int cb(int p, int n, BN_GENCB *arg); static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -210,7 +204,7 @@ err: return(ret); } -static int MS_CALLBACK cb(int p, int n, BN_GENCB *arg) +static int cb(int p, int n, BN_GENCB *arg) { char c='*'; diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index 152205f..2dac421 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -79,13 +79,7 @@ int main(int argc, char *argv[]) #else #include -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif - -static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg); +static int dsa_cb(int p, int n, BN_GENCB *arg); /* seed, out_p, out_q, out_g are taken from the updated Appendix 5 to * FIPS PUB 186 and also appear in Appendix 5 to FIPS PIB 186-1 */ @@ -235,7 +229,7 @@ end: return(0); } -static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *arg) +static int dsa_cb(int p, int n, BN_GENCB *arg) { char c='*'; static int ok=0,num=0; diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index e4c0945..30c3596 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -92,14 +92,8 @@ int main(int argc, char *argv[]) #include #include -#ifdef OPENSSL_SYS_WIN16 -#define MS_CALLBACK _far _loadds -#else -#define MS_CALLBACK -#endif - #if 0 -static void MS_CALLBACK cb(int p, int n, void *arg); +static void cb(int p, int n, void *arg); #endif static const char rnd_seed[] = "string to make the random number generator think it has entropy"; @@ -527,7 +521,7 @@ err: } #if 0 -static void MS_CALLBACK cb(int p, int n, void *arg) +static void cb(int p, int n, void *arg) { char c='*'; diff --git a/crypto/lock.c b/crypto/lock.c index b716708..4e6b3b7 100644 --- a/crypto/lock.c +++ b/crypto/lock.c @@ -117,7 +117,7 @@ #include "cryptlib.h" #include -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_WIN32) static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ #endif @@ -182,15 +182,15 @@ static STACK_OF(OPENSSL_STRING) *app_locks=NULL; static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; -static void (MS_FAR *locking_callback)(int mode,int type, +static void (*locking_callback)(int mode,int type, const char *file,int line)=0; -static int (MS_FAR *add_lock_callback)(int *pointer,int amount, +static int (*add_lock_callback)(int *pointer,int amount, int type,const char *file,int line)=0; -static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) +static struct CRYPTO_dynlock_value *(*dynlock_create_callback) (const char *file,int line)=0; -static void (MS_FAR *dynlock_lock_callback)(int mode, +static void (*dynlock_lock_callback)(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line)=0; -static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, +static void (*dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, const char *file,int line)=0; int CRYPTO_get_new_lockid(char *name) @@ -198,7 +198,7 @@ int CRYPTO_get_new_lockid(char *name) char *str; int i; -#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_WIN32) /* A hack to make Visual C++ 5.0 work correctly when linking as * a DLL using /MT. Without this, the application cannot use * any floating point printf's. diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 7482925..0312460 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -261,7 +261,7 @@ int int_rsa_verify(int dtype, const unsigned char *m, (sigtype == NID_md2WithRSAEncryption))) { /* ok, we will let it through */ -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +#if !defined(OPENSSL_NO_STDIO) fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); #endif } diff --git a/crypto/thr_id.c b/crypto/thr_id.c index 8de9033..76eb0f0 100644 --- a/crypto/thr_id.c +++ b/crypto/thr_id.c @@ -117,9 +117,9 @@ #include "cryptlib.h" #ifndef OPENSSL_NO_DEPRECATED -static unsigned long (MS_FAR *id_callback)(void)=0; +static unsigned long (*id_callback)(void)=0; #endif -static void (MS_FAR *threadid_callback)(CRYPTO_THREADID *)=0; +static void (*threadid_callback)(CRYPTO_THREADID *)=0; /* the memset() here and in set_pointer() seem overkill, but for the sake of * CRYPTO_THREADID_cmp() this avoids any platform silliness that might cause two @@ -195,9 +195,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id) } #endif /* Else pick a backup */ -#ifdef OPENSSL_SYS_WIN16 - CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentTask()); -#elif defined(OPENSSL_SYS_WIN32) +#if defined(OPENSSL_SYS_WIN32) CRYPTO_THREADID_set_numeric(id, (unsigned long)GetCurrentThreadId()); #else /* For everything else, default to using the address of 'errno' */ @@ -237,9 +235,7 @@ unsigned long CRYPTO_thread_id(void) if (id_callback == NULL) { -#ifdef OPENSSL_SYS_WIN16 - ret=(unsigned long)GetCurrentTask(); -#elif defined(OPENSSL_SYS_WIN32) +#if defined(OPENSSL_SYS_WIN32) ret=(unsigned long)GetCurrentThreadId(); #elif defined(GETPID_IS_MEANINGLESS) ret=1L; diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 8de4ff0..9decb75 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -93,7 +93,6 @@ #include #ifdef OPENSSL_NO_FP_API -#define APPS_WIN16 #include "../buffer/bss_file.c" #endif diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 6f2ce3b..773589c 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -156,7 +156,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) *(p++)='\0'; if ((n != num) || (*f != '\0')) { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary fix :-( */ +#if !defined(OPENSSL_NO_STDIO) /* temporary fix :-( */ fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); #endif er=2; @@ -165,7 +165,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) pp[n]=p; if (!sk_OPENSSL_PSTRING_push(ret->data,pp)) { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporary fix :-( */ +#if !defined(OPENSSL_NO_STDIO) /* temporary fix :-( */ fprintf(stderr,"failure in sk_push\n"); #endif er=2; @@ -177,7 +177,7 @@ err: BUF_MEM_free(buf); if (er) { -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) +#if !defined(OPENSSL_NO_STDIO) if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); #endif if (ret != NULL) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 72d85ee..2031b66 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -155,13 +155,6 @@ # endif #endif -#ifdef WIN16TTY -# undef OPENSSL_SYS_WIN16 -# undef WIN16 -# undef _WINDOWS -# include -#endif - /* 06-Apr-92 Luke Brennan Support for VMS */ #include "ui_locl.h" #include "cryptlib.h" @@ -301,13 +294,13 @@ static FILE *tty_in, *tty_out; static int is_a_tty; /* Declare static functions */ -#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) static int read_till_nl(FILE *); static void recsig(int); static void pushsig(void); static void popsig(void); #endif -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) +#if defined(OPENSSL_SYS_MSDOS) static int noecho_fgets(char *buf, int size, FILE *tty); #endif static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl); @@ -393,7 +386,7 @@ static int read_string(UI *ui, UI_STRING *uis) } -#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) /* Internal functions to read a string without echoing */ static int read_till_nl(FILE *in) { @@ -416,7 +409,7 @@ static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl) int ok; char result[BUFSIZ]; int maxsize = BUFSIZ-1; -#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) char *p; intr_signal=0; @@ -582,7 +575,7 @@ static int close_console(UI *ui) } -#if !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) +#if !defined(OPENSSL_SYS_WINCE) /* Internal functions to handle signals and act on them */ static void pushsig(void) { @@ -668,7 +661,7 @@ static void recsig(int i) #endif /* Internal functions specific for Windows */ -#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN16) && !defined(OPENSSL_SYS_WINCE) +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE) static int noecho_fgets(char *buf, int size, FILE *tty) { int i; @@ -683,9 +676,7 @@ static int noecho_fgets(char *buf, int size, FILE *tty) break; } size--; -#ifdef WIN16TTY - i=_inchar(); -#elif defined(_WIN32) +#if defined(_WIN32) i=_getch(); #else i=getch(); diff --git a/demos/selfsign.c b/demos/selfsign.c index 68904c6..f306d8d 100644 --- a/demos/selfsign.c +++ b/demos/selfsign.c @@ -42,15 +42,7 @@ int main() return(0); } -#ifdef WIN16 -# define MS_CALLBACK _far _loadds -# define MS_FAR _far -#else -# define MS_CALLBACK -# define MS_FAR -#endif - -static void MS_CALLBACK callback(p, n, arg) +static void callback(p, n, arg) int p; int n; void *arg; diff --git a/e_os.h b/e_os.h index c6ca774..5c8842a 100644 --- a/e_os.h +++ b/e_os.h @@ -185,14 +185,6 @@ extern "C" { #define writesocket(s,b,n) write((s),(b),(n)) #endif -#ifdef WIN16 /* never the case */ -# define MS_CALLBACK _far _loadds -# define MS_FAR _far -#else -# define MS_CALLBACK -# define MS_FAR -#endif - #ifdef OPENSSL_NO_STDIO # undef OPENSSL_NO_FP_API # define OPENSSL_NO_FP_API diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 4e698bd..7252153 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -183,12 +183,6 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) s->s3->previous_server_finished_len=i; } -#ifdef OPENSSL_SYS_WIN16 - /* MSVC 1.5 does not clear the top bytes of the word unless - * I do this. - */ - l&=0xffff; -#endif ssl_set_handshake_header(s, SSL3_MT_FINISHED, l); s->state=b; } diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 14a4a6e..fcaaa7b 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3441,7 +3441,7 @@ void ssl3_clear(SSL *s) } #ifndef OPENSSL_NO_SRP -static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg) +static char * srp_password_from_info_cb(SSL *s, void *arg) { return BUF_strdup(s->srp_ctx.info) ; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f9f91e6..b17a3ed 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3602,10 +3602,6 @@ void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx) return ctx->cert->sec_ex; } -#if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) -#include "../crypto/bio/bss_file.c" -#endif - IMPLEMENT_STACK_OF(SSL_CIPHER) IMPLEMENT_STACK_OF(SSL_COMP) IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 8129259..c3684c3 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -217,12 +217,12 @@ #define COMP_RLE 255 #define COMP_ZLIB 1 -static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); +static int verify_callback(int ok, X509_STORE_CTX *ctx); #ifndef OPENSSL_NO_RSA -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export,int keylength); +static RSA *tmp_rsa_cb(SSL *s, int is_export,int keylength); static void free_tmp_rsa(void); #endif -static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg); +static int app_verify_callback(X509_STORE_CTX *ctx, void *arg); #define APP_CALLBACK_STRING "Test Callback Argument" struct app_verify_arg { @@ -260,7 +260,7 @@ typedef struct srp_client_arg_st #define PWD_STRLEN 1024 -static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) +static char * ssl_give_srp_client_pwd_cb(SSL *s, void *arg) { SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg; return BUF_strdup((char *)srp_client_arg->srppassin); @@ -274,7 +274,7 @@ typedef struct srp_server_arg_st char *pass; } SRP_SERVER_ARG; -static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) +static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg; @@ -2650,7 +2650,7 @@ static int get_proxy_auth_ex_data_idx(void) return idx; } -static int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx) +static int verify_callback(int ok, X509_STORE_CTX *ctx) { char *s,buf[256]; @@ -3025,7 +3025,7 @@ static int process_proxy_cond(unsigned int letters[26], return process_proxy_cond_adders(letters, cond, cond_end, &pos, 1); } -static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) +static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) { int ok=1; struct app_verify_arg *cb_arg = arg; @@ -3119,7 +3119,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg) #ifndef OPENSSL_NO_RSA static RSA *rsa_tmp=NULL; -static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int is_export, int keylength) +static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) { BIGNUM *bn = NULL; if (rsa_tmp == NULL) diff --git a/util/mkdef.pl b/util/mkdef.pl index 009d132..e5063b0 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -72,7 +72,6 @@ my $VMSVAX=0; my $VMSNonVAX=0; my $VMS=0; my $W32=0; -my $W16=0; my $NT=0; my $OS2=0; # Set this to make typesafe STACK definitions appear in DEF @@ -81,7 +80,7 @@ my $safe_stack_def = 0; my @known_platforms = ( "__FreeBSD__", "PERL5", "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS", "OPENSSL_FIPSCAPABLE" ); -my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" ); +my @known_ossl_platforms = ( "VMS", "WIN32", "WINNT", "OS2" ); my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1", "SHA256", "SHA512", "RIPEMD", @@ -155,7 +154,7 @@ foreach (@ARGV, split(/ /, $options)) { $debug=1 if $_ eq "debug"; $W32=1 if $_ eq "32"; - $W16=1 if $_ eq "16"; + die "win16 not supported" if $_ eq "16"; if($_ eq "NT") { $W32 = 1; $NT = 1; @@ -260,15 +259,10 @@ if (!$libname) { } # If no platform is given, assume WIN32 -if ($W32 + $W16 + $VMS + $OS2 == 0) { +if ($W32 + $VMS + $OS2 == 0) { $W32 = 1; } -# Add extra knowledge -if ($W16) { - $no_fp_api=1; -} - if (!$do_ssl && !$do_crypto) { print STDERR "usage: $0 ( ssl | crypto ) [ 16 | 32 | NT | OS2 ]\n"; @@ -841,10 +835,9 @@ sub do_defs } elsif (/^DECLARE_PEM_rw\s*\(\s*(\w*)\s*,/ || /^DECLARE_PEM_rw_cb\s*\(\s*(\w*)\s*,/ || /^DECLARE_PEM_rw_const\s*\(\s*(\w*)\s*,/ ) { - # Things not in Win16 $def .= "#INFO:" - .join(',',"!WIN16", at current_platforms).":" + .join(',', at current_platforms).":" .join(',', at current_algorithms).";"; $def .= "int PEM_read_$1(void);"; $def .= "int PEM_write_$1(void);"; @@ -859,10 +852,9 @@ sub do_defs } elsif (/^DECLARE_PEM_write\s*\(\s*(\w*)\s*,/ || /^DECLARE_PEM_write_const\s*\(\s*(\w*)\s*,/ || /^DECLARE_PEM_write_cb\s*\(\s*(\w*)\s*,/ ) { - # Things not in Win16 $def .= "#INFO:" - .join(',',"!WIN16", at current_platforms).":" + .join(',', at current_platforms).":" .join(',', at current_algorithms).";"; $def .= "int PEM_write_$1(void);"; $def .= @@ -874,10 +866,9 @@ sub do_defs next; } elsif (/^DECLARE_PEM_read\s*\(\s*(\w*)\s*,/ || /^DECLARE_PEM_read_cb\s*\(\s*(\w*)\s*,/ ) { - # Things not in Win16 $def .= "#INFO:" - .join(',',"!WIN16", at current_platforms).":" + .join(',', at current_platforms).":" .join(',', at current_algorithms).";"; $def .= "int PEM_read_$1(void);"; $def .= @@ -1014,7 +1005,7 @@ sub do_defs # Prune the returned symbols delete $syms{"bn_dump1"}; - $platform{"BIO_s_log"} .= ",!WIN32,!WIN16,!macintosh"; + $platform{"BIO_s_log"} .= ",!WIN32,!macintosh"; $platform{"PEM_read_NS_CERT_SEQ"} = "VMS"; $platform{"PEM_write_NS_CERT_SEQ"} = "VMS"; @@ -1161,14 +1152,13 @@ sub is_valid if ($keyword eq "VMSNonVAX" && $VMSNonVAX) { return 1; } if ($keyword eq "VMS" && $VMS) { return 1; } if ($keyword eq "WIN32" && $W32) { return 1; } - if ($keyword eq "WIN16" && $W16) { return 1; } if ($keyword eq "WINNT" && $NT) { return 1; } if ($keyword eq "OS2" && $OS2) { return 1; } # Special platforms: # EXPORT_VAR_AS_FUNCTION means that global variables # will be represented as functions. This currently # only happens on VMS-VAX. - if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) { + if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32)) { return 1; } if ($keyword eq "OPENSSL_FIPSCAPABLE") { @@ -1314,8 +1304,6 @@ sub print_def_file if ($W32) { $libname.="32"; } - elsif ($W16) - { $libname.="16"; } elsif ($OS2) { # DLL names should not clash on the whole system. # However, they should not have any particular relationship @@ -1340,19 +1328,6 @@ LIBRARY $libname $liboptions EOF - if ($W16) { - print <<"EOF"; -CODE PRELOAD MOVEABLE -DATA PRELOAD MOVEABLE SINGLE - -EXETYPE WINDOWS - -HEAPSIZE 4096 -STACKSIZE 8192 - -EOF - } - print "EXPORTS\n"; (@e)=grep(/^SSLeay(\{[0-9]+\})?\\.*?:.*?:FUNCTION/, at symbols); From matt at openssl.org Mon Jan 12 12:07:01 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 12 Jan 2015 13:07:01 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150112120702.6B1731E1FB2@openssl.net> The branch master has been updated via 732192a0796c4ecbef3b13ccc8ee8ab23e28f483 (commit) via 1211e29c168afcbde0ee277fa92e8d816abc350e (commit) via 8e964419603d2478dfb391c66e7ccb2dcc9776b4 (commit) from 264212b643c621d7e89079c1d2b76f87beec7ceb (commit) - Log ----------------------------------------------------------------- commit 732192a0796c4ecbef3b13ccc8ee8ab23e28f483 Author: Matt Caswell Date: Sun Jan 11 00:22:41 2015 +0000 Fix no-deprecated on Windows Reviewed-by: Richard Levitte commit 1211e29c168afcbde0ee277fa92e8d816abc350e Author: Matt Caswell Date: Sun Jan 11 00:27:50 2015 +0000 make update Reviewed-by: Richard Levitte commit 8e964419603d2478dfb391c66e7ccb2dcc9776b4 Author: Matt Caswell Date: Sun Jan 11 00:26:38 2015 +0000 Remove redundant DSO_METHOD_beos declaration in dso.h. BEOS support has been removed. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso.h | 3 --- crypto/ecdsa/Makefile | 13 +++++++------ util/libeay.num | 4 ++-- util/mk1mf.pl | 1 + util/mkdef.pl | 1 + 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index 23a35e1..0e7d492 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -322,9 +322,6 @@ int DSO_pathbyaddr(void *addr,char *path,int sz); * itself or libsocket. */ void *DSO_global_lookup(const char *name); -/* If BeOS is defined, use shared images. If not, return NULL. */ -DSO_METHOD *DSO_METHOD_beos(void); - /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index da08d2d..7730f71 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -127,15 +127,16 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h +ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h +ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h +ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c diff --git a/util/libeay.num b/util/libeay.num index bd57fbd..6859081 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -701,7 +701,7 @@ bn_mul_words 707 NOEXIST::FUNCTION: BN_uadd 708 EXIST::FUNCTION: BN_usub 709 EXIST::FUNCTION: bn_sqr_words 710 NOEXIST::FUNCTION: -_ossl_old_crypt 711 EXIST:!NeXT,!PERL5:FUNCTION:DES +_ossl_old_crypt 711 EXIST:!PERL5:FUNCTION:DES d2i_ASN1_BIT_STRING 712 EXIST::FUNCTION: d2i_ASN1_BOOLEAN 713 EXIST::FUNCTION: d2i_ASN1_HEADER 714 NOEXIST::FUNCTION: @@ -3735,7 +3735,7 @@ EVP_PKEY_print_public 4118 EXIST::FUNCTION: EVP_PKEY_CTX_new 4119 EXIST::FUNCTION: i2d_TS_TST_INFO 4120 EXIST::FUNCTION: EVP_PKEY_asn1_find 4121 EXIST::FUNCTION: -DSO_METHOD_beos 4122 EXIST::FUNCTION: +DSO_METHOD_beos 4122 NOEXIST::FUNCTION: TS_CONF_load_cert 4123 EXIST::FUNCTION: TS_REQ_get_ext 4124 EXIST::FUNCTION: EVP_PKEY_sign_init 4125 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index e83ef7d..08e0d3c 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1465,6 +1465,7 @@ sub read_options "no-zlib-dynamic" => 0, "no-ssl-trace" => 0, "no-unit-test" => 0, + "no-deprecated" => 0, "fips" => \$fips, "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], "fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly], diff --git a/util/mkdef.pl b/util/mkdef.pl index ccd72f5..009d132 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -246,6 +246,7 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-sctp$/) { $no_sctp=1; } elsif (/^no-srtp$/) { $no_srtp=1; } elsif (/^no-unit-test$/){ $no_unit_test=1; } + elsif (/^no-deprecated$/) { $no_deprecated=1; } } From rsalz at openssl.org Mon Jan 12 15:40:56 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 12 Jan 2015 16:40:56 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150112154057.0845F1E1FD9@openssl.net> The branch master has been updated via fcf64ba0ace1bb76c6e00ca7d0c7cf7f9bebe628 (commit) from 9405a9a2e1594cea9c963c29d9898bb03cb0f24f (commit) - Log ----------------------------------------------------------------- commit fcf64ba0ace1bb76c6e00ca7d0c7cf7f9bebe628 Author: Rich Salz Date: Mon Jan 12 10:40:00 2015 -0500 RT3548: Remove some unsupported platforms. This commit removes NCR, Tandem, Cray. Regenerates TABLE. Removes another missing BEOS fluff. The last platform remaining on this ticket is WIN16. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 + Configure | 36 --------- Makefile.shared | 13 +-- TABLE | 204 ----------------------------------------------- config | 15 ---- crypto/bf/blowfish.h | 9 +-- crypto/bn/bn_mont.c | 15 ---- crypto/des/destest.c | 34 -------- crypto/des/qud_cksm.c | 14 ---- crypto/md4/md4.h | 9 +-- crypto/md5/md5.h | 9 +-- crypto/ripemd/ripemd.h | 2 +- crypto/sha/sha.h | 2 +- crypto/sha/sha512.c | 2 +- e_os2.h | 3 - engines/Makefile | 1 - engines/ccgost/Makefile | 1 - 17 files changed, 10 insertions(+), 362 deletions(-) diff --git a/CHANGES b/CHANGES index ef87df3..f697f3e 100644 --- a/CHANGES +++ b/CHANGES @@ -34,6 +34,9 @@ MPE/iX Sinix/ReliantUNIX RM400 DGUX + NCR + Tandem + Cray [Rich Salz] *) Experimental support for a new, fast, unbiased prime candidate generator, diff --git a/Configure b/Configure index 8756dcb..16be727 100755 --- a/Configure +++ b/Configure @@ -474,18 +474,11 @@ my %table=( "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", "nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -# NCR MP-RAS UNIX ver 02.03.01 -"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::", - # QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", "QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# BeOS -"beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so", -"beos-x86-bone", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lbind -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC:-shared:.so", - #### SCO/Caldera targets. # # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc. @@ -515,32 +508,6 @@ my %table=( "aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", "aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", -# -# Cray T90 and similar (SDSC) -# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT -# defined. The T90 ints and longs are 8 bytes long, and apparently the -# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and -# non L_ENDIAN code aligns the bytes in each word correctly. -# -# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors: -#'Taking the address of a bit field is not allowed. ' -#'An expression with bit field exists as the operand of "sizeof" ' -# (written by Wayne Schroeder ) -# -# j90 is considered the base machine type for unicos machines, -# so this configuration is now called "cray-j90" ... -"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::", - -# -# Cray T3E (Research Center Juelich, beckman at acl.lanl.gov) -# -# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added -# another use. Basically, the problem is that the T3E uses some bit fields -# for some st_addr stuff, and then sizeof and address-of fails -# I could not use the ams/alpha.o option because the Cray assembler, 'cam' -# did not like it. -"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::", - # SIEMENS BS2000/OSD: an EBCDIC-based mainframe "BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", @@ -656,9 +623,6 @@ my %table=( "vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:", "vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", -##### Compaq Non-Stop Kernel (Tandem) -"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::", - # uClinux "uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", "uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", diff --git a/Makefile.shared b/Makefile.shared index 29a1345..f5abd40 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -170,17 +170,6 @@ link_a.gnu: link_app.gnu: @ $(DO_GNU_APP); $(LINK_APP) -DO_BEOS_SO= SHLIB=lib$(LIBNAME).so; \ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SUFFIX" - -link_o.beos: - @ $(DO_BEOS_SO); $(LINK_SO_O) -link_a.beos: - @ $(DO_BEOS_SO); $(LINK_SO_A) - link_o.bsd: @if $(DETECT_GNU_LD); then $(DO_GNU_SO); else \ $(CALC_VERSIONS); \ @@ -573,7 +562,7 @@ symlink.hpux: expr $(PLATFORM) : '.*ia64' > /dev/null && SHLIB=lib$(LIBNAME).so; \ $(SYMLINK_SO) # The following lines means those specific architectures do no symlinks -symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath symlink.beos: +symlink.cygwin symlink.alpha-osf1 symlink.tru64 symlink.tru64-rpath: # Compatibility targets link_o.bsd-gcc-shared link_o.linux-shared link_o.gnu-shared: link_o.gnu diff --git a/TABLE b/TABLE index f41cb03..baf6b6a 100644 --- a/TABLE +++ b/TABLE @@ -1156,74 +1156,6 @@ $ranlib = $arflags = $multilib = -*** beos-x86-bone -$cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = BEOS -$lflags = -lbe -lbind -lsocket -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = elf -$dso_scheme = beos -$shared_target= beos-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - -*** beos-x86-r5 -$cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = BEOS -$lflags = -lbe -lnet -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = elf -$dso_scheme = beos -$shared_target= beos-shared -$shared_cflag = -fPIC -DPIC -$shared_ldflag = -shared -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - *** bsdi-elf-gcc $cc = gcc $cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall @@ -1292,74 +1224,6 @@ $ranlib = $arflags = $multilib = -*** cray-j90 -$cc = cc -$cflags = -DBIT_FIELD_LIMITS -DTERMIOS -$unistd = -$thread_cflag = (unknown) -$sys_id = CRAY -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG DES_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** cray-t3e -$cc = cc -$cflags = -DBIT_FIELD_LIMITS -DTERMIOS -$unistd = -$thread_cflag = (unknown) -$sys_id = CRAY -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** darwin-i386-cc $cc = cc $cflags = -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN @@ -5134,40 +4998,6 @@ $ranlib = $arflags = $multilib = -*** ncr-scde -$cc = cc -$cflags = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -lsocket -lnsl -lc89 -$bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** netware-clib $cc = mwccnlm $cflags = @@ -6120,40 +5950,6 @@ $ranlib = $arflags = $multilib = /64 -*** tandem-c89 -$cc = c89 -$cflags = -Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -$bn_ops = THIRTY_TWO_BIT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** tru64-alpha-cc $cc = cc $cflags = -std1 -tune host -fast -readonly_strings diff --git a/config b/config index d0c8993..8644211 100755 --- a/config +++ b/config @@ -335,18 +335,6 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in exit 0 ;; - *"CRAY T3E") - echo "t3e-cray-unicosmk"; exit 0; - ;; - - *CRAY*) - echo "j90-cray-unicos"; exit 0; - ;; - - NONSTOP_KERNEL*) - echo "nsr-tandem-nsk"; exit 0; - ;; - vxworks*) echo "${MACHINE}-whatever-vxworks"; exit 0; ;; @@ -827,9 +815,6 @@ case "$GUESSOS" in # these are all covered by the catchall below *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;; *-*-cygwin) OUT="Cygwin" ;; - t3e-cray-unicosmk) OUT="cray-t3e" ;; - j90-cray-unicos) OUT="cray-j90" ;; - nsr-tandem-nsk) OUT="tandem-c89" ;; x86pc-*-qnx6) OUT="QNX6-i386" ;; *-*-qnx6) OUT="QNX6" ;; x86-*-android|i?86-*-android) OUT="android-x86" ;; diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index 50787ed..1eda374 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -81,16 +81,9 @@ extern "C" { #if defined(__LP32__) #define BF_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(__ILP64__) #define BF_LONG unsigned long #define BF_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ #else #define BF_LONG unsigned int #endif diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 526b9ce..8710d78 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -205,22 +205,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) for (carry=0, i=0; i - */ #else #define MD4_LONG unsigned int #endif diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h index 4cbf843..747bd92 100644 --- a/crypto/md5/md5.h +++ b/crypto/md5/md5.h @@ -79,16 +79,9 @@ extern "C" { #if defined(__LP32__) #define MD5_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(__ILP64__) #define MD5_LONG unsigned long #define MD5_LONG_LOG2 3 -/* - * _CRAY note. I could declare short, but I have no idea what impact - * does it have on performance on none-T3E machines. I could declare - * int, but at least on C90 sizeof(int) can be chosen at compile time. - * So I've chosen long... - * - */ #else #define MD5_LONG unsigned int #endif diff --git a/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h index 5942eb6..f32cfae 100644 --- a/crypto/ripemd/ripemd.h +++ b/crypto/ripemd/ripemd.h @@ -72,7 +72,7 @@ extern "C" { #if defined(__LP32__) #define RIPEMD160_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(__ILP64__) #define RIPEMD160_LONG unsigned long #define RIPEMD160_LONG_LOG2 3 #else diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index c5dd660..95d9b60 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -79,7 +79,7 @@ extern "C" { #if defined(__LP32__) #define SHA_LONG unsigned long -#elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) +#elif defined(__ILP64__) #define SHA_LONG unsigned long #define SHA_LONG_LOG2 3 #else diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index 5be98d3..e0da0e1 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -11,7 +11,7 @@ * * As you might have noticed 32-bit hash algorithms: * - * - permit SHA_LONG to be wider than 32-bit (case on CRAY); + * - permit SHA_LONG to be wider than 32-bit * - optimized versions implement two transform functions: one operating * on [aligned] data in host byte order and one - on data in input * stream byte order; diff --git a/e_os2.h b/e_os2.h index 3789bd4..837f791 100644 --- a/e_os2.h +++ b/e_os2.h @@ -165,9 +165,6 @@ extern "C" { # ifdef OPENSSL_SYSNAME_MACOSX # define OPENSSL_SYS_MACOSX # endif -# if defined(_CRAY) || defined(OPENSSL_SYSNAME_CRAY) -# define OPENSSL_SYS_CRAY -# endif # if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) # define OPENSSL_SYS_AIX # endif diff --git a/engines/Makefile b/engines/Makefile index 455c1d9..ffd36f0 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -111,7 +111,6 @@ install: cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ else \ case "$(CFLAGS)" in \ - *DSO_BEOS*) sfx=".so";; \ *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index be9a134..c44b704 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -52,7 +52,6 @@ install: cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ else \ case "$(CFLAGS)" in \ - *DSO_BEOS*) sfx=".so";; \ *DSO_DLFCN*) sfx=`expr "$(SHLIB_EXT)" : '.*\(\.[a-z][a-z]*\)' \| ".so"`;; \ *DSO_DL*) sfx=".sl";; \ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ From steve at openssl.org Tue Jan 13 15:40:17 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 13 Jan 2015 16:40:17 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150113154017.46BF21E2114@openssl.net> The branch master has been updated via a5a412350daa8f49b90323ec2a99fee499fc5b6d (commit) via 98b3b116ab678532eb288f79cf73c1e8f8d3db6d (commit) from 2d2671790ee12dedd92c97f35b6feb755b8d4374 (commit) - Log ----------------------------------------------------------------- commit a5a412350daa8f49b90323ec2a99fee499fc5b6d Author: Dr. Stephen Henson Date: Tue Jan 13 15:21:28 2015 +0000 Remove use of BN_init, BN_RECP_CTX_init from bntest BN_init and BN_RECP_CTX_init are deprecated and are not exported from shared libraries on some platforms (e.g. Windows) convert bntest to use BN_new and BN_RECP_CTX_new instead. Reviewed-by: Matt Caswell commit 98b3b116ab678532eb288f79cf73c1e8f8d3db6d Author: Dr. Stephen Henson Date: Tue Jan 13 15:20:34 2015 +0000 For master windows build dsa.h is now needed. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/bn/bntest.c | 424 ++++++++++++++++++++++++++-------------------------- engines/e_capi.c | 1 + 2 files changed, 213 insertions(+), 212 deletions(-) diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 869ae05..9bb1429 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -329,160 +329,160 @@ err: int test_add(BIO *bp) { - BIGNUM a,b,c; + BIGNUM *a,*b,*c; int i; - BN_init(&a); - BN_init(&b); - BN_init(&c); + a = BN_new(); + b = BN_new(); + c = BN_new(); - BN_bntest_rand(&a,512,0,0); + BN_bntest_rand(a,512,0,0); for (i=0; ineg=rand_neg(); + b->neg=rand_neg(); + BN_add(c,a,b); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," + "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - a.neg=!a.neg; - b.neg=!b.neg; - BN_add(&c,&c,&b); - BN_add(&c,&c,&a); - if(!BN_is_zero(&c)) + a->neg=!a->neg; + b->neg=!b->neg; + BN_add(c,c,b); + BN_add(c,c,a); + if(!BN_is_zero(c)) { fprintf(stderr,"Add test failed!\n"); return 0; } } - BN_free(&a); - BN_free(&b); - BN_free(&c); + BN_free(a); + BN_free(b); + BN_free(c); return(1); } int test_sub(BIO *bp) { - BIGNUM a,b,c; + BIGNUM *a,*b,*c; int i; - BN_init(&a); - BN_init(&b); - BN_init(&c); + a = BN_new(); + b = BN_new(); + c = BN_new(); for (i=0; ineg=rand_neg(); + b->neg=rand_neg(); } - BN_sub(&c,&a,&b); + BN_sub(c,a,b); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," - "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_add(&c,&c,&b); - BN_sub(&c,&c,&a); - if(!BN_is_zero(&c)) + BN_add(c,c,b); + BN_sub(c,c,a); + if(!BN_is_zero(c)) { fprintf(stderr,"Subtract test failed!\n"); return 0; } } - BN_free(&a); - BN_free(&b); - BN_free(&c); + BN_free(a); + BN_free(b); + BN_free(c); return(1); } int test_div(BIO *bp, BN_CTX *ctx) { - BIGNUM a,b,c,d,e; + BIGNUM *a,*b,*c,*d,*e; int i; - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); for (i=0; ineg=rand_neg(); + b->neg=rand_neg(); + BN_div(d,c,a,b,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," / "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&d); + BN_print(bp,d); BIO_puts(bp,"\n"); if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," % "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_mul(&e,&d,&b,ctx); - BN_add(&d,&e,&c); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d)) + BN_mul(e,d,b,ctx); + BN_add(d,e,c); + BN_sub(d,d,a); + if(!BN_is_zero(d)) { fprintf(stderr,"Division test failed!\n"); return 0; } } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); return(1); } @@ -504,39 +504,39 @@ static void print_word(BIO *bp,BN_ULONG w) int test_div_word(BIO *bp) { - BIGNUM a,b; + BIGNUM *a,*b; BN_ULONG r,s; int i; - BN_init(&a); - BN_init(&b); + a = BN_new(); + b = BN_new(); for (i=0; id[0]; } while (!s); - BN_copy(&b, &a); - r = BN_div_word(&b, s); + BN_copy(b, a); + r = BN_div_word(b, s); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," / "); print_word(bp,s); BIO_puts(bp," - "); } - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp,"\n"); if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," % "); print_word(bp,s); BIO_puts(bp," - "); @@ -544,145 +544,145 @@ int test_div_word(BIO *bp) print_word(bp,r); BIO_puts(bp,"\n"); } - BN_mul_word(&b,s); - BN_add_word(&b,r); - BN_sub(&b,&a,&b); - if(!BN_is_zero(&b)) + BN_mul_word(b,s); + BN_add_word(b,r); + BN_sub(b,a,b); + if(!BN_is_zero(b)) { fprintf(stderr,"Division (word) test failed!\n"); return 0; } } - BN_free(&a); - BN_free(&b); + BN_free(a); + BN_free(b); return(1); } int test_div_recp(BIO *bp, BN_CTX *ctx) { - BIGNUM a,b,c,d,e; - BN_RECP_CTX recp; + BIGNUM *a,*b,*c,*d,*e; + BN_RECP_CTX *recp; int i; - BN_RECP_CTX_init(&recp); - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); + recp = BN_RECP_CTX_new(); + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); for (i=0; ineg=rand_neg(); + b->neg=rand_neg(); + BN_RECP_CTX_set(recp,b,ctx); + BN_div_recp(d,c,a,recp,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," / "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&d); + BN_print(bp,d); BIO_puts(bp,"\n"); if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," % "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_mul(&e,&d,&b,ctx); - BN_add(&d,&e,&c); - BN_sub(&d,&d,&a); - if(!BN_is_zero(&d)) + BN_mul(e,d,b,ctx); + BN_add(d,e,c); + BN_sub(d,d,a); + if(!BN_is_zero(d)) { fprintf(stderr,"Reciprocal division test failed!\n"); fprintf(stderr,"a="); - BN_print_fp(stderr,&a); + BN_print_fp(stderr,a); fprintf(stderr,"\nb="); - BN_print_fp(stderr,&b); + BN_print_fp(stderr,b); fprintf(stderr,"\n"); return 0; } } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); - BN_RECP_CTX_free(&recp); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); + BN_RECP_CTX_free(recp); return(1); } int test_mul(BIO *bp) { - BIGNUM a,b,c,d,e; + BIGNUM *a,*b,*c,*d,*e; int i; BN_CTX *ctx; ctx = BN_CTX_new(); if (ctx == NULL) EXIT(1); - - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&e); + + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + e = BN_new(); for (i=0; ineg=rand_neg(); + b->neg=rand_neg(); + BN_mul(c,a,b,ctx); if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," - "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } - BN_div(&d,&e,&c,&a,ctx); - BN_sub(&d,&d,&b); - if(!BN_is_zero(&d) || !BN_is_zero(&e)) + BN_div(d,e,c,a,ctx); + BN_sub(d,d,b); + if(!BN_is_zero(d) || !BN_is_zero(e)) { fprintf(stderr,"Multiplication test failed!\n"); return 0; } } - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&e); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(e); BN_CTX_free(ctx); return(1); } @@ -785,78 +785,78 @@ err: int test_mont(BIO *bp, BN_CTX *ctx) { - BIGNUM a,b,c,d,A,B; - BIGNUM n; + BIGNUM *a,*b,*c,*d,*A,*B; + BIGNUM *n; int i; BN_MONT_CTX *mont; - BN_init(&a); - BN_init(&b); - BN_init(&c); - BN_init(&d); - BN_init(&A); - BN_init(&B); - BN_init(&n); + a = BN_new(); + b = BN_new(); + c = BN_new(); + d = BN_new(); + A = BN_new(); + B = BN_new(); + n = BN_new(); mont=BN_MONT_CTX_new(); if (mont == NULL) return 0; - BN_bntest_rand(&a,100,0,0); /**/ - BN_bntest_rand(&b,100,0,0); /**/ + BN_bntest_rand(a,100,0,0); /**/ + BN_bntest_rand(b,100,0,0); /**/ for (i=0; iN)); +BN_num_bits(a), +BN_num_bits(b), +BN_num_bits(&mont->N); #endif - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," * "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," % "); - BN_print(bp,&(mont->N)); + BN_print(bp,&mont->N); BIO_puts(bp," - "); } - BN_print(bp,&A); + BN_print(bp,A); BIO_puts(bp,"\n"); } - BN_mod_mul(&d,&a,&b,&n,ctx); - BN_sub(&d,&d,&A); - if(!BN_is_zero(&d)) + BN_mod_mul(d,a,b,n,ctx); + BN_sub(d,d,A); + if(!BN_is_zero(d)) { fprintf(stderr,"Montgomery multiplication test failed!\n"); return 0; } } BN_MONT_CTX_free(mont); - BN_free(&a); - BN_free(&b); - BN_free(&c); - BN_free(&d); - BN_free(&A); - BN_free(&B); - BN_free(&n); + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(d); + BN_free(A); + BN_free(B); + BN_free(n); return(1); } @@ -1205,43 +1205,43 @@ int test_exp(BIO *bp, BN_CTX *ctx) #ifndef OPENSSL_NO_EC2M int test_gf2m_add(BIO *bp) { - BIGNUM a,b,c; + BIGNUM *a,*b,*c; int i, ret = 0; - BN_init(&a); - BN_init(&b); - BN_init(&c); + a = BN_new(); + b = BN_new(); + c = BN_new(); for (i=0; ineg=rand_neg(); + b->neg=rand_neg(); + BN_GF2m_add(c,a,b); #if 0 /* make test uses ouput in bc but bc can't handle GF(2^m) arithmetic */ if (bp != NULL) { if (!results) { - BN_print(bp,&a); + BN_print(bp,a); BIO_puts(bp," ^ "); - BN_print(bp,&b); + BN_print(bp,b); BIO_puts(bp," = "); } - BN_print(bp,&c); + BN_print(bp,c); BIO_puts(bp,"\n"); } #endif /* Test that two added values have the correct parity. */ - if((BN_is_odd(&a) && BN_is_odd(&c)) || (!BN_is_odd(&a) && !BN_is_odd(&c))) + if((BN_is_odd(a) && BN_is_odd(c)) || (!BN_is_odd(a) && !BN_is_odd(c))) { fprintf(stderr,"GF(2^m) addition test (a) failed!\n"); goto err; } - BN_GF2m_add(&c,&c,&c); + BN_GF2m_add(c,c,c); /* Test that c + c = 0. */ - if(!BN_is_zero(&c)) + if(!BN_is_zero(c)) { fprintf(stderr,"GF(2^m) addition test (b) failed!\n"); goto err; @@ -1249,9 +1249,9 @@ int test_gf2m_add(BIO *bp) } ret = 1; err: - BN_free(&a); - BN_free(&b); - BN_free(&c); + BN_free(a); + BN_free(b); + BN_free(c); return ret; } @@ -1964,42 +1964,42 @@ int test_small_prime(BIO *bp,BN_CTX *ctx) { static const int bits = 10; int ret = 0; - BIGNUM r; + BIGNUM *r; - BN_init(&r); - if (!BN_generate_prime_ex(&r, bits, 0, NULL, NULL, NULL)) + r = BN_new(); + if (!BN_generate_prime_ex(r, bits, 0, NULL, NULL, NULL)) goto err; - if (BN_num_bits(&r) != bits) + if (BN_num_bits(r) != bits) { - BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, BN_num_bits(&r)); + BIO_printf(bp, "Expected %d bit prime, got %d bit number\n", bits, BN_num_bits(r)); goto err; } ret = 1; err: - BN_clear(&r); + BN_clear_free(r); return ret; } #ifndef OPENSSL_SYS_WIN32 int test_probable_prime_coprime(BIO *bp, BN_CTX *ctx) { int i, j, ret = 0; - BIGNUM r; + BIGNUM *r; BN_ULONG primes[5] = { 2, 3, 5, 7, 11 }; - BN_init(&r); + r = BN_new(); for (i = 0; i < 1000; i++) { - if (!bn_probable_prime_dh_coprime(&r, 1024, ctx)) goto err; + if (!bn_probable_prime_dh_coprime(r, 1024, ctx)) goto err; for (j = 0; j < 5; j++) { - if (BN_mod_word(&r, primes[j]) == 0) + if (BN_mod_word(r, primes[j]) == 0) { BIO_printf(bp, "Number generated is not coprime to %ld:\n", primes[j]); - BN_print_fp(stdout, &r); + BN_print_fp(stdout, r); BIO_printf(bp, "\n"); goto err; } @@ -2009,7 +2009,7 @@ int test_probable_prime_coprime(BIO *bp, BN_CTX *ctx) ret = 1; err: - BN_clear(&r); + BN_clear_free(r); return ret; } #endif diff --git a/engines/e_capi.c b/engines/e_capi.c index 8a19ed0..41257ad 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -64,6 +64,7 @@ #include #include #include +#include #ifndef _WIN32_WINNT #define _WIN32_WINNT 0x0400 From appro at openssl.org Tue Jan 13 20:42:37 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 13 Jan 2015 21:42:37 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150113204237.4BF5D1DF10F@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 10771e3421ea435623f85304738280415d6b55c7 (commit) from 36f694e09add27e5619abab9de2bbb0b6bf61037 (commit) - Log ----------------------------------------------------------------- commit 10771e3421ea435623f85304738280415d6b55c7 Author: Andy Polyakov Date: Mon Jan 5 23:40:10 2015 +0100 Add Broadwell performance results. Reviewed-by: Emilia K?sper (cherry picked from commit b3d7294976c58e0e05d0ee44a0e7c9c3b8515e05) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/rsaz-avx2.pl | 4 ++++ crypto/modes/asm/aesni-gcm-x86_64.pl | 5 ++++- crypto/modes/asm/ghash-x86_64.pl | 4 +++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index e608cb4..3b6ccf8 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -61,8 +61,12 @@ # # rsa2048 sign/sec OpenSSL 1.0.1 scalar(*) this # 2.3GHz Haswell 621 765/+23% 1113/+79% +# 2.3GHz Broadwell(**) 688 1200(***)/+74% 1120/+63% # # (*) if system doesn't support AVX2, for reference purposes; +# (**) scaled to 2.3GHz to simplify comparison; +# (***) scalar AD*X code is faster than AVX2 and is preferred code +# path for Broadwell; $flavour = shift; $output = shift; diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl index cfc856c..7e4e04e 100644 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -22,7 +22,10 @@ # [1] and [2], with MOVBE twist suggested by Ilya Albrekht and Max # Locktyukhin of Intel Corp. who verified that it reduces shuffles # pressure with notable relative improvement, achieving 1.0 cycle per -# byte processed with 128-bit key on Haswell processor. +# byte processed with 128-bit key on Haswell processor, and 0.74 - +# on Broadwell. [Mentioned results are raw profiled measurements for +# favourable packet size, one divisible by 96. Applications using the +# EVP interface will observe a few percent worse performance.] # # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest # [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index ce7d1cb..6e656ca 100644 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -63,6 +63,7 @@ # Sandy Bridge 1.80(+8%) # Ivy Bridge 1.80(+7%) # Haswell 0.55(+93%) (if system doesn't support AVX) +# Broadwell 0.45(+110%)(if system doesn't support AVX) # Bulldozer 1.49(+27%) # Silvermont 2.88(+13%) @@ -73,7 +74,8 @@ # CPUs such as Sandy and Ivy Bridge can execute it, the code performs # sub-optimally in comparison to above mentioned version. But thanks # to Ilya Albrekht and Max Locktyukhin of Intel Corp. we knew that -# it performs in 0.41 cycles per byte on Haswell processor. +# it performs in 0.41 cycles per byte on Haswell processor, and in +# 0.29 on Broadwell. # # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest From appro at openssl.org Tue Jan 13 20:41:29 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 13 Jan 2015 21:41:29 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150113204129.EE9A71DF10B@butler.localdomain> The branch master has been updated via b3d7294976c58e0e05d0ee44a0e7c9c3b8515e05 (commit) from a5a412350daa8f49b90323ec2a99fee499fc5b6d (commit) - Log ----------------------------------------------------------------- commit b3d7294976c58e0e05d0ee44a0e7c9c3b8515e05 Author: Andy Polyakov Date: Mon Jan 5 23:40:10 2015 +0100 Add Broadwell performance results. Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/rsaz-avx2.pl | 4 ++++ crypto/modes/asm/aesni-gcm-x86_64.pl | 5 ++++- crypto/modes/asm/ghash-x86_64.pl | 4 +++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl index e608cb4..3b6ccf8 100755 --- a/crypto/bn/asm/rsaz-avx2.pl +++ b/crypto/bn/asm/rsaz-avx2.pl @@ -61,8 +61,12 @@ # # rsa2048 sign/sec OpenSSL 1.0.1 scalar(*) this # 2.3GHz Haswell 621 765/+23% 1113/+79% +# 2.3GHz Broadwell(**) 688 1200(***)/+74% 1120/+63% # # (*) if system doesn't support AVX2, for reference purposes; +# (**) scaled to 2.3GHz to simplify comparison; +# (***) scalar AD*X code is faster than AVX2 and is preferred code +# path for Broadwell; $flavour = shift; $output = shift; diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl index cfc856c..7e4e04e 100644 --- a/crypto/modes/asm/aesni-gcm-x86_64.pl +++ b/crypto/modes/asm/aesni-gcm-x86_64.pl @@ -22,7 +22,10 @@ # [1] and [2], with MOVBE twist suggested by Ilya Albrekht and Max # Locktyukhin of Intel Corp. who verified that it reduces shuffles # pressure with notable relative improvement, achieving 1.0 cycle per -# byte processed with 128-bit key on Haswell processor. +# byte processed with 128-bit key on Haswell processor, and 0.74 - +# on Broadwell. [Mentioned results are raw profiled measurements for +# favourable packet size, one divisible by 96. Applications using the +# EVP interface will observe a few percent worse performance.] # # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest # [2] http://www.intel.com/content/dam/www/public/us/en/documents/software-support/enabling-high-performance-gcm.pdf diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl index ce7d1cb..6e656ca 100644 --- a/crypto/modes/asm/ghash-x86_64.pl +++ b/crypto/modes/asm/ghash-x86_64.pl @@ -63,6 +63,7 @@ # Sandy Bridge 1.80(+8%) # Ivy Bridge 1.80(+7%) # Haswell 0.55(+93%) (if system doesn't support AVX) +# Broadwell 0.45(+110%)(if system doesn't support AVX) # Bulldozer 1.49(+27%) # Silvermont 2.88(+13%) @@ -73,7 +74,8 @@ # CPUs such as Sandy and Ivy Bridge can execute it, the code performs # sub-optimally in comparison to above mentioned version. But thanks # to Ilya Albrekht and Max Locktyukhin of Intel Corp. we knew that -# it performs in 0.41 cycles per byte on Haswell processor. +# it performs in 0.41 cycles per byte on Haswell processor, and in +# 0.29 on Broadwell. # # [1] http://rt.openssl.org/Ticket/Display.html?id=2900&user=guest&pass=guest From levitte at openssl.org Tue Jan 13 23:14:32 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 14 Jan 2015 00:14:32 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150113231432.15CD91DF108@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 43257b9f51de749262258668c77c2f0f99d7a15b (commit) from 10771e3421ea435623f85304738280415d6b55c7 (commit) - Log ----------------------------------------------------------------- commit 43257b9f51de749262258668c77c2f0f99d7a15b Author: Richard Levitte Date: Tue Jan 13 22:04:58 2015 +0100 Define CFLAGS as cflags on VMS as well Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: makevms.com | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makevms.com b/makevms.com index 9624ef2..f6b3ff2 100755 --- a/makevms.com +++ b/makevms.com @@ -651,7 +651,7 @@ $ if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " " $ CFLAGS = CFLAGS+ "/DEFINE=ZLIB" $ endif $! -$ WRITE H_FILE "#define CFLAGS" +$ WRITE H_FILE "#define CFLAGS cflags" $ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";" $ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD' ''VMS_VERSION'""" $ WRITE H_FILE "#define DATE ""built on: ''TIME'"" " From levitte at openssl.org Tue Jan 13 23:16:44 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 14 Jan 2015 00:16:44 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150113231644.E88E61DF108@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via e8e878bec7d547dcfe92de995ec71ca7ea71aa58 (commit) from 6099e629f55e3c4b363d1c84e7775816b21bb38c (commit) - Log ----------------------------------------------------------------- commit e8e878bec7d547dcfe92de995ec71ca7ea71aa58 Author: Richard Levitte Date: Tue Jan 13 22:04:58 2015 +0100 Define CFLAGS as cflags on VMS as well Reviewed-by: Matt Caswell (cherry picked from commit 43257b9f51de749262258668c77c2f0f99d7a15b) ----------------------------------------------------------------------- Summary of changes: makevms.com | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/makevms.com b/makevms.com index e4f5a86..01ada3a 100755 --- a/makevms.com +++ b/makevms.com @@ -646,7 +646,7 @@ $ if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " " $ CFLAGS = CFLAGS+ "/DEFINE=ZLIB" $ endif $! -$ WRITE H_FILE "#define CFLAGS" +$ WRITE H_FILE "#define CFLAGS cflags" $ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";" $ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD' ''VMS_VERSION'""" $ WRITE H_FILE "#define DATE ""built on: ''TIME'"" " From levitte at openssl.org Tue Jan 13 23:18:33 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 14 Jan 2015 00:18:33 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150113231833.B1F1B1DF108@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via f4f1e808014e4cb37da4ef3bd3c292a759c38502 (commit) from 36f309c50a4188edad08bc69420bd7a2d3d383e5 (commit) - Log ----------------------------------------------------------------- commit f4f1e808014e4cb37da4ef3bd3c292a759c38502 Author: Richard Levitte Date: Tue Jan 13 22:13:20 2015 +0100 VMS fixups for 1.0.0 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: makevms.com | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/makevms.com b/makevms.com index c6b052e..6cf7b5f 100755 --- a/makevms.com +++ b/makevms.com @@ -637,9 +637,10 @@ $ if (CFLAGS .nes. "") then CFLAGS = CFLAGS+ " " $ CFLAGS = CFLAGS+ "/DEFINE=ZLIB" $ endif $! -$ WRITE H_FILE "#define CFLAGS ""''CFLAGS'""" -$ WRITE H_FILE "#define PLATFORM ""VMS ''ARCHD' ''VMS_VERSION'""" -$ WRITE H_FILE "#define DATE ""''TIME'"" " +$ WRITE H_FILE "#define CFLAGS cflags" +$ WRITE H_FILE "static const char cflags[] = ""compiler: ''CFLAGS'"";" +$ WRITE H_FILE "#define PLATFORM ""platform: VMS ''ARCHD' ''VMS_VERSION'""" +$ WRITE H_FILE "#define DATE ""built on: ''TIME'"" " $! $! Close The [.CRYPTO._xxx]BUILDINF.H File. $! From levitte at openssl.org Wed Jan 14 20:02:13 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 14 Jan 2015 21:02:13 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150114200213.D068A1DF118@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 0c8dc6ebe5a969a57fb678b793d0dea651e33af7 (commit) from f4f1e808014e4cb37da4ef3bd3c292a759c38502 (commit) - Log ----------------------------------------------------------------- commit 0c8dc6ebe5a969a57fb678b793d0dea651e33af7 Author: Richard Levitte Date: Wed Jan 14 19:17:17 2015 +0100 Fixup installation script for VMS Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/install-crypto.com | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com index d19081d..1d9fa8c 100755 --- a/crypto/install-crypto.com +++ b/crypto/install-crypto.com @@ -76,12 +76,12 @@ $ sdirs := , - 'archd', - objects, - md4, md5, sha, mdc2, hmac, ripemd, whrlpool, - - des, aes, rc2, rc4, idea, bf, cast, camellia, seed, - + des, aes, rc2, rc4, idea, bf, cast, camellia, seed, modes, - bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, - buffer, bio, stack, lhash, rand, err, - evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, - ui, krb5, - - cms, pqueue, ts, jpake, srp, store, cmac + cms, pqueue, ts, jpake, store $! $ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h $ exheader_'archd' := opensslconf.h From rsalz at openssl.org Wed Jan 14 20:58:46 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 14 Jan 2015 21:58:46 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150114205846.BC1981DF118@butler.localdomain> The branch master has been updated via 4b618848f9beb8271f24883694e097caa70013c0 (commit) from b3d7294976c58e0e05d0ee44a0e7c9c3b8515e05 (commit) - Log ----------------------------------------------------------------- commit 4b618848f9beb8271f24883694e097caa70013c0 Author: Rich Salz Date: Wed Jan 14 15:57:28 2015 -0500 Cleanup OPENSSL_NO_xxx, part 1 OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Two typo's on #endif comments fixed: OPENSSL_NO_ECB fixed to OPENSSL_NO_OCB OPENSSL_NO_HW_SureWare fixed to OPENSSL_NO_HW_SUREWARE Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +++++ apps/speed.c | 12 ++++++------ crypto/asn1/a_d2i_fp.c | 4 ++-- crypto/asn1/a_i2d_fp.c | 4 ++-- crypto/asn1/a_strex.c | 4 ++-- crypto/asn1/asn1.h | 2 +- crypto/asn1/t_crl.c | 2 +- crypto/asn1/t_req.c | 2 +- crypto/asn1/t_x509.c | 2 +- crypto/bio/b_dump.c | 2 +- crypto/bio/bio.h | 6 +++--- crypto/bn/bn.h | 4 ++-- crypto/bn/bn_print.c | 2 +- crypto/conf/conf.h | 4 ++-- crypto/conf/conf_lib.c | 8 ++++---- crypto/crypto.h | 4 ++-- crypto/dh/dh.h | 2 +- crypto/dh/dh_prn.c | 2 +- crypto/dsa/dsa.h | 2 +- crypto/dsa/dsa_prn.c | 2 +- crypto/ec/ec.h | 4 ++-- crypto/ec/eck_prn.c | 2 +- crypto/err/err.h | 4 ++-- crypto/err/err_prn.c | 2 +- crypto/evp/c_alld.c | 2 +- crypto/evp/evp.h | 2 +- crypto/evp/m_ripemd.c | 2 +- crypto/lhash/lh_stats.c | 2 +- crypto/lhash/lhash.h | 4 ++-- crypto/mem_dbg.c | 2 +- crypto/modes/modes.h | 2 +- crypto/pem/pem.h | 4 ++-- crypto/pem/pem_all.c | 6 +++--- crypto/pem/pem_info.c | 2 +- crypto/pem/pem_lib.c | 10 +++++----- crypto/pem/pem_pk8.c | 2 +- crypto/pem/pem_pkey.c | 4 ++-- crypto/pkcs12/p12_utl.c | 4 ++-- crypto/pkcs7/pkcs7.h | 2 +- crypto/ripemd/ripemd.h | 2 +- crypto/ripemd/rmdtest.c | 2 +- crypto/rsa/rsa.h | 2 +- crypto/rsa/rsa_prn.c | 2 +- crypto/threads/mttest.c | 2 +- crypto/ts/ts_asn1.c | 8 ++++---- crypto/x509/x509.h | 4 ++-- crypto/x509/x_all.c | 18 +++++++++--------- crypto/x509v3/v3_prn.c | 2 +- e_os.h | 5 ----- engines/e_sureware.c | 2 +- ssl/ssl.h | 2 +- ssl/ssl_txt.c | 2 +- util/mk1mf.pl | 2 +- 53 files changed, 96 insertions(+), 96 deletions(-) diff --git a/CHANGES b/CHANGES index 685f98c..946d2a0 100644 --- a/CHANGES +++ b/CHANGES @@ -40,6 +40,11 @@ WIN16 [Rich Salz] + *) Start cleaning up OPENSSL_NO_xxx #define's + OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + [Rich Salz] + *) Experimental support for a new, fast, unbiased prime candidate generator, bn_probable_prime_dh_coprime(). Not currently used by any prime generator. [Felix Laurie von Massenbach ] diff --git a/apps/speed.c b/apps/speed.c index 3dcfb8d..84fb493 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -145,7 +145,7 @@ #ifndef OPENSSL_NO_SHA #include #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 #include #endif #ifndef OPENSSL_NO_WHIRLPOOL @@ -392,7 +392,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_WHIRLPOOL unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; #endif #ifndef OPENSSL_NO_RC4 @@ -849,7 +849,7 @@ int MAIN(int argc, char **argv) if (strcmp(*argv,"whirlpool") == 0) doit[D_WHIRLPOOL]=1; else #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 if (strcmp(*argv,"ripemd") == 0) doit[D_RMD160]=1; else if (strcmp(*argv,"rmd160") == 0) doit[D_RMD160]=1; @@ -1073,12 +1073,12 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_WHIRLPOOL BIO_printf(bio_err,"whirlpool"); #endif -#ifndef OPENSSL_NO_RIPEMD160 +#ifndef OPENSSL_NO_RMD160 BIO_printf(bio_err,"rmd160"); #endif #if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ - !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RIPEMD160) || \ + !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \ !defined(OPENSSL_NO_WHIRLPOOL) BIO_printf(bio_err,"\n"); #endif @@ -1690,7 +1690,7 @@ int MAIN(int argc, char **argv) } #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 if (doit[D_RMD160]) { for (j=0; j #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int X509_CRL_print_fp(FILE *fp, X509_CRL *x) { BIO *b; diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 5d03db7..741158d 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -70,7 +70,7 @@ #include #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int X509_REQ_print_fp(FILE *fp, X509_REQ *x) { BIO *b; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 111ea5a..89115c7 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -74,7 +74,7 @@ #include #include "asn1_locl.h" -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int X509_print_fp(FILE *fp, X509 *x) { return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index b3a5f7d..34c8392 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -157,7 +157,7 @@ int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), return(ret); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO static int write_fp(const void *data, size_t len, void *fp) { return UP_fwrite(data, len, 1, fp); diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 3ea44ab..e3ab9c4 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -61,7 +61,7 @@ #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO # include #endif #include @@ -635,7 +635,7 @@ int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix, asn1_ps_func **psuffix_free); -# ifndef OPENSSL_NO_FP_API +# ifndef OPENSSL_NO_STDIO BIO_METHOD *BIO_s_file(void ); BIO *BIO_new_file(const char *filename, const char *mode); BIO *BIO_new_fp(FILE *stream, int close_flag); @@ -709,7 +709,7 @@ int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u), void *u, const char *s, int len, int indent); int BIO_dump(BIO *b,const char *bytes,int len); int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int BIO_dump_fp(FILE *fp, const char *s, int len); int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent); #endif diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 5daee38..7ba9bee 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -126,7 +126,7 @@ #define HEADER_BN_H #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO #include /* FILE */ #endif #include @@ -433,7 +433,7 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,BN_CTX *ctx); int BN_mask_bits(BIGNUM *a,int n); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a); #endif #ifdef HEADER_BIO_H diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 1743b6a..a188f97 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -316,7 +316,7 @@ int BN_asc2bn(BIGNUM **bn, const char *a) } #ifndef OPENSSL_NO_BIO -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a) { BIO *b; diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index c219997..0570fc0 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -122,7 +122,7 @@ int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf,LHASH_OF(CONF_VALUE) *hash); LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf,const char *file, long *eline); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline); #endif @@ -160,7 +160,7 @@ void NCONF_free(CONF *conf); void NCONF_free_data(CONF *conf); int NCONF_load(CONF *conf,const char *file,long *eline); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); #endif int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 54046de..35236d3 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -110,7 +110,7 @@ LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file, return ltmp; } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, long *eline) { @@ -202,7 +202,7 @@ void CONF_free(LHASH_OF(CONF_VALUE) *conf) NCONF_free_data(&ctmp); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) { BIO *btmp; @@ -273,7 +273,7 @@ int NCONF_load(CONF *conf, const char *file, long *eline) return conf->meth->load(conf, file, eline); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) { BIO *btmp; @@ -362,7 +362,7 @@ int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, return 1; } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out) { BIO *btmp; diff --git a/crypto/crypto.h b/crypto/crypto.h index f5cb4c7..1b76ada 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -122,7 +122,7 @@ #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO #include #endif @@ -538,7 +538,7 @@ void CRYPTO_dbg_set_options(long bits); long CRYPTO_dbg_get_options(void); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO void CRYPTO_mem_leaks_fp(FILE *); #endif void CRYPTO_mem_leaks(struct bio_st *bio); diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index 3f7dca1..6e263f9 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -221,7 +221,7 @@ DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); int i2d_DHparams(const DH *a,unsigned char **pp); DH * d2i_DHxparams(DH **a,const unsigned char **pp, long length); int i2d_DHxparams(const DH *a,unsigned char **pp); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int DHparams_print_fp(FILE *fp, const DH *x); #endif #ifndef OPENSSL_NO_BIO diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c index ae58c2a..78d1f98 100644 --- a/crypto/dh/dh_prn.c +++ b/crypto/dh/dh_prn.c @@ -61,7 +61,7 @@ #include #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int DHparams_print_fp(FILE *fp, const DH *x) { BIO *b; diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 8feb2a1..28bb0c8 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -257,7 +257,7 @@ int i2d_DSAparams(const DSA *a,unsigned char **pp); int DSAparams_print(BIO *bp, const DSA *x); int DSA_print(BIO *bp, const DSA *x, int off); #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); #endif diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c index 6f29f5e..ab56016 100644 --- a/crypto/dsa/dsa_prn.c +++ b/crypto/dsa/dsa_prn.c @@ -61,7 +61,7 @@ #include #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int DSA_print_fp(FILE *fp, const DSA *x, int off) { BIO *b; diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index 477e476..5e89eea 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -706,7 +706,7 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); #ifndef OPENSSL_NO_BIO int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); #endif @@ -941,7 +941,7 @@ int ECParameters_print(BIO *bp, const EC_KEY *key); int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO /** Prints out the ec parameters on human readable form. * \param fp file descriptor to which the information is printed * \param key EC_KEY object diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 39ce978..f2c327d 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -67,7 +67,7 @@ #include #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off) { BIO *b; diff --git a/crypto/err/err.h b/crypto/err/err.h index 2a00e28..7fb7302 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -114,7 +114,7 @@ #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO #include #include #endif @@ -339,7 +339,7 @@ const char *ERR_func_error_string(unsigned long e); const char *ERR_reason_error_string(unsigned long e); void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), void *u); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO void ERR_print_errors_fp(FILE *fp); #endif #ifndef OPENSSL_NO_BIO diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index a0168ac..3ed2bbe 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -86,7 +86,7 @@ void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), } } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO static int print_fp(const char *str, size_t len, void *fp) { BIO bio; diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 99f9cd5..ea879db 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -94,7 +94,7 @@ void OpenSSL_add_all_digests(void) #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 EVP_add_digest(EVP_ripemd160()); EVP_add_digest_alias(SN_ripemd160,"ripemd"); EVP_add_digest_alias(SN_ripemd160,"rmd160"); diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 7290c10..d062f91 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -754,7 +754,7 @@ const EVP_MD *EVP_sha512(void); #ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); #endif -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 const EVP_MD *EVP_ripemd160(void); #endif #ifndef OPENSSL_NO_WHIRLPOOL diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index a1d60ee..330ff7c 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -59,7 +59,7 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_RIPEMD +#ifndef OPENSSL_NO_RMD160 #include #include diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 815615e..35fcf4e 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -138,7 +138,7 @@ void lh_node_usage_stats(LHASH *lh, FILE *out) #else -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO void lh_stats(const _LHASH *lh, FILE *fp) { BIO *bp; diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index e7d8763..9f431d6 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -64,7 +64,7 @@ #define HEADER_LHASH_H #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO #include #endif @@ -182,7 +182,7 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); unsigned long lh_num_items(const _LHASH *lh); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO void lh_stats(const _LHASH *lh, FILE *out); void lh_node_stats(const _LHASH *lh, FILE *out); void lh_node_usage_stats(const _LHASH *lh, FILE *out); diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index ac79339..c550a9b 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -822,7 +822,7 @@ void CRYPTO_mem_leaks(BIO *b) MemCheck_on(); /* release MALLOC2 lock */ } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO void CRYPTO_mem_leaks_fp(FILE *fp) { BIO *b; diff --git a/crypto/modes/modes.h b/crypto/modes/modes.h index 3fb1b4b..457709b 100644 --- a/crypto/modes/modes.h +++ b/crypto/modes/modes.h @@ -173,7 +173,7 @@ int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx,const unsigned char *tag, size_t len); int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len); void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx); -#endif /* OPENSSL_NO_ECB */ +#endif /* OPENSSL_NO_OCB */ #ifdef __cplusplus } diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 7c9b92a..6de9c70 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -213,7 +213,7 @@ typedef struct pem_ctx_st * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) */ -#ifdef OPENSSL_NO_FP_API +#ifdef OPENSSL_NO_STDIO #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ @@ -325,7 +325,7 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ /* These are the same except they are for the declarations */ -#if defined(OPENSSL_NO_FP_API) +#if defined(OPENSSL_NO_STDIO) #define DECLARE_PEM_read_fp(name, type) /**/ #define DECLARE_PEM_write_fp(name, type) /**/ diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 5c8c6f4..ab83eae 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -181,7 +181,7 @@ RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, return pkey_get_rsa(pktmp, rsa); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u) @@ -226,7 +226,7 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u) @@ -273,7 +273,7 @@ IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateK IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY) -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb, void *u) diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index cc7f24a..cb7e9aa 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -70,7 +70,7 @@ #include #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) { BIO *b; diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 28fb867..28124b8 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -84,7 +84,7 @@ int pem_check_suffix(const char *pem_str, const char *suffix); int PEM_def_callback(char *buf, int num, int w, void *key) { -#ifdef OPENSSL_NO_FP_API +#ifdef OPENSSL_NO_STDIO /* We should not ever call the default callback routine from * windows. */ PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); @@ -163,7 +163,7 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str) buf[j+i*2+1]='\0'; } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, pem_password_cb *cb, void *u) { @@ -313,7 +313,7 @@ err: return ret; } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp, void *x, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *callback, void *u) @@ -576,7 +576,7 @@ static int load_iv(char **fromp, unsigned char *to, int num) return(1); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int PEM_write(FILE *fp, const char *name, const char *header, const unsigned char *data, long len) { @@ -656,7 +656,7 @@ err: return(0); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len) { diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 6deab8c..2dc9848 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -178,7 +178,7 @@ EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, vo return ret; } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, char *kstr, int klen, diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index e9e41dd..60942bf 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -208,7 +208,7 @@ int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x) pem_str,bp,x,NULL,NULL,0,0,NULL); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u) { BIO *b; @@ -273,7 +273,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) return ret; } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u) { BIO *b; diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index 59c6f45..99b92fe 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -100,7 +100,7 @@ int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) { return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); @@ -111,7 +111,7 @@ PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) { return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 7078637..e66f7d3 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -279,7 +279,7 @@ DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, unsigned char *md,unsigned int *len); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); #endif diff --git a/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h index f32cfae..87ef6dd 100644 --- a/crypto/ripemd/ripemd.h +++ b/crypto/ripemd/ripemd.h @@ -66,7 +66,7 @@ extern "C" { #endif -#ifdef OPENSSL_NO_RIPEMD +#ifdef OPENSSL_NO_RMD160 #error RIPEMD is disabled. #endif diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index fb34e0e..d54d776 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -62,7 +62,7 @@ #include "../e_os.h" -#ifdef OPENSSL_NO_RIPEMD +#ifdef OPENSSL_NO_RMD160 int main(int argc, char *argv[]) { printf("No ripemd support\n"); diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 10e187e..669b601 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -376,7 +376,7 @@ typedef struct rsa_oaep_params_st DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int RSA_print_fp(FILE *fp, const RSA *r,int offset); #endif diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c index 224db0f..9974224 100644 --- a/crypto/rsa/rsa_prn.c +++ b/crypto/rsa/rsa_prn.c @@ -61,7 +61,7 @@ #include #include -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int RSA_print_fp(FILE *fp, const RSA *x, int off) { BIO *b; diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 9decb75..f8ee4a6 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -92,7 +92,7 @@ #include #include -#ifdef OPENSSL_NO_FP_API +#ifdef OPENSSL_NO_STDIO #include "../buffer/bss_file.c" #endif diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index 40b730c..c7c0edd 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -77,7 +77,7 @@ int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); } #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) { return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, d2i_TS_MSG_IMPRINT, fp, a); @@ -111,7 +111,7 @@ int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a); } #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) { return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a); @@ -158,7 +158,7 @@ int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); } #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) { return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp, a); @@ -239,7 +239,7 @@ int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a); } #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) { return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 1376ddb..d615171 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -683,7 +683,7 @@ int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, unsigned char *md, unsigned int *len); #endif -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509); int i2d_X509_fp(FILE *fp,X509 *x509); X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); @@ -1003,7 +1003,7 @@ unsigned long X509_NAME_hash_old(X509_NAME *x); int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); int X509_CRL_match(const X509_CRL *a, const X509_CRL *b); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); int X509_print_fp(FILE *bp,X509 *x); int X509_CRL_print_fp(FILE *bp,X509_CRL *x); diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index d722950..b1fe302 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -151,7 +151,7 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) x->signature, x->spkac,pkey,md)); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); @@ -173,7 +173,7 @@ int i2d_X509_bio(BIO *bp, X509 *x509) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); @@ -195,7 +195,7 @@ int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); @@ -217,7 +217,7 @@ int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); @@ -241,7 +241,7 @@ int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) #ifndef OPENSSL_NO_RSA -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) { return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); @@ -309,7 +309,7 @@ int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) #endif #ifndef OPENSSL_NO_DSA -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) { return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa); @@ -355,7 +355,7 @@ int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) #endif #ifndef OPENSSL_NO_EC -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey) { return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey); @@ -439,7 +439,7 @@ int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD * } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) { return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8); @@ -461,7 +461,7 @@ int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8); } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO **p8inf) { diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 3146218..13449ac 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -221,7 +221,7 @@ static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) { BIO *bio_tmp; diff --git a/e_os.h b/e_os.h index 28417b2..bc105fb 100644 --- a/e_os.h +++ b/e_os.h @@ -185,11 +185,6 @@ extern "C" { #define writesocket(s,b,n) write((s),(b),(n)) #endif -#ifdef OPENSSL_NO_STDIO -# undef OPENSSL_NO_FP_API -# define OPENSSL_NO_FP_API -#endif - #if (defined(WINDOWS) || defined(MSDOS)) # ifdef __DJGPP__ diff --git a/engines/e_sureware.c b/engines/e_sureware.c index aa6fb00..c475bb7 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -1057,5 +1057,5 @@ static int surewarehk_modexp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } return ret; } -#endif /* !OPENSSL_NO_HW_SureWare */ +#endif /* !OPENSSL_NO_HW_SUREWARE */ #endif /* !OPENSSL_NO_HW */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 98661d0..dd8b277 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2106,7 +2106,7 @@ SSL_SESSION *SSL_SESSION_new(void); const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len); unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses); #endif #ifndef OPENSSL_NO_BIO diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index b09feca..7d0effb 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -86,7 +86,7 @@ #include #include "ssl_locl.h" -#ifndef OPENSSL_NO_FP_API +#ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x) { BIO *b; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index f3f5d68..07f6fdd 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -283,7 +283,7 @@ $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; $cflags.=" -DOPENSSL_NO_SHA" if $no_sha; $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; -$cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd; +$cflags.=" -DOPENSSL_NO_RMD160" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; $cflags.=" -DOPENSSL_NO_CAST" if $no_cast; From rsalz at openssl.org Wed Jan 14 21:13:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 14 Jan 2015 22:13:12 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150114211315.094131DF118@butler.localdomain> The branch master has been updated via 90ae68e0163b5cea806ea1f4e9a55be0207b8a2c (commit) from 73c14ab2b0f527f40d84b2957ec3df20394c7864 (commit) - Log ----------------------------------------------------------------- commit 90ae68e0163b5cea806ea1f4e9a55be0207b8a2c Author: Rich Salz Date: Wed Jan 14 16:13:08 2015 -0500 Fix two typo's ----------------------------------------------------------------------- Summary of changes: about/codingstyle.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/about/codingstyle.txt b/about/codingstyle.txt index 0ffeedd..d133709 100644 --- a/about/codingstyle.txt +++ b/about/codingstyle.txt @@ -263,7 +263,7 @@ should be defined in a local header file that is not exported. Ideally, functions should be short and sweet, and do just one thing. A rule of thumb is that they should fit on one or two screenfuls of text -as we all know), and do one thing and do that well. +(25 lines as we all know), and do one thing and do that well. The maximum length of a function is often inversely proportional to the complexity and indentation level of that function. So, if you have a @@ -449,7 +449,7 @@ Other API's use the following pattern: >= 1: success, with value returning additional information <= 0: failure with return value indicating why things failed -Somtimes a return value of -1 can mean "should retry" (e.g., BIO, SSL, et al). +Sometimes a return value of -1 can mean "should retry" (e.g., BIO, SSL, et al). Functions whose return value is the actual result of a computation, rather than an indication of whether the computation succeeded, are not From matt at openssl.org Thu Jan 15 13:32:06 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 14:32:06 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150115133206.717CE1DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 583f0bc402a9f81c4d36f0a73c07f852ca915a1e (commit) from e8e878bec7d547dcfe92de995ec71ca7ea71aa58 (commit) - Log ----------------------------------------------------------------- commit 583f0bc402a9f81c4d36f0a73c07f852ca915a1e Author: Matt Caswell Date: Thu Jan 15 13:04:01 2015 +0000 Updates to CHANGES and NEWS Reviewed-by: Dr Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- NEWS | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e79234a..1b304c9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.1k and 1.0.1l [xx XXX xxxx] - *) + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] Changes between 1.0.1j and 1.0.1k [8 Jan 2015] diff --git a/NEWS b/NEWS index f71f241..595773b 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [under development] - o + o Build fixes for the Windows and OpenVMS platforms Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] From matt at openssl.org Thu Jan 15 13:32:17 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 14:32:17 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150115133217.6C8981DF118@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 08fac3fb6f17915cd28d1f25d4eaac97e09e9cb2 (commit) from 0c8dc6ebe5a969a57fb678b793d0dea651e33af7 (commit) - Log ----------------------------------------------------------------- commit 08fac3fb6f17915cd28d1f25d4eaac97e09e9cb2 Author: Matt Caswell Date: Thu Jan 15 13:04:01 2015 +0000 Updates to CHANGES and NEWS Reviewed-by: Dr Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- NEWS | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index e52cb9e..ff739a4 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.0p and 1.0.0q [xx XXX xxxx] - *) + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] Changes between 1.0.0o and 1.0.0p [8 Jan 2015] diff --git a/NEWS b/NEWS index 0a8846b..e86836d 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [under development] - o + o Build fixes for the Windows and OpenVMS platforms Major changes between OpenSSL 1.0.0o and OpenSSL 1.0.0p [8 Jan 2015] From matt at openssl.org Thu Jan 15 13:32:31 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 14:32:31 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150115133231.A58F61DF118@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via 346a46f0748f2a235aa92ec3682df0702e3e4894 (commit) from 56abaa14e0ac762455277757001387070e6ded45 (commit) - Log ----------------------------------------------------------------- commit 346a46f0748f2a235aa92ec3682df0702e3e4894 Author: Matt Caswell Date: Thu Jan 15 13:04:01 2015 +0000 Updates to CHANGES and NEWS Reviewed-by: Dr Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- NEWS | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 5779dfc..1ccbfd3 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 0.9.8zd and 0.9.8ze [xx XXX xxxx] - *) + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] Changes between 0.9.8zc and 0.9.8zd [8 Jan 2015] diff --git a/NEWS b/NEWS index 19ba9d4..08ae2fc 100644 --- a/NEWS +++ b/NEWS @@ -7,7 +7,7 @@ Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [under development] - o + o Build fixes for the Windows and OpenVMS platforms Major changes between OpenSSL 0.9.8zc and OpenSSL 0.9.8zd [8 Jan 2015] From matt at openssl.org Thu Jan 15 15:26:31 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:26:31 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150115152635.5CBBD1DF118@butler.localdomain> The branch master has been updated via 101b64c492129687ffd6e24db2fc25349cee3375 (commit) from 90ae68e0163b5cea806ea1f4e9a55be0207b8a2c (commit) - Log ----------------------------------------------------------------- commit 101b64c492129687ffd6e24db2fc25349cee3375 Author: Matt Caswell Date: Thu Jan 15 15:17:09 2015 +0000 Update newsflash file for new releases ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index bf4b63c..cb7c4f0 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,7 @@ +15-Jan-2015: New releases to resolve Windows/OpenVMS compilation problems: +15-Jan-2015: OpenSSL 1.0.1l is now available, including bug fixes +15-Jan-2015: OpenSSL 1.0.0q is now available, including bug fixes +15-Jan-2015: OpenSSL 0.9.8ze is now available, including bug fixes 08-Jan-2015: Security Advisory: eight security fixes 08-Jan-2015: OpenSSL 1.0.1k is now available, including bug and security fixes 08-Jan-2015: OpenSSL 1.0.0p is now available, including bug and security fixes From matt at openssl.org Thu Jan 15 15:29:38 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:29:38 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150115152938.810AC1DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 3a9a0321638ae13957b66baae6d4955597fc128d (commit) via b83ceba7d51e846cf24433aa3c417bfd62b3ffa5 (commit) via d9738d5f0790ffa9a005829d40684cbaa18453fa (commit) from 583f0bc402a9f81c4d36f0a73c07f852ca915a1e (commit) - Log ----------------------------------------------------------------- commit 3a9a0321638ae13957b66baae6d4955597fc128d Author: Matt Caswell Date: Thu Jan 15 14:49:54 2015 +0000 Prepare for 1.0.1m-dev Reviewed-by: Stephen Henson commit b83ceba7d51e846cf24433aa3c417bfd62b3ffa5 Author: Matt Caswell Date: Thu Jan 15 14:45:15 2015 +0000 Prepare for 1.0.1l release Reviewed-by: Stephen Henson commit d9738d5f0790ffa9a005829d40684cbaa18453fa Author: Matt Caswell Date: Thu Jan 15 14:45:15 2015 +0000 make update Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- crypto/ecdsa/Makefile | 13 ++++++------- crypto/opensslv.h | 6 +++--- openssl.spec | 2 +- 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 1b304c9..d6233cb 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,11 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1k and 1.0.1l [xx XXX xxxx] + Changes between 1.0.1l and 1.0.1m [xx XXX xxxx] + + *) + + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] diff --git a/NEWS b/NEWS index 595773b..e17516e 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [under development] + Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [under development] + + o + + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] o Build fixes for the Windows and OpenVMS platforms diff --git a/README b/README index 988f295..3c1d767 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.1l-dev + OpenSSL 1.0.1m-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index 60c876d..e89e0c0 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -126,16 +126,15 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c diff --git a/crypto/opensslv.h b/crypto/opensslv.h index b68d355..de47e0b 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -29,11 +29,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x100010c0L +#define OPENSSL_VERSION_NUMBER 0x100010d0L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1m-fips-dev xx XXX xxxx" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1l-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.1m-dev xx XXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 70cfc7d..40ac462 100644 --- a/openssl.spec +++ b/openssl.spec @@ -7,7 +7,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl #Version: %{libmaj}.%{libmin}.%{librel} -Version: 1.0.1l +Version: 1.0.1m Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From matt at openssl.org Thu Jan 15 15:30:02 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:30:02 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8ze create Message-ID: <20150115153002.362C11DF118@butler.localdomain> The annotated tag OpenSSL_0_9_8ze has been created at deed151406f32123d345861cd9078524c0cca02e (tag) tagging e8ccaee31caa9376dd752b45a8f1a62259a69867 (commit) replaces OpenSSL_0_9_8zd tagged by Matt Caswell on Thu Jan 15 15:05:59 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 0.9.8ze release tag Dr. Stephen Henson (1): Avoid Windows 8 Getversion deprecated errors. Matt Caswell (8): Prepare for 0.9.8ze-dev Update .gitignore with windows files to be excluded from git Further windows specific .gitignore entries Avoid deprecation problems in Visual Studio 13 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Updates to CHANGES and NEWS make update Prepare for 0.9.8ze release ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 15 15:30:02 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:30:02 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0q create Message-ID: <20150115153002.402311DF121@butler.localdomain> The annotated tag OpenSSL_1_0_0q has been created at 689a1eb8d11c1f81e54ae68b409dcc0c1a6e8de1 (tag) tagging cdac2e8928ca483843bfa3b527efb16e7f83bd60 (commit) replaces OpenSSL_1_0_0p tagged by Matt Caswell on Thu Jan 15 14:56:27 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.0q release tag Matt Caswell (10): Prepare for 1.0.0q-dev Fix build failure on Windows due to undefined cflags identifier Update .gitignore with windows files to be excluded from git Further windows specific .gitignore entries Avoid deprecation problems in Visual Studio 13 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Make output from openssl version -f consistent with previous versions Updates to CHANGES and NEWS make update Prepare for 1.0.0q release Richard Levitte (2): VMS fixups for 1.0.0 Fixup installation script for VMS ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 15 15:30:02 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:30:02 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1l create Message-ID: <20150115153002.4BC091DF125@butler.localdomain> The annotated tag OpenSSL_1_0_1l has been created at 3af93c6cfaa06462206ec7dbf13fc86f172b4e6c (tag) tagging b83ceba7d51e846cf24433aa3c417bfd62b3ffa5 (commit) replaces OpenSSL_1_0_1k tagged by Matt Caswell on Thu Jan 15 14:45:15 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.1l release tag Dr. Stephen Henson (1): RT3662: Allow leading . in nameConstraints Matt Caswell (10): Prepare for 1.0.1l-dev Fix build failure on Windows due to undefined cflags identifier Update .gitignore with windows files to be excluded from git Further windows specific .gitignore entries Avoid deprecation problems in Visual Studio 13 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Make output from openssl version -f consistent with previous versions Updates to CHANGES and NEWS make update Prepare for 1.0.1l release Richard Levitte (1): Define CFLAGS as cflags on VMS as well ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 15 15:30:21 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:30:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150115153021.108A51DF118@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 569c68744ab18ff48074a683a57962d959fcb13c (commit) via cdac2e8928ca483843bfa3b527efb16e7f83bd60 (commit) via 01fb34ad43660a96ee19d9be663f970dc4fd9b9f (commit) from 08fac3fb6f17915cd28d1f25d4eaac97e09e9cb2 (commit) - Log ----------------------------------------------------------------- commit 569c68744ab18ff48074a683a57962d959fcb13c Author: Matt Caswell Date: Thu Jan 15 15:01:09 2015 +0000 Prepare for 1.0.0r-dev Reviewed-by: Stephen Henson commit cdac2e8928ca483843bfa3b527efb16e7f83bd60 Author: Matt Caswell Date: Thu Jan 15 14:56:27 2015 +0000 Prepare for 1.0.0q release Reviewed-by: Stephen Henson commit 01fb34ad43660a96ee19d9be663f970dc4fd9b9f Author: Matt Caswell Date: Thu Jan 15 14:56:27 2015 +0000 make update Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- crypto/ecdsa/Makefile | 13 ++++++------- crypto/opensslv.h | 6 +++--- openssl.spec | 2 +- 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index ff739a4..f48a002 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,11 @@ OpenSSL CHANGES _______________ - Changes between 1.0.0p and 1.0.0q [xx XXX xxxx] + Changes between 1.0.0q and 1.0.0r [xx XXX xxxx] + + *) + + Changes between 1.0.0p and 1.0.0q [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] diff --git a/NEWS b/NEWS index e86836d..448b24a 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [under development] + Major changes between OpenSSL 1.0.0q and OpenSSL 1.0.0r [under development] + + o + + Major changes between OpenSSL 1.0.0p and OpenSSL 1.0.0q [15 Jan 2015] o Build fixes for the Windows and OpenVMS platforms diff --git a/README b/README index 9bc6659..4f67e9e 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.0q-dev + OpenSSL 1.0.0r-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index 60c876d..e89e0c0 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -126,16 +126,15 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h ecs_vrf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h ecs_vrf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecs_vrf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ecs_vrf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ecs_vrf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ecs_vrf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ../../include/openssl/x509_vfy.h ecs_locl.h ecs_vrf.c diff --git a/crypto/opensslv.h b/crypto/opensslv.h index b871e00..7cd1fc4 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x10000110L +#define OPENSSL_VERSION_NUMBER 0x10000120L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0q-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0r-fips-dev xx XXX xxxx" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0q-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 1.0.0r-dev xx XXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index a6e807f..272ed98 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.0q +Version: 1.0.0r Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From matt at openssl.org Thu Jan 15 15:30:35 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 15 Jan 2015 16:30:35 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150115153035.76FDA1DF118@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via ba442a7e1ba96d0b189bc627a2a750c928a42d13 (commit) via e8ccaee31caa9376dd752b45a8f1a62259a69867 (commit) via 60431d0db3c45dbcd304353f619e13f422d3dd95 (commit) from 346a46f0748f2a235aa92ec3682df0702e3e4894 (commit) - Log ----------------------------------------------------------------- commit ba442a7e1ba96d0b189bc627a2a750c928a42d13 Author: Matt Caswell Date: Thu Jan 15 15:08:48 2015 +0000 Prepare for 0.9.8zf-dev Reviewed-by: Stephen Henson commit e8ccaee31caa9376dd752b45a8f1a62259a69867 Author: Matt Caswell Date: Thu Jan 15 15:05:59 2015 +0000 Prepare for 0.9.8ze release Reviewed-by: Stephen Henson commit 60431d0db3c45dbcd304353f619e13f422d3dd95 Author: Matt Caswell Date: Thu Jan 15 15:05:59 2015 +0000 make update Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- crypto/ecdsa/Makefile | 13 ++++++------- crypto/opensslv.h | 6 +++--- openssl.spec | 2 +- 6 files changed, 21 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 1ccbfd3..71856be 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,11 @@ OpenSSL CHANGES _______________ - Changes between 0.9.8zd and 0.9.8ze [xx XXX xxxx] + Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx] + + *) + + Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015] *) Build fixes for the Windows and OpenVMS platforms [Matt Caswell and Richard Levitte] diff --git a/NEWS b/NEWS index 08ae2fc..9ebc70a 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [under development] + Major changes between OpenSSL 0.9.8ze and OpenSSL 0.9.8zf [under development] + + o + + Major changes between OpenSSL 0.9.8zd and OpenSSL 0.9.8ze [15 Jan 2015] o Build fixes for the Windows and OpenVMS platforms diff --git a/README b/README index e3f71f7..ee01e57 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 0.9.8ze-dev + OpenSSL 0.9.8zf-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index 6a1b4ef..49e2681 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -128,12 +128,11 @@ ecs_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h ecs_sign.o: ecs_locl.h ecs_sign.c -ecs_vrf.o: ../../e_os.h ../../include/openssl/asn1.h -ecs_vrf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -ecs_vrf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -ecs_vrf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -ecs_vrf.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -ecs_vrf.o: ../../include/openssl/err.h ../../include/openssl/evp.h +ecs_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +ecs_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +ecs_vrf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +ecs_vrf.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +ecs_vrf.o: ../../include/openssl/engine.h ../../include/openssl/evp.h ecs_vrf.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h ecs_vrf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h ecs_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h @@ -141,4 +140,4 @@ ecs_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h ecs_vrf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ecs_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ecs_vrf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ecs_vrf.o: ../cryptlib.h ecs_locl.h ecs_vrf.c +ecs_vrf.o: ecs_locl.h ecs_vrf.c diff --git a/crypto/opensslv.h b/crypto/opensslv.h index b850c62..b9e7795 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -25,11 +25,11 @@ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -#define OPENSSL_VERSION_NUMBER 0x009081e0L +#define OPENSSL_VERSION_NUMBER 0x009081f0L #ifdef OPENSSL_FIPS -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8ze-fips-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-fips-dev xx XXX xxxx" #else -#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8ze-dev xx XXX xxxx" +#define OPENSSL_VERSION_TEXT "OpenSSL 0.9.8zf-dev xx XXX xxxx" #endif #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/openssl.spec b/openssl.spec index 1d77739..934e5b3 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 0.9.8ze +Version: 0.9.8zf Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From rsalz at openssl.org Thu Jan 15 16:19:11 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 15 Jan 2015 17:19:11 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150115161911.7B7531DF118@butler.localdomain> The branch master has been updated via 4114de7dcffc5d142445eb32445437c39d4a8fd3 (commit) from 101b64c492129687ffd6e24db2fc25349cee3375 (commit) - Log ----------------------------------------------------------------- commit 4114de7dcffc5d142445eb32445437c39d4a8fd3 Author: Rich Salz Date: Thu Jan 15 11:18:58 2015 -0500 Add sudo -u www-data on git pull ----------------------------------------------------------------------- Summary of changes: Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index e1adf92..11d90c9 100644 --- a/Makefile +++ b/Makefile @@ -34,7 +34,7 @@ relupd: ( cd $(SNAP)/.. ; for dir in openssl* ; do \ echo Updating $$dir ; cd $$dir ; sudo -u openssl git pull $(QUIET) ; cd .. ; \ done ) - git pull $(QUIET) + sudo -u www-data git pull $(QUIET) sudo -u www-data $(MAKE) simple From rsalz at openssl.org Thu Jan 15 17:54:25 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 15 Jan 2015 18:54:25 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150115175425.6110A1DF118@butler.localdomain> The branch master has been updated via 154528219e1c1c7a63e31dfe0ba71957e83910a8 (commit) from 4114de7dcffc5d142445eb32445437c39d4a8fd3 (commit) - Log ----------------------------------------------------------------- commit 154528219e1c1c7a63e31dfe0ba71957e83910a8 Author: Rich Salz Date: Thu Jan 15 12:54:18 2015 -0500 add sudo check to relupd ----------------------------------------------------------------------- Summary of changes: Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/Makefile b/Makefile index 11d90c9..404248c 100644 --- a/Makefile +++ b/Makefile @@ -31,6 +31,7 @@ generated: # Update release notes (and other items, but relnotes is the use-case) relupd: + id | grep -q root || { echo you must sudo ; exit 1; } ( cd $(SNAP)/.. ; for dir in openssl* ; do \ echo Updating $$dir ; cd $$dir ; sudo -u openssl git pull $(QUIET) ; cd .. ; \ done ) From steve at openssl.org Thu Jan 15 18:51:14 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 15 Jan 2015 19:51:14 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150115185114.BD9261DF118@butler.localdomain> The branch master has been updated via 66c6410034d8845715d086baab38c280dd04c959 (commit) from 154528219e1c1c7a63e31dfe0ba71957e83910a8 (commit) - Log ----------------------------------------------------------------- commit 66c6410034d8845715d086baab38c280dd04c959 Author: Steve Marquess Date: Thu Jan 15 13:44:07 2015 -0500 Add Oracle logo ----------------------------------------------------------------------- Summary of changes: images/oracle-logo-med.jpg | Bin 0 -> 4017 bytes support/acknowledgments.wml | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 images/oracle-logo-med.jpg diff --git a/images/oracle-logo-med.jpg b/images/oracle-logo-med.jpg new file mode 100644 index 0000000..e355b8f Binary files /dev/null and b/images/oracle-logo-med.jpg differ diff --git a/support/acknowledgments.wml b/support/acknowledgments.wml index 26d5eb2..ca8345e 100644 --- a/support/acknowledgments.wml +++ b/support/acknowledgments.wml @@ -66,6 +66,9 @@ Platinum sponsors (listed chronologically, left to right). The sustainable fund + + +

    From appro at openssl.org Thu Jan 22 11:01:41 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 22 Jan 2015 12:01:41 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122110142.ABCEE1DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 2ad75afc3ea9da39b25535352580a8ec721fc415 (commit) from 83975c80bbc3e84cc605e0491707a6517f5dd346 (commit) - Log ----------------------------------------------------------------- commit 2ad75afc3ea9da39b25535352580a8ec721fc415 Author: Andy Polyakov Date: Thu Jan 22 12:00:55 2015 +0100 sha256-armv4.pl: fix typo. Reviewed-by: Tim Hudson (cherry picked from commit 52cab5635603c1a7a00bc6f92401c84ec8920298) ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/sha256-armv4.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index b0ae936..f14c9c3 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -619,7 +619,7 @@ ___ $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 2 -#if __ARM_MARCH_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 #endif ___ From appro at openssl.org Thu Jan 22 11:01:42 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 22 Jan 2015 12:01:42 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122110142.CB8C21DF125@butler.localdomain> The branch master has been updated via 52cab5635603c1a7a00bc6f92401c84ec8920298 (commit) from 35a1cc90bc1795e8893c11e442790ee7f659fffb (commit) - Log ----------------------------------------------------------------- commit 52cab5635603c1a7a00bc6f92401c84ec8920298 Author: Andy Polyakov Date: Thu Jan 22 12:00:55 2015 +0100 sha256-armv4.pl: fix typo. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/sha/asm/sha256-armv4.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index b0ae936..f14c9c3 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -619,7 +619,7 @@ ___ $code.=<<___; .asciz "SHA256 block transform for ARMv4/NEON/ARMv8, CRYPTOGAMS by " .align 2 -#if __ARM_MARCH_ARCH__>=7 +#if __ARM_MAX_ARCH__>=7 .comm OPENSSL_armcap_P,4,4 #endif ___ From appro at openssl.org Thu Jan 22 11:14:55 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 22 Jan 2015 12:14:55 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122111455.6FA301DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 2fc264917370321c5b359c9de2fcde9ce776087e (commit) from 2ad75afc3ea9da39b25535352580a8ec721fc415 (commit) - Log ----------------------------------------------------------------- commit 2fc264917370321c5b359c9de2fcde9ce776087e Author: Andy Polyakov Date: Thu Jan 22 12:13:57 2015 +0100 Fix macosx-ppc build (and typos in unwind info). Reviewed-by: Tim Hudson (cherry picked from commit c462a6817bb05a4c8dded1aa9fa3aa8fd7e176bf) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 6 ++++-- crypto/sha/asm/sha512p8-ppc.pl | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 3ee8979..a1891cc 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -648,6 +648,7 @@ ___ {{ # Optimized CBC decrypt procedure # my $key_="r11"; my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); + $x00=0 if ($flavour =~ /osx/); my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10..13)); my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(14..21)); my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys @@ -1227,7 +1228,7 @@ Lcbc_dec8x_done: addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` blr .long 0 - .byte 0,12,0x14,0,0x80,6,6,0 + .byte 0,12,0x04,0,0x80,6,6,0 .long 0 .size .${prefix}_cbc_encrypt,.-.${prefix}_cbc_encrypt ___ @@ -1353,6 +1354,7 @@ ___ {{ # Optimized CTR procedure # my $key_="r11"; my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); + $x00=0 if ($flavour =~ /osx/); my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10,12..14)); my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(15..22)); my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys @@ -1879,7 +1881,7 @@ Lctr32_enc8x_done: addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` blr .long 0 - .byte 0,12,0x14,0,0x80,6,6,0 + .byte 0,12,0x04,0,0x80,6,6,0 .long 0 .size .${prefix}_ctr32_encrypt_blocks,.-.${prefix}_ctr32_encrypt_blocks ___ diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index a316b31..4718950 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -76,6 +76,7 @@ $lrsave="r8"; $offload="r11"; $vrsave="r12"; ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31)); + $x00=0 if ($flavour =~ /osx/); @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); @X=map("v$_",(8..23)); From appro at openssl.org Thu Jan 22 11:14:55 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 22 Jan 2015 12:14:55 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122111455.EAE771DF125@butler.localdomain> The branch master has been updated via c462a6817bb05a4c8dded1aa9fa3aa8fd7e176bf (commit) from 52cab5635603c1a7a00bc6f92401c84ec8920298 (commit) - Log ----------------------------------------------------------------- commit c462a6817bb05a4c8dded1aa9fa3aa8fd7e176bf Author: Andy Polyakov Date: Thu Jan 22 12:13:57 2015 +0100 Fix macosx-ppc build (and typos in unwind info). Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesp8-ppc.pl | 6 ++++-- crypto/sha/asm/sha512p8-ppc.pl | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/crypto/aes/asm/aesp8-ppc.pl b/crypto/aes/asm/aesp8-ppc.pl index 3ee8979..a1891cc 100755 --- a/crypto/aes/asm/aesp8-ppc.pl +++ b/crypto/aes/asm/aesp8-ppc.pl @@ -648,6 +648,7 @@ ___ {{ # Optimized CBC decrypt procedure # my $key_="r11"; my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); + $x00=0 if ($flavour =~ /osx/); my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10..13)); my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(14..21)); my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys @@ -1227,7 +1228,7 @@ Lcbc_dec8x_done: addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` blr .long 0 - .byte 0,12,0x14,0,0x80,6,6,0 + .byte 0,12,0x04,0,0x80,6,6,0 .long 0 .size .${prefix}_cbc_encrypt,.-.${prefix}_cbc_encrypt ___ @@ -1353,6 +1354,7 @@ ___ {{ # Optimized CTR procedure # my $key_="r11"; my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,8,26..31)); + $x00=0 if ($flavour =~ /osx/); my ($in0, $in1, $in2, $in3, $in4, $in5, $in6, $in7 )=map("v$_",(0..3,10,12..14)); my ($out0,$out1,$out2,$out3,$out4,$out5,$out6,$out7)=map("v$_",(15..22)); my $rndkey0="v23"; # v24-v25 rotating buffer for first found keys @@ -1879,7 +1881,7 @@ Lctr32_enc8x_done: addi $sp,$sp,`$FRAME+21*16+6*$SIZE_T` blr .long 0 - .byte 0,12,0x14,0,0x80,6,6,0 + .byte 0,12,0x04,0,0x80,6,6,0 .long 0 .size .${prefix}_ctr32_encrypt_blocks,.-.${prefix}_ctr32_encrypt_blocks ___ diff --git a/crypto/sha/asm/sha512p8-ppc.pl b/crypto/sha/asm/sha512p8-ppc.pl index a316b31..4718950 100755 --- a/crypto/sha/asm/sha512p8-ppc.pl +++ b/crypto/sha/asm/sha512p8-ppc.pl @@ -76,6 +76,7 @@ $lrsave="r8"; $offload="r11"; $vrsave="r12"; ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,10,26..31)); + $x00=0 if ($flavour =~ /osx/); @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("v$_",(0..7)); @X=map("v$_",(8..23)); From appro at openssl.org Thu Jan 22 12:06:58 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 22 Jan 2015 13:06:58 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122120659.078AA1DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 3577e01438469a64bfd435cbad902f2e291ddb1f (commit) from 2fc264917370321c5b359c9de2fcde9ce776087e (commit) - Log ----------------------------------------------------------------- commit 3577e01438469a64bfd435cbad902f2e291ddb1f Author: Corinna Vinschen Date: Sat Dec 6 13:53:58 2014 +0100 Drop redundant and outdated __CYGWIN32__ tests. Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN. Drop outdated Cygwin targets. RT#3605 Signed-off-by: Corinna Vinschen Reviewed-by: Tim Hudson (cherry picked from commit 732c5a6b928f10de4d6ca0394f49e9938a47a93b) Resolved conflicts: Configure TABLE ----------------------------------------------------------------------- Summary of changes: Configure | 7 +--- TABLE | 106 +------------------------------------------------ crypto/des/read_pwd.c | 2 +- e_os2.h | 2 +- 4 files changed, 6 insertions(+), 111 deletions(-) diff --git a/Configure b/Configure index 0850d90..3cf4a7a 100755 --- a/Configure +++ b/Configure @@ -183,7 +183,6 @@ my %table=( "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -589,10 +588,8 @@ my %table=( "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN32::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv diff --git a/TABLE b/TABLE index 8d4966b..dc3e139 100644 --- a/TABLE +++ b/TABLE @@ -345,7 +345,7 @@ $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall $unistd = $thread_cflag = -$sys_id = CYGWIN32 +$sys_id = CYGWIN $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o @@ -374,46 +374,12 @@ $ranlib = $arflags = $multilib = -*** Cygwin-pre1.3 -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -$unistd = -$thread_cflag = (unknown) -$sys_id = CYGWIN32 -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** Cygwin-x86_64 $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -$sys_id = CYGWIN32 +$sys_id = CYGWIN $lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o @@ -1666,40 +1632,6 @@ $ranlib = $arflags = $multilib = -*** debug-Cygwin -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -$unistd = -$thread_cflag = -$sys_id = CYGWIN32 -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= cygwin-shared -$shared_cflag = -D_WINDLL -$shared_ldflag = -shared -$shared_extension = .dll.a -$ranlib = -$arflags = -$multilib = - *** debug-VC-WIN32 $cc = cl $cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE @@ -3060,40 +2992,6 @@ $ranlib = $arflags = $multilib = -*** debug-ulf -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -$unistd = -$thread_cflag = -$sys_id = CYGWIN32 -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= cygwin-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .dll -$ranlib = -$arflags = -$multilib = - *** debug-vos-gcc $cc = gcc $cflags = -O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 16ba0a9..514a706 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -172,7 +172,7 @@ # include #endif -#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE) +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE) # include # define fgets(a,b,c) noecho_fgets(a,b,c) #endif diff --git a/e_os2.h b/e_os2.h index d400ac7..613607f 100644 --- a/e_os2.h +++ b/e_os2.h @@ -101,7 +101,7 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_UWIN # else -# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) +# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else From appro at openssl.org Thu Jan 22 12:06:59 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 22 Jan 2015 13:06:59 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122120659.293841DF125@butler.localdomain> The branch master has been updated via 732c5a6b928f10de4d6ca0394f49e9938a47a93b (commit) from c462a6817bb05a4c8dded1aa9fa3aa8fd7e176bf (commit) - Log ----------------------------------------------------------------- commit 732c5a6b928f10de4d6ca0394f49e9938a47a93b Author: Corinna Vinschen Date: Sat Dec 6 13:53:58 2014 +0100 Drop redundant and outdated __CYGWIN32__ tests. Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN. Drop outdated Cygwin targets. RT#3605 Signed-off-by: Corinna Vinschen Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configure | 7 +- TABLE | 174 +------------------------------------------------ crypto/des/read_pwd.c | 2 +- e_os2.h | 2 +- 4 files changed, 6 insertions(+), 179 deletions(-) diff --git a/Configure b/Configure index 16be727..57e66e3 100755 --- a/Configure +++ b/Configure @@ -186,7 +186,6 @@ my %table=( "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -549,10 +548,8 @@ my %table=( "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", # Cygwin -"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32", -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN32::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", +"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv diff --git a/TABLE b/TABLE index baf6b6a..8e04733 100644 --- a/TABLE +++ b/TABLE @@ -345,7 +345,7 @@ $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall $unistd = $thread_cflag = -$sys_id = CYGWIN32 +$sys_id = CYGWIN $lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o @@ -374,46 +374,12 @@ $ranlib = $arflags = $multilib = -*** Cygwin-pre1.3 -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -$unistd = -$thread_cflag = (unknown) -$sys_id = CYGWIN32 -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** Cygwin-x86_64 $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -$sys_id = CYGWIN32 +$sys_id = CYGWIN $lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o @@ -1326,40 +1292,6 @@ $ranlib = $arflags = $multilib = -*** darwin64-debug-test-64-clang -$cc = clang -$cflags = -arch x86_64 -DL_ENDIAN -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = MACOSX -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = e_padlock-x86_64.o -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch x86_64 -dynamiclib -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - *** darwin64-ppc-cc $cc = cc $cflags = -arch ppc64 -O3 -DB_ENDIAN @@ -1496,40 +1428,6 @@ $ranlib = $arflags = $multilib = -*** debug-Cygwin -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror -$unistd = -$thread_cflag = -$sys_id = CYGWIN32 -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= cygwin-shared -$shared_cflag = -D_WINDLL -$shared_ldflag = -shared -$shared_extension = .dll.a -$ranlib = -$arflags = -$multilib = - *** debug-VC-WIN32 $cc = cl $cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE @@ -2958,74 +2856,6 @@ $ranlib = $arflags = $multilib = -*** debug-test-64-clang -$cc = clang -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = e_padlock-x86_64.o -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-gcc-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-ulf -$cc = gcc -$cflags = -DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -$unistd = -$thread_cflag = -$sys_id = CYGWIN32 -$lflags = -$bn_ops = -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = win32 -$shared_target= cygwin-shared -$shared_cflag = -$shared_ldflag = -$shared_extension = .dll -$ranlib = -$arflags = -$multilib = - *** debug-vos-gcc $cc = gcc $cflags = -O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG diff --git a/crypto/des/read_pwd.c b/crypto/des/read_pwd.c index 48ef95d..0a51f88 100644 --- a/crypto/des/read_pwd.c +++ b/crypto/des/read_pwd.c @@ -166,7 +166,7 @@ # include #endif -#if defined(OPENSSL_SYS_MSDOS) && !defined(__CYGWIN32__) && !defined(OPENSSL_SYS_WINCE) +#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WINCE) # include # define fgets(a,b,c) noecho_fgets(a,b,c) #endif diff --git a/e_os2.h b/e_os2.h index 5615425..ecc0202 100644 --- a/e_os2.h +++ b/e_os2.h @@ -95,7 +95,7 @@ extern "C" { # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_UWIN # else -# if defined(__CYGWIN32__) || defined(OPENSSL_SYSNAME_CYGWIN32) +# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else From steve at openssl.org Thu Jan 22 12:41:25 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 22 Jan 2015 13:41:25 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122124126.170A41DF121@butler.localdomain> The branch master has been updated via 004efdbb41f731d36bf12d251909aaa08704a756 (commit) from 732c5a6b928f10de4d6ca0394f49e9938a47a93b (commit) - Log ----------------------------------------------------------------- commit 004efdbb41f731d36bf12d251909aaa08704a756 Author: Rob Stradling Date: Thu Jan 22 12:18:30 2015 +0000 Use inner algorithm when printing certificate. Reviewed-by: Stephen Henson Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/asn1/t_x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index f33932a..0bdc2c2 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -164,7 +164,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_SIGNAME)) { - if (X509_signature_print(bp, x->sig_alg, NULL) <= 0) + if (X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; #if 0 if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) From steve at openssl.org Thu Jan 22 12:44:03 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 22 Jan 2015 13:44:03 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122124403.953F81DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via f11818c88dc0b22c65f19e3d351f3738f02898d7 (commit) from 3577e01438469a64bfd435cbad902f2e291ddb1f (commit) - Log ----------------------------------------------------------------- commit f11818c88dc0b22c65f19e3d351f3738f02898d7 Author: Rob Stradling Date: Thu Jan 22 12:18:30 2015 +0000 Use inner algorithm when printing certificate. Reviewed-by: Stephen Henson Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (cherry picked from commit 004efdbb41f731d36bf12d251909aaa08704a756) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/t_x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 4c9bf2c..8aab551 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -164,7 +164,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_SIGNAME)) { - if (X509_signature_print(bp, x->sig_alg, NULL) <= 0) + if (X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; #if 0 if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) From steve at openssl.org Thu Jan 22 14:13:47 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 22 Jan 2015 15:13:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150122141347.585581DF121@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 73f89820175136769d088a3732000d24c4ac2164 (commit) from cda8845ded7c0739c9142283ed4c449130b1b546 (commit) - Log ----------------------------------------------------------------- commit 73f89820175136769d088a3732000d24c4ac2164 Author: Rob Stradling Date: Thu Jan 22 12:18:30 2015 +0000 Use inner algorithm when printing certificate. Reviewed-by: Stephen Henson Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte (cherry picked from commit 004efdbb41f731d36bf12d251909aaa08704a756) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/t_x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 07e6397..4e7c45d 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -164,7 +164,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } if (!(cflag & X509_FLAG_NO_SIGNAME)) { - if (X509_signature_print(bp, x->sig_alg, NULL) <= 0) + if (X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; #if 0 if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) From matt at openssl.org Thu Jan 22 14:28:40 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 15:28:40 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122142840.40B321DF121@butler.localdomain> The branch master has been updated via d2a0d72f33e2cd81a5c81b29b05d6fdb2cc67ac2 (commit) via a8fe430a0d1ece596e66f27e09dc63ca19a2e2d6 (commit) from 004efdbb41f731d36bf12d251909aaa08704a756 (commit) - Log ----------------------------------------------------------------- commit d2a0d72f33e2cd81a5c81b29b05d6fdb2cc67ac2 Author: Matt Caswell Date: Thu Jan 22 11:04:47 2015 +0000 Fix post-reformat errors preventing windows compilation Reviewed-by: Tim Hudson commit a8fe430a0d1ece596e66f27e09dc63ca19a2e2d6 Author: Matt Caswell Date: Thu Jan 22 10:42:48 2015 +0000 Fix formatting error in pem.h Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 2 +- crypto/pem/pem.h | 18 ++++++++++++------ ssl/d1_lib.c | 2 +- 3 files changed, 14 insertions(+), 8 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 78c437b..885b969 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -2055,7 +2055,7 @@ static void get_current_time(struct timeval *t) # ifdef __MINGW32__ now.ul -= 116444736000000000ULL; # else - now.ul -= 116444736000000000U I64; /* re-bias to 1/1/1970 */ + now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 9aa99be..848649d 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -452,7 +452,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) -DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) @@ -460,20 +461,25 @@ DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) # ifndef OPENSSL_NO_RSA DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) # endif # ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) # endif # ifndef OPENSSL_NO_EC DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) -DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) # endif # ifndef OPENSSL_NO_DH -DECLARE_PEM_rw_const(DHparams, DH) DECLARE_PEM_write_const(DHxparams, DH) +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) # endif -DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index e75d049..4ca6bb3 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -528,7 +528,7 @@ static void get_current_time(struct timeval *t) # ifdef __MINGW32__ now.ul -= 116444736000000000ULL; # else - now.ul -= 116444736000000000U I64; /* re-bias to 1/1/1970 */ + now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; From matt at openssl.org Thu Jan 22 14:28:50 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 15:28:50 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122142851.8D7A01DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via d3b7cac41b957704932a0cdbc74d4d48ed507cd0 (commit) via fdc3ced983bb3efbb2ff4da52fdaef147f7f7ed2 (commit) via 65d6fdaa21d03a1640d04ba48c0f8047873921e6 (commit) from f11818c88dc0b22c65f19e3d351f3738f02898d7 (commit) - Log ----------------------------------------------------------------- commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0 Author: Matt Caswell Date: Thu Jan 22 11:44:18 2015 +0000 Fix for reformat problems with e_padlock.c Reviewed-by: Andy Polyakov commit fdc3ced983bb3efbb2ff4da52fdaef147f7f7ed2 Author: Matt Caswell Date: Thu Jan 22 11:04:47 2015 +0000 Fix post-reformat errors preventing windows compilation Reviewed-by: Tim Hudson commit 65d6fdaa21d03a1640d04ba48c0f8047873921e6 Author: Matt Caswell Date: Thu Jan 22 10:42:48 2015 +0000 Fix formatting error in pem.h Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 2 +- crypto/pem/pem.h | 18 +++++--- engines/e_padlock.c | 120 ++++++++++++++++++++++++++++++++++++------------ ssl/d1_lib.c | 2 +- 4 files changed, 105 insertions(+), 37 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 1f0f160..fcbae5f 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -2052,7 +2052,7 @@ static void get_current_time(struct timeval *t) # ifdef __MINGW32__ now.ul -= 116444736000000000ULL; # else - now.ul -= 116444736000000000U I64; /* re-bias to 1/1/1970 */ + now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 1d7232c..d3b23fc 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -451,7 +451,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) -DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) @@ -459,20 +460,25 @@ DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) # ifndef OPENSSL_NO_RSA DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) # endif # ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) # endif # ifndef OPENSSL_NO_EC DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) -DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) # endif # ifndef OPENSSL_NO_DH -DECLARE_PEM_rw_const(DHparams, DH) DECLARE_PEM_write_const(DHxparams, DH) +DECLARE_PEM_rw_const(DHparams, DH) +DECLARE_PEM_write_const(DHxparams, DH) # endif -DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, diff --git a/engines/e_padlock.c b/engines/e_padlock.c index ab9d5fb..2898e4c 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -525,42 +525,104 @@ static void * __fastcall \ REP_XCRYPT(code) \ } -PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, 0xc8) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, 0xd0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, 0xe0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, 0xe8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) static int __fastcall padlock_xstore(void *outp, unsigned int code) { -_asm mov edi, ecx - _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0} - static void __fastcall padlock_reload_key(void) + _asm mov edi,ecx + _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 +} + +static void __fastcall padlock_reload_key(void) { -_asm pushfd _asm popfd} - static void __fastcall padlock_verify_context(void *cdata) + _asm pushfd + _asm popfd +} + +static void __fastcall padlock_verify_context(void *cdata) { - _asm { -pushfd bt DWORD PTR[esp], 30 jnc skip cmp ecx, - padlock_saved_context je skip popfd sub esp, - 4 skip:add esp, 4 mov padlock_saved_context, - ecx}} static int padlock_available(void) + _asm { + pushfd + bt DWORD PTR[esp],30 + jnc skip + cmp ecx,padlock_saved_context + je skip + popfd + sub esp,4 + skip: add esp,4 + mov padlock_saved_context,ecx + } +} + +static int +padlock_available(void) { - _asm { -pushfd pop eax mov ecx, eax xor eax, - 1 << 21 push eax popfd pushfd pop eax xor eax, ecx bt eax, - 21 jnc noluck mov eax, 0 cpuid xor eax, eax cmp ebx, - 'tneC' jne noluck cmp edx, 'Hrua' jne noluck cmp ecx, - 'slua' jne noluck mov eax, 0xC0000000 cpuid mov edx, - eax xor eax, eax cmp edx, 0xC0000001 jb noluck mov eax, - 0xC0000001 cpuid xor eax, eax bt edx, 6 jnc skip_a bt edx, - 7 jnc skip_a mov padlock_use_ace, 1 inc eax skip_a:bt edx, - 2 jnc skip_r bt edx, 3 jnc skip_r mov padlock_use_rng, - 1 inc eax skip_r:noluck:}} static void __fastcall -padlock_bswapl(void *key) + _asm { + pushfd + pop eax + mov ecx,eax + xor eax,1<<21 + push eax + popfd + pushfd + pop eax + xor eax,ecx + bt eax,21 + jnc noluck + mov eax,0 + cpuid + xor eax,eax + cmp ebx,'tneC' + jne noluck + cmp edx,'Hrua' + jne noluck + cmp ecx,'slua' + jne noluck + mov eax,0xC0000000 + cpuid + mov edx,eax + xor eax,eax + cmp edx,0xC0000001 + jb noluck + mov eax,0xC0000001 + cpuid + xor eax,eax + bt edx,6 + jnc skip_a + bt edx,7 + jnc skip_a + mov padlock_use_ace,1 + inc eax + skip_a: bt edx,2 + jnc skip_r + bt edx,3 + jnc skip_r + mov padlock_use_rng,1 + inc eax + skip_r: + noluck: + } +} + +static void __fastcall padlock_bswapl(void *key) { - _asm { -pushfd cld mov esi, ecx mov edi, ecx mov ecx, 60 up:lodsd - bswap eax stosd loop up popfd}} + _asm { + pushfd + cld + mov esi,ecx + mov edi,ecx + mov ecx,60 + up: lodsd + bswap eax + stosd + loop up + popfd + } +} + /* * MS actually specifies status of Direction Flag and compiler even manages * to compile following as 'rep movsd' all by itself... diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index d2d3d2e..2845757 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -525,7 +525,7 @@ static void get_current_time(struct timeval *t) # ifdef __MINGW32__ now.ul -= 116444736000000000ULL; # else - now.ul -= 116444736000000000U I64; /* re-bias to 1/1/1970 */ + now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */ # endif t->tv_sec = (long)(now.ul / 10000000); t->tv_usec = ((int)(now.ul % 10000000)) / 10; From matt at openssl.org Thu Jan 22 14:29:14 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 15:29:14 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <20150122142914.3A46F1DF121@butler.localdomain> The branch OpenSSL_1_0_0-stable has been updated via 192e148154dc02a3d867cc2f45d33eb94436f9a6 (commit) via 1804f782987adbdc51e8dec8b8ddb22cece8b664 (commit) from 3d7a9aca8c400683d2fb7eca799fa547f70e4832 (commit) - Log ----------------------------------------------------------------- commit 192e148154dc02a3d867cc2f45d33eb94436f9a6 Author: Matt Caswell Date: Thu Jan 22 11:44:18 2015 +0000 Fix for reformat problems with e_padlock.c Reviewed-by: Andy Polyakov (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0) commit 1804f782987adbdc51e8dec8b8ddb22cece8b664 Author: Matt Caswell Date: Thu Jan 22 10:42:48 2015 +0000 Fix formatting error in pem.h Reviewed-by: Andy Polyakov Conflicts: crypto/pem/pem.h ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem.h | 15 ++++--- engines/e_padlock.c | 120 ++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 101 insertions(+), 34 deletions(-) diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index a330258..2cdad8a 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -450,7 +450,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) -DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) @@ -458,20 +459,24 @@ DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) # ifndef OPENSSL_NO_RSA DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) # endif # ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) # endif # ifndef OPENSSL_NO_EC DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) -DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) # endif # ifndef OPENSSL_NO_DH DECLARE_PEM_rw_const(DHparams, DH) # endif -DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, diff --git a/engines/e_padlock.c b/engines/e_padlock.c index f33b779..7c6e318 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -517,42 +517,104 @@ static void * __fastcall \ REP_XCRYPT(code) \ } -PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, 0xc8) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, 0xd0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, 0xe0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, 0xe8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) static int __fastcall padlock_xstore(void *outp, unsigned int code) { -_asm mov edi, ecx - _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0} - static void __fastcall padlock_reload_key(void) + _asm mov edi,ecx + _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 +} + +static void __fastcall padlock_reload_key(void) { -_asm pushfd _asm popfd} - static void __fastcall padlock_verify_context(void *cdata) + _asm pushfd + _asm popfd +} + +static void __fastcall padlock_verify_context(void *cdata) { - _asm { -pushfd bt DWORD PTR[esp], 30 jnc skip cmp ecx, - padlock_saved_context je skip popfd sub esp, - 4 skip:add esp, 4 mov padlock_saved_context, - ecx}} static int padlock_available(void) + _asm { + pushfd + bt DWORD PTR[esp],30 + jnc skip + cmp ecx,padlock_saved_context + je skip + popfd + sub esp,4 + skip: add esp,4 + mov padlock_saved_context,ecx + } +} + +static int +padlock_available(void) { - _asm { -pushfd pop eax mov ecx, eax xor eax, - 1 << 21 push eax popfd pushfd pop eax xor eax, ecx bt eax, - 21 jnc noluck mov eax, 0 cpuid xor eax, eax cmp ebx, - 'tneC' jne noluck cmp edx, 'Hrua' jne noluck cmp ecx, - 'slua' jne noluck mov eax, 0xC0000000 cpuid mov edx, - eax xor eax, eax cmp edx, 0xC0000001 jb noluck mov eax, - 0xC0000001 cpuid xor eax, eax bt edx, 6 jnc skip_a bt edx, - 7 jnc skip_a mov padlock_use_ace, 1 inc eax skip_a:bt edx, - 2 jnc skip_r bt edx, 3 jnc skip_r mov padlock_use_rng, - 1 inc eax skip_r:noluck:}} static void __fastcall -padlock_bswapl(void *key) + _asm { + pushfd + pop eax + mov ecx,eax + xor eax,1<<21 + push eax + popfd + pushfd + pop eax + xor eax,ecx + bt eax,21 + jnc noluck + mov eax,0 + cpuid + xor eax,eax + cmp ebx,'tneC' + jne noluck + cmp edx,'Hrua' + jne noluck + cmp ecx,'slua' + jne noluck + mov eax,0xC0000000 + cpuid + mov edx,eax + xor eax,eax + cmp edx,0xC0000001 + jb noluck + mov eax,0xC0000001 + cpuid + xor eax,eax + bt edx,6 + jnc skip_a + bt edx,7 + jnc skip_a + mov padlock_use_ace,1 + inc eax + skip_a: bt edx,2 + jnc skip_r + bt edx,3 + jnc skip_r + mov padlock_use_rng,1 + inc eax + skip_r: + noluck: + } +} + +static void __fastcall padlock_bswapl(void *key) { - _asm { -pushfd cld mov esi, ecx mov edi, ecx mov ecx, 60 up:lodsd - bswap eax stosd loop up popfd}} + _asm { + pushfd + cld + mov esi,ecx + mov edi,ecx + mov ecx,60 + up: lodsd + bswap eax + stosd + loop up + popfd + } +} + /* * MS actually specifies status of Direction Flag and compiler even manages * to compile following as 'rep movsd' all by itself... From matt at openssl.org Thu Jan 22 14:29:04 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 15:29:04 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150122142904.0FDC01DF121@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 925bfca5d347d10f1a2e172be001090ae7ebafc2 (commit) via 90a5adffc7c12135821ee22f9cc482df3a4bc035 (commit) from 73f89820175136769d088a3732000d24c4ac2164 (commit) - Log ----------------------------------------------------------------- commit 925bfca5d347d10f1a2e172be001090ae7ebafc2 Author: Matt Caswell Date: Thu Jan 22 11:44:18 2015 +0000 Fix for reformat problems with e_padlock.c Reviewed-by: Andy Polyakov (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0) commit 90a5adffc7c12135821ee22f9cc482df3a4bc035 Author: Matt Caswell Date: Thu Jan 22 10:42:48 2015 +0000 Fix formatting error in pem.h Reviewed-by: Andy Polyakov Conflicts: crypto/pem/pem.h ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem.h | 15 ++++--- engines/e_padlock.c | 120 ++++++++++++++++++++++++++++++++++++++------------- 2 files changed, 101 insertions(+), 34 deletions(-) diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index a330258..2cdad8a 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -450,7 +450,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) -DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) @@ -458,20 +459,24 @@ DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) # ifndef OPENSSL_NO_RSA DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) # endif # ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) # endif # ifndef OPENSSL_NO_EC DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) -DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) # endif # ifndef OPENSSL_NO_DH DECLARE_PEM_rw_const(DHparams, DH) # endif -DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, diff --git a/engines/e_padlock.c b/engines/e_padlock.c index ab9d5fb..2898e4c 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -525,42 +525,104 @@ static void * __fastcall \ REP_XCRYPT(code) \ } -PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, 0xc8) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, 0xd0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, 0xe0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, 0xe8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) static int __fastcall padlock_xstore(void *outp, unsigned int code) { -_asm mov edi, ecx - _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0} - static void __fastcall padlock_reload_key(void) + _asm mov edi,ecx + _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 +} + +static void __fastcall padlock_reload_key(void) { -_asm pushfd _asm popfd} - static void __fastcall padlock_verify_context(void *cdata) + _asm pushfd + _asm popfd +} + +static void __fastcall padlock_verify_context(void *cdata) { - _asm { -pushfd bt DWORD PTR[esp], 30 jnc skip cmp ecx, - padlock_saved_context je skip popfd sub esp, - 4 skip:add esp, 4 mov padlock_saved_context, - ecx}} static int padlock_available(void) + _asm { + pushfd + bt DWORD PTR[esp],30 + jnc skip + cmp ecx,padlock_saved_context + je skip + popfd + sub esp,4 + skip: add esp,4 + mov padlock_saved_context,ecx + } +} + +static int +padlock_available(void) { - _asm { -pushfd pop eax mov ecx, eax xor eax, - 1 << 21 push eax popfd pushfd pop eax xor eax, ecx bt eax, - 21 jnc noluck mov eax, 0 cpuid xor eax, eax cmp ebx, - 'tneC' jne noluck cmp edx, 'Hrua' jne noluck cmp ecx, - 'slua' jne noluck mov eax, 0xC0000000 cpuid mov edx, - eax xor eax, eax cmp edx, 0xC0000001 jb noluck mov eax, - 0xC0000001 cpuid xor eax, eax bt edx, 6 jnc skip_a bt edx, - 7 jnc skip_a mov padlock_use_ace, 1 inc eax skip_a:bt edx, - 2 jnc skip_r bt edx, 3 jnc skip_r mov padlock_use_rng, - 1 inc eax skip_r:noluck:}} static void __fastcall -padlock_bswapl(void *key) + _asm { + pushfd + pop eax + mov ecx,eax + xor eax,1<<21 + push eax + popfd + pushfd + pop eax + xor eax,ecx + bt eax,21 + jnc noluck + mov eax,0 + cpuid + xor eax,eax + cmp ebx,'tneC' + jne noluck + cmp edx,'Hrua' + jne noluck + cmp ecx,'slua' + jne noluck + mov eax,0xC0000000 + cpuid + mov edx,eax + xor eax,eax + cmp edx,0xC0000001 + jb noluck + mov eax,0xC0000001 + cpuid + xor eax,eax + bt edx,6 + jnc skip_a + bt edx,7 + jnc skip_a + mov padlock_use_ace,1 + inc eax + skip_a: bt edx,2 + jnc skip_r + bt edx,3 + jnc skip_r + mov padlock_use_rng,1 + inc eax + skip_r: + noluck: + } +} + +static void __fastcall padlock_bswapl(void *key) { - _asm { -pushfd cld mov esi, ecx mov edi, ecx mov ecx, 60 up:lodsd - bswap eax stosd loop up popfd}} + _asm { + pushfd + cld + mov esi,ecx + mov edi,ecx + mov ecx,60 + up: lodsd + bswap eax + stosd + loop up + popfd + } +} + /* * MS actually specifies status of Direction Flag and compiler even manages * to compile following as 'rep movsd' all by itself... From matt at openssl.org Thu Jan 22 14:29:31 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 15:29:31 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <20150122142931.CB1B91DF121@butler.localdomain> The branch OpenSSL_0_9_8-stable has been updated via 6844c129682c525af278bac75cb5d0696b85fa10 (commit) via ead95e760c04bb9445793f5f57eec073b507f891 (commit) from 02f0c26cea09e4ea847fba303a856b9475382ba5 (commit) - Log ----------------------------------------------------------------- commit 6844c129682c525af278bac75cb5d0696b85fa10 Author: Matt Caswell Date: Thu Jan 22 11:44:18 2015 +0000 Fix for reformat problems with e_padlock.c Reviewed-by: Andy Polyakov (cherry picked from commit d3b7cac41b957704932a0cdbc74d4d48ed507cd0) commit ead95e760c04bb9445793f5f57eec073b507f891 Author: Matt Caswell Date: Thu Jan 22 10:42:48 2015 +0000 Fix formatting error in pem.h Reviewed-by: Andy Polyakov Conflicts: crypto/pem/pem.h Conflicts: crypto/pem/pem.h ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_padlock.c | 120 ++++++++++++++++++++++++++++++++----------- crypto/pem/pem.h | 15 ++++-- 2 files changed, 101 insertions(+), 34 deletions(-) diff --git a/crypto/engine/eng_padlock.c b/crypto/engine/eng_padlock.c index 54ace8b..f233b16 100644 --- a/crypto/engine/eng_padlock.c +++ b/crypto/engine/eng_padlock.c @@ -511,42 +511,104 @@ static void * __fastcall \ REP_XCRYPT(code) \ } -PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, 0xc8) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, 0xd0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, 0xe0) - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, 0xe8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0) +PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8) static int __fastcall padlock_xstore(void *outp, unsigned int code) { -_asm mov edi, ecx - _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0} - static void __fastcall padlock_reload_key(void) + _asm mov edi,ecx + _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0 +} + +static void __fastcall padlock_reload_key(void) { -_asm pushfd _asm popfd} - static void __fastcall padlock_verify_context(void *cdata) + _asm pushfd + _asm popfd +} + +static void __fastcall padlock_verify_context(void *cdata) { - _asm { -pushfd bt DWORD PTR[esp], 30 jnc skip cmp ecx, - padlock_saved_context je skip popfd sub esp, - 4 skip:add esp, 4 mov padlock_saved_context, - ecx}} static int padlock_available(void) + _asm { + pushfd + bt DWORD PTR[esp],30 + jnc skip + cmp ecx,padlock_saved_context + je skip + popfd + sub esp,4 + skip: add esp,4 + mov padlock_saved_context,ecx + } +} + +static int +padlock_available(void) { - _asm { -pushfd pop eax mov ecx, eax xor eax, - 1 << 21 push eax popfd pushfd pop eax xor eax, ecx bt eax, - 21 jnc noluck mov eax, 0 cpuid xor eax, eax cmp ebx, - 'tneC' jne noluck cmp edx, 'Hrua' jne noluck cmp ecx, - 'slua' jne noluck mov eax, 0xC0000000 cpuid mov edx, - eax xor eax, eax cmp edx, 0xC0000001 jb noluck mov eax, - 0xC0000001 cpuid xor eax, eax bt edx, 6 jnc skip_a bt edx, - 7 jnc skip_a mov padlock_use_ace, 1 inc eax skip_a:bt edx, - 2 jnc skip_r bt edx, 3 jnc skip_r mov padlock_use_rng, - 1 inc eax skip_r:noluck:}} static void __fastcall -padlock_bswapl(void *key) + _asm { + pushfd + pop eax + mov ecx,eax + xor eax,1<<21 + push eax + popfd + pushfd + pop eax + xor eax,ecx + bt eax,21 + jnc noluck + mov eax,0 + cpuid + xor eax,eax + cmp ebx,'tneC' + jne noluck + cmp edx,'Hrua' + jne noluck + cmp ecx,'slua' + jne noluck + mov eax,0xC0000000 + cpuid + mov edx,eax + xor eax,eax + cmp edx,0xC0000001 + jb noluck + mov eax,0xC0000001 + cpuid + xor eax,eax + bt edx,6 + jnc skip_a + bt edx,7 + jnc skip_a + mov padlock_use_ace,1 + inc eax + skip_a: bt edx,2 + jnc skip_r + bt edx,3 + jnc skip_r + mov padlock_use_rng,1 + inc eax + skip_r: + noluck: + } +} + +static void __fastcall padlock_bswapl(void *key) { - _asm { -pushfd cld mov esi, ecx mov edi, ecx mov ecx, 60 up:lodsd - bswap eax stosd loop up popfd}} + _asm { + pushfd + cld + mov esi,ecx + mov edi,ecx + mov ecx,60 + up: lodsd + bswap eax + stosd + loop up + popfd + } +} + /* * MS actually specifies status of Direction Flag and compiler even manages * to compile following as 'rep movsd' all by itself... diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 36fd838..5fad903 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -620,7 +620,8 @@ void PEM_dek_info(char *buf, const char *type, int len, char *str); DECLARE_PEM_rw(X509, X509) DECLARE_PEM_rw(X509_AUX, X509) DECLARE_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR) -DECLARE_PEM_rw(X509_REQ, X509_REQ) DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) +DECLARE_PEM_rw(X509_REQ, X509_REQ) +DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) DECLARE_PEM_rw(X509_CRL, X509_CRL) DECLARE_PEM_rw(PKCS7, PKCS7) DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) @@ -628,20 +629,24 @@ DECLARE_PEM_rw(PKCS8, X509_SIG) DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) # ifndef OPENSSL_NO_RSA DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) -DECLARE_PEM_rw_const(RSAPublicKey, RSA) DECLARE_PEM_rw(RSA_PUBKEY, RSA) +DECLARE_PEM_rw_const(RSAPublicKey, RSA) +DECLARE_PEM_rw(RSA_PUBKEY, RSA) # endif # ifndef OPENSSL_NO_DSA DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) -DECLARE_PEM_rw(DSA_PUBKEY, DSA) DECLARE_PEM_rw_const(DSAparams, DSA) +DECLARE_PEM_rw(DSA_PUBKEY, DSA) +DECLARE_PEM_rw_const(DSAparams, DSA) # endif # ifndef OPENSSL_NO_EC DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP) -DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) +DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY) +DECLARE_PEM_rw(EC_PUBKEY, EC_KEY) # endif # ifndef OPENSSL_NO_DH DECLARE_PEM_rw_const(DHparams, DH) # endif -DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) DECLARE_PEM_rw(PUBKEY, EVP_PKEY) +DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) +DECLARE_PEM_rw(PUBKEY, EVP_PKEY) int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, char *kstr, int klen, From matt at openssl.org Thu Jan 22 14:49:47 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 15:49:47 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122144947.0B3C41DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 25fc5ac48a349ded26ab394bb6fff946e710cf9a (commit) from d3b7cac41b957704932a0cdbc74d4d48ed507cd0 (commit) - Log ----------------------------------------------------------------- commit 25fc5ac48a349ded26ab394bb6fff946e710cf9a Author: Matt Caswell Date: Thu Jan 22 14:36:27 2015 +0000 NEWS update Reviewed-by: Dr Stephen Henson ----------------------------------------------------------------------- Summary of changes: NEWS | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e9180ad..d8f5986 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,7 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]: + Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [in beta]: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 @@ -16,6 +16,21 @@ o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] + + o Build fixes for the Windows and OpenVMS platforms + + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2015-0206 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2015-0205 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] o Fix for CVE-2014-3513 From matt at openssl.org Thu Jan 22 15:14:44 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 16:14:44 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122151445.048051DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via ba7e998d5b464ccbbb9dbf0790186a57fee6e9cd (commit) from 25fc5ac48a349ded26ab394bb6fff946e710cf9a (commit) - Log ----------------------------------------------------------------- commit ba7e998d5b464ccbbb9dbf0790186a57fee6e9cd Author: Matt Caswell Date: Thu Jan 22 15:07:48 2015 +0000 Updates to CHANGES for 1.0.2 Reviewed-by: Dr Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0ca93f2..8833a4c 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,7 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] + Changes between 1.0.1l and 1.0.2 [xx XXX xxxx] *) SRTP Memory Leak. @@ -371,7 +371,12 @@ X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_get_signature were reverted post internal team review. - Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] + + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. From matt at openssl.org Thu Jan 22 16:21:43 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 17:21:43 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150122162143.8C3B71DF121@butler.localdomain> The branch master has been updated via 4e933bbccdaff4562842f4b87258c49598cb600d (commit) from 66c6410034d8845715d086baab38c280dd04c959 (commit) - Log ----------------------------------------------------------------- commit 4e933bbccdaff4562842f4b87258c49598cb600d Author: Matt Caswell Date: Thu Jan 22 16:14:52 2015 +0000 Update newsflash for 1.0.2 ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index cb7c4f0..b429a49 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,4 @@ +22-Jan-2015: OpenSSL 1.0.2 is now available, a major release 15-Jan-2015: New releases to resolve Windows/OpenVMS compilation problems: 15-Jan-2015: OpenSSL 1.0.1l is now available, including bug fixes 15-Jan-2015: OpenSSL 1.0.0q is now available, including bug fixes From matt at openssl.org Thu Jan 22 16:37:07 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 17:37:07 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150122163707.1F70C1DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 06aab26874279547da6e2c877ad84c849fcb8ac0 (commit) via 4ac0329582829f5378d8078c8d314ad37db87736 (commit) via 51e647f6e50d16582838eec51eafe503413c4af7 (commit) from ba7e998d5b464ccbbb9dbf0790186a57fee6e9cd (commit) - Log ----------------------------------------------------------------- commit 06aab26874279547da6e2c877ad84c849fcb8ac0 Author: Matt Caswell Date: Thu Jan 22 16:16:24 2015 +0000 Prepare for 1.0.2a-dev Reviewed-by: Stephen Henson commit 4ac0329582829f5378d8078c8d314ad37db87736 Author: Matt Caswell Date: Thu Jan 22 16:12:26 2015 +0000 Prepare for 1.0.2 release Reviewed-by: Stephen Henson commit 51e647f6e50d16582838eec51eafe503413c4af7 Author: Matt Caswell Date: Thu Jan 22 16:12:26 2015 +0000 make update Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +++++- NEWS | 6 +++++- README | 2 +- crypto/bn/Makefile | 1 - crypto/opensslv.h | 6 +++--- crypto/stack/safestack.h | 1 - openssl.spec | 2 +- 7 files changed, 15 insertions(+), 9 deletions(-) diff --git a/CHANGES b/CHANGES index 8833a4c..c1a07d7 100644 --- a/CHANGES +++ b/CHANGES @@ -2,7 +2,11 @@ OpenSSL CHANGES _______________ - Changes between 1.0.1l and 1.0.2 [xx XXX xxxx] + Changes between 1.0.2 and 1.0.2a [xx XXX xxxx] + + *) + + Changes between 1.0.1l and 1.0.2 [22 Jan 2015] *) SRTP Memory Leak. diff --git a/NEWS b/NEWS index d8f5986..41e5bdb 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [in beta]: + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development] + + o + + Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 diff --git a/README b/README index 1f0c706..89b7ac3 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2-beta4-dev + OpenSSL 1.0.2a-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index f1eb639..0cdbd20 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -253,7 +253,6 @@ bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h -bn_exp.o: rsaz_exp.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/opensslv.h b/crypto/opensslv.h index 5570945..f0a9432 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10002004L +# define OPENSSL_VERSION_NUMBER 0x10002010L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2-beta4-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2-beta4-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index 431064e..1d4f87e 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -2666,7 +2666,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define lh_SSL_SESSION_stats_bio(lh,out) \ LHM_lh_stats_bio(SSL_SESSION,lh,out) # define lh_SSL_SESSION_free(lh) LHM_lh_free(SSL_SESSION,lh) -/* End of util/mkstack.pl block, you may now edit :-) */ #ifdef __cplusplus } #endif diff --git a/openssl.spec b/openssl.spec index c90dc69..909f2bf 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2 +Version: 1.0.2a Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries From matt at openssl.org Thu Jan 22 16:37:13 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 17:37:13 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2 create Message-ID: <20150122163713.7FD861DF121@butler.localdomain> The annotated tag OpenSSL_1_0_2 has been created at bfec9ddfdf241911fa917bdd10a579874414d450 (tag) tagging 4ac0329582829f5378d8078c8d314ad37db87736 (commit) replaces OpenSSL_1_0_2-beta3 tagged by Matt Caswell on Thu Jan 22 16:12:26 2015 +0000 - Log ----------------------------------------------------------------- OpenSSL 1.0.2 release tag Adam Langley (3): Don't set client_version to the ServerHello version. Premaster secret handling fixes Ensure that the session ID context of an SSL* is updated when its SSL_CTX is updated. Alok Menghrajani (3): Fixes a minor typo in the EVP docs. Improves the proxy certificates howto doc. Improves certificates HOWTO Andr? Guerreiro (1): Add documentation on -timeout option in the ocsp utility Andy Polyakov (34): e_os.h: refine inline override logic (to address warnings in debug build). aesni-x86_64.pl: make ECB subroutine Windows ABI compliant. Add missing credit. md32_common.h: address compiler warning in HOST_c2l. armv4cpuid.S: fix compilation error in pre-ARMv7 build. ecp_nistz256-x86_64.pl: fix occasional failures. Remove inconsistency in ARM support. This facilitates "universal" builds, ones that target multiple architectures, e.g. ARMv5 through ARMv7. See commentary in Configure for details. CHANGES: mention "universal" ARM support. Revert "CHANGES: mention "universal" ARM support." CHANGES: mention "universal" ARM support. Fix irix-cc build. Fix for CVE-2014-3570 (with minor bn_asm.c revamp). Add Broadwell performance results. bn/rsaz_exp.c: make it indent-friendly. apps/speed.c: make it indent-friendly. engines/e_ubsec.c: make it indent-friendly. bn/bn_recp.c: make it indent-friendly. bn/bntest.c: make it indent-friendly. crypto/cryptlib.c: make it indent-friendly. crypto/mem_dbg.c: make it indent-friendly. modes/cts128.c: make it indent-friendly. modes/gcm128.c: make it indent-friendly. modes/modes_lcl.h: make it indent-friendly. bn/bn_exp.c: make it indent-friendly. bn/bn_asm.c: make it indent-friendly. bn/asm/x86_64-gcc.cL make it indent-friendly. bn/bn_const.c: make it indent-friendly. ec/ecp_nistz256.c: harmonize with latest indent script. modes/cfb128.c: make it indent-friendly. modes/ctr128.c: make it indent-friendly. crypto/ofb128.c: make it indent-friendly. ec/ecp_nistz256.c: further harmonization with latest rules. sha256-armv4.pl: fix typo. Fix macosx-ppc build (and typos in unwind info). Ben Laurie (1): Fix single makefile. Bodo Moeller (7): DTLS 1.2 support has been added to 1.0.2. Support TLS_FALLBACK_SCSV. Oop: revert unintentional change committed along with TLS_FALLBACK_SCSV support, restoring a reviewed state instead. Add TLS_FALLBACK_SCSV documentation, and move s_client -fallback_scsv handling out of #ifndef OPENSSL_NO_DTLS1 section. Fix SSL_R naming inconsistency. When processing ClientHello.cipher_suites, don't ignore cipher suites listed after TLS_FALLBACK_SCSV. Fix and improve SSL_MODE_SEND_FALLBACK_SCSV documentation. Bodo M?ller (1): Backport regression test Corinna Vinschen (1): Drop redundant and outdated __CYGWIN32__ tests. Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN. Drop outdated Cygwin targets. Daniel Kahn Gillmor (1): Allow ECDHE and DHE as forward-compatible aliases for EECDH and EDH David Benjamin (1): Do not resume a session if the negotiated protocol version does not match the session's version (server). Dominik Neubauer (1): typo in s_client Dr. Stephen Henson (31): Add additional DigestInfo checks. Fix for session tickets memory leak. Parse custom extensions after SNI. Process signature algorithms in ClientHello late. Copy negotiated parameters in SSL_set_SSL_CTX. Fix cross reference table generator. Process signature algorithms before deciding on certificate. Fix excert logic. New option no-ssl3-method which removes SSLv3_*method Fix SuiteB chain checking logic. Print out Suite B status. Check return value of ssl3_output_cert_chain Reject invalid constructed encodings. Clear existing extension state. Remove MS SGC Update SGC flag comment. Fix various certificate fingerprint issues. Constify ASN1_TYPE_cmp add X509_ALGOR_cmp. update ordinals ECDH downgrade bug fix. Only allow ephemeral RSA keys in export ciphersuites. RT3662: Allow leading . in nameConstraints use correct function name use correct credit in CHANGES fix error discrepancy Fix crash in dtls1_get_record whilst in the listen state where you get two separate reads performed - one for the header and one for the body of the handshake record. Unauthenticated DH client certificate fix. Script fixes. Test option -nc Add -d debug option to save preprocessed files. Delete trailing whitespace from output. Emilia Kasper (20): Fix ssltest logic when some protocols are compiled out. Sync CHANGES Tighten session ticket handling Reset s->tlsext_ticket_expected in ssl_scan_serverhello_tlsext. This ensures that it's zeroed even if the SSL object is reused (as in ssltest.c). It also ensures that it applies to DTLS, too. Set s->hit when resuming from external pre-shared secret. Remove ssl3_check_finished. Always require an advertised NewSessionTicket message. Ensure SSL3_FLAGS_CCS_OK (or d1->change_cipher_spec_ok for DTLS) is reset once the ChangeCipherSpec message is received. Previously, the server would set the flag once at SSL3_ST_SR_CERT_VRFY and again at SSL3_ST_SR_FINISHED. This would allow a second CCS to arrive and would corrupt the server state. Clean up CHANGES Reject elliptic curve lists of odd lengths. Make 'make update' succeed and run it Add extra checks for odd-length EC curve lists. Clarify the return values for SSL_get_shared_curve. Fix unused variable warning Check for invalid divisors in BN_div. Build fixes Revert "RT3425: constant-time evp_enc" Add a comment noting the padding oracle. Add a clang build target for linux-x86_64 Only inherit the session ID context in SSL_set_SSL_CTX if the existing context was also inherited (matches that of the existing SSL_CTX). Geoff Thorpe (1): Fix no-ssl3 configuration option Guenter (1): NetWare compilation fix. Jan Hykel (1): Don't use msg on error. Kurt Cancemi (1): RT3547: Add missing static qualifier Kurt Roeckx (8): Keep old method in case of an unsupported protocol Fix warning about negative unsigned intergers Use the SSLv23 method by default Return error when a bit string indicates an invalid amount of bits left Fix memory leak in the apps dlfcn: always define _GNU_SOURCE Make "run" volatile Make build reproducible Martin Brejcha (1): Fix memory leak. Matt Caswell (89): Prepare for 1.0.2-beta4-dev Removed duplicate definition of PKCS7_type_is_encrypted Fix for SRTP Memory Leak Fix SRTP compile issues for windows Updates to CHANGES file Updates to NEWS file Fix free of garbage pointer. PR#3595 Added OPENSSL_NO_EC2M guards around the default EC curves Fixed cms-test.pl for no-ec2m Added RFC 7027 references Fix s_server -ssl2. Previously this reported "Error setting EC curve" When using EVP_PKEY_derive with a KDF set, a negative error from ECDH_compute_key is silently ignored and the KDF is run on duff data Corrected comments in ssl.h about SSLv23_method and friends Fixed memory leak due to incorrect freeing of DTLS reassembly bit mask Add include of ssl.h which is required by srtp.h Updates to EVP_PKEY_encrypt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_add_entry_by_txt.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell. Updates to X509_NAME_get_index_by_NID.pod submitted by user Bernardh via the wiki Minor changes made by Matt Caswell Tidy up ocsp help output Remove duplicated code Remove redundant checks in ssl_cert_dup. This was causing spurious error messages when using GOST Add checks to the return value of EVP_Cipher to prevent silent encryption failure. Delete unused file Check EVP_Cipher return values for SSL2 Remove more references to dtls1_enc Fix warning in ssl2_enc Verify that we have a sensible message len and fail if not RT#3592 provides an instance where the OPENSSL_assert that this commit replaces can be hit. I was able to recreate this issue by forcing the underlying BIO to misbehave and come back with very small mtu values. This happens the second time around the while loop after we have detected that the MTU has been exceeded following the call to dtls1_write_bytes. The SSL_OP_NO_QUERY_MTU option is supposed to stop the mtu from being automatically updated, and we should use the one provided instead. Unfortunately there are a couple of locations where this is not respected. The first call to query the mtu in dtls1_do_write correctly checks that the mtu that we have received is not less than the minimum. If its less it uses the minimum instead. The second call to query the mtu does not do that, but instead uses whatever comes back. We have seen an instance in RT#3592 where we have got an unreasonably small mtu come back. This commit makes both query checks consistent. There are a number of instances throughout the code where the constant 28 is used with no explanation. Some of this was introduced as part of RT#1929. The value 28 is the length of the IP header (20 bytes) plus the UDP header (8 bytes). However use of this constant is incorrect because there may be instances where a different value is needed, e.g. an IPv4 header is 20 bytes but an IPv6 header is 40. Similarly you may not be using UDP (e.g. SCTP). This commit introduces a new BIO_CTRL that provides the value to be used for this mtu "overhead". It will be used by subsequent commits. Remove instances in libssl of the constant 28 (for size of IPv4 header + UDP) and instead use the value provided by the underlying BIO. Also provide some new DTLS_CTRLs so that the library user can set the mtu without needing to know this constant. These new DTLS_CTRLs provide the capability to set the link level mtu to be used (i.e. including this IP/UDP overhead). The previous DTLS_CTRLs required the library user to subtract this overhead first. Fix dtls_query_mtu so that it will always either complete with an mtu that is at least the minimum or it will fail. There were some instances in dtls1_query_mtu where the final mtu can end up being less than the minimum, i.e. where the user has set an mtu manually. This shouldn't be allowed. Also remove dtls1_guess_mtu that, despite having logic for guessing an mtu, was actually only ever used to work out the minimum mtu to use. If we really get a situation where the underlying mtu is less than the minimum we will support then dtls1_do_write can go into an infinite loop. This commit fixes that. Updates to s_client and s_server to remove the constant 28 (for IPv4 header and UDP header) when setting an mtu. This constant is not always correct (e.g. if using IPv6). Use the new DTLS_CTRL functions instead. Only use the fallback mtu after 2 unsuccessful retransmissions if it is less than the mtu we are already using Remove "#if 0" code Remove incorrect code inadvertently introduced through commit 59669b6ab. Fix memory leak in SSL_new if errors occur. Fixed memory leak in the event of a failure of BUF_MEM_grow Fixed memory leak if BUF_MEM_grow fails Fix memory leak in s2_srvr.c if BUF_MEM_grow fails DTLS fixes for signed/unsigned issues Remove extraneous white space, and add some braces Add OPENSSL_NO_ECDH guards Add more meaningful OPENSSL_NO_ECDH error message for suite b mode The dtls1_output_cert_chain function no longer exists so remove it from ssl_locl.h Fix a problem if CFLAGS is too long cversion.c fails to compile when config is run with --strict-warnings. Additional fix required for no-srtp to work Remove blank line from start of cflags character array in buildinf.h Follow on from CVE-2014-3571. This fixes the code that was the original source of the crash due to p being NULL. Steve's fix prevents this situation from occuring - however this is by no means obvious by looking at the code for dtls1_get_record. This fix just makes things look a bit more sane. A memory leak can occur in dtls1_buffer_record if either of the calls to ssl3_setup_buffers or pqueue_insert fail. The former will fail if there is a malloc failure, whilst the latter will fail if attempting to add a duplicate record to the queue. This should never happen because duplicate records should be detected and dropped before any attempt to add them to the queue. Unfortunately records that arrive that are for the next epoch are not being recorded correctly, and therefore replays are not being detected. Additionally, these "should not happen" failures that can occur in dtls1_buffer_record are not being treated as fatal and therefore an attacker could exploit this by sending repeated replay records for the next epoch, eventually causing a DoS through memory exhaustion. Fix build failure on Windows due to undefined cflags identifier Update .gitignore with windows files to be excluded from git Further windows specific .gitignore entries Avoid deprecation problems in Visual Studio 13 Fix warning where BIO_FLAGS_UPLINK was being redefined. This warning breaks the build in 1.0.0 and 0.9.8 Make output from openssl version -f consistent with previous versions Further comment amendments to preserve formatting prior to source reformat Additional comment changes for reformat of 1.0.2 Fix source where indent will not be able to cope Provide script for filtering data initialisers for structs/unions. indent just can't handle it. Fix make errors Fix logic to check for indent.pro Fix indent issue with engine.h Fix indent issue with functions using STACK_OF More indent fixes for STACK_OF indent has problems with comments that are on the right hand side of a line. Sometimes it fails to format them very well, and sometimes it corrupts them! This commit moves some particularly problematic ones. Fix strange formatting by indent Add obj_dat.h to the list of files that will not be processed by openssl-format-source Manually reformat aes_core.c Add aes_core.c to the list of files not processed by openssl-format-source Amend openssl-format-source so that it give more repeatable output Fix indent comment corruption issue Manually reformat aes_x86core.c and add it to the list of files skipped by openssl-format-source Add ecp_nistz256.c to list of files skipped by openssl-format-source Move more comments that confuse indent Tweaks for comments due to indent's inability to handle them Backport hw_ibmca.c from master due to failed merge Fix modes.h so that indent doesn't complain More tweaks for comments due indent issues Run util/openssl-format-source -v -c . Rerun util/openssl-format-source -v -c . Re-align some comments after running the reformat script. This should be a one off operation (subsequent invokation of the script should not move them) Fix formatting error in pem.h Fix post-reformat errors preventing windows compilation Fix for reformat problems with e_padlock.c NEWS update Updates to CHANGES for 1.0.2 make update Prepare for 1.0.2 release Michael Tuexen (1): Fix incorrect OPENSSL_assert() usage. Michal Bozon (1): Correct timestamp output when clock_precision_digits > 0 Piotr Sikora (1): Fix building with no-srtp Rich Salz (4): RT2309: Fix podpage MMNNFFPPS->MNNFFPPS RT3462: Document actions when data==NULL RT2914: NULL check missing in X509_name_canon Allow multiple IDN xn-- indicators Richard Levitte (16): Correct some layout issues, convert all remaining tabs to appropriate amounts of spaces. [PR3597] Advance to the next state variant when reusing messages. Check for FindNextFile when defining it rather than FindFirstFile s_client and s_server take -verify_{host,email,ip}, not -check* Clear warnings/errors within BN_CTX_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within CIPHER_DEBUG code sections Clear warnings/errors within KSSL_DEBUG code sections Clear warnings/errors within TLS_DEBUG code sections Clear warnings/errors within RL_DEBUG code sections (RL_DEBUG should be renamed) Small typo VMS fixups for 1.0.2 Define CFLAGS as cflags on VMS as well Force the use of our indent profile Run expand before perl, to make sure things are properly aligned Make the script a little more location agnostic Rob Stradling (1): Use inner algorithm when printing certificate. Russell Coker (1): Fix datarace reported by valgrind/helgrind Samuel Neves (1): Use only unsigned arithmetic in constant-time operations Thorsten Glaser (1): Document openssl dgst -hmac option Tim Hudson (3): no-ssl2 with no-ssl3 does not mean drop the ssl lib mark all block comments that need format preserving so that indent will not alter them when reformatting comments Provide source reformating script. Requires GNU indent to be available. ----------------------------------------------------------------------- From matt at openssl.org Thu Jan 22 17:09:05 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 22 Jan 2015 18:09:05 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150122170906.B32FA1DF121@butler.localdomain> The branch master has been updated via 1c8241c18a8874af8b99ce75882683a486f4e3f9 (commit) from 4e933bbccdaff4562842f4b87258c49598cb600d (commit) - Log ----------------------------------------------------------------- commit 1c8241c18a8874af8b99ce75882683a486f4e3f9 Author: Matt Caswell Date: Thu Jan 22 17:08:47 2015 +0000 Remove references to "beta" ----------------------------------------------------------------------- Summary of changes: news/news.wml | 2 +- news/openssl-1.0.2-notes.wml | 19 +------------------ 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/news/news.wml b/news/news.wml index ff8c33f..c55a434 100644 --- a/news/news.wml +++ b/news/news.wml @@ -11,7 +11,7 @@ the OpenSSL toolkit. The presented contents reflect the current state of the
    • Release notes for all OpenSSL branches. -
    • Pre-release notes for 1.0.2 branch of OpenSSL. +
    • Release notes for 1.0.2 branch of OpenSSL.
    • Release notes for 1.0.1 branch of OpenSSL.
    • Release notes for 1.0.0 branch of OpenSSL.
    • Release notes for 0.9.8 branch of OpenSSL. diff --git a/news/openssl-1.0.2-notes.wml b/news/openssl-1.0.2-notes.wml index 935a89c..8ee9568 100644 --- a/news/openssl-1.0.2-notes.wml +++ b/news/openssl-1.0.2-notes.wml @@ -1,21 +1,4 @@ #use wml::openssl area=news page=openssl-1.0.2-notes -OpenSSL 1.0.2 Notes - -

      OpenSSL 1.0.2 Notes

      - -Version 1.0.2 of the OpenSSL toolkit is now in beta. Major changes -and known issues are summarised below. This page will be updated regularly -as problems are reported and fixed. - -

      -Additional details of changes can be found in the - -change log.. -

      -The complete list of changes can be found in the -commit log. -

      - - + From rsalz at openssl.org Thu Jan 22 17:40:22 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 22 Jan 2015 18:40:22 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122174022.C47941DF121@butler.localdomain> The branch master has been updated via 39a24e8889be8b7a63afdb6f999e4314e2b94671 (commit) from d2a0d72f33e2cd81a5c81b29b05d6fdb2cc67ac2 (commit) - Log ----------------------------------------------------------------- commit 39a24e8889be8b7a63afdb6f999e4314e2b94671 Author: Rich Salz Date: Thu Jan 22 12:38:57 2015 -0500 Cleanup old doc/*; remove CHANGES.SSLeay Removed CHANGES.SSLeay Udpate README to be current. Updated fignerprints.txt to list only current release signers and to explain that is what it's used for. Removed the following: c-indentation.el -- doesn't go with our coding style openssl-shared.txt -- old info about shared library aides openssl.txt -- old info about X509v3 extension support/syntax ssleay.txt -- old info about OpenSSL's predecessor, back when programmers coded on COBOL sheets by candlelight Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES.SSLeay | 968 ------- doc/README | 14 +- doc/c-indentation.el | 45 - doc/fingerprints.txt | 62 +- doc/openssl-shared.txt | 32 - doc/openssl.txt | 1254 --------- doc/ssleay.txt | 7030 ------------------------------------------------ 7 files changed, 18 insertions(+), 9387 deletions(-) delete mode 100644 CHANGES.SSLeay delete mode 100644 doc/c-indentation.el delete mode 100644 doc/openssl-shared.txt delete mode 100644 doc/openssl.txt delete mode 100644 doc/ssleay.txt diff --git a/CHANGES.SSLeay b/CHANGES.SSLeay deleted file mode 100644 index 14bae79..0000000 --- a/CHANGES.SSLeay +++ /dev/null @@ -1,968 +0,0 @@ -This file contains the changes for the SSLeay library up to version -0.9.0b. For later changes, see the file "CHANGES". - - SSLeay CHANGES - ______________ - -Changes between 0.8.x and 0.9.0b - -10-Apr-1998 - -I said the next version would go out at easter, and so it shall. -I expect a 0.9.1 will follow with portability fixes in the next few weeks. - -This is a quick, meet the deadline. Look to ssl-users for comments on what -is new etc. - -eric (about to go bushwalking for the 4 day easter break :-) - -16-Mar-98 - - Patch for Cray T90 from Wayne Schroeder - - Lots and lots of changes - -29-Jan-98 - - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from - Goetz Babin-Ebell . - - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or - TLS1_VERSION. - -7-Jan-98 - - Finally reworked the cipher string to ciphers again, so it - works correctly - - All the app_data stuff is now ex_data with function calls to access. - The index is supplied by a function and 'methods' can be setup - for the types that are called on XXX_new/XXX_free. This lets - applications get notified on creation and destruction. Some of - the RSA methods could be implemented this way and I may do so. - - Oh yes, SSL under perl5 is working at the basic level. - -15-Dec-97 - - Warning - the gethostbyname cache is not fully thread safe, - but it should work well enough. - - Major internal reworking of the app_data stuff. More functions - but if you were accessing ->app_data directly, things will - stop working. - - The perlv5 stuff is working. Currently on message digests, - ciphers and the bignum library. - -9-Dec-97 - - Modified re-negotiation so that server initated re-neg - will cause a SSL_read() to return -1 should retry. - The danger otherwise was that the server and the - client could end up both trying to read when using non-blocking - sockets. - -4-Dec-97 - - Lots of small changes - - Fix for binaray mode in Windows for the FILE BIO, thanks to - Bob Denny - -17-Nov-97 - - Quite a few internal cleanups, (removal of errno, and using macros - defined in e_os.h). - - A bug in ca.c, pointed out by yasuyuki-ito at d-cruise.co.jp, where - the automactic naming out output files was being stuffed up. - -29-Oct-97 - - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember - for x86. - -21-Oct-97 - - Fixed a bug in the BIO_gethostbyname() cache. - -15-Oct-97 - - cbc mode for blowfish/des/3des is now in assember. Blowfish asm - has also been improved. At this point in time, on the pentium, - md5 is %80 faster, the unoptimesed sha-1 is %79 faster, - des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc - is %62 faster. - -12-Oct-97 - - MEM_BUF_grow() has been fixed so that it always sets the buf->length - to the value we are 'growing' to. Think of MEM_BUF_grow() as the - way to set the length value correctly. - -10-Oct-97 - - I now hash for certificate lookup on the raw DER encoded RDN (md5). - This breaks things again :-(. This is efficent since I cache - the DER encoding of the RDN. - - The text DN now puts in the numeric OID instead of UNKNOWN. - - req can now process arbitary OIDs in the config file. - - I've been implementing md5 in x86 asm, much faster :-). - - Started sha1 in x86 asm, needs more work. - - Quite a few speedups in the BN stuff. RSA public operation - has been made faster by caching the BN_MONT_CTX structure. - The calulating of the Ai where A*Ai === 1 mod m was rather - expensive. Basically a 40-50% speedup on public operations. - The RSA speedup is now 15% on pentiums and %20 on pentium - pro. - -30-Sep-97 - - After doing some profiling, I added x86 adm for bn_add_words(), - which just adds 2 arrays of longs together. A %10 speedup - for 512 and 1024 bit RSA on the pentium pro. - -29-Sep-97 - - Converted the x86 bignum assembler to us the perl scripts - for generation. - -23-Sep-97 - - If SSL_set_session() is passed a NULL session, it now clears the - current session-id. - -22-Sep-97 - - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned - certificates. - - Bug in crypto/evp/encode.c where by decoding of 65 base64 - encoded lines, one line at a time (via a memory BIO) would report - EOF after the first line was decoded. - - Fix in X509_find_by_issuer_and_serial() from - Dr Stephen Henson - -19-Sep-97 - - NO_FP_API and NO_STDIO added. - - Put in sh config command. It auto runs Configure with the correct - parameters. - -18-Sep-97 - - Fix x509.c so if a DSA cert has different parameters to its parent, - they are left in place. Not tested yet. - -16-Sep-97 - - ssl_create_cipher_list() had some bugs, fixes from - Patrick Eisenacher - - Fixed a bug in the Base64 BIO, where it would return 1 instead - of -1 when end of input was encountered but should retry. - Basically a Base64/Memory BIO interaction problem. - - Added a HMAC set of functions in preporarion for TLS work. - -15-Sep-97 - - Top level makefile tweak - Cameron Simpson - - Prime generation spead up %25 (512 bit prime, pentium pro linux) - by using montgomery multiplication in the prime number test. - -11-Sep-97 - - Ugly bug in ssl3_write_bytes(). Basically if application land - does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code - did not check the size and tried to copy the entire buffer. - This would tend to cause memory overwrites since SSLv3 has - a maximum packet size of 16k. If your program uses - buffers <= 16k, you would probably never see this problem. - - Fixed a few errors that were cause by malloc() not returning - 0 initialised memory.. - - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using - SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing - since this flags stops SSLeay being able to handle client - cert requests correctly. - -08-Sep-97 - - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched - on, the SSL server routines will not use a SSL_SESSION that is - held in it's cache. This in intended to be used with the session-id - callbacks so that while the session-ids are still stored in the - cache, the decision to use them and how to look them up can be - done by the callbacks. The are the 'new', 'get' and 'remove' - callbacks. This can be used to determine the session-id - to use depending on information like which port/host the connection - is coming from. Since the are also SSL_SESSION_set_app_data() and - SSL_SESSION_get_app_data() functions, the application can hold - information against the session-id as well. - -03-Sep-97 - - Added lookup of CRLs to the by_dir method, - X509_load_crl_file() also added. Basically it means you can - lookup CRLs via the same system used to lookup certificates. - - Changed things so that the X509_NAME structure can contain - ASN.1 BIT_STRINGS which is required for the unique - identifier OID. - - Fixed some problems with the auto flushing of the session-id - cache. It was not occuring on the server side. - -02-Sep-97 - - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size) - which is the maximum number of entries allowed in the - session-id cache. This is enforced with a simple FIFO list. - The default size is 20*1024 entries which is rather large :-). - The Timeout code is still always operating. - -01-Sep-97 - - Added an argument to all the 'generate private key/prime` - callbacks. It is the last parameter so this should not - break existing code but it is needed for C++. - - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64() - BIO. This lets the BIO read and write base64 encoded data - without inserting or looking for '\n' characters. The '-A' - flag turns this on when using apps/enc.c. - - RSA_NO_PADDING added to help BSAFE functionality. This is a - very dangerous thing to use, since RSA private key - operations without random padding bytes (as PKCS#1 adds) can - be attacked such that the private key can be revealed. - - ASN.1 bug and rc2-40-cbc and rc4-40 added by - Dr Stephen Henson - -31-Aug-97 (stuff added while I was away) - - Linux pthreads by Tim Hudson (tjh at cryptsoft.com). - - RSA_flags() added allowing bypass of pub/priv match check - in ssl/ssl_rsa.c - Tim Hudson. - - A few minor bugs. - -SSLeay 0.8.1 released. - -19-Jul-97 - - Server side initated dynamic renegotiation is broken. I will fix - it when I get back from holidays. - -15-Jul-97 - - Quite a few small changes. - - INVALID_SOCKET usage cleanups from Alex Kiernan - -09-Jul-97 - - Added 2 new values to the SSL info callback. - SSL_CB_START which is passed when the SSL protocol is started - and SSL_CB_DONE when it has finished sucsessfully. - -08-Jul-97 - - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c - that related to DSA public/private keys. - - Added all the relevent PEM and normal IO functions to support - reading and writing RSAPublic keys. - - Changed makefiles to use ${AR} instead of 'ar r' - -07-Jul-97 - - Error in ERR_remove_state() that would leave a dangling reference - to a free()ed location - thanks to Alex Kiernan - - s_client now prints the X509_NAMEs passed from the server - when requesting a client cert. - - Added a ssl->type, which is one of SSL_ST_CONNECT or - SSL_ST_ACCEPT. I had to add it so I could tell if I was - a connect or an accept after the handshake had finished. - - SSL_get_client_CA_list(SSL *s) now returns the CA names - passed by the server if called by a client side SSL. - -05-Jul-97 - - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index - 0, not -1 :-( Fix from Tim Hudson (tjh at cryptsoft.com). - -04-Jul-97 - - Fixed some things in X509_NAME_add_entry(), thanks to - Matthew Donald . - - I had a look at the cipher section and though that it was a - bit confused, so I've changed it. - - I was not setting up the RC4-64-MD5 cipher correctly. It is - a MS special that appears in exported MS Money. - - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3 - spec. I was missing the two byte length header for the - ClientDiffieHellmanPublic value. This is a packet sent from - the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG - option will enable SSLeay server side SSLv3 accept either - the correct or my 080 packet format. - - Fixed a few typos in crypto/pem.org. - -02-Jul-97 - - Alias mapping for EVP_get_(digest|cipher)byname is now - performed before a lookup for actual cipher. This means - that an alias can be used to 're-direct' a cipher or a - digest. - - ASN1_read_bio() had a bug that only showed up when using a - memory BIO. When EOF is reached in the memory BIO, it is - reported as a -1 with BIO_should_retry() set to true. - -01-Jul-97 - - Fixed an error in X509_verify_cert() caused by my - miss-understanding how 'do { contine } while(0);' works. - Thanks to Emil Sit for educating me :-) - -30-Jun-97 - - Base64 decoding error. If the last data line did not end with - a '=', sometimes extra data would be returned. - - Another 'cut and paste' bug in x509.c related to setting up the - STDout BIO. - -27-Jun-97 - - apps/ciphers.c was not printing due to an editing error. - - Alex Kiernan send in a nice fix for - a library build error in util/mk1mf.pl - -26-Jun-97 - - Still did not have the auto 'experimental' code removal - script correct. - - A few header tweaks for Watcom 11.0 under Win32 from - Rolf Lindemann - - 0 length OCTET_STRING bug in asn1_parse - - A minor fix with an non-existent function in the MS .def files. - - A few changes to the PKCS7 stuff. - -25-Jun-97 - SSLeay 0.8.0 finally it gets released. - -24-Jun-97 - Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to - use a temporary RSA key. This is experimental and needs some more work. - Fixed a few Win16 build problems. - -23-Jun-97 - SSLv3 bug. I was not doing the 'lookup' of the CERT structure - correctly. I was taking the SSL->ctx->default_cert when I should - have been using SSL->cert. The bug was in ssl/s3_srvr.c - -20-Jun-97 - X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the - rest of the library. Even though I had the code required to do - it correctly, apps/req.c was doing the wrong thing. I have fixed - and tested everything. - - Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c. - -19-Jun-97 - Fixed a bug in the SSLv2 server side first packet handling. When - using the non-blocking test BIO, the ssl->s2->first_packet flag - was being reset when a would-block failure occurred when reading - the first 5 bytes of the first packet. This caused the checking - logic to run at the wrong time and cause an error. - - Fixed a problem with specifying cipher. If RC4-MD5 were used, - only the SSLv3 version would be picked up. Now this will pick - up both SSLv2 and SSLv3 versions. This required changing the - SSL_CIPHER->mask values so that they only mask the ciphers, - digests, authentication, export type and key-exchange algorithms. - - I found that when a SSLv23 session is established, a reused - session, of type SSLv3 was attempting to write the SSLv2 - ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char - method has been modified so it will only write out cipher which - that method knows about. - - - Changes between 0.8.0 and 0.8.1 - - *) Mostly bug fixes. - There is an Ephemeral DH cipher problem which is fixed. - - SSLeay 0.8.0 - -This version of SSLeay has quite a lot of things different from the -previous version. - -Basically check all callback parameters, I will be producing documentation -about how to use things in th future. Currently I'm just getting 080 out -the door. Please not that there are several ways to do everything, and -most of the applications in the apps directory are hybrids, some using old -methods and some using new methods. - -Have a look in demos/bio for some very simple programs and -apps/s_client.c and apps/s_server.c for some more advanced versions. -Notes are definitly needed but they are a week or so away. - -Anyway, some quick nots from Tim Hudson (tjh at cryptsoft.com) ---- -Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to -get those people that want to move to using the new code base off to -a quick start. - -Note that Eric has tidied up a lot of the areas of the API that were -less than desirable and renamed quite a few things (as he had to break -the API in lots of places anyrate). There are a whole pile of additional -functions for making dealing with (and creating) certificates a lot -cleaner. - -01-Jul-97 -Tim Hudson -tjh at cryptsoft.com - ----8<--- - -To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could -use something like the following (assuming you #include "crypto.h" which -is something that you really should be doing). - -#if SSLEAY_VERSION_NUMBER >= 0x0800 -#define SSLEAY8 -#endif - -buffer.h -> splits into buffer.h and bio.h so you need to include bio.h - too if you are working with BIO internal stuff (as distinct - from simply using the interface in an opaque manner) - -#include "bio.h" - required along with "buffer.h" if you write - your own BIO routines as the buffer and bio - stuff that was intermixed has been separated - out - -envelope.h -> evp.h (which should have been done ages ago) - -Initialisation ... don't forget these or you end up with code that -is missing the bits required to do useful things (like ciphers): - -SSLeay_add_ssl_algorithms() -(probably also want SSL_load_error_strings() too but you should have - already had that call in place) - -SSL_CTX_new() - requires an extra method parameter - SSL_CTX_new(SSLv23_method()) - SSL_CTX_new(SSLv2_method()) - SSL_CTX_new(SSLv3_method()) - - OR to only have the server or the client code - SSL_CTX_new(SSLv23_server_method()) - SSL_CTX_new(SSLv2_server_method()) - SSL_CTX_new(SSLv3_server_method()) - or - SSL_CTX_new(SSLv23_client_method()) - SSL_CTX_new(SSLv2_client_method()) - SSL_CTX_new(SSLv3_client_method()) - -SSL_set_default_verify_paths() ... renamed to the more appropriate -SSL_CTX_set_default_verify_paths() - -If you want to use client certificates then you have to add in a bit -of extra stuff in that a SSLv3 server sends a list of those CAs that -it will accept certificates from ... so you have to provide a list to -SSLeay otherwise certain browsers will not send client certs. - -SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file)); - - -X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0) - or provide a buffer and size to copy the - result into - -X509_add_cert -> X509_STORE_add_cert (and you might want to read the - notes on X509_NAME structure changes too) - - -VERIFICATION CODE -================= - -The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to -more accurately reflect things. - -The verification callback args are now packaged differently so that -extra fields for verification can be added easily in future without -having to break things by adding extra parameters each release :-) - -X509_cert_verify_error_string -> X509_verify_cert_error_string - - -BIO INTERNALS -============= - -Eric has fixed things so that extra flags can be introduced in -the BIO layer in future without having to play with all the BIO -modules by adding in some macros. - -The ugly stuff using - b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY) -becomes - BIO_clear_retry_flags(b) - - b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY) -becomes - BIO_set_retry_read(b) - -Also ... BIO_get_retry_flags(b), BIO_set_flags(b) - - - -OTHER THINGS -============ - -X509_NAME has been altered so that it isn't just a STACK ... the STACK -is now in the "entries" field ... and there are a pile of nice functions -for getting at the details in a much cleaner manner. - -SSL_CTX has been altered ... "cert" is no longer a direct member of this -structure ... things are now down under "cert_store" (see x509_vfy.h) and -things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE. -If your code "knows" about this level of detail then it will need some -surgery. - -If you depending on the incorrect spelling of a number of the error codes -then you will have to change your code as these have been fixed. - -ENV_CIPHER "type" got renamed to "nid" and as that is what it actually -has been all along so this makes things clearer. -ify_cert_error_string(ctx->error)); - -SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST - and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO - - - - Changes between 0.7.x and 0.8.0 - - *) There have been lots of changes, mostly the addition of SSLv3. - There have been many additions from people and amongst - others, C2Net has assisted greatly. - - Changes between 0.7.x and 0.7.x - - *) Internal development version only - -SSLeay 0.6.6 13-Jan-1997 - -The main additions are - -- assember for x86 DES improvments. - From 191,000 per second on a pentium 100, I now get 281,000. The inner - loop and the IP/FP modifications are from - Svend Olaf Mikkelsen . Many thanks for his - contribution. -- The 'DES macros' introduced in 0.6.5 now have 3 types. - DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which - is best and there is a summery of mine in crypto/des/options.txt -- A few bug fixes. -- Added blowfish. It is not used by SSL but all the other stuff that - deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes. - There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'. - BF_PTR2 is pentium/x86 specific. The correct option is setup in - the 'Configure' script. -- There is now a 'get client certificate' callback which can be - 'non-blocking'. If more details are required, let me know. It will - documented more in SSLv3 when I finish it. -- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test' - now tests the ca program. -- Lots of little things modified and tweaked. - - SSLeay 0.6.5 - -After quite some time (3 months), the new release. I have been very busy -for the last few months and so this is mostly bug fixes and improvments. - -The main additions are - -- assember for x86 DES. For all those gcc based systems, this is a big - improvement. From 117,000 DES operation a second on a pentium 100, - I now get 191,000. I have also reworked the C version so it - now gives 148,000 DESs per second. -- As mentioned above, the inner DES macros now have some more variant that - sometimes help, sometimes hinder performance. There are now 3 options - DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling) - and DES_RISC (a more register intensive version of the inner macro). - The crypto/des/des_opts.c program, when compiled and run, will give - an indication of the correct options to use. -- The BIO stuff has been improved. Read doc/bio.doc. There are now - modules for encryption and base64 encoding and a BIO_printf() function. -- The CA program will accept simple one line X509v3 extensions in the - ssleay.cnf file. Have a look at the example. Currently this just - puts the text into the certificate as an OCTET_STRING so currently - the more advanced X509v3 data types are not handled but this is enough - for the netscape extensions. -- There is the start of a nicer higher level interface to the X509 - strucutre. -- Quite a lot of bug fixes. -- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used - to define the malloc(), free() and realloc() routines to use - (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when - using DLLs and mixing CRT libraries. - -In general, read the 'VERSION' file for changes and be aware that some of -the new stuff may not have been tested quite enough yet, so don't just plonk -in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break. - -SSLeay 0.6.4 30/08/96 eay - -I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3, -Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-). - -The main changes in this release - -- Thread safe. have a read of doc/threads.doc and play in the mt directory. - For anyone using 0.6.3 with threads, I found 2 major errors so consider - moving to 0.6.4. I have a test program that builds under NT and - solaris. -- The get session-id callback has changed. Have a read of doc/callback.doc. -- The X509_cert_verify callback (the SSL_verify callback) now - has another argument. Have a read of doc/callback.doc -- 'ca -preserve', sign without re-ordering the DN. Not tested much. -- VMS support. -- Compile time memory leak detection can now be built into SSLeay. - Read doc/memory.doc -- CONF routines now understand '\', '\n', '\r' etc. What this means is that - the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines. -- 'ssleay ciphers' added, lists the default cipher list for SSLeay. -- RC2 key setup is now compatable with Netscape. -- Modifed server side of SSL implementation, big performance difference when - using session-id reuse. - -0.6.3 - -Bug fixes and the addition of some nice stuff to the 'ca' program. -Have a read of doc/ns-ca.doc for how hit has been modified so -it can be driven from a CGI script. The CGI script is not provided, -but that is just being left as an excersize for the reader :-). - -0.6.2 - -This is most bug fixes and functionality improvements. - -Additions are -- More thread debugging patches, the thread stuff is still being - tested, but for those keep to play with stuff, have a look in - crypto/cryptlib.c. The application needs to define 1 (or optionaly - a second) callback that is used to implement locking. Compiling - with LOCK_DEBUG spits out lots of locking crud :-). - This is what I'm currently working on. -- SSL_CTX_set_default_passwd_cb() can be used to define the callback - function used in the SSL*_file() functions used to load keys. I was - always of the opinion that people should call - PEM_read_RSAPrivateKey() and pass the callback they want to use, but - it appears they just want to use the SSL_*_file() function() :-(. -- 'enc' now has a -kfile so a key can be read from a file. This is - mostly used so that the passwd does not appear when using 'ps', - which appears imposible to stop under solaris. -- X509v3 certificates now work correctly. I even have more examples - in my tests :-). There is now a X509_EXTENSION type that is used in - X509v3 certificates and CRLv2. -- Fixed that signature type error :-( -- Fixed quite a few potential memory leaks and problems when reusing - X509, CRL and REQ structures. -- EVP_set_pw_prompt() now sets the library wide default password - prompt. -- The 'pkcs7' command will now, given the -print_certs flag, output in - pem format, all certificates and CRL contained within. This is more - of a pre-emtive thing for the new verisign distribution method. I - should also note, that this also gives and example in code, of how - to do this :-), or for that matter, what is involved in going the - other way (list of certs and crl -> pkcs7). -- Added RSA's DESX to the DES library. It is also available via the - EVP_desx_cbc() method and via 'enc desx'. - -SSLeay 0.6.1 - -The main functional changes since 0.6.0 are as follows -- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is - that from now on, I'll keep the .def numbers the same so they will be. -- RSA private key operations are about 2 times faster that 0.6.0 -- The SSL_CTX now has more fields so default values can be put against - it. When an SSL structure is created, these default values are used - but can be overwritten. There are defaults for cipher, certificate, - private key, verify mode and callback. This means SSL session - creation can now be - ssl=SSL_new() - SSL_set_fd(ssl,sock); - SSL_accept(ssl) - .... - All the other uglyness with having to keep a global copy of the - private key and certificate/verify mode in the server is now gone. -- ssl/ssltest.c - one process talking SSL to its self for testing. -- Storage of Session-id's can be controled via a session_cache_mode - flag. There is also now an automatic default flushing of - old session-id's. -- The X509_cert_verify() function now has another parameter, this - should not effect most people but it now means that the reason for - the failure to verify is now available via SSL_get_verify_result(ssl). - You don't have to use a global variable. -- SSL_get_app_data() and SSL_set_app_data() can be used to keep some - application data against the SSL structure. It is upto the application - to free the data. I don't use it, but it is available. -- SSL_CTX_set_cert_verify_callback() can be used to specify a - verify callback function that completly replaces my certificate - verification code. Xcert should be able to use this :-). - The callback is of the form int app_verify_callback(arg,ssl,cert). - This needs to be documented more. -- I have started playing with shared library builds, have a look in - the shlib directory. It is very simple. If you need a numbered - list of functions, have a look at misc/crypto.num and misc/ssl.num. -- There is some stuff to do locking to make the library thread safe. - I have only started this stuff and have not finished. If anyone is - keen to do so, please send me the patches when finished. - -So I have finally made most of the additions to the SSL interface that -I thought were needed. - -There will probably be a pause before I make any non-bug/documentation -related changes to SSLeay since I'm feeling like a bit of a break. - -eric - 12 Jul 1996 -I saw recently a comment by some-one that we now seem to be entering -the age of perpetual Beta software. -Pioneered by packages like linux but refined to an art form by -netscape. - -I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-). - -There are quite a large number of sections that are 'works in -progress' in this package. I will also list the major changes and -what files you should read. - -BIO - this is the new IO structure being used everywhere in SSLeay. I -started out developing this because of microsoft, I wanted a mechanism -to callback to the application for all IO, so Windows 3.1 DLL -perversion could be hidden from me and the 15 different ways to write -to a file under NT would also not be dictated by me at library build -time. What the 'package' is is an API for a data structure containing -functions. IO interfaces can be written to conform to the -specification. This in not intended to hide the underlying data type -from the application, but to hide it from SSLeay :-). -I have only really finished testing the FILE * and socket/fd modules. -There are also 'filter' BIO's. Currently I have only implemented -message digests, and it is in use in the dgst application. This -functionality will allow base64/encrypto/buffering modules to be -'push' into a BIO without it affecting the semantics. I'm also -working on an SSL BIO which will hide the SSL_accept()/SLL_connet() -from an event loop which uses the interface. -It is also possible to 'attach' callbacks to a BIO so they get called -before and after each operation, alowing extensive debug output -to be generated (try running dgst with -d). - -Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few -functions that used to take FILE *, now take BIO *. -The wrappers are easy to write - -function_fp(fp,x) -FILE *fp; - { - BIO *b; - int ret; - - if ((b=BIO_new(BIO_s_file())) == NULL) error..... - BIO_set_fp(b,fp,BIO_NOCLOSE); - ret=function_bio(b,x); - BIO_free(b); - return(ret); - } -Remember, there are no functions that take FILE * in SSLeay when -compiled for Windows 3.1 DLL's. - --- -I have added a general EVP_PKEY type that can hold a public/private -key. This is now what is used by the EVP_ functions and is passed -around internally. I still have not done the PKCS#8 stuff, but -X509_PKEY is defined and waiting :-) - --- -For a full function name listings, have a look at ms/crypt32.def and -ms/ssl32.def. These are auto-generated but are complete. -Things like ASN1_INTEGER_get() have been added and are in here if you -look. I have renamed a few things, again, have a look through the -function list and you will probably find what you are after. I intend -to at least put a one line descrition for each one..... - --- -Microsoft - thats what this release is about, read the MICROSOFT file. - --- -Multi-threading support. I have started hunting through the code and -flaging where things need to be done. In a state of work but high on -the list. - --- -For random numbers, edit e_os.h and set DEVRANDOM (it's near the top) -be be you random data device, otherwise 'RFILE' in e_os.h -will be used, in your home directory. It will be updated -periodically. The environment variable RANDFILE will override this -choice and read/write to that file instead. DEVRANDOM is used in -conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random -number generator, pick on one of these files. - --- - -The list of things to read and do - -dgst -d -s_client -state (this uses a callback placed in the SSL state loop and - will be used else-where to help debug/monitor what - is happening.) - -doc/why.doc -doc/bio.doc <- hmmm, needs lots of work. -doc/bss_file.doc <- one that is working :-) -doc/session.doc <- it has changed -doc/speed.doc - also play with ssleay version -a. I have now added a SSLeay() - function that returns a version number, eg 0600 for this release - which is primarily to be used to check DLL version against the - application. -util/* Quite a few will not interest people, but some may, like - mk1mf.pl, mkdef.pl, -util/do_ms.sh - -try -cc -Iinclude -Icrypto -c crypto/crypto.c -cc -Iinclude -Issl -c ssl/ssl.c -You have just built the SSLeay libraries as 2 object files :-) - -Have a general rummage around in the bin stall directory and look at -what is in there, like CA.sh and c_rehash - -There are lots more things but it is 12:30am on a Friday night and I'm -heading home :-). - -eric 22-Jun-1996 -This version has quite a few major bug fixes and improvements. It DOES NOT -do SSLv3 yet. - -The main things changed -- A Few days ago I added the s_mult application to ssleay which is - a demo of an SSL server running in an event loop type thing. - It supports non-blocking IO, I have finally gotten it right, SSL_accept() - can operate in non-blocking IO mode, look at the code to see how :-). - Have a read of doc/s_mult as well. This program leaks memory and - file descriptors everywhere but I have not cleaned it up yet. - This is a demo of how to do non-blocking IO. -- The SSL session management has been 'worked over' and there is now - quite an expansive set of functions to manipulate them. Have a read of - doc/session.doc for some-things I quickly whipped up about how it now works. - This assume you know the SSLv2 protocol :-) -- I can now read/write the netscape certificate format, use the - -inform/-outform 'net' options to the x509 command. I have not put support - for this type in the other demo programs, but it would be easy to add. -- asn1parse and 'enc' have been modified so that when reading base64 - encoded files (pem format), they do not require '-----BEGIN' header lines. - The 'enc' program had a buffering bug fixed, it can be used as a general - base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d' - respecivly. Leaving out the '-a' flag in this case makes the 'enc' command - into a form of 'cat'. -- The 'x509' and 'req' programs have been fixed and modified a little so - that they generate self-signed certificates correctly. The test - script actually generates a 'CA' certificate and then 'signs' a - 'user' certificate. Have a look at this shell script (test/sstest) - to see how things work, it tests most possible combinations of what can - be done. -- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name - of SSL_set_cipher_list() is now the correct API (stops confusion :-). - If this function is used in the client, only the specified ciphers can - be used, with preference given to the order the ciphers were listed. - For the server, if this is used, only the specified ciphers will be used - to accept connections. If this 'option' is not used, a default set of - ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this - list for all ciphers started against the SSL_CTX. So the order is - SSL cipher_list, if not present, SSL_CTX cipher list, if not - present, then the library default. - What this means is that normally ciphers like - NULL-MD5 will never be used. The only way this cipher can be used - for both ends to specify to use it. - To enable or disable ciphers in the library at build time, modify the - first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c. - This file also contains the 'pref_cipher' list which is the default - cipher preference order. -- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net' - options work. They should, and they enable loading and writing the - netscape rsa private key format. I will be re-working this section of - SSLeay for the next version. What is currently in place is a quick and - dirty hack. -- I've re-written parts of the bignum library. This gives speedups - for all platforms. I now provide assembler for use under Windows NT. - I have not tested the Windows 3.1 assembler but it is quite simple code. - This gives RSAprivate_key operation encryption times of 0.047s (512bit key) - and 0.230s (1024bit key) on a pentium 100 which I consider reasonable. - Basically the times available under linux/solaris x86 can be achieve under - Windows NT. I still don't know how these times compare to RSA's BSAFE - library but I have been emailing with people and with their help, I should - be able to get my library's quite a bit faster still (more algorithm changes). - The object file crypto/bn/asm/x86-32.obj should be used when linking - under NT. -- 'make makefile.one' in the top directory will generate a single makefile - called 'makefile.one' This makefile contains no perl references and - will build the SSLeay library into the 'tmp' and 'out' directories. - util/mk1mf.pl >makefile.one is how this makefile is - generated. The mk1mf.pl command take several option to generate the - makefile for use with cc, gcc, Visual C++ and Borland C++. This is - still under development. I have only build .lib's for NT and MSDOS - I will be working on this more. I still need to play with the - correct compiler setups for these compilers and add some more stuff but - basically if you just want to compile the library - on a 'non-unix' platform, this is a very very good file to start with :-). - Have a look in the 'microsoft' directory for my current makefiles. - I have not yet modified things to link with sockets under Windows NT. - You guys should be able to do this since this is actually outside of the - SSLeay scope :-). I will be doing it for myself soon. - util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock - to build without RC2/RC4, to require RSAref for linking, and to - build with no socket code. - -- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher - that was posted to sci.crypt has been added to the library and SSL. - I take the view that if RC2 is going to be included in a standard, - I'll include the cipher to make my package complete. - There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers - at compile time. I have not tested this recently but it should all work - and if you are in the USA and don't want RSA threatening to sue you, - you could probably remove the RC4/RC2 code inside these sections. - I may in the future include a perl script that does this code - removal automatically for those in the USA :-). -- I have removed all references to sed in the makefiles. So basically, - the development environment requires perl and sh. The build environment - does not (use the makefile.one makefile). - The Configure script still requires perl, this will probably stay that way - since I have perl for Windows NT :-). - -eric (03-May-1996) - -PS Have a look in the VERSION file for more details on the changes and - bug fixes. -I have fixed a few bugs, added alpha and x86 assembler and generally cleaned -things up. This version will be quite stable, mostly because I'm on -holidays until 10-March-1996. For any problems in the interum, send email -to Tim Hudson . - -SSLeay 0.5.0 - -12-12-95 -This is going out before it should really be released. - -I leave for 11 weeks holidays on the 22-12-95 and so I either sit on -this for 11 weeks or get things out. It is still going to change a -lot in the next week so if you do grab this version, please test and -give me feed back ASAP, inculuding questions on how to do things with -the library. This will prompt me to write documentation so I don't -have to answer the same question again :-). - -This 'pre' release version is for people who are interested in the -library. The applications will have to be changed to use -the new version of the SSL interface. I intend to finish more -documentation before I leave but until then, look at the programs in -the apps directory. As far as code goes, it is much much nicer than -the old version. - -The current library works, has no memory leaks (as far as I can tell) -and is far more bug free that 0.4.5d. There are no global variable of -consequence (I believe) and I will produce some documentation that -tell where to look for those people that do want to do multi-threaded -stuff. - -There should be more documentation. Have a look in the -doc directory. I'll be adding more before I leave, it is a start -by mostly documents the crypto library. Tim Hudson will update -the web page ASAP. The spelling and grammar are crap but -it is better than nothing :-) - -Reasons to start playing with version 0.5.0 -- All the programs in the apps directory build into one ssleay binary. -- There is a new version of the 'req' program that generates certificate - requests, there is even documentation for this one :-) -- There is a demo certification authorithy program. Currently it will - look at the simple database and update it. It will generate CRL from - the data base. You need to edit the database by hand to revoke a - certificate, it is my aim to use perl5/Tk but I don't have time to do - this right now. It will generate the certificates but the management - scripts still need to be written. This is not a hard task. -- Things have been cleaned up a lot. -- Have a look at the enc and dgst programs in the apps directory. -- It supports v3 of x509 certiticates. - - -Major things missing. -- I have been working on (and thinging about) the distributed x509 - hierachy problem. I have not had time to put my solution in place. - It will have to wait until I come back. -- I have not put in CRL checking in the certificate verification but - it would not be hard to do. I was waiting until I could generate my - own CRL (which has only been in the last week) and I don't have time - to put it in correctly. -- Montgomery multiplication need to be implemented. I know the - algorithm, just ran out of time. -- PKCS#7. I can load and write the DER version. I need to re-work - things to support BER (if that means nothing, read the ASN1 spec :-). -- Testing of the higher level digital envelope routines. I have not - played with the *_seal() and *_open() type functions. They are - written but need testing. The *_sign() and *_verify() functions are - rock solid. -- PEM. Doing this and PKCS#7 have been dependant on the distributed - x509 heirachy problem. I started implementing my ideas, got - distracted writing a CA program and then ran out of time. I provide - the functionality of RSAref at least. -- Re work the asm. code for the x86. I've changed by low level bignum - interface again, so I really need to tweak the x86 stuff. gcc is - good enough for the other boxes. - diff --git a/doc/README b/doc/README index 6ecc14d..a5e1787 100644 --- a/doc/README +++ b/doc/README @@ -1,12 +1,8 @@ apps/openssl.pod .... Documentation of OpenSSL `openssl' command - crypto/crypto.pod ... Documentation of OpenSSL crypto.h+libcrypto.a - ssl/ssl.pod ......... Documentation of OpenSSL ssl.h+libssl.a - openssl.txt ......... Assembled documentation files for OpenSSL [not final] - ssleay.txt .......... Assembled documentation of ancestor SSLeay [obsolete] - standards.txt ....... Assembled pointers to standards, RFCs or internet drafts - that are related to OpenSSL. - - An archive of HTML documents for the SSLeay library is available from - http://www.columbia.edu/~ariel/ssleay/ + crypto/crypto.pod ... Documentation of OpenSSL crypto.h (libcrypto) + ssl/ssl.pod ......... Documentation of OpenSSL ssl.h (libssl) + standards.txt ....... Pointers to standards, RFCs or internet drafts + that are related to OpenSSL. Incomplete. + HTML versions are on https://www.openssl.org/docs diff --git a/doc/c-indentation.el b/doc/c-indentation.el deleted file mode 100644 index 90861d3..0000000 --- a/doc/c-indentation.el +++ /dev/null @@ -1,45 +0,0 @@ -; This Emacs Lisp file defines a C indentation style that closely -; follows most aspects of the one that is used throughout SSLeay, -; and hence in OpenSSL. -; -; This definition is for the "CC mode" package, which is the default -; mode for editing C source files in Emacs 20, not for the older -; c-mode.el (which was the default in less recent releaes of Emacs 19). -; -; Copy the definition in your .emacs file or use M-x eval-buffer. -; To activate this indentation style, visit a C file, type -; M-x c-set-style (or C-c . for short), and enter "eay". -; To toggle the auto-newline feature of CC mode, type C-c C-a. -; -; Apparently statement blocks that are not introduced by a statement -; such as "if" and that are not the body of a function cannot -; be handled too well by CC mode with this indentation style, -; so you have to indent them manually (you can use C-q tab). -; -; For suggesting improvements, please send e-mail to bodo at openssl.org. - -(c-add-style "eay" - '((c-basic-offset . 8) - (indent-tabs-mode . t) - (c-comment-only-line-offset . 0) - (c-hanging-braces-alist) - (c-offsets-alist . ((defun-open . +) - (defun-block-intro . 0) - (class-open . +) - (class-close . +) - (block-open . 0) - (block-close . 0) - (substatement-open . +) - (statement . 0) - (statement-block-intro . 0) - (statement-case-open . +) - (statement-case-intro . +) - (case-label . -) - (label . -) - (arglist-cont-nonempty . +) - (topmost-intro . -) - (brace-list-close . 0) - (brace-list-intro . 0) - (brace-list-open . +) - )))) - diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt index 373e90d..b55d7bb 100644 --- a/doc/fingerprints.txt +++ b/doc/fingerprints.txt @@ -1,63 +1,27 @@ - Fingerprints +Fingerprints for Signing Relases -OpenSSL releases are signed with PGP/GnuPG keys. You can find the -signatures in separate files in the same location you find the -distributions themselves. The normal file name is the same as the -distribution file, with '.asc' added. For example, the signature for -the distribution of OpenSSL 1.0.1h, openssl-1.0.1h.tar.gz, is found in -the file openssl-1.0.1h.tar.gz.asc. +OpenSSL releases are signed with PGP/GnuPG keys. This file contains +the fingerprints of team members who are "authorized" to sign the +next release. + +The signature is a detached cleartxt signature, with the same name +as the release but with ".asc" appended. For example, release +1.0.1h can be found in openssl-1.0.1h.tar.gz with the signature +in the file named openssl-1.0.1h.tar.gz.asc. The following is the list of fingerprints for the keys that are currently in use to sign OpenSSL distributions: -pub 1024D/F709453B 2003-10-20 - Key fingerprint = C4CA B749 C34F 7F4C C04F DAC9 A7AF 9E78 F709 453B -uid Richard Levitte +pub 4096R/7DF9EE8C 2014-10-04 + Key fingerprint = 7953 AC1F BC3D C8B3 B292 393E D5E9 E43F 7DF9 EE8C +uid Richard Levitte uid Richard Levitte -uid Richard Levitte - -pub 2048R/F295C759 1998-12-13 - Key fingerprint = D0 5D 8C 61 6E 27 E6 60 41 EC B1 B8 D5 7E E5 97 -uid Dr S N Henson +uid Richard Levitte pub 4096R/FA40E9E2 2005-03-19 Key fingerprint = 6260 5AA4 334A F9F0 DDE5 D349 D357 7507 FA40 E9E2 -uid Dr Stephen Henson -uid Dr Stephen Henson uid Dr Stephen N Henson -sub 4096R/8811F530 2005-03-19 - -pub 1024R/49A563D9 1997-02-24 - Key fingerprint = 7B 79 19 FA 71 6B 87 25 0E 77 21 E5 52 D9 83 BF -uid Mark Cox -uid Mark Cox -uid Mark Cox - -pub 1024R/9C58A66D 1997-04-03 - Key fingerprint = 13 D0 B8 9D 37 30 C3 ED AC 9C 24 7D 45 8C 17 67 -uid jaenicke at openssl.org -uid Lutz Jaenicke - -pub 1024D/2118CF83 1998-07-13 - Key fingerprint = 7656 55DE 62E3 96FF 2587 EB6C 4F6D E156 2118 CF83 -uid Ben Laurie -uid Ben Laurie -uid Ben Laurie -sub 4096g/1F5143E7 1998-07-13 - -pub 1024R/5A6A9B85 1994-03-22 - Key fingerprint = C7 AC 7E AD 56 6A 65 EC F6 16 66 83 7E 86 68 28 -uid Bodo Moeller <2005 at bmoeller.de> -uid Bodo Moeller <2003 at bmoeller.de> -uid Bodo Moeller <2004 at bmoeller.de> -uid Bodo Moeller -uid Bodo Moeller -uid Bodo Moeller -uid Bodo Moeller <3moeller at informatik.uni-hamburg.de> -uid Bodo Moeller -uid Bodo Moeller <3moeller at rzdspc5.informatik.uni-hamburg.de> pub 2048R/0E604491 2013-04-30 Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 uid Matt Caswell - diff --git a/doc/openssl-shared.txt b/doc/openssl-shared.txt deleted file mode 100644 index 5cf84a0..0000000 --- a/doc/openssl-shared.txt +++ /dev/null @@ -1,32 +0,0 @@ -The OpenSSL shared libraries are often installed in a directory like -/usr/local/ssl/lib. - -If this directory is not in a standard system path for dynamic/shared -libraries, then you will have problems linking and executing -applications that use OpenSSL libraries UNLESS: - -* you link with static (archive) libraries. If you are truly - paranoid about security, you should use static libraries. -* you use the GNU libtool code during linking - (http://www.gnu.org/software/libtool/libtool.html) -* you use pkg-config during linking (this requires that - PKG_CONFIG_PATH includes the path to the OpenSSL shared - library directory), and make use of -R or -rpath. - (http://www.freedesktop.org/software/pkgconfig/) -* you specify the system-wide link path via a command such - as crle(1) on Solaris systems. -* you add the OpenSSL shared library directory to /etc/ld.so.conf - and run ldconfig(8) on Linux systems. -* you define the LD_LIBRARY_PATH, LIBPATH, SHLIB_PATH (HP), - DYLD_LIBRARY_PATH (MacOS X) or PATH (Cygwin and DJGPP) - environment variable and add the OpenSSL shared library - directory to it. - -One common tool to check the dynamic dependencies of an executable -or dynamic library is ldd(1) on most UNIX systems. - -See any operating system documentation and manpages about shared -libraries for your version of UNIX. The following manpages may be -helpful: ld(1), ld.so(1), ld.so.1(1) [Solaris], dld.sl(1) [HP], -ldd(1), crle(1) [Solaris], pldd(1) [Solaris], ldconfig(8) [Linux], -chatr(1) [HP]. diff --git a/doc/openssl.txt b/doc/openssl.txt deleted file mode 100644 index f8817b0..0000000 --- a/doc/openssl.txt +++ /dev/null @@ -1,1254 +0,0 @@ - -This is some preliminary documentation for OpenSSL. - -Contents: - - OpenSSL X509V3 extension configuration - X509V3 Extension code: programmers guide - PKCS#12 Library - - -============================================================================== - OpenSSL X509V3 extension configuration -============================================================================== - -OpenSSL X509V3 extension configuration: preliminary documentation. - -INTRODUCTION. - -For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now -possible to add and print out common X509 V3 certificate and CRL extensions. - -BEGINNERS NOTE - -For most simple applications you don't need to know too much about extensions: -the default openssl.cnf values will usually do sensible things. - -If you want to know more you can initially quickly look through the sections -describing how the standard OpenSSL utilities display and add extensions and -then the list of supported extensions. - -For more technical information about the meaning of extensions see: - -http://www.imc.org/ietf-pkix/ -http://home.netscape.com/eng/security/certs.html - -PRINTING EXTENSIONS. - -Extension values are automatically printed out for supported extensions. - -openssl x509 -in cert.pem -text -openssl crl -in crl.pem -text - -will give information in the extension printout, for example: - - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - 73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15 - X509v3 Authority Key Identifier: - keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email at 1.address/Email=email at 2.address, serial:00 - X509v3 Key Usage: - Certificate Sign, CRL Sign - X509v3 Subject Alternative Name: - email:email at 1.address, email:email at 2.address - -CONFIGURATION FILES. - -The OpenSSL utilities 'ca' and 'req' can now have extension sections listing -which certificate extensions to include. In each case a line: - -x509_extensions = extension_section - -indicates which section contains the extensions. In the case of 'req' the -extension section is used when the -x509 option is present to create a -self signed root certificate. - -The 'x509' utility also supports extensions when it signs a certificate. -The -extfile option is used to set the configuration file containing the -extensions. In this case a line with: - -extensions = extension_section - -in the nameless (default) section is used. If no such line is included then -it uses the default section. - -You can also add extensions to CRLs: a line - -crl_extensions = crl_extension_section - -will include extensions when the -gencrl option is used with the 'ca' utility. -You can add any extension to a CRL but of the supported extensions only -issuerAltName and authorityKeyIdentifier make any real sense. Note: these are -CRL extensions NOT CRL *entry* extensions which cannot currently be generated. -CRL entry extensions can be displayed. - -NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL -you should not include a crl_extensions line in the configuration file. - -As with all configuration files you can use the inbuilt environment expansion -to allow the values to be passed in the environment. Therefore if you have -several extension sections used for different purposes you can have a line: - -x509_extensions = $ENV::ENV_EXT - -and set the ENV_EXT environment variable before calling the relevant utility. - -EXTENSION SYNTAX. - -Extensions have the basic form: - -extension_name=[critical,] extension_options - -the use of the critical option makes the extension critical. Extreme caution -should be made when using the critical flag. If an extension is marked -as critical then any client that does not understand the extension should -reject it as invalid. Some broken software will reject certificates which -have *any* critical extensions (these violates PKIX but we have to live -with it). - -There are three main types of extension: string extensions, multi-valued -extensions, and raw extensions. - -String extensions simply have a string which contains either the value itself -or how it is obtained. - -For example: - -nsComment="This is a Comment" - -Multi-valued extensions have a short form and a long form. The short form -is a list of names and values: - -basicConstraints=critical,CA:true,pathlen:1 - -The long form allows the values to be placed in a separate section: - -basicConstraints=critical, at bs_section - -[bs_section] - -CA=true -pathlen=1 - -Both forms are equivalent. However it should be noted that in some cases the -same name can appear multiple times, for example, - -subjectAltName=email:steve at here,email:steve at there - -in this case an equivalent long form is: - -subjectAltName=@alt_section - -[alt_section] - -email.1=steve at here -email.2=steve at there - -This is because the configuration file code cannot handle the same name -occurring twice in the same section. - -The syntax of raw extensions is governed by the extension code: it can -for example contain data in multiple sections. The correct syntax to -use is defined by the extension code itself: check out the certificate -policies extension for an example. - -There are two ways to encode arbitrary extensions. - -The first way is to use the word ASN1 followed by the extension content -using the same syntax as ASN1_generate_nconf(). For example: - -1.2.3.4=critical,ASN1:UTF8String:Some random data - -1.2.3.4=ASN1:SEQUENCE:seq_sect - -[seq_sect] - -field1 = UTF8:field1 -field2 = UTF8:field2 - -It is also possible to use the word DER to include arbitrary data in any -extension. - -1.2.3.4=critical,DER:01:02:03:04 -1.2.3.4=DER:01020304 - -The value following DER is a hex dump of the DER encoding of the extension -Any extension can be placed in this form to override the default behaviour. -For example: - -basicConstraints=critical,DER:00:01:02:03 - -WARNING: DER should be used with caution. It is possible to create totally -invalid extensions unless care is taken. - -CURRENTLY SUPPORTED EXTENSIONS. - -If you aren't sure about extensions then they can be largely ignored: its only -when you want to do things like restrict certificate usage when you need to -worry about them. - -The only extension that a beginner might want to look at is Basic Constraints. -If in addition you want to try Netscape object signing the you should also -look at Netscape Certificate Type. - -Literal String extensions. - -In each case the 'value' of the extension is placed directly in the -extension. Currently supported extensions in this category are: nsBaseUrl, -nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl, -nsSslServerName and nsComment. - -For example: - -nsComment="This is a test comment" - -Bit Strings. - -Bit string extensions just consist of a list of supported bits, currently -two extensions are in this category: PKIX keyUsage and the Netscape specific -nsCertType. - -nsCertType (netscape certificate type) takes the flags: client, server, email, -objsign, reserved, sslCA, emailCA, objCA. - -keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation, -keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign, -encipherOnly, decipherOnly. - -For example: - -nsCertType=server - -keyUsage=digitalSignature, nonRepudiation - -Hints on Netscape Certificate Type. - -Other than Basic Constraints this is the only extension a beginner might -want to use, if you want to try Netscape object signing, otherwise it can -be ignored. - -If you want a certificate that can be used just for object signing then: - -nsCertType=objsign - -will do the job. If you want to use it as a normal end user and server -certificate as well then - -nsCertType=objsign,email,server - -is more appropriate. You cannot use a self signed certificate for object -signing (well Netscape signtool can but it cheats!) so you need to create -a CA certificate and sign an end user certificate with it. - -Side note: If you want to conform to the Netscape specifications then you -should really also set: - -nsCertType=objCA - -in the *CA* certificate for just an object signing CA and - -nsCertType=objCA,emailCA,sslCA - -for everything. Current Netscape software doesn't enforce this so it can -be omitted. - -Basic Constraints. - -This is generally the only extension you need to worry about for simple -applications. If you want your certificate to be usable as a CA certificate -(in addition to an end user certificate) then you set this to: - -basicConstraints=CA:TRUE - -if you want to be certain the certificate cannot be used as a CA then do: - -basicConstraints=CA:FALSE - -The rest of this section describes more advanced usage. - -Basic constraints is a multi-valued extension that supports a CA and an -optional pathlen option. The CA option takes the values true and false and -pathlen takes an integer. Note if the CA option is false the pathlen option -should be omitted. - -The pathlen parameter indicates the maximum number of CAs that can appear -below this one in a chain. So if you have a CA with a pathlen of zero it can -only be used to sign end user certificates and not further CAs. This all -assumes that the software correctly interprets this extension of course. - -Examples: - -basicConstraints=CA:TRUE -basicConstraints=critical,CA:TRUE, pathlen:0 - -NOTE: for a CA to be considered valid it must have the CA option set to -TRUE. An end user certificate MUST NOT have the CA value set to true. -According to PKIX recommendations it should exclude the extension entirely, -however some software may require CA set to FALSE for end entity certificates. - -Extended Key Usage. - -This extensions consists of a list of usages. - -These can either be object short names of the dotted numerical form of OIDs. -While any OID can be used only certain values make sense. In particular the -following PKIX, NS and MS values are meaningful: - -Value Meaning ------ ------- -serverAuth SSL/TLS Web Server Authentication. -clientAuth SSL/TLS Web Client Authentication. -codeSigning Code signing. -emailProtection E-mail Protection (S/MIME). -timeStamping Trusted Timestamping -msCodeInd Microsoft Individual Code Signing (authenticode) -msCodeCom Microsoft Commercial Code Signing (authenticode) -msCTLSign Microsoft Trust List Signing -msSGC Microsoft Server Gated Crypto -msEFS Microsoft Encrypted File System -nsSGC Netscape Server Gated Crypto - -For example, under IE5 a CA can be used for any purpose: by including a list -of the above usages the CA can be restricted to only authorised uses. - -Note: software packages may place additional interpretations on certificate -use, in particular some usages may only work for selected CAs. Don't for example -expect just including msSGC or nsSGC will automatically mean that a certificate -can be used for SGC ("step up" encryption) otherwise anyone could use it. - -Examples: - -extendedKeyUsage=critical,codeSigning,1.2.3.4 -extendedKeyUsage=nsSGC,msSGC - -Subject Key Identifier. - -This is really a string extension and can take two possible values. Either -a hex string giving details of the extension value to include or the word -'hash' which then automatically follow PKIX guidelines in selecting and -appropriate key identifier. The use of the hex string is strongly discouraged. - -Example: subjectKeyIdentifier=hash - -Authority Key Identifier. - -The authority key identifier extension permits two options. keyid and issuer: -both can take the optional value "always". - -If the keyid option is present an attempt is made to copy the subject key -identifier from the parent certificate. If the value "always" is present -then an error is returned if the option fails. - -The issuer option copies the issuer and serial number from the issuer -certificate. Normally this will only be done if the keyid option fails or -is not included: the "always" flag will always include the value. - -Subject Alternative Name. - -The subject alternative name extension allows various literal values to be -included in the configuration file. These include "email" (an email address) -"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a -registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName. - -Also the email option include a special 'copy' value. This will automatically -include and email addresses contained in the certificate subject name in -the extension. - -otherName can include arbitrary data associated with an OID: the value -should be the OID followed by a semicolon and the content in standard -ASN1_generate_nconf() format. - -Examples: - -subjectAltName=email:copy,email:my at other.address,URI:http://my.url.here/ -subjectAltName=email:my at other.address,RID:1.2.3.4 -subjectAltName=otherName:1.2.3.4;UTF8:some other identifier - -Issuer Alternative Name. - -The issuer alternative name option supports all the literal options of -subject alternative name. It does *not* support the email:copy option because -that would not make sense. It does support an additional issuer:copy option -that will copy all the subject alternative name values from the issuer -certificate (if possible). - -Example: - -issuserAltName = issuer:copy - -Authority Info Access. - -The authority information access extension gives details about how to access -certain information relating to the CA. Its syntax is accessOID;location -where 'location' has the same syntax as subject alternative name (except -that email:copy is not supported). accessOID can be any valid OID but only -certain values are meaningful for example OCSP and caIssuers. OCSP gives the -location of an OCSP responder: this is used by Netscape PSM and other software. - -Example: - -authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ -authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html - -CRL distribution points. - -This is a multi-valued extension that supports all the literal options of -subject alternative name. Of the few software packages that currently interpret -this extension most only interpret the URI option. - -Currently each option will set a new DistributionPoint with the fullName -field set to the given value. - -Other fields like cRLissuer and reasons cannot currently be set or displayed: -at this time no examples were available that used these fields. - -If you see this extension with when you attempt to print it out -or it doesn't appear to display correctly then let me know, including the -certificate (mail me at steve at openssl.org) . - -Examples: - -crlDistributionPoints=URI:http://www.myhost.com/myca.crl -crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl - -Certificate Policies. - -This is a RAW extension. It attempts to display the contents of this extension: -unfortunately this extension is often improperly encoded. - -The certificate policies extension will rarely be used in practice: few -software packages interpret it correctly or at all. IE5 does partially -support this extension: but it needs the 'ia5org' option because it will -only correctly support a broken encoding. Of the options below only the -policy OID, explicitText and CPS options are displayed with IE5. - -All the fields of this extension can be set by using the appropriate syntax. - -If you follow the PKIX recommendations of not including any qualifiers and just -using only one OID then you just include the value of that OID. Multiple OIDs -can be set separated by commas, for example: - -certificatePolicies= 1.2.4.5, 1.1.3.4 - -If you wish to include qualifiers then the policy OID and qualifiers need to -be specified in a separate section: this is done by using the @section syntax -instead of a literal OID value. - -The section referred to must include the policy OID using the name -policyIdentifier, cPSuri qualifiers can be included using the syntax: - -CPS.nnn=value - -userNotice qualifiers can be set using the syntax: - -userNotice.nnn=@notice - -The value of the userNotice qualifier is specified in the relevant section. -This section can include explicitText, organization and noticeNumbers -options. explicitText and organization are text strings, noticeNumbers is a -comma separated list of numbers. The organization and noticeNumbers options -(if included) must BOTH be present. If you use the userNotice option with IE5 -then you need the 'ia5org' option at the top level to modify the encoding: -otherwise it will not be interpreted properly. - -Example: - -certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8, at polsect - -[polsect] - -policyIdentifier = 1.3.5.8 -CPS.1="http://my.host.name/" -CPS.2="http://my.your.name/" -userNotice.1=@notice - -[notice] - -explicitText="Explicit Text Here" -organization="Organisation Name" -noticeNumbers=1,2,3,4 - -TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field, -according to PKIX it should be of type DisplayText but Verisign uses an -IA5STRING and IE5 needs this too. - -Display only extensions. - -Some extensions are only partially supported and currently are only displayed -but cannot be set. These include private key usage period, CRL number, and -CRL reason. - -============================================================================== - X509V3 Extension code: programmers guide -============================================================================== - -The purpose of the extension code is twofold. It allows an extension to be -created from a string or structure describing its contents and it prints out an -extension in a human or machine readable form. - -1. Initialisation and cleanup. - -No special initialisation is needed before calling the extension functions. -You used to have to call X509V3_add_standard_extensions(); but this is no longer -required and this function no longer does anything. - -void X509V3_EXT_cleanup(void); - -This function should be called to cleanup the extension code if any custom -extensions have been added. If no custom extensions have been added then this -call does nothing. After this call all custom extension code is freed up but -you can still use the standard extensions. - -2. Printing and parsing extensions. - -The simplest way to print out extensions is via the standard X509 printing -routines: if you use the standard X509_print() function, the supported -extensions will be printed out automatically. - -The following functions allow finer control over extension display: - -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); -int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); - -These two functions print out an individual extension to a BIO or FILE pointer. -Currently the flag argument is unused and should be set to 0. The 'indent' -argument is the number of spaces to indent each line. - -void *X509V3_EXT_d2i(X509_EXTENSION *ext); - -This function parses an extension and returns its internal structure. The -precise structure you get back depends on the extension being parsed. If the -extension if basicConstraints you will get back a pointer to a -BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more -details about the structures returned. The returned structure should be freed -after use using the relevant free function, BASIC_CONSTRAINTS_free() for -example. - -void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); -void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); -void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); -void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); - -These functions combine the operations of searching for extensions and -parsing them. They search a certificate, a CRL a CRL entry or a stack -of extensions respectively for extension whose NID is 'nid' and return -the parsed result of NULL if an error occurred. For example: - -BASIC_CONSTRAINTS *bs; -bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); - -This will search for the basicConstraints extension and either return -it value or NULL. NULL can mean either the extension was not found, it -occurred more than once or it could not be parsed. - -If 'idx' is NULL then an extension is only parsed if it occurs precisely -once. This is standard behaviour because extensions normally cannot occur -more than once. If however more than one extension of the same type can -occur it can be used to parse successive extensions for example: - -int i; -void *ext; - -i = -1; -for(;;) { - ext = X509_get_ext_d2i(x, nid, crit, &idx); - if(ext == NULL) break; - /* Do something with ext */ -} - -If 'crit' is not NULL and the extension was found then the int it points to -is set to 1 for critical extensions and 0 for non critical. Therefore if the -function returns NULL but 'crit' is set to 0 or 1 then the extension was -found but it could not be parsed. - -The int pointed to by crit will be set to -1 if the extension was not found -and -2 if the extension occurred more than once (this will only happen if -idx is NULL). In both cases the function will return NULL. - -3. Generating extensions. - -An extension will typically be generated from a configuration file, or some -other kind of configuration database. - -int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509 *cert); -int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, - X509_CRL *crl); - -These functions add all the extensions in the given section to the given -certificate or CRL. They will normally be called just before the certificate -or CRL is due to be signed. Both return 0 on error on non zero for success. - -In each case 'conf' is the LHASH pointer of the configuration file to use -and 'section' is the section containing the extension details. - -See the 'context functions' section for a description of the ctx parameter. - - -X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, - char *value); - -This function returns an extension based on a name and value pair, if the -pair will not need to access other sections in a config file (or there is no -config file) then the 'conf' parameter can be set to NULL. - -X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid, - char *value); - -This function creates an extension in the same way as X509V3_EXT_conf() but -takes the NID of the extension rather than its name. - -For example to produce basicConstraints with the CA flag and a path length of -10: - -x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); - - -X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); - -This function sets up an extension from its internal structure. The ext_nid -parameter is the NID of the extension and 'crit' is the critical flag. - -4. Context functions. - -The following functions set and manipulate an extension context structure. -The purpose of the extension context is to allow the extension code to -access various structures relating to the "environment" of the certificate: -for example the issuers certificate or the certificate request. - -void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, - X509_REQ *req, X509_CRL *crl, int flags); - -This function sets up an X509V3_CTX structure with details of the certificate -environment: specifically the issuers certificate, the subject certificate, -the certificate request and the CRL: if these are not relevant or not -available then they can be set to NULL. The 'flags' parameter should be set -to zero. - -X509V3_set_ctx_test(ctx) - -This macro is used to set the 'ctx' structure to a 'test' value: this is to -allow the syntax of an extension (or configuration file) to be tested. - -X509V3_set_ctx_nodb(ctx) - -This macro is used when no configuration database is present. - -void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); - -This function is used to set the configuration database when it is an LHASH -structure: typically a configuration file. - -The following functions are used to access a configuration database: they -should only be used in RAW extensions. - -char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); - -This function returns the value of the parameter "name" in "section", or NULL -if there has been an error. - -void X509V3_string_free(X509V3_CTX *ctx, char *str); - -This function frees up the string returned by the above function. - -STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); - -This function returns a whole section as a STACK_OF(CONF_VALUE) . - -void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); - -This function frees up the STACK returned by the above function. - -Note: it is possible to use the extension code with a custom configuration -database. To do this the "db_meth" element of the X509V3_CTX structure should -be set to an X509V3_CTX_METHOD structure. This structure contains the following -function pointers: - -char * (*get_string)(void *db, char *section, char *value); -STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); -void (*free_string)(void *db, char * string); -void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); - -these will be called and passed the 'db' element in the X509V3_CTX structure -to access the database. If a given function is not implemented or not required -it can be set to NULL. - -5. String helper functions. - -There are several "i2s" and "s2i" functions that convert structures to and -from ASCII strings. In all the "i2s" cases the returned string should be -freed using Free() after use. Since some of these are part of other extension -code they may take a 'method' parameter. Unless otherwise stated it can be -safely set to NULL. - -char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct); - -This returns a hex string from an ASN1_OCTET_STRING. - -char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); -char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); - -These return a string decimal representations of an ASN1_INTEGER and an -ASN1_ENUMERATED type, respectively. - -ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, - X509V3_CTX *ctx, char *str); - -This converts an ASCII hex string to an ASN1_OCTET_STRING. - -ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); - -This converts a decimal ASCII string into an ASN1_INTEGER. - -6. Multi valued extension helper functions. - -The following functions can be used to manipulate STACKs of CONF_VALUE -structures, as used by multi valued extensions. - -int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); - -This function expects a boolean value in 'value' and sets 'asn1_bool' to -it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following -strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE" -"false", "N", "n", "NO" or "no". - -int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); - -This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER. - -int X509V3_add_value(const char *name, const char *value, - STACK_OF(CONF_VALUE) **extlist); - -This simply adds a string name and value pair. - -int X509V3_add_value_uchar(const char *name, const unsigned char *value, - STACK_OF(CONF_VALUE) **extlist); - -The same as above but for an unsigned character value. - -int X509V3_add_value_bool(const char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool' - -int X509V3_add_value_bool_nf(char *name, int asn1_bool, - STACK_OF(CONF_VALUE) **extlist); - -This is the same as above except it adds nothing if asn1_bool is FALSE. - -int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, - STACK_OF(CONF_VALUE) **extlist); - -This function adds the value of the ASN1_INTEGER in decimal form. - -7. Other helper functions. - - - -ADDING CUSTOM EXTENSIONS. - -Currently there are three types of supported extensions. - -String extensions are simple strings where the value is placed directly in the -extensions, and the string returned is printed out. - -Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs -or return a STACK_OF(CONF_VALUE). - -Raw extensions are just passed a BIO or a value and it is the extensions -responsibility to handle all the necessary printing. - -There are two ways to add an extension. One is simply as an alias to an already -existing extension. An alias is an extension that is identical in ASN1 structure -to an existing extension but has a different OBJECT IDENTIFIER. This can be -done by calling: - -int X509V3_EXT_add_alias(int nid_to, int nid_from); - -'nid_to' is the new extension NID and 'nid_from' is the already existing -extension NID. - -Alternatively an extension can be written from scratch. This involves writing -the ASN1 code to encode and decode the extension and functions to print out and -generate the extension from strings. The relevant functions are then placed in -a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext); -called. - -The X509V3_EXT_METHOD structure is described below. - -struct { -int ext_nid; -int ext_flags; -X509V3_EXT_NEW ext_new; -X509V3_EXT_FREE ext_free; -X509V3_EXT_D2I d2i; -X509V3_EXT_I2D i2d; -X509V3_EXT_I2S i2s; -X509V3_EXT_S2I s2i; -X509V3_EXT_I2V i2v; -X509V3_EXT_V2I v2i; -X509V3_EXT_R2I r2i; -X509V3_EXT_I2R i2r; - -void *usr_data; -}; - -The elements have the following meanings. - -ext_nid is the NID of the object identifier of the extension. - -ext_flags is set of flags. Currently the only external flag is - X509V3_EXT_MULTILINE which means a multi valued extensions - should be printed on separate lines. - -usr_data is an extension specific pointer to any relevant data. This - allows extensions to share identical code but have different - uses. An example of this is the bit string extension which uses - usr_data to contain a list of the bit names. - -All the remaining elements are function pointers. - -ext_new is a pointer to a function that allocates memory for the - extension ASN1 structure: for example ASN1_OBJECT_new(). - -ext_free is a pointer to a function that free up memory of the extension - ASN1 structure: for example ASN1_OBJECT_free(). - -d2i is the standard ASN1 function that converts a DER buffer into - the internal ASN1 structure: for example d2i_ASN1_IA5STRING(). - -i2d is the standard ASN1 function that converts the internal - structure into the DER representation: for example - i2d_ASN1_IA5STRING(). - -The remaining functions are depend on the type of extension. One i2X and -one X2i should be set and the rest set to NULL. The types set do not need -to match up, for example the extension could be set using the multi valued -v2i function and printed out using the raw i2r. - -All functions have the X509V3_EXT_METHOD passed to them in the 'method' -parameter and an X509V3_CTX structure. Extension code can then access the -parent structure via the 'method' parameter to for example make use of the value -of usr_data. If the code needs to use detail relating to the request it can -use the 'ctx' parameter. - -A note should be given here about the 'flags' member of the 'ctx' parameter. -If it has the value CTX_TEST then the configuration syntax is being checked -and no actual certificate or CRL exists. Therefore any attempt in the config -file to access such information should silently succeed. If the syntax is OK -then it should simply return a (possibly bogus) extension, otherwise it -should return NULL. - -char *i2s(struct v3_ext_method *method, void *ext); - -This function takes the internal structure in the ext parameter and returns -a Malloc'ed string representing its value. - -void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -This function takes the string representation in the ext parameter and returns -an allocated internal structure: ext_free() will be used on this internal -structure after use. - -i2v and v2i handle a STACK_OF(CONF_VALUE): - -typedef struct -{ - char *section; - char *name; - char *value; -} CONF_VALUE; - -Only the name and value members are currently used. - -STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext); - -This function is passed the internal structure in the ext parameter and -returns a STACK of CONF_VALUE structures. The values of name, value, -section and the structure itself will be freed up with Free after use. -Several helper functions are available to add values to this STACK. - -void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, - STACK_OF(CONF_VALUE) *values); - -This function takes a STACK_OF(CONF_VALUE) structures and should set the -values of the external structure. This typically uses the name element to -determine which structure element to set and the value element to determine -what to set it to. Several helper functions are available for this -purpose (see above). - -int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent); - -This function is passed the internal extension structure in the ext parameter -and sends out a human readable version of the extension to out. The 'indent' -parameter should be noted to determine the necessary amount of indentation -needed on the output. - -void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); - -This is just passed the string representation of the extension. It is intended -to be used for more elaborate extensions where the standard single and multi -valued options are insufficient. They can use the 'ctx' parameter to parse the -configuration database themselves. See the context functions section for details -of how to do this. - -Note: although this type takes the same parameters as the "r2s" function there -is a subtle difference. Whereas an "r2i" function can access a configuration -database an "s2i" function MUST NOT. This is so the internal code can safely -assume that an "s2i" function will work without a configuration database. - -============================================================================== - PKCS#12 Library -============================================================================== - -This section describes the internal PKCS#12 support. There are very few -differences between the old external library and the new internal code at -present. This may well change because the external library will not be updated -much in future. - -This version now includes a couple of high level PKCS#12 functions which -generally "do the right thing" and should make it much easier to handle PKCS#12 -structures. - -HIGH LEVEL FUNCTIONS. - -For most applications you only need concern yourself with the high level -functions. They can parse and generate simple PKCS#12 files as produced by -Netscape and MSIE or indeed any compliant PKCS#12 file containing a single -private key and certificate pair. - -1. Initialisation and cleanup. - -No special initialisation is needed for the internal PKCS#12 library: the -standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to -add all algorithms (you should at least add SHA1 though) then you can manually -initialise the PKCS#12 library with: - -PKCS12_PBE_add(); - -The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is -called or it can be directly freed with: - -EVP_PBE_cleanup(); - -after this call (or EVP_cleanup() ) no more PKCS#12 library functions should -be called. - -2. I/O functions. - -i2d_PKCS12_bio(bp, p12) - -This writes out a PKCS12 structure to a BIO. - -i2d_PKCS12_fp(fp, p12) - -This is the same but for a FILE pointer. - -d2i_PKCS12_bio(bp, p12) - -This reads in a PKCS12 structure from a BIO. - -d2i_PKCS12_fp(fp, p12) - -This is the same but for a FILE pointer. - -3. High level functions. - -3.1 Parsing with PKCS12_parse(). - -int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert, - STACK **ca); - -This function takes a PKCS12 structure and a password (ASCII, null terminated) -and returns the private key, the corresponding certificate and any CA -certificates. If any of these is not required it can be passed as a NULL. -The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK -structure. Typically to read in a PKCS#12 file you might do: - -p12 = d2i_PKCS12_fp(fp, NULL); -PKCS12_parse(p12, password, &pkey, &cert, NULL); /* CAs not wanted */ -PKCS12_free(p12); - -3.2 PKCS#12 creation with PKCS12_create(). - -PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, - STACK *ca, int nid_key, int nid_cert, int iter, - int mac_iter, int keytype); - -This function will create a PKCS12 structure from a given password, name, -private key, certificate and optional STACK of CA certificates. The remaining -5 parameters can be set to 0 and sensible defaults will be used. - -The parameters nid_key and nid_cert are the key and certificate encryption -algorithms, iter is the encryption iteration count, mac_iter is the MAC -iteration count and keytype is the type of private key. If you really want -to know what these last 5 parameters do then read the low level section. - -Typically to create a PKCS#12 file the following could be used: - -p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0); -i2d_PKCS12_fp(fp, p12); -PKCS12_free(p12); - -3.3 Changing a PKCS#12 structure password. - -int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); - -This changes the password of an already existing PKCS#12 structure. oldpass -is the old password and newpass is the new one. An error occurs if the old -password is incorrect. - -LOW LEVEL FUNCTIONS. - -In some cases the high level functions do not provide the necessary -functionality. For example if you want to generate or parse more complex -PKCS#12 files. The sample pkcs12 application uses the low level functions -to display details about the internal structure of a PKCS#12 file. - -Introduction. - -This is a brief description of how a PKCS#12 file is represented internally: -some knowledge of PKCS#12 is assumed. - -A PKCS#12 object contains several levels. - -At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a -CRL, a private key, encrypted or unencrypted, a set of safebags (so the -structure can be nested) or other secrets (not documented at present). -A safebag can optionally have attributes, currently these are: a unicode -friendlyName (a Unicode string) or a localKeyID (a string of bytes). - -At the next level is an authSafe which is a set of safebags collected into -a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself. - -At the top level is the PKCS12 structure itself which contains a set of -authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it -contains a MAC which is a kind of password protected digest to preserve -integrity (so any unencrypted stuff below can't be tampered with). - -The reason for these levels is so various objects can be encrypted in various -ways. For example you might want to encrypt a set of private keys with -triple-DES and then include the related certificates either unencrypted or -with lower encryption. Yes it's the dreaded crypto laws at work again which -allow strong encryption on private keys and only weak encryption on other -stuff. - -To build one of these things you turn all certificates and keys into safebags -(with optional attributes). You collect the safebags into (one or more) STACKS -and convert these into authsafes (encrypted or unencrypted). The authsafes -are collected into a STACK and added to a PKCS12 structure. Finally a MAC -inserted. - -Pulling one apart is basically the reverse process. The MAC is verified against -the given password. The authsafes are extracted and each authsafe split into -a set of safebags (possibly involving decryption). Finally the safebags are -decomposed into the original keys and certificates and the attributes used to -match up private key and certificate pairs. - -Anyway here are the functions that do the dirty work. - -1. Construction functions. - -1.1 Safebag functions. - -M_PKCS12_x5092certbag(x509) - -This macro takes an X509 structure and returns a certificate bag. The -X509 structure can be freed up after calling this function. - -M_PKCS12_x509crl2certbag(crl) - -As above but for a CRL. - -PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey) - -Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure. -Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo -structure contains a private key data in plain text form it should be free'd -up as soon as it has been encrypted for security reasons (freeing up the -structure zeros out the sensitive data). This can be done with -PKCS8_PRIV_KEY_INFO_free(). - -PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) - -This sets the key type when a key is imported into MSIE or Outlook 98. Two -values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type -key that can also be used for signing but its size is limited in the export -versions of MS software to 512 bits, it is also the default. KEY_SIG is a -signing only key but the keysize is unlimited (well 16K is supposed to work). -If you are using the domestic version of MSIE then you can ignore this because -KEY_EX is not limited and can be used for both. - -PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) - -Convert a PKCS8 private key structure into a keybag. This routine embeds the -p8 structure in the keybag so p8 should not be freed up or used after it is -called. The p8 structure will be freed up when the safebag is freed. - -PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8) - -Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not -embedded and can be freed up after use. - -int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) -int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen) - -Add a local key id or a friendlyname to a safebag. - -1.2 Authsafe functions. - -PKCS7 *PKCS12_pack_p7data(STACK *sk) -Take a stack of safebags and convert them into an unencrypted authsafe. The -stack of safebags can be freed up after calling this function. - -PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags); - -As above but encrypted. - -1.3 PKCS12 functions. - -PKCS12 *PKCS12_init(int mode) - -Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data). - -M_PKCS12_pack_authsafes(p12, safes) - -This macro takes a STACK of authsafes and adds them to a PKCS#12 structure. - -int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type); - -Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests -that SHA-1 should be used. - -2. Extraction Functions. - -2.1 Safebags. - -M_PKCS12_bag_type(bag) - -Return the type of "bag". Returns one of the following - -NID_keyBag -NID_pkcs8ShroudedKeyBag 7 -NID_certBag 8 -NID_crlBag 9 -NID_secretBag 10 -NID_safeContentsBag 11 - -M_PKCS12_cert_bag_type(bag) - -Returns type of certificate bag, following are understood. - -NID_x509Certificate 14 -NID_sdsiCertificate 15 - -M_PKCS12_crl_bag_type(bag) - -Returns crl bag type, currently only NID_crlBag is recognised. - -M_PKCS12_certbag2x509(bag) - -This macro extracts an X509 certificate from a certificate bag. - -M_PKCS12_certbag2x509crl(bag) - -As above but for a CRL. - -EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) - -Extract a private key from a PKCS8 private key info structure. - -M_PKCS12_decrypt_skey(bag, pass, passlen) - -Decrypt a shrouded key bag and return a PKCS8 private key info structure. -Works with both RSA and DSA keys - -char *PKCS12_get_friendlyname(bag) - -Returns the friendlyName of a bag if present or NULL if none. The returned -string is a null terminated ASCII string allocated with Malloc(). It should -thus be freed up with Free() after use. - -2.2 AuthSafe functions. - -M_PKCS12_unpack_p7data(p7) - -Extract a STACK of safe bags from a PKCS#7 data ContentInfo. - -#define M_PKCS12_unpack_p7encdata(p7, pass, passlen) - -As above but for an encrypted content info. - -2.3 PKCS12 functions. - -M_PKCS12_unpack_authsafes(p12) - -Extract a STACK of authsafes from a PKCS12 structure. - -M_PKCS12_mac_present(p12) - -Check to see if a MAC is present. - -int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen) - -Verify a MAC on a PKCS12 structure. Returns an error if MAC not present. - - -Notes. - -1. All the function return 0 or NULL on error. -2. Encryption based functions take a common set of parameters. These are -described below. - -pass, passlen -ASCII password and length. The password on the MAC is called the "integrity -password" the encryption password is called the "privacy password" in the -PKCS#12 documentation. The passwords do not have to be the same. If -1 is -passed for the length it is worked out by the function itself (currently -this is sometimes done whatever is passed as the length but that may change). - -salt, saltlen -A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a -default length is used. - -iter -Iteration count. This is a measure of how many times an internal function is -called to encrypt the data. The larger this value is the longer it takes, it -makes dictionary attacks on passwords harder. NOTE: Some implementations do -not support an iteration count on the MAC. If the password for the MAC and -encryption is the same then there is no point in having a high iteration -count for encryption if the MAC has no count. The MAC could be attacked -and the password used for the main decryption. - -pbe_nid -This is the NID of the password based encryption method used. The following are -supported. -NID_pbe_WithSHA1And128BitRC4 -NID_pbe_WithSHA1And40BitRC4 -NID_pbe_WithSHA1And3_Key_TripleDES_CBC -NID_pbe_WithSHA1And2_Key_TripleDES_CBC -NID_pbe_WithSHA1And128BitRC2_CBC -NID_pbe_WithSHA1And40BitRC2_CBC - -Which you use depends on the implementation you are exporting to. "Export -grade" (i.e. cryptographically challenged) products cannot support all -algorithms. Typically you may be able to use any encryption on shrouded key -bags but they must then be placed in an unencrypted authsafe. Other authsafes -may only support 40bit encryption. Of course if you are using SSLeay -throughout you can strongly encrypt everything and have high iteration counts -on everything. - -3. For decryption routines only the password and length are needed. - -4. Unlike the external version the nid's of objects are the values of the -constants: that is NID_certBag is the real nid, therefore there is no -PKCS12_obj_offset() function. Note the object constants are not the same as -those of the external version. If you use these constants then you will need -to recompile your code. - -5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or -macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be -reused or freed up safely. - diff --git a/doc/ssleay.txt b/doc/ssleay.txt deleted file mode 100644 index 29ea0ee..0000000 --- a/doc/ssleay.txt +++ /dev/null @@ -1,7030 +0,0 @@ - -Bundle of old SSLeay documentation files [OBSOLETE!] - -*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** - -OBSOLETE means that nothing in this document should be trusted. This -document is provided mostly for historical purposes (it wasn't even up -to date at the time SSLeay 0.8.1 was released) and as inspiration. If -you copy some snippet of code from this document, please _check_ that -it really is correct from all points of view. For example, you can -check with the other documents in this directory tree, or by comparing -with relevant parts of the include files. - -People have done the mistake of trusting what's written here. Please -don't do that. - -*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! *** - - -==== readme ======================================================== - -This is the old 0.6.6 docuementation. Most of the cipher stuff is still -relevent but I'm working (very slowly) on new documentation. -The current version can be found online at - -http://www.cryptsoft.com/ssleay/doc - -==== API.doc ======================================================== - -SSL - SSLv2/v3/v23 etc. - -BIO - methods and how they plug together - -MEM - memory allocation callback - -CRYPTO - locking for threads - -EVP - Ciphers/Digests/signatures - -RSA - methods - -X509 - certificate retrieval - -X509 - validation - -X509 - X509v3 extensions - -Objects - adding object identifiers - -ASN.1 - parsing - -PEM - parsing - -==== ssl/readme ===================================================== - -22 Jun 1996 -This file belongs in ../apps, but I'll leave it here because it deals -with SSL :-) It is rather dated but it gives you an idea of how -things work. -=== - -17 Jul 1995 -I have been changing things quite a bit and have not fully updated -this file, so take what you read with a grain of salt -eric -=== -The s_client and s_server programs can be used to test SSL capable -IP/port addresses and the verification of the X509 certificates in use -by these services. I strongly advise having a look at the code to get -an idea of how to use the authentication under SSLeay. Any feedback -on changes and improvements would be greatly accepted. - -This file will probably be gibberish unless you have read -rfc1421, rfc1422, rfc1423 and rfc1424 which describe PEM -authentication. - -A Brief outline (and examples) how to use them to do so. - -NOTE: -The environment variable SSL_CIPER is used to specify the prefered -cipher to use, play around with setting it's value to combinations of -RC4-MD5, EXP-RC4-MD5, CBC-DES-MD5, CBC3-DES-MD5, CFB-DES-NULL -in a : separated list. - -This directory contains 3 X509 certificates which can be used by these programs. -client.pem: a file containing a certificate and private key to be used - by s_client. -server.pem :a file containing a certificate and private key to be used - by s_server. -eay1024.pem:the certificate used to sign client.pem and server.pem. - This would be your CA's certificate. There is also a link - from the file a8556381.0 to eay1024.PEM. The value a8556381 - is returned by 'x509 -hash -noout to exit. Flags are as follows. --host arg : Arg is the host or IP address to connect to. --port arg : Arg is the port to connect to (https is 443). --verify arg : Turn on authentication of the server certificate. - : Arg specifies the 'depth', this will covered below. --cert arg : The optional certificate to use. This certificate - : will be returned to the server if the server - : requests it for client authentication. --key arg : The private key that matches the certificate - : specified by the -cert option. If this is not - : specified (but -cert is), the -cert file will be - : searched for the Private key. Both files are - : assumed to be in PEM format. --CApath arg : When to look for certificates when 'verifying' the - : certificate from the server. --CAfile arg : A file containing certificates to be used for - : 'verifying' the server certificate. --reconnect : Once a connection has been made, drop it and - : reconnect with same session-id. This is for testing :-). - -The '-verify n' parameter specifies not only to verify the servers -certificate but to also only take notice of 'n' levels. The best way -to explain is to show via examples. -Given -s_server -cert server.PEM is running. - -s_client - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:1 - CIPHER is CBC-DES-MD5 -What has happened is that the 'SSLeay demo server' certificate's -issuer ('CA') could not be found but because verify is not on, we -don't care and the connection has been made anyway. It is now 'up' -using CBC-DES-MD5 mode. This is an unauthenticate secure channel. -You may not be talking to the right person but the data going to them -is encrypted. - -s_client -verify 0 - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:1 - CIPHER is CBC-DES-MD5 -We are 'verifying' but only to depth 0, so since the 'SSLeay demo server' -certificate passed the date and checksum, we are happy to proceed. - -s_client -verify 1 - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:0 - ERROR - verify error:unable to get issuer certificate -In this case we failed to make the connection because we could not -authenticate the certificate because we could not find the -'CA' certificate. - -s_client -verify 1 -CAfile eay1024.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -We loaded the certificates from the file eay1024.PEM. Everything -checked out and so we made the connection. - -s_client -verify 1 -CApath . - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -We looked in out local directory for issuer certificates and 'found' -a8556381.0 and so everything is ok. - -It is worth noting that 'CA' is a self certified certificate. If you -are passed one of these, it will fail to 'verify' at depth 0 because -we need to lookup the certifier of a certificate from some information -that we trust and keep locally. - -SSL_CIPHER=CBC3-DES-MD5:RC4-MD5 -export SSL_CIPHER -s_client -verify 10 -CApath . -reconnect - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - drop the connection and reconnect with the same session id - CIPHER is CBC3-DES-MD5 -This has done a full connection and then re-estabished it with the -same session id but a new socket. No RSA stuff occures on the second -connection. Note that we said we would prefer to use CBC3-DES-MD5 -encryption and so, since the server supports it, we are. - -===== -s_server -This program accepts SSL connections on a specified port -Once connected, it will estabish an SSL connection and optionaly -attempt to authenticate the client. A 2 directional channel will be -open. Any text typed will be sent to the other end. Type Q to exit. -Flags are as follows. --port arg : Arg is the port to listen on. --verify arg : Turn on authentication of the client if they have a - : certificate. Arg specifies the 'depth'. --Verify arg : Turn on authentication of the client. If they don't - : have a valid certificate, drop the connection. --cert arg : The certificate to use. This certificate - : will be passed to the client. If it is not - : specified, it will default to server.PEM --key arg : The private key that matches the certificate - : specified by the -cert option. If this is not - : specified (but -cert is), the -cert file will be - : searched for the Private key. Both files are - : assumed to be in PEM format. Default is server.PEM --CApath arg : When to look for certificates when 'verifying' the - : certificate from the client. --CAfile arg : A file containing certificates to be used for - : 'verifying' the client certificate. - -For the following 'demo' I will specify the s_server command and -the s_client command and then list the output from the s_server. -s_server -s_client - CONNECTED - CIPHER is CBC-DES-MD5 -Everything up and running - -s_server -verify 0 -s_client - CONNECTED - CIPHER is CBC-DES-MD5 -Ok since no certificate was returned and we don't care. - -s_server -verify 0 -./s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:1 - CIPHER is CBC-DES-MD5 -Ok since we were only verifying to level 0 - -s_server -verify 4 -s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - issuer= /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify error:num=1:unable to get issuer certificate - verify return:0 - ERROR - verify error:unable to get issuer certificate -Bad because we could not authenticate the returned certificate. - -s_server -verify 4 -CApath . -s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -Ok because we could authenticate the returned certificate :-). - -s_server -Verify 0 -CApath . -s_client - CONNECTED - ERROR - SSL error:function is:REQUEST_CERTIFICATE - :error is :client end did not return a certificate -Error because no certificate returned. - -s_server -Verify 4 -CApath . -s_client -cert client.PEM - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -Full authentication of the client. - -So in summary to do full authentication of both ends -s_server -Verify 9 -CApath . -s_client -cert client.PEM -CApath . -verify 9 -From the server side - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo client - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 -From the client side - CONNECTED - depth=0 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=SSLeay demo server - verify return:1 - depth=1 /C=AU/SOP=QLD/O=Mincom Pty. Ltd./OU=CS/CN=CA - verify return:1 - CIPHER is CBC-DES-MD5 - -For general probing of the 'internet https' servers for the -distribution area, run -s_client -host www.netscape.com -port 443 -verify 4 -CApath ../rsa/hash -Then enter -GET / -and you should be talking to the https server on that host. - -www.rsa.com was refusing to respond to connections on 443 when I was -testing. - -have fun :-). - -eric - -==== a_verify.doc ======================================================== - -From eay at mincom.com Fri Oct 4 18:29:06 1996 -Received: by orb.mincom.oz.au id AA29080 - (5.65c/IDA-1.4.4 for eay); Fri, 4 Oct 1996 08:29:07 +1000 -Date: Fri, 4 Oct 1996 08:29:06 +1000 (EST) -From: Eric Young -X-Sender: eay at orb -To: wplatzer -Cc: Eric Young , SSL Mailing List -Subject: Re: Netscape's Public Key -In-Reply-To: <19961003134837.NTM0049 at iaik.tu-graz.ac.at> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: RO -X-Status: - -On Thu, 3 Oct 1996, wplatzer wrote: -> I get Public Key from Netscape (Gold 3.0b4), but cannot do anything -> with it... It looks like (asn1parse): -> -> 0:d=0 hl=3 l=180 cons: SEQUENCE -> 3:d=1 hl=2 l= 96 cons: SEQUENCE -> 5:d=2 hl=2 l= 92 cons: SEQUENCE -> 7:d=3 hl=2 l= 13 cons: SEQUENCE -> 9:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption -> 20:d=4 hl=2 l= 0 prim: NULL -> 22:d=3 hl=2 l= 75 prim: BIT STRING -> 99:d=2 hl=2 l= 0 prim: IA5STRING : -> 101:d=1 hl=2 l= 13 cons: SEQUENCE -> 103:d=2 hl=2 l= 9 prim: OBJECT :md5withRSAEncryption -> 114:d=2 hl=2 l= 0 prim: NULL -> 116:d=1 hl=2 l= 65 prim: BIT STRING -> -> The first BIT STRING is the public key and the second BIT STRING is -> the signature. -> But a public key consists of the public exponent and the modulus. Are -> both numbers in the first BIT STRING? -> Is there a document simply describing this coding stuff (checking -> signature, get the public key, etc.)? - -Minimal in SSLeay. If you want to see what the modulus and exponent are, -try asn1parse -offset 25 -length 75 next_bio list. - - - -Extra commands are normally implemented as macros calling BIO_ctrl(). -- BIO_number_read(BIO *bio) - the number of bytes processed - by BIO_read(bio,.). -- BIO_number_written(BIO *bio) - the number of bytes written - by BIO_write(bio,.). -- BIO_reset(BIO *bio) - 'reset' the BIO. -- BIO_eof(BIO *bio) - non zero if we are at the current end - of input. -- BIO_set_close(BIO *bio, int close_flag) - set the close flag. -- BIO_get_close(BIO *bio) - return the close flag. - BIO_pending(BIO *bio) - return the number of bytes waiting - to be read (normally buffered internally). -- BIO_flush(BIO *bio) - output any data waiting to be output. -- BIO_should_retry(BIO *io) - after a BIO_read/BIO_write - operation returns 0 or -1, a call to this function will - return non zero if you should retry the call later (this - is for non-blocking IO). -- BIO_should_read(BIO *io) - we should retry when data can - be read. -- BIO_should_write(BIO *io) - we should retry when data can - be written. -- BIO_method_name(BIO *io) - return a string for the method name. -- BIO_method_type(BIO *io) - return the unique ID of the BIO method. -- BIO_set_callback(BIO *io, long (*callback)(BIO *io, int - cmd, char *argp, int argi, long argl, long ret); - sets - the debug callback. -- BIO_get_callback(BIO *io) - return the assigned function - as mentioned above. -- BIO_set_callback_arg(BIO *io, char *arg) - assign some - data against the BIO. This is normally used by the debug - callback but could in reality be used for anything. To - get an idea of how all this works, have a look at the code - in the default debug callback mentioned above. The - callback can modify the return values. - -Details of the BIO_METHOD structure. -typedef struct bio_method_st - { - int type; - char *name; - int (*bwrite)(); - int (*bread)(); - int (*bputs)(); - int (*bgets)(); - long (*ctrl)(); - int (*create)(); - int (*destroy)(); - } BIO_METHOD; - -The 'type' is the numeric type of the BIO, these are listed in buffer.h; -'Name' is a textual representation of the BIO 'type'. -The 7 function pointers point to the respective function -methods, some of which can be NULL if not implemented. -The BIO structure -typedef struct bio_st - { - BIO_METHOD *method; - long (*callback)(BIO * bio, int mode, char *argp, int - argi, long argl, long ret); - char *cb_arg; /* first argument for the callback */ - int init; - int shutdown; - int flags; /* extra storage */ - int num; - char *ptr; - struct bio_st *next_bio; /* used by filter BIOs */ - int references; - unsigned long num_read; - unsigned long num_write; - } BIO; - -- 'Method' is the BIO method. -- 'callback', when configured, is called before and after - each BIO method is called for that particular BIO. This - is intended primarily for debugging and of informational feedback. -- 'init' is 0 when the BIO can be used for operation. - Often, after a BIO is created, a number of operations may - need to be performed before it is available for use. An - example is for BIO_s_sock(). A socket needs to be - assigned to the BIO before it can be used. -- 'shutdown', this flag indicates if the underlying - communication primitive being used should be closed/freed - when the BIO is closed. -- 'flags' is used to hold extra state. It is primarily used - to hold information about why a non-blocking operation - failed and to record startup protocol information for the - SSL BIO. -- 'num' and 'ptr' are used to hold instance specific state - like file descriptors or local data structures. -- 'next_bio' is used by filter BIOs to hold the pointer of the - next BIO in the chain. written data is sent to this BIO and - data read is taken from it. -- 'references' is used to indicate the number of pointers to - this structure. This needs to be '1' before a call to - BIO_free() is made if the BIO_free() function is to - actually free() the structure, otherwise the reference - count is just decreased. The actual BIO subsystem does - not really use this functionality but it is useful when - used in more advanced applicaion. -- num_read and num_write are the total number of bytes - read/written via the 'read()' and 'write()' methods. - -BIO_ctrl operations. -The following is the list of standard commands passed as the -second parameter to BIO_ctrl() and should be supported by -all BIO as best as possible. Some are optional, some are -manditory, in any case, where is makes sense, a filter BIO -should pass such requests to underlying BIO's. -- BIO_CTRL_RESET - Reset the BIO back to an initial state. -- BIO_CTRL_EOF - return 0 if we are not at the end of input, - non 0 if we are. -- BIO_CTRL_INFO - BIO specific special command, normal - information return. -- BIO_CTRL_SET - set IO specific parameter. -- BIO_CTRL_GET - get IO specific parameter. -- BIO_CTRL_GET_CLOSE - Get the close on BIO_free() flag, one - of BIO_CLOSE or BIO_NOCLOSE. -- BIO_CTRL_SET_CLOSE - Set the close on BIO_free() flag. -- BIO_CTRL_PENDING - Return the number of bytes available - for instant reading -- BIO_CTRL_FLUSH - Output pending data, return number of bytes output. -- BIO_CTRL_SHOULD_RETRY - After an IO error (-1 returned) - should we 'retry' when IO is possible on the underlying IO object. -- BIO_CTRL_RETRY_TYPE - What kind of IO are we waiting on. - -The following command is a special BIO_s_file() specific option. -- BIO_CTRL_SET_FILENAME - specify a file to open for IO. - -The BIO_CTRL_RETRY_TYPE needs a little more explanation. -When performing non-blocking IO, or say reading on a memory -BIO, when no data is present (or cannot be written), -BIO_read() and/or BIO_write() will return -1. -BIO_should_retry(bio) will return true if this is due to an -IO condition rather than an actual error. In the case of -BIO_s_mem(), a read when there is no data will return -1 and -a should retry when there is more 'read' data. -The retry type is deduced from 2 macros -BIO_should_read(bio) and BIO_should_write(bio). -Now while it may appear obvious that a BIO_read() failure -should indicate that a retry should be performed when more -read data is available, this is often not true when using -things like an SSL BIO. During the SSL protocol startup -multiple reads and writes are performed, triggered by any -SSL_read or SSL_write. -So to write code that will transparently handle either a -socket or SSL BIO, - i=BIO_read(bio,..) - if (I == -1) - { - if (BIO_should_retry(bio)) - { - if (BIO_should_read(bio)) - { - /* call us again when BIO can be read */ - } - if (BIO_should_write(bio)) - { - /* call us again when BIO can be written */ - } - } - } - -At this point in time only read and write conditions can be -used but in the future I can see the situation for other -conditions, specifically with SSL there could be a condition -of a X509 certificate lookup taking place and so the non- -blocking BIO_read would require a retry when the certificate -lookup subsystem has finished it's lookup. This is all -makes more sense and is easy to use in a event loop type -setup. -When using the SSL BIO, either SSL_read() or SSL_write()s -can be called during the protocol startup and things will -still work correctly. -The nice aspect of the use of the BIO_should_retry() macro -is that all the errno codes that indicate a non-fatal error -are encapsulated in one place. The Windows specific error -codes and WSAGetLastError() calls are also hidden from the -application. - -Notes on each BIO method. -Normally buffer.h is just required but depending on the -BIO_METHOD, ssl.h or evp.h will also be required. - -BIO_METHOD *BIO_s_mem(void); -- BIO_set_mem_buf(BIO *bio, BUF_MEM *bm, int close_flag) - - set the underlying BUF_MEM structure for the BIO to use. -- BIO_get_mem_ptr(BIO *bio, char **pp) - if pp is not NULL, - set it to point to the memory array and return the number - of bytes available. -A read/write BIO. Any data written is appended to the -memory array and any read is read from the front. This BIO -can be used for read/write at the same time. BIO_gets() is -supported in the fgets() sense. -BIO_CTRL_INFO can be used to retrieve pointers to the memory -buffer and it's length. - -BIO_METHOD *BIO_s_file(void); -- BIO_set_fp(BIO *bio, FILE *fp, int close_flag) - set 'FILE *' to use. -- BIO_get_fp(BIO *bio, FILE **fp) - get the 'FILE *' in use. -- BIO_read_filename(BIO *bio, char *name) - read from file. -- BIO_write_filename(BIO *bio, char *name) - write to file. -- BIO_append_filename(BIO *bio, char *name) - append to file. -This BIO sits over the normal system fread()/fgets() type -functions. Gets() is supported. This BIO in theory could be -used for read and write but it is best to think of each BIO -of this type as either a read or a write BIO, not both. - -BIO_METHOD *BIO_s_socket(void); -BIO_METHOD *BIO_s_fd(void); -- BIO_sock_should_retry(int i) - the underlying function - used to determine if a call should be retried; the - argument is the '0' or '-1' returned by the previous BIO - operation. -- BIO_fd_should_retry(int i) - same as the -- BIO_sock_should_retry() except that it is different internally. -- BIO_set_fd(BIO *bio, int fd, int close_flag) - set the - file descriptor to use -- BIO_get_fd(BIO *bio, int *fd) - get the file descriptor. -These two methods are very similar. Gets() is not -supported, if you want this functionality, put a -BIO_f_buffer() onto it. This BIO is bi-directional if the -underlying file descriptor is. This is normally the case -for sockets but not the case for stdio descriptors. - -BIO_METHOD *BIO_s_null(void); -Read and write as much data as you like, it all disappears -into this BIO. - -BIO_METHOD *BIO_f_buffer(void); -- BIO_get_buffer_num_lines(BIO *bio) - return the number of - complete lines in the buffer. -- BIO_set_buffer_size(BIO *bio, long size) - set the size of - the buffers. -This type performs input and output buffering. It performs -both at the same time. The size of the buffer can be set -via the set buffer size option. Data buffered for output is -only written when the buffer fills. - -BIO_METHOD *BIO_f_ssl(void); -- BIO_set_ssl(BIO *bio, SSL *ssl, int close_flag) - the SSL - structure to use. -- BIO_get_ssl(BIO *bio, SSL **ssl) - get the SSL structure - in use. -The SSL bio is a little different from normal BIOs because -the underlying SSL structure is a little different. A SSL -structure performs IO via a read and write BIO. These can -be different and are normally set via the -SSL_set_rbio()/SSL_set_wbio() calls. The SSL_set_fd() calls -are just wrappers that create socket BIOs and then call -SSL_set_bio() where the read and write BIOs are the same. -The BIO_push() operation makes the SSLs IO BIOs the same, so -make sure the BIO pushed is capable of two directional -traffic. If it is not, you will have to install the BIOs -via the more conventional SSL_set_bio() call. BIO_pop() will retrieve -the 'SSL read' BIO. - -BIO_METHOD *BIO_f_md(void); -- BIO_set_md(BIO *bio, EVP_MD *md) - set the message digest - to use. -- BIO_get_md(BIO *bio, EVP_MD **mdp) - return the digest - method in use in mdp, return 0 if not set yet. -- BIO_reset() reinitializes the digest (EVP_DigestInit()) - and passes the reset to the underlying BIOs. -All data read or written via BIO_read() or BIO_write() to -this BIO will be added to the calculated digest. This -implies that this BIO is only one directional. If read and -write operations are performed, two separate BIO_f_md() BIOs -are reuqired to generate digests on both the input and the -output. BIO_gets(BIO *bio, char *md, int size) will place the -generated digest into 'md' and return the number of bytes. -The EVP_MAX_MD_SIZE should probably be used to size the 'md' -array. Reading the digest will also reset it. - -BIO_METHOD *BIO_f_cipher(void); -- BIO_reset() reinitializes the cipher. -- BIO_flush() should be called when the last bytes have been - output to flush the final block of block ciphers. -- BIO_get_cipher_status(BIO *b), when called after the last - read from a cipher BIO, returns non-zero if the data - decrypted correctly, otherwise, 0. -- BIO_set_cipher(BIO *b, EVP_CIPHER *c, unsigned char *key, - unsigned char *iv, int encrypt) This function is used to - setup a cipher BIO. The length of key and iv are - specified by the choice of EVP_CIPHER. Encrypt is 1 to - encrypt and 0 to decrypt. - -BIO_METHOD *BIO_f_base64(void); -- BIO_flush() should be called when the last bytes have been output. -This BIO base64 encodes when writing and base64 decodes when -reading. It will scan the input until a suitable begin line -is found. After reading data, BIO_reset() will reset the -BIO to start scanning again. Do not mix reading and writing -on the same base64 BIO. It is meant as a single stream BIO. - -Directions type -both BIO_s_mem() -one/both BIO_s_file() -both BIO_s_fd() -both BIO_s_socket() -both BIO_s_null() -both BIO_f_buffer() -one BIO_f_md() -one BIO_f_cipher() -one BIO_f_base64() -both BIO_f_ssl() - -It is easy to mix one and two directional BIOs, all one has -to do is to keep two separate BIO pointers for reading and -writing and be careful about usage of underlying BIOs. The -SSL bio by it's very nature has to be two directional but -the BIO_push() command will push the one BIO into the SSL -BIO for both reading and writing. - -The best example program to look at is apps/enc.c and/or perhaps apps/dgst.c. - - -==== blowfish.doc ======================================================== - -The Blowfish library. - -Blowfish is a block cipher that operates on 64bit (8 byte) quantities. It -uses variable size key, but 128bit (16 byte) key would normally be considered -good. It can be used in all the modes that DES can be used. This -library implements the ecb, cbc, cfb64, ofb64 modes. - -Blowfish is quite a bit faster that DES, and much faster than IDEA or -RC2. It is one of the faster block ciphers. - -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'blowfish.h'. - -All of the encryption functions take what is called an BF_KEY as an -argument. An BF_KEY is an expanded form of the Blowfish key. -For all modes of the Blowfish algorithm, the BF_KEY used for -decryption is the same one that was used for encryption. - -The define BF_ENCRYPT is passed to specify encryption for the functions -that require an encryption/decryption flag. BF_DECRYPT is passed to -specify decryption. - -Please note that any of the encryption modes specified in my DES library -could be used with Blowfish. I have only implemented ecb, cbc, cfb64 and -ofb64 for the following reasons. -- ecb is the basic Blowfish encryption. -- cbc is the normal 'chaining' form for block ciphers. -- cfb64 can be used to encrypt single characters, therefore input and output - do not need to be a multiple of 8. -- ofb64 is similar to cfb64 but is more like a stream cipher, not as - secure (not cipher feedback) but it does not have an encrypt/decrypt mode. -- If you want triple Blowfish, thats 384 bits of key and you must be totally - obsessed with security. Still, if you want it, it is simple enough to - copy the function from the DES library and change the des_encrypt to - BF_encrypt; an exercise left for the paranoid reader :-). - -The functions are as follows: - -void BF_set_key( -BF_KEY *ks; -int len; -unsigned char *key; - BF_set_key converts an 'len' byte key into a BF_KEY. - A 'ks' is an expanded form of the 'key' which is used to - perform actual encryption. It can be regenerated from the Blowfish key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around BF_KEY's since they - are CPU architecture dependent, 'key's are not. Blowfish is an - interesting cipher in that it can be used with a variable length - key. 'len' is the length of 'key' to be used as the key. - A 'len' of 16 is recomended by me, but blowfish can use upto - 72 bytes. As a warning, blowfish has a very very slow set_key - function, it actually runs BF_encrypt 521 times. - -void BF_encrypt(unsigned long *data, BF_KEY *key); -void BF_decrypt(unsigned long *data, BF_KEY *key); - These are the Blowfish encryption function that gets called by just - about every other Blowfish routine in the library. You should not - use this function except to implement 'modes' of Blowfish. - I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. - Data is a pointer to 2 unsigned long's and key is the - BF_KEY to use. - -void BF_ecb_encrypt( -unsigned char *in, -unsigned char *out, -BF_KEY *key, -int encrypt); - This is the basic Electronic Code Book form of Blowfish (in DES this - mode is called Electronic Code Book so I'm going to use the term - for blowfish as well. - Input is encrypted into output using the key represented by - key. Depending on the encrypt, encryption or - decryption occurs. Input is 8 bytes long and output is 8 bytes. - -void BF_cbc_encrypt( -unsigned char *in, -unsigned char *out, -long length, -BF_KEY *ks, -unsigned char *ivec, -int encrypt); - This routine implements Blowfish in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, bad - things will probably happen. ivec is the initialisation vector. - This function updates iv after each call so that it can be passed to - the next call to BF_cbc_encrypt(). - -void BF_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -BF_KEY *schedule, -unsigned char *ivec, -int *num, -int encrypt); - This is one of the more useful functions in this Blowfish library, it - implements CFB mode of Blowfish with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - 'Encrypt' is used to indicate encryption or decryption. - CFB64 mode operates by using the cipher to generate a stream - of bytes which is used to encrypt the plain text. - The cipher text is then encrypted to generate the next 64 bits to - be xored (incrementally) with the next 64 bits of plain - text. As can be seen from this, to encrypt or decrypt, - the same 'cipher stream' needs to be generated but the way the next - block of data is gathered for encryption is different for - encryption and decryption. - -void BF_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -BF_KEY *schedule, -unsigned char *ivec, -int *num); - This functions implements OFB mode of Blowfish with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - This is in effect a stream cipher, there is no encryption or - decryption mode. - -For reading passwords, I suggest using des_read_pw_string() from my DES library. -To generate a password from a text string, I suggest using MD5 (or MD2) to -produce a 16 byte message digest that can then be passed directly to -BF_set_key(). - -===== -For more information about the specific Blowfish modes in this library -(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the -documentation on my DES library. What is said about DES is directly -applicable for Blowfish. - - -==== bn.doc ======================================================== - -The Big Number library. - -#include "bn.h" when using this library. - -This big number library was written for use in implementing the RSA and DH -public key encryption algorithms. As such, features such as negative -numbers have not been extensively tested but they should work as expected. -This library uses dynamic memory allocation for storing its data structures -and so there are no limit on the size of the numbers manipulated by these -routines but there is always the requirement to check return codes from -functions just in case a memory allocation error has occurred. - -The basic object in this library is a BIGNUM. It is used to hold a single -large integer. This type should be considered opaque and fields should not -be modified or accessed directly. -typedef struct bignum_st - { - int top; /* Index of last used d. */ - BN_ULONG *d; /* Pointer to an array of 'BITS2' bit chunks. */ - int max; /* Size of the d array. */ - int neg; - } BIGNUM; -The big number is stored in a malloced array of BN_ULONG's. A BN_ULONG can -be either 16, 32 or 64 bits in size, depending on the 'number of bits' -specified in bn.h. -The 'd' field is this array. 'max' is the size of the 'd' array that has -been allocated. 'top' is the 'last' entry being used, so for a value of 4, -bn.d[0]=4 and bn.top=1. 'neg' is 1 if the number is negative. -When a BIGNUM is '0', the 'd' field can be NULL and top == 0. - -Various routines in this library require the use of 'temporary' BIGNUM -variables during their execution. Due to the use of dynamic memory -allocation to create BIGNUMs being rather expensive when used in -conjunction with repeated subroutine calls, the BN_CTX structure is -used. This structure contains BN_CTX BIGNUMs. BN_CTX -is the maximum number of temporary BIGNUMs any publicly exported -function will use. - -#define BN_CTX 12 -typedef struct bignum_ctx - { - int tos; /* top of stack */ - BIGNUM *bn[BN_CTX]; /* The variables */ - } BN_CTX; - -The functions that follow have been grouped according to function. Most -arithmetic functions return a result in the first argument, sometimes this -first argument can also be an input parameter, sometimes it cannot. These -restrictions are documented. - -extern BIGNUM *BN_value_one; -There is one variable defined by this library, a BIGNUM which contains the -number 1. This variable is useful for use in comparisons and assignment. - -Get Size functions. - -int BN_num_bits(BIGNUM *a); - This function returns the size of 'a' in bits. - -int BN_num_bytes(BIGNUM *a); - This function (macro) returns the size of 'a' in bytes. - For conversion of BIGNUMs to byte streams, this is the number of - bytes the output string will occupy. If the output byte - format specifies that the 'top' bit indicates if the number is - signed, so an extra '0' byte is required if the top bit on a - positive number is being written, it is upto the application to - make this adjustment. Like I said at the start, I don't - really support negative numbers :-). - -Creation/Destruction routines. - -BIGNUM *BN_new(); - Return a new BIGNUM object. The number initially has a value of 0. If - there is an error, NULL is returned. - -void BN_free(BIGNUM *a); - Free()s a BIGNUM. - -void BN_clear(BIGNUM *a); - Sets 'a' to a value of 0 and also zeros all unused allocated - memory. This function is used to clear a variable of 'sensitive' - data that was held in it. - -void BN_clear_free(BIGNUM *a); - This function zeros the memory used by 'a' and then free()'s it. - This function should be used to BN_free() BIGNUMS that have held - sensitive numeric values like RSA private key values. Both this - function and BN_clear tend to only be used by RSA and DH routines. - -BN_CTX *BN_CTX_new(void); - Returns a new BN_CTX. NULL on error. - -void BN_CTX_free(BN_CTX *c); - Free a BN_CTX structure. The BIGNUMs in 'c' are BN_clear_free()ed. - -BIGNUM *bn_expand(BIGNUM *b, int bits); - This is an internal function that should not normally be used. It - ensures that 'b' has enough room for a 'bits' bit number. It is - mostly used by the various BIGNUM routines. If there is an error, - NULL is returned. if not, 'b' is returned. - -BIGNUM *BN_copy(BIGNUM *to, BIGNUM *from); - The 'from' is copied into 'to'. NULL is returned if there is an - error, otherwise 'to' is returned. - -BIGNUM *BN_dup(BIGNUM *a); - A new BIGNUM is created and returned containing the value of 'a'. - NULL is returned on error. - -Comparison and Test Functions. - -int BN_is_zero(BIGNUM *a) - Return 1 if 'a' is zero, else 0. - -int BN_is_one(a) - Return 1 is 'a' is one, else 0. - -int BN_is_word(a,w) - Return 1 if 'a' == w, else 0. 'w' is a BN_ULONG. - -int BN_cmp(BIGNUM *a, BIGNUM *b); - Return -1 if 'a' is less than 'b', 0 if 'a' and 'b' are the same - and 1 is 'a' is greater than 'b'. This is a signed comparison. - -int BN_ucmp(BIGNUM *a, BIGNUM *b); - This function is the same as BN_cmp except that the comparison - ignores the sign of the numbers. - -Arithmetic Functions -For all of these functions, 0 is returned if there is an error and 1 is -returned for success. The return value should always be checked. eg. -if (!BN_add(r,a,b)) goto err; -Unless explicitly mentioned, the 'return' value can be one of the -'parameters' to the function. - -int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); - Add 'a' and 'b' and return the result in 'r'. This is r=a+b. - -int BN_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b); - Subtract 'a' from 'b' and put the result in 'r'. This is r=a-b. - -int BN_lshift(BIGNUM *r, BIGNUM *a, int n); - Shift 'a' left by 'n' bits. This is r=a*(2^n). - -int BN_lshift1(BIGNUM *r, BIGNUM *a); - Shift 'a' left by 1 bit. This form is more efficient than - BN_lshift(r,a,1). This is r=a*2. - -int BN_rshift(BIGNUM *r, BIGNUM *a, int n); - Shift 'a' right by 'n' bits. This is r=int(a/(2^n)). - -int BN_rshift1(BIGNUM *r, BIGNUM *a); - Shift 'a' right by 1 bit. This form is more efficient than - BN_rshift(r,a,1). This is r=int(a/2). - -int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b); - Multiply a by b and return the result in 'r'. 'r' must not be - either 'a' or 'b'. It has to be a different BIGNUM. - This is r=a*b. - -int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); - Multiply a by a and return the result in 'r'. 'r' must not be - 'a'. This function is a lot faster than BN_mul(r,a,a). This is r=a*a. - -int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx); - Divide 'm' by 'd' and return the result in 'dv' and the remainder - in 'rem'. Either of 'dv' or 'rem' can be NULL in which case that - value is not returned. 'ctx' needs to be passed as a source of - temporary BIGNUM variables. - This is dv=int(m/d), rem=m%d. - -int BN_mod(BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx); - Find the remainder of 'm' divided by 'd' and return it in 'rem'. - 'ctx' holds the temporary BIGNUMs required by this function. - This function is more efficient than BN_div(NULL,rem,m,d,ctx); - This is rem=m%d. - -int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *m,BN_CTX *ctx); - Multiply 'a' by 'b' and return the remainder when divided by 'm'. - 'ctx' holds the temporary BIGNUMs required by this function. - This is r=(a*b)%m. - -int BN_mod_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,BN_CTX *ctx); - Raise 'a' to the 'p' power and return the remainder when divided by - 'm'. 'ctx' holds the temporary BIGNUMs required by this function. - This is r=(a^p)%m. - -int BN_reciprocal(BIGNUM *r, BIGNUM *m, BN_CTX *ctx); - Return the reciprocal of 'm'. 'ctx' holds the temporary variables - required. This function returns -1 on error, otherwise it returns - the number of bits 'r' is shifted left to make 'r' into an integer. - This number of bits shifted is required in BN_mod_mul_reciprocal(). - This is r=(1/m)<<(BN_num_bits(m)+1). - -int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, BIGNUM *m, - BIGNUM *i, int nb, BN_CTX *ctx); - This function is used to perform an efficient BN_mod_mul() - operation. If one is going to repeatedly perform BN_mod_mul() with - the same modulus is worth calculating the reciprocal of the modulus - and then using this function. This operation uses the fact that - a/b == a*r where r is the reciprocal of b. On modern computers - multiplication is very fast and big number division is very slow. - 'x' is multiplied by 'y' and then divided by 'm' and the remainder - is returned. 'i' is the reciprocal of 'm' and 'nb' is the number - of bits as returned from BN_reciprocal(). Normal usage is as follows. - bn=BN_reciprocal(i,m); - for (...) - { BN_mod_mul_reciprocal(r,x,y,m,i,bn,ctx); } - This is r=(x*y)%m. Internally it is approximately - r=(x*y)-m*(x*y/m) or r=(x*y)-m*((x*y*i) >> bn) - This function is used in BN_mod_exp() and BN_is_prime(). - -Assignment Operations - -int BN_one(BIGNUM *a) - Set 'a' to hold the value one. - This is a=1. - -int BN_zero(BIGNUM *a) - Set 'a' to hold the value zero. - This is a=0. - -int BN_set_word(BIGNUM *a, unsigned long w); - Set 'a' to hold the value of 'w'. 'w' is an unsigned long. - This is a=w. - -unsigned long BN_get_word(BIGNUM *a); - Returns 'a' in an unsigned long. Not remarkably, often 'a' will - be bigger than a word, in which case 0xffffffffL is returned. - -Word Operations -These functions are much more efficient that the normal bignum arithmetic -operations. - -BN_ULONG BN_mod_word(BIGNUM *a, unsigned long w); - Return the remainder of 'a' divided by 'w'. - This is return(a%w). - -int BN_add_word(BIGNUM *a, unsigned long w); - Add 'w' to 'a'. This function does not take the sign of 'a' into - account. This is a+=w; - -Bit operations. - -int BN_is_bit_set(BIGNUM *a, int n); - This function return 1 if bit 'n' is set in 'a' else 0. - -int BN_set_bit(BIGNUM *a, int n); - This function sets bit 'n' to 1 in 'a'. - This is a&= ~(1< 0, the call is aborted -and the returned <= 0 value is returned. -The second time the callback is called, the 'cmd' value also has -BIO_CB_RETURN logically 'or'ed with it. The 'ret' value is the value returned -from the actuall function call and whatever the callback returns is returned -from the BIO function. - -BIO_set_callback(b,cb) can be used to set the callback function -(b is a BIO), and BIO_set_callback_arg(b,arg) can be used to -set the cb_arg argument in the BIO strucutre. This field is only intended -to be used by application, primarily in the callback function since it is -accessable since the BIO is passed. - --------------------------- -The PEM library. - -The pem library only really uses one type of callback, -static int def_callback(char *buf, int num, int verify); -which is used to return a password string if required. -'buf' is the buffer to put the string in. 'num' is the size of 'buf' -and 'verify' is used to indicate that the password should be checked. -This last flag is mostly used when reading a password for encryption. - -For all of these functions, a NULL callback will call the above mentioned -default callback. This default function does not work under Windows 3.1. -For other machines, it will use an application defined prompt string -(EVP_set_pw_prompt(), which defines a library wide prompt string) -if defined, otherwise it will use it's own PEM password prompt. -It will then call EVP_read_pw_string() to get a password from the console. -If your application wishes to use nice fancy windows to retrieve passwords, -replace this function. The callback should return the number of bytes read -into 'buf'. If the number of bytes <= 0, it is considered an error. - -Functions that take this callback are listed below. For the 'read' type -functions, the callback will only be required if the PEM data is encrypted. - -For the Write functions, normally a password can be passed in 'kstr', of -'klen' bytes which will be used if the 'enc' cipher is not NULL. If -'kstr' is NULL, the callback will be used to retrieve a password. - -int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, - int (*callback)()); -char *PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x,int (*cb)()); -char *PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x,int (*cb)()); -int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x, - EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); -int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x, - EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); -STACK *PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)()); -STACK *PEM_X509_INFO_read_bio(BIO *fp, STACK *sk, int (*cb)()); - -#define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) -#define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) -#define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) -#define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) -#define PEM_read_SSL_SESSION(fp,x,cb) -#define PEM_read_X509(fp,x,cb) -#define PEM_read_X509_REQ(fp,x,cb) -#define PEM_read_X509_CRL(fp,x,cb) -#define PEM_read_RSAPrivateKey(fp,x,cb) -#define PEM_read_DSAPrivateKey(fp,x,cb) -#define PEM_read_PrivateKey(fp,x,cb) -#define PEM_read_PKCS7(fp,x,cb) -#define PEM_read_DHparams(fp,x,cb) -#define PEM_read_bio_SSL_SESSION(bp,x,cb) -#define PEM_read_bio_X509(bp,x,cb) -#define PEM_read_bio_X509_REQ(bp,x,cb) -#define PEM_read_bio_X509_CRL(bp,x,cb) -#define PEM_read_bio_RSAPrivateKey(bp,x,cb) -#define PEM_read_bio_DSAPrivateKey(bp,x,cb) -#define PEM_read_bio_PrivateKey(bp,x,cb) -#define PEM_read_bio_PKCS7(bp,x,cb) -#define PEM_read_bio_DHparams(bp,x,cb) -int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); -RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); - -Now you will notice that macros like -#define PEM_write_X509(fp,x) \ - PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ - (char *)x, NULL,NULL,0,NULL) -Don't do encryption normally. If you want to PEM encrypt your X509 structure, -either just call PEM_ASN1_write directly or just define your own -macro variant. As you can see, this macro just sets all encryption related -parameters to NULL. - - --------------------------- -The SSL library. - -#define SSL_set_info_callback(ssl,cb) -#define SSL_CTX_set_info_callback(ctx,cb) -void callback(SSL *ssl,int location,int ret) -This callback is called each time around the SSL_connect()/SSL_accept() -state machine. So it will be called each time the SSL protocol progresses. -It is mostly present for use when debugging. When SSL_connect() or -SSL_accept() return, the location flag is SSL_CB_ACCEPT_EXIT or -SSL_CB_CONNECT_EXIT and 'ret' is the value about to be returned. -Have a look at the SSL_CB_* defines in ssl.h. If an info callback is defined -against the SSL_CTX, it is called unless there is one set against the SSL. -Have a look at -void client_info_callback() in apps/s_client() for an example. - -Certificate verification. -void SSL_set_verify(SSL *s, int mode, int (*callback) ()); -void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)()); -This callback is used to help verify client and server X509 certificates. -It is actually passed to X509_cert_verify(), along with the SSL structure -so you have to read about X509_cert_verify() :-). The SSL_CTX version is used -if the SSL version is not defined. X509_cert_verify() is the function used -by the SSL part of the library to verify certificates. This function is -nearly always defined by the application. - -void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); -int callback(char *arg,SSL *s,X509 *xs,STACK *cert_chain); -This call is used to replace the SSLeay certificate verification code. -The 'arg' is kept in the SSL_CTX and is passed to the callback. -If the callback returns 0, the certificate is rejected, otherwise it -is accepted. The callback is replacing the X509_cert_verify() call. -This feature is not often used, but if you wished to implement -some totally different certificate authentication system, this 'hook' is -vital. - -SSLeay keeps a cache of session-ids against each SSL_CTX. These callbacks can -be used to notify the application when a SSL_SESSION is added to the cache -or to retrieve a SSL_SESSION that is not in the cache from the application. -#define SSL_CTX_sess_set_get_cb(ctx,cb) -SSL_SESSION *callback(SSL *s,char *session_id,int session_id_len,int *copy); -If defined, this callback is called to return the SESSION_ID for the -session-id in 'session_id', of 'session_id_len' bytes. 'copy' is set to 1 -if the server is to 'take a copy' of the SSL_SESSION structure. It is 0 -if the SSL_SESSION is being 'passed in' so the SSLeay library is now -responsible for 'free()ing' the structure. Basically it is used to indicate -if the reference count on the SSL_SESSION structure needs to be incremented. - -#define SSL_CTX_sess_set_new_cb(ctx,cb) -int callback(SSL *s, SSL_SESSION *sess); -When a new connection is established, if the SSL_SESSION is going to be added -to the cache, this callback is called. Return 1 if a 'copy' is required, -otherwise, return 0. This return value just causes the reference count -to be incremented (on return of a 1), this means the application does -not need to worry about incrementing the refernece count (and the -locking that implies in a multi-threaded application). - -void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)()); -This sets the SSL password reading function. -It is mostly used for windowing applications -and used by PEM_read_bio_X509() and PEM_read_bio_RSAPrivateKey() -calls inside the SSL library. The only reason this is present is because the -calls to PEM_* functions is hidden in the SSLeay library so you have to -pass in the callback some how. - -#define SSL_CTX_set_client_cert_cb(ctx,cb) -int callback(SSL *s,X509 **x509, EVP_PKEY **pkey); -Called when a client certificate is requested but there is not one set -against the SSL_CTX or the SSL. If the callback returns 1, x509 and -pkey need to point to valid data. The library will free these when -required so if the application wants to keep these around, increment -their reference counts. If 0 is returned, no client cert is -available. If -1 is returned, it is assumed that the callback needs -to be called again at a later point in time. SSL_connect will return --1 and SSL_want_x509_lookup(ssl) returns true. Remember that -application data can be attached to an SSL structure via the -SSL_set_app_data(SSL *ssl,char *data) call. - --------------------------- -The X509 library. - -int X509_cert_verify(CERTIFICATE_CTX *ctx,X509 *xs, int (*cb)(), - int *error,char *arg,STACK *cert_chain); -int verify_callback(int ok,X509 *xs,X509 *xi,int depth,int error,char *arg, - STACK *cert_chain); - -X509_cert_verify() is used to authenticate X509 certificates. The 'ctx' holds -the details of the various caches and files used to locate certificates. -'xs' is the certificate to verify and 'cb' is the application callback (more -detail later). 'error' will be set to the error code and 'arg' is passed -to the 'cb' callback. Look at the VERIFY_* defines in crypto/x509/x509.h - -When ever X509_cert_verify() makes a 'negative' decision about a -certitificate, the callback is called. If everything checks out, the -callback is called with 'VERIFY_OK' or 'VERIFY_ROOT_OK' (for a self -signed cert that is not the passed certificate). - -The callback is passed the X509_cert_verify opinion of the certificate -in 'ok', the certificate in 'xs', the issuer certificate in 'xi', -the 'depth' of the certificate in the verification 'chain', the -VERIFY_* code in 'error' and the argument passed to X509_cert_verify() -in 'arg'. cert_chain is a list of extra certs to use if they are not -in the cache. - -The callback can be used to look at the error reason, and then return 0 -for an 'error' or '1' for ok. This will override the X509_cert_verify() -opinion of the certificates validity. Processing will continue depending on -the return value. If one just wishes to use the callback for informational -reason, just return the 'ok' parameter. - --------------------------- -The BN and DH library. - -BIGNUM *BN_generate_prime(int bits,int strong,BIGNUM *add, - BIGNUM *rem,void (*callback)(int,int)); -int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int), - -Read doc/bn.doc for the description of these 2. - -DH *DH_generate_parameters(int prime_len,int generator, - void (*callback)(int,int)); -Read doc/bn.doc for the description of the callback, since it is just passed -to BN_generate_prime(), except that it is also called as -callback(3,0) by this function. - --------------------------- -The CRYPTO library. - -void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file, - int line)); -void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount, - int type,char *file, int line)); -void CRYPTO_set_id_callback(unsigned long (*func)(void)); - -Read threads.doc for info on these ones. - - -==== cipher.doc ======================================================== - -The Cipher subroutines. - -These routines require "evp.h" to be included. - -These functions are a higher level interface to the various cipher -routines found in this library. As such, they allow the same code to be -used to encrypt and decrypt via different ciphers with only a change -in an initial parameter. These routines also provide buffering for block -ciphers. - -These routines all take a pointer to the following structure to specify -which cipher to use. If you wish to use a new cipher with these routines, -you would probably be best off looking an how an existing cipher is -implemented and copying it. At this point in time, I'm not going to go -into many details. This structure should be considered opaque - -typedef struct pem_cipher_st - { - int type; - int block_size; - int key_len; - int iv_len; - void (*enc_init)(); /* init for encryption */ - void (*dec_init)(); /* init for decryption */ - void (*do_cipher)(); /* encrypt data */ - } EVP_CIPHER; - -The type field is the object NID of the cipher type -(read the section on Objects for an explanation of what a NID is). -The cipher block_size is how many bytes need to be passed -to the cipher at a time. Key_len is the -length of the key the cipher requires and iv_len is the length of the -initialisation vector required. enc_init is the function -called to initialise the ciphers context for encryption and dec_init is the -function to initialise for decryption (they need to be different, especially -for the IDEA cipher). - -One reason for specifying the Cipher via a pointer to a structure -is that if you only use des-cbc, only the des-cbc routines will -be included when you link the program. If you passed an integer -that specified which cipher to use, the routine that mapped that -integer to a set of cipher functions would cause all the ciphers -to be link into the code. This setup also allows new ciphers -to be added by the application (with some restrictions). - -The thirteen ciphers currently defined in this library are - -EVP_CIPHER *EVP_des_ecb(); /* DES in ecb mode, iv=0, block=8, key= 8 */ -EVP_CIPHER *EVP_des_ede(); /* DES in ecb ede mode, iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_des_ede3(); /* DES in ecb ede mode, iv=0, block=8, key=24 */ -EVP_CIPHER *EVP_des_cfb(); /* DES in cfb mode, iv=8, block=1, key= 8 */ -EVP_CIPHER *EVP_des_ede_cfb(); /* DES in ede cfb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_des_ede3_cfb();/* DES in ede cfb mode, iv=8, block=1, key=24 */ -EVP_CIPHER *EVP_des_ofb(); /* DES in ofb mode, iv=8, block=1, key= 8 */ -EVP_CIPHER *EVP_des_ede_ofb(); /* DES in ede ofb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_des_ede3_ofb();/* DES in ede ofb mode, iv=8, block=1, key=24 */ -EVP_CIPHER *EVP_des_cbc(); /* DES in cbc mode, iv=8, block=8, key= 8 */ -EVP_CIPHER *EVP_des_ede_cbc(); /* DES in cbc ede mode, iv=8, block=8, key=16 */ -EVP_CIPHER *EVP_des_ede3_cbc();/* DES in cbc ede mode, iv=8, block=8, key=24 */ -EVP_CIPHER *EVP_desx_cbc(); /* DES in desx cbc mode,iv=8, block=8, key=24 */ -EVP_CIPHER *EVP_rc4(); /* RC4, iv=0, block=1, key=16 */ -EVP_CIPHER *EVP_idea_ecb(); /* IDEA in ecb mode, iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_idea_cfb(); /* IDEA in cfb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_idea_ofb(); /* IDEA in ofb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_idea_cbc(); /* IDEA in cbc mode, iv=8, block=8, key=16 */ -EVP_CIPHER *EVP_rc2_ecb(); /* RC2 in ecb mode, iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_rc2_cfb(); /* RC2 in cfb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_rc2_ofb(); /* RC2 in ofb mode, iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_rc2_cbc(); /* RC2 in cbc mode, iv=8, block=8, key=16 */ -EVP_CIPHER *EVP_bf_ecb(); /* Blowfish in ecb mode,iv=0, block=8, key=16 */ -EVP_CIPHER *EVP_bf_cfb(); /* Blowfish in cfb mode,iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_bf_ofb(); /* Blowfish in ofb mode,iv=8, block=1, key=16 */ -EVP_CIPHER *EVP_bf_cbc(); /* Blowfish in cbc mode,iv=8, block=8, key=16 */ - -The meaning of the compound names is as follows. -des The base cipher is DES. -idea The base cipher is IDEA -rc4 The base cipher is RC4-128 -rc2 The base cipher is RC2-128 -ecb Electronic Code Book form of the cipher. -cbc Cipher Block Chaining form of the cipher. -cfb 64 bit Cipher Feedback form of the cipher. -ofb 64 bit Output Feedback form of the cipher. -ede The cipher is used in Encrypt, Decrypt, Encrypt mode. The first - and last keys are the same. -ede3 The cipher is used in Encrypt, Decrypt, Encrypt mode. - -All the Cipher routines take a EVP_CIPHER_CTX pointer as an argument. -The state of the cipher is kept in this structure. - -typedef struct EVP_CIPHER_Ctx_st - { - EVP_CIPHER *cipher; - int encrypt; /* encrypt or decrypt */ - int buf_len; /* number we have left */ - unsigned char buf[8]; - union { - .... /* cipher specific stuff */ - } c; - } EVP_CIPHER_CTX; - -Cipher is a pointer the the EVP_CIPHER for the current context. The encrypt -flag indicates encryption or decryption. buf_len is the number of bytes -currently being held in buf. -The 'c' union holds the cipher specify context. - -The following functions are to be used. - -int EVP_read_pw_string( -char *buf, -int len, -char *prompt, -int verify, - This function is the same as des_read_pw_string() (des.doc). - -void EVP_set_pw_prompt(char *prompt); - This function sets the 'default' prompt to use to use in - EVP_read_pw_string when the prompt parameter is NULL. If the - prompt parameter is NULL, this 'default prompt' feature is turned - off. Be warned, this is a global variable so weird things - will happen if it is used under Win16 and care must be taken - with a multi-threaded version of the library. - -char *EVP_get_pw_prompt(); - This returns a pointer to the default prompt string. NULL - if it is not set. - -int EVP_BytesToKey( -EVP_CIPHER *type, -EVP_MD *md, -unsigned char *salt, -unsigned char *data, -int datal, -int count, -unsigned char *key, -unsigned char *iv); - This function is used to generate a key and an initialisation vector - for a specified cipher from a key string and a salt. Type - specifies the cipher the 'key' is being generated for. Md is the - message digest algorithm to use to generate the key and iv. The salt - is an optional 8 byte object that is used to help seed the key - generator. - If the salt value is NULL, it is just not used. Datal is the - number of bytes to use from 'data' in the key generation. - This function returns the key size for the specified cipher, if - data is NULL, this value is returns and no other - computation is performed. Count is - the number of times to loop around the key generator. I would - suggest leaving it's value as 1. Key and iv are the structures to - place the returning iv and key in. If they are NULL, no value is - generated for that particular value. - The algorithm used is as follows - - /* M[] is an array of message digests - * MD() is the message digest function */ - M[0]=MD(data . salt); - for (i=1; i key=M[0.. 8], iv=M[ 9 .. 16]. - For key=16, iv=0 => key=M[0..16]. - For key=16, iv=8 => key=M[0..16], iv=M[17 .. 24]. - For key=24, iv=8 => key=M[0..24], iv=M[25 .. 32]. - - This routine will produce DES-CBC keys and iv that are compatible - with the PKCS-5 standard when md2 or md5 are used. If md5 is - used, the salt is NULL and count is 1, this routine will produce - the password to key mapping normally used with RC4. - I have attempted to logically extend the PKCS-5 standard to - generate keys and iv for ciphers that require more than 16 bytes, - if anyone knows what the correct standard is, please inform me. - When using sha or sha1, things are a bit different under this scheme, - since sha produces a 20 byte digest. So for ciphers requiring - 24 bits of data, 20 will come from the first MD and 4 will - come from the second. - - I have considered having a separate function so this 'routine' - can be used without the requirement of passing a EVP_CIPHER *, - but I have decided to not bother. If you wish to use the - function without official EVP_CIPHER structures, just declare - a local one and set the key_len and iv_len fields to the - length you desire. - -The following routines perform encryption and decryption 'by parts'. By -this I mean that there are groups of 3 routines. An Init function that is -used to specify a cipher and initialise data structures. An Update routine -that does encryption/decryption, one 'chunk' at a time. And finally a -'Final' function that finishes the encryption/decryption process. -All these functions take a EVP_CIPHER pointer to specify which cipher to -encrypt/decrypt with. They also take a EVP_CIPHER_CTX object as an -argument. This structure is used to hold the state information associated -with the operation in progress. - -void EVP_EncryptInit( -EVP_CIPHER_CTX *ctx, -EVP_CIPHER *type, -unsigned char *key, -unsigned char *iv); - This function initialise a EVP_CIPHER_CTX for encryption using the - cipher passed in the 'type' field. The cipher is initialised to use - 'key' as the key and 'iv' for the initialisation vector (if one is - required). If the type, key or iv is NULL, the value currently in the - EVP_CIPHER_CTX is reused. So to perform several decrypt - using the same cipher, key and iv, initialise with the cipher, - key and iv the first time and then for subsequent calls, - reuse 'ctx' but pass NULL for type, key and iv. You must make sure - to pass a key that is large enough for a particular cipher. I - would suggest using the EVP_BytesToKey() function. - -void EVP_EncryptUpdate( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl, -unsigned char *in, -int inl); - This function takes 'inl' bytes from 'in' and outputs bytes - encrypted by the cipher 'ctx' was initialised with into 'out'. The - number of bytes written to 'out' is put into outl. If a particular - cipher encrypts in blocks, less or more bytes than input may be - output. Currently the largest block size used by supported ciphers - is 8 bytes, so 'out' should have room for 'inl+7' bytes. Normally - EVP_EncryptInit() is called once, followed by lots and lots of - calls to EVP_EncryptUpdate, followed by a single EVP_EncryptFinal - call. - -void EVP_EncryptFinal( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl); - Because quite a large number of ciphers are block ciphers, there is - often an incomplete block to write out at the end of the - encryption. EVP_EncryptFinal() performs processing on this last - block. The last block in encoded in such a way that it is possible - to determine how many bytes in the last block are valid. For 8 byte - block size ciphers, if only 5 bytes in the last block are valid, the - last three bytes will be filled with the value 3. If only 2 were - valid, the other 6 would be filled with sixes. If all 8 bytes are - valid, a extra 8 bytes are appended to the cipher stream containing - nothing but 8 eights. These last bytes are output into 'out' and - the number of bytes written is put into 'outl' These last bytes - are output into 'out' and the number of bytes written is put into - 'outl'. This form of block cipher finalisation is compatible with - PKCS-5. Please remember that even if you are using ciphers like - RC4 that has no blocking and so the function will not write - anything into 'out', it would still be a good idea to pass a - variable for 'out' that can hold 8 bytes just in case the cipher is - changed some time in the future. It should also be remembered - that the EVP_CIPHER_CTX contains the password and so when one has - finished encryption with a particular EVP_CIPHER_CTX, it is good - practice to zero the structure - (ie. memset(ctx,0,sizeof(EVP_CIPHER_CTX)). - -void EVP_DecryptInit( -EVP_CIPHER_CTX *ctx, -EVP_CIPHER *type, -unsigned char *key, -unsigned char *iv); - This function is basically the same as EVP_EncryptInit() accept that - is prepares the EVP_CIPHER_CTX for decryption. - -void EVP_DecryptUpdate( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl, -unsigned char *in, -int inl); - This function is basically the same as EVP_EncryptUpdate() - except that it performs decryption. There is one - fundamental difference though. 'out' can not be the same as - 'in' for any ciphers with a block size greater than 1 if more - than one call to EVP_DecryptUpdate() will be made. This - is because this routine can hold a 'partial' block between - calls. When a partial block is decrypted (due to more bytes - being passed via this function, they will be written to 'out' - overwriting the input bytes in 'in' that have not been read - yet. From this it should also be noted that 'out' should - be at least one 'block size' larger than 'inl'. This problem - only occurs on the second and subsequent call to - EVP_DecryptUpdate() when using a block cipher. - -int EVP_DecryptFinal( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl); - This function is different to EVP_EncryptFinal in that it 'removes' - any padding bytes appended when the data was encrypted. Due to the - way in which 1 to 8 bytes may have been appended when encryption - using a block cipher, 'out' can end up with 0 to 7 bytes being put - into it. When decoding the padding bytes, it is possible to detect - an incorrect decryption. If the decryption appears to be wrong, 0 - is returned. If everything seems ok, 1 is returned. For ciphers - with a block size of 1 (RC4), this function would normally not - return any bytes and would always return 1. Just because this - function returns 1 does not mean the decryption was correct. It - would normally be wrong due to either the wrong key/iv or - corruption of the cipher data fed to EVP_DecryptUpdate(). - As for EVP_EncryptFinal, it is a good idea to zero the - EVP_CIPHER_CTX after use since the structure contains the key used - to decrypt the data. - -The following Cipher routines are convenience routines that call either -EVP_EncryptXxx or EVP_DecryptXxx depending on weather the EVP_CIPHER_CTX -was setup to encrypt or decrypt. - -void EVP_CipherInit( -EVP_CIPHER_CTX *ctx, -EVP_CIPHER *type, -unsigned char *key, -unsigned char *iv, -int enc); - This function take arguments that are the same as EVP_EncryptInit() - and EVP_DecryptInit() except for the extra 'enc' flag. If 1, the - EVP_CIPHER_CTX is setup for encryption, if 0, decryption. - -void EVP_CipherUpdate( -EVP_CIPHER_CTX *ctx, -unsigned char *out, -int *outl, -unsigned char *in, -int inl); - Again this function calls either EVP_EncryptUpdate() or - EVP_DecryptUpdate() depending on state in the 'ctx' structure. - As noted for EVP_DecryptUpdate(), when this routine is used - for decryption with block ciphers, 'out' should not be the - same as 'in'. - -int EVP_CipherFinal( -EVP_CIPHER_CTX *ctx, -unsigned char *outm, -int *outl); - This routine call EVP_EncryptFinal() or EVP_DecryptFinal() - depending on the state information in 'ctx'. 1 is always returned - if the mode is encryption, otherwise the return value is the return - value of EVP_DecryptFinal(). - -==== cipher.m ======================================================== - -Date: Tue, 15 Oct 1996 08:16:14 +1000 (EST) -From: Eric Young -X-Sender: eay at orb -To: Roland Haring -Cc: ssl-users at mincom.com -Subject: Re: Symmetric encryption with ssleay -In-Reply-To: -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Sender: ssl-lists-owner at mincom.com -Precedence: bulk -Status: RO -X-Status: - -On Fri, 11 Oct 1996, Roland Haring wrote: -> THE_POINT: -> Would somebody be so kind to give me the minimum basic -> calls I need to do to libcrypto.a to get some text encrypted -> and decrypted again? ...hopefully with code included to do -> base64 encryption and decryption ... e.g. that sign-it.c code -> posted some while ago was a big help :-) (please, do not point -> me to apps/enc.c where I suspect my Heissenbug to be hidden :-) - -Ok, the base64 encoding stuff in 'enc.c' does the wrong thing sometimes -when the data is less than a line long (this is for decoding). I'll dig -up the exact fix today and post it. I am taking longer on 0.6.5 than I -intended so I'll just post this patch. - -The documentation to read is in -doc/cipher.doc, -doc/encode.doc (very sparse :-). -and perhaps -doc/digest.doc, - -The basic calls to encrypt with say triple DES are - -Given -char key[EVP_MAX_KEY_LENGTH]; -char iv[EVP_MAX_IV_LENGTH]; -EVP_CIPHER_CTX ctx; -unsigned char out[512+8]; -int outl; - -/* optional generation of key/iv data from text password using md5 - * via an upward compatable verson of PKCS#5. */ -EVP_BytesToKey(EVP_des_ede3_cbc,EVP_md5,NULL,passwd,strlen(passwd), - key,iv); - -/* Initalise the EVP_CIPHER_CTX */ -EVP_EncryptInit(ctx,EVP_des_ede3_cbc,key,iv); - -while (....) - { - /* This is processing 512 bytes at a time, the bytes are being - * copied into 'out', outl bytes are output. 'out' should not be the - * same as 'in' for reasons mentioned in the documentation. */ - EVP_EncryptUpdate(ctx,out,&outl,in,512); - } - -/* Output the last 'block'. If the cipher is a block cipher, the last - * block is encoded in such a way so that a wrong decryption will normally be - * detected - again, one of the PKCS standards. */ - -EVP_EncryptFinal(ctx,out,&outl); - -To decrypt, use the EVP_DecryptXXXXX functions except that EVP_DecryptFinal() -will return 0 if the decryption fails (only detectable on block ciphers). - -You can also use -EVP_CipherInit() -EVP_CipherUpdate() -EVP_CipherFinal() -which does either encryption or decryption depending on an extra -parameter to EVP_CipherInit(). - - -To do the base64 encoding, -EVP_EncodeInit() -EVP_EncodeUpdate() -EVP_EncodeFinal() - -EVP_DecodeInit() -EVP_DecodeUpdate() -EVP_DecodeFinal() - -where the encoding is quite simple, but the decoding can be a bit more -fun (due to dud input). - -EVP_DecodeUpdate() returns -1 for an error on an input line, 0 if the -'last line' was just processed, and 1 if more lines should be submitted. - -EVP_DecodeFinal() returns -1 for an error or 1 if things are ok. - -So the loop becomes -EVP_DecodeInit(....) -for (;;) - { - i=EVP_DecodeUpdate(....); - if (i < 0) goto err; - - /* process the data */ - - if (i == 0) break; - } -EVP_DecodeFinal(....); -/* process the data */ - -The problem in 'enc.c' is that I was stuff the processing up after the -EVP_DecodeFinal(...) when the for(..) loop was not being run (one line of -base64 data) and this was because 'enc.c' tries to scan over a file until -it hits the first valid base64 encoded line. - -hope this helps a bit. -eric --- -Eric Young | BOOL is tri-state according to Bill Gates. -AARNet: eay at mincom.oz.au | RTFM Win32 GetMessage(). - -==== conf.doc ======================================================== - -The CONF library. - -The CONF library is a simple set of routines that can be used to configure -programs. It is a superset of the genenv() function with some extra -structure. - -The library consists of 5 functions. - -LHASH *CONF_load(LHASH *config,char *file); -This function is called to load in a configuration file. Multiple -configuration files can be loaded, with each subsequent 'load' overwriting -any already defined 'variables'. If there is an error, NULL is returned. -If config is NULL, a new LHASH structure is created and returned, otherwise -the new data in the 'file' is loaded into the 'config' structure. - -void CONF_free(LHASH *config); -This function free()s the data in config. - -char *CONF_get_string(LHASH *config,char *section,char *name); -This function returns the string found in 'config' that corresponds to the -'section' and 'name' specified. Classes and the naming system used will be -discussed later in this document. If the variable is not defined, an NULL -is returned. - -long CONF_get_long(LHASH *config,char *section, char *name); -This function is the same as CONF_get_string() except that it converts the -string to an long and returns it. If variable is not a number or the -variable does not exist, 0 is returned. This is a little problematic but I -don't know of a simple way around it. - -STACK *CONF_get_section(LHASH *config, char *section); -This function returns a 'stack' of CONF_VALUE items that are all the -items defined in a particular section. DO NOT free() any of the -variable returned. They will disappear when CONF_free() is called. - -The 'lookup' model. -The configuration file is divided into 'sections'. Each section is started by -a line of the form '[ section ]'. All subsequent variable definitions are -of this section. A variable definition is a simple alpha-numeric name -followed by an '=' and then the data. A section or variable name can be -described by a regular expression of the following form '[A-Za-z0-9_]+'. -The value of the variable is the text after the '=' until the end of the -line, stripped of leading and trailing white space. -At this point I should mention that a '#' is a comment character, \ is the -escape character, and all three types of quote can be used to stop any -special interpretation of the data. -Now when the data is being loaded, variable expansion can occur. This is -done by expanding any $NAME sequences into the value represented by the -variable NAME. If the variable is not in the current section, the different -section can be specified by using the $SECTION::NAME form. The ${NAME} form -also works and is very useful for expanding variables inside strings. - -When a variable is looked up, there are 2 special section. 'default', which -is the initial section, and 'ENV' which is the processes environment -variables (accessed via getenv()). When a variable is looked up, it is -first 'matched' with it's section (if one was specified), if this fails, the -'default' section is matched. -If the 'lhash' variable passed was NULL, the environment is searched. - -Now why do we bother with sections? So we can have multiple programs using -the same configuration file, or multiple instances of the same program -using different variables. It also provides a nice mechanism to override -the processes environment variables (eg ENV::HOME=/tmp). If there is a -program specific variable missing, we can have default values. -Multiple configuration files can be loaded, with each new value clearing -any predefined values. A system config file can provide 'default' values, -and application/usr specific files can provide overriding values. - -Examples - -# This is a simple example -SSLEAY_HOME = /usr/local/ssl -ENV::PATH = $SSLEAY_HOME/bin:$PATH # override my path - -[X509] -cert_dir = $SSLEAY_HOME/certs # /usr/local/ssl/certs - -[SSL] -CIPHER = DES-EDE-MD5:RC4-MD5 -USER_CERT = $HOME/${USER}di'r 5' # /home/eay/eaydir 5 -USER_CERT = $HOME/\${USER}di\'r # /home/eay/${USER}di'r -USER_CERT = "$HOME/${US"ER}di\'r # $HOME/${USER}di'r - -TEST = 1234\ -5678\ -9ab # TEST=123456789ab -TTT = 1234\n\n # TTT=1234 - - - -==== des.doc ======================================================== - -The DES library. - -Please note that this library was originally written to operate with -eBones, a version of Kerberos that had had encryption removed when it left -the USA and then put back in. As such there are some routines that I will -advise not using but they are still in the library for historical reasons. -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'des.h'. - -All of the encryption functions take what is called a des_key_schedule as an -argument. A des_key_schedule is an expanded form of the des key. -A des_key is 8 bytes of odd parity, the type used to hold the key is a -des_cblock. A des_cblock is an array of 8 bytes, often in this library -description I will refer to input bytes when the function specifies -des_cblock's as input or output, this just means that the variable should -be a multiple of 8 bytes. - -The define DES_ENCRYPT is passed to specify encryption, DES_DECRYPT to -specify decryption. The functions and global variable are as follows: - -int des_check_key; - DES keys are supposed to be odd parity. If this variable is set to - a non-zero value, des_set_key() will check that the key has odd - parity and is not one of the known weak DES keys. By default this - variable is turned off; - -void des_set_odd_parity( -des_cblock *key ); - This function takes a DES key (8 bytes) and sets the parity to odd. - -int des_is_weak_key( -des_cblock *key ); - This function returns a non-zero value if the DES key passed is a - weak, DES key. If it is a weak key, don't use it, try a different - one. If you are using 'random' keys, the chances of hitting a weak - key are 1/2^52 so it is probably not worth checking for them. - -int des_set_key( -des_cblock *key, -des_key_schedule schedule); - Des_set_key converts an 8 byte DES key into a des_key_schedule. - A des_key_schedule is an expanded form of the key which is used to - perform actual encryption. It can be regenerated from the DES key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around des_key_schedule's since they - are CPU architecture dependent, DES keys are not. If des_check_key - is non zero, zero is returned if the key has the wrong parity or - the key is a weak key, else 1 is returned. - -int des_key_sched( -des_cblock *key, -des_key_schedule schedule); - An alternative name for des_set_key(). - -int des_rw_mode; /* defaults to DES_PCBC_MODE */ - This flag holds either DES_CBC_MODE or DES_PCBC_MODE (default). - This specifies the function to use in the enc_read() and enc_write() - functions. - -void des_encrypt( -unsigned long *data, -des_key_schedule ks, -int enc); - This is the DES encryption function that gets called by just about - every other DES routine in the library. You should not use this - function except to implement 'modes' of DES. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. The characters are loaded 'little endian', - have a look at my source code for more details on how I use this - function. - Data is a pointer to 2 unsigned long's and ks is the - des_key_schedule to use. enc, is non zero specifies encryption, - zero if decryption. - -void des_encrypt2( -unsigned long *data, -des_key_schedule ks, -int enc); - This functions is the same as des_encrypt() except that the DES - initial permutation (IP) and final permutation (FP) have been left - out. As for des_encrypt(), you should not use this function. - It is used by the routines in my library that implement triple DES. - IP() des_encrypt2() des_encrypt2() des_encrypt2() FP() is the same - as des_encrypt() des_encrypt() des_encrypt() except faster :-). - -void des_ecb_encrypt( -des_cblock *input, -des_cblock *output, -des_key_schedule ks, -int enc); - This is the basic Electronic Code Book form of DES, the most basic - form. Input is encrypted into output using the key represented by - ks. If enc is non zero (DES_ENCRYPT), encryption occurs, otherwise - decryption occurs. Input is 8 bytes long and output is 8 bytes. - (the des_cblock structure is 8 chars). - -void des_ecb3_encrypt( -des_cblock *input, -des_cblock *output, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -int enc); - This is the 3 key EDE mode of ECB DES. What this means is that - the 8 bytes of input is encrypted with ks1, decrypted with ks2 and - then encrypted again with ks3, before being put into output; - C=E(ks3,D(ks2,E(ks1,M))). There is a macro, des_ecb2_encrypt() - that only takes 2 des_key_schedules that implements, - C=E(ks1,D(ks2,E(ks1,M))) in that the final encrypt is done with ks1. - -void des_cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - This routine implements DES in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, I'm - not being held responsible :-). ivec is the initialisation vector. - This function does not modify this variable. To correctly implement - cbc mode, you need to do one of 2 things; copy the last 8 bytes of - cipher text for use as the next ivec in your application, - or use des_ncbc_encrypt(). - Only this routine has this problem with updating the ivec, all - other routines that are implementing cbc mode update ivec. - -void des_ncbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk, -des_cblock *ivec, -int enc); - For historical reasons, des_cbc_encrypt() did not update the - ivec with the value requires so that subsequent calls to - des_cbc_encrypt() would 'chain'. This was needed so that the same - 'length' values would not need to be used when decrypting. - des_ncbc_encrypt() does the right thing. It is the same as - des_cbc_encrypt accept that ivec is updates with the correct value - to pass in subsequent calls to des_ncbc_encrypt(). I advise using - des_ncbc_encrypt() instead of des_cbc_encrypt(); - -void des_xcbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk, -des_cblock *ivec, -des_cblock *inw, -des_cblock *outw, -int enc); - This is RSA's DESX mode of DES. It uses inw and outw to - 'whiten' the encryption. inw and outw are secret (unlike the iv) - and are as such, part of the key. So the key is sort of 24 bytes. - This is much better than cbc des. - -void des_3cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule sk1, -des_key_schedule sk2, -des_cblock *ivec1, -des_cblock *ivec2, -int enc); - This function is flawed, do not use it. I have left it in the - library because it is used in my des(1) program and will function - correctly when used by des(1). If I removed the function, people - could end up unable to decrypt files. - This routine implements outer triple cbc encryption using 2 ks and - 2 ivec's. Use des_ede2_cbc_encrypt() instead. - -void des_ede3_cbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int enc); - This function implements outer triple CBC DES encryption with 3 - keys. What this means is that each 'DES' operation - inside the cbc mode is really an C=E(ks3,D(ks2,E(ks1,M))). - Again, this is cbc mode so an ivec is requires. - This mode is used by SSL. - There is also a des_ede2_cbc_encrypt() that only uses 2 - des_key_schedule's, the first being reused for the final - encryption. C=E(ks1,D(ks2,E(ks1,M))). This form of triple DES - is used by the RSAref library. - -void des_pcbc_encrypt( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - This is Propagating Cipher Block Chaining mode of DES. It is used - by Kerberos v4. It's parameters are the same as des_ncbc_encrypt(). - -void des_cfb_encrypt( -unsigned char *in, -unsigned char *out, -int numbits, -long length, -des_key_schedule ks, -des_cblock *ivec, -int enc); - Cipher Feedback Back mode of DES. This implementation 'feeds back' - in numbit blocks. The input (and output) is in multiples of numbits - bits. numbits should to be a multiple of 8 bits. Length is the - number of bytes input. If numbits is not a multiple of 8 bits, - the extra bits in the bytes will be considered padding. So if - numbits is 12, for each 2 input bytes, the 4 high bits of the - second byte will be ignored. So to encode 72 bits when using - a numbits of 12 take 12 bytes. To encode 72 bits when using - numbits of 9 will take 16 bytes. To encode 80 bits when using - numbits of 16 will take 10 bytes. etc, etc. This padding will - apply to both input and output. - - -void des_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num, -int enc); - This is one of the more useful functions in this DES library, it - implements CFB mode of DES with 64bit feedback. Why is this - useful you ask? Because this routine will allow you to encrypt an - arbitrary number of bytes, no 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. num contains 'how far' we are though ivec. If this does - not make much sense, read more about cfb mode of DES :-). - -void des_ede3_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int *num, -int enc); - Same as des_cfb64_encrypt() accept that the DES operation is - triple DES. As usual, there is a macro for - des_ede2_cfb64_encrypt() which reuses ks1. - -void des_ofb_encrypt( -unsigned char *in, -unsigned char *out, -int numbits, -long length, -des_key_schedule ks, -des_cblock *ivec); - This is a implementation of Output Feed Back mode of DES. It is - the same as des_cfb_encrypt() in that numbits is the size of the - units dealt with during input and output (in bits). - -void des_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num); - The same as des_cfb64_encrypt() except that it is Output Feed Back - mode. - -void des_ede3_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks1, -des_key_schedule ks2, -des_key_schedule ks3, -des_cblock *ivec, -int *num); - Same as des_ofb64_encrypt() accept that the DES operation is - triple DES. As usual, there is a macro for - des_ede2_ofb64_encrypt() which reuses ks1. - -int des_read_pw_string( -char *buf, -int length, -char *prompt, -int verify); - This routine is used to get a password from the terminal with echo - turned off. Buf is where the string will end up and length is the - size of buf. Prompt is a string presented to the 'user' and if - verify is set, the key is asked for twice and unless the 2 copies - match, an error is returned. A return code of -1 indicates a - system error, 1 failure due to use interaction, and 0 is success. - -unsigned long des_cbc_cksum( -des_cblock *input, -des_cblock *output, -long length, -des_key_schedule ks, -des_cblock *ivec); - This function produces an 8 byte checksum from input that it puts in - output and returns the last 4 bytes as a long. The checksum is - generated via cbc mode of DES in which only the last 8 byes are - kept. I would recommend not using this function but instead using - the EVP_Digest routines, or at least using MD5 or SHA. This - function is used by Kerberos v4 so that is why it stays in the - library. - -char *des_fcrypt( -const char *buf, -const char *salt -char *ret); - This is my fast version of the unix crypt(3) function. This version - takes only a small amount of space relative to other fast - crypt() implementations. This is different to the normal crypt - in that the third parameter is the buffer that the return value - is written into. It needs to be at least 14 bytes long. This - function is thread safe, unlike the normal crypt. - -char *crypt( -const char *buf, -const char *salt); - This function calls des_fcrypt() with a static array passed as the - third parameter. This emulates the normal non-thread safe semantics - of crypt(3). - -void des_string_to_key( -char *str, -des_cblock *key); - This function takes str and converts it into a DES key. I would - recommend using MD5 instead and use the first 8 bytes of output. - When I wrote the first version of these routines back in 1990, MD5 - did not exist but I feel these routines are still sound. This - routines is compatible with the one in MIT's libdes. - -void des_string_to_2keys( -char *str, -des_cblock *key1, -des_cblock *key2); - This function takes str and converts it into 2 DES keys. - I would recommend using MD5 and using the 16 bytes as the 2 keys. - I have nothing against these 2 'string_to_key' routines, it's just - that if you say that your encryption key is generated by using the - 16 bytes of an MD5 hash, every-one knows how you generated your - keys. - -int des_read_password( -des_cblock *key, -char *prompt, -int verify); - This routine combines des_read_pw_string() with des_string_to_key(). - -int des_read_2passwords( -des_cblock *key1, -des_cblock *key2, -char *prompt, -int verify); - This routine combines des_read_pw_string() with des_string_to_2key(). - -void des_random_seed( -des_cblock key); - This routine sets a starting point for des_random_key(). - -void des_random_key( -des_cblock ret); - This function return a random key. Make sure to 'seed' the random - number generator (with des_random_seed()) before using this function. - I personally now use a MD5 based random number system. - -int des_enc_read( -int fd, -char *buf, -int len, -des_key_schedule ks, -des_cblock *iv); - This function will write to a file descriptor the encrypted data - from buf. This data will be preceded by a 4 byte 'byte count' and - will be padded out to 8 bytes. The encryption is either CBC of - PCBC depending on the value of des_rw_mode. If it is DES_PCBC_MODE, - pcbc is used, if DES_CBC_MODE, cbc is used. The default is to use - DES_PCBC_MODE. - -int des_enc_write( -int fd, -char *buf, -int len, -des_key_schedule ks, -des_cblock *iv); - This routines read stuff written by des_enc_read() and decrypts it. - I have used these routines quite a lot but I don't believe they are - suitable for non-blocking io. If you are after a full - authentication/encryption over networks, have a look at SSL instead. - -unsigned long des_quad_cksum( -des_cblock *input, -des_cblock *output, -long length, -int out_count, -des_cblock *seed); - This is a function from Kerberos v4 that is not anything to do with - DES but was needed. It is a cksum that is quicker to generate than - des_cbc_cksum(); I personally would use MD5 routines now. -===== -Modes of DES -Quite a bit of the following information has been taken from - AS 2805.5.2 - Australian Standard - Electronic funds transfer - Requirements for interfaces, - Part 5.2: Modes of operation for an n-bit block cipher algorithm - Appendix A - -There are several different modes in which DES can be used, they are -as follows. - -Electronic Codebook Mode (ECB) (des_ecb_encrypt()) -- 64 bits are enciphered at a time. -- The order of the blocks can be rearranged without detection. -- The same plaintext block always produces the same ciphertext block - (for the same key) making it vulnerable to a 'dictionary attack'. -- An error will only affect one ciphertext block. - -Cipher Block Chaining Mode (CBC) (des_cbc_encrypt()) -- a multiple of 64 bits are enciphered at a time. -- The CBC mode produces the same ciphertext whenever the same - plaintext is encrypted using the same key and starting variable. -- The chaining operation makes the ciphertext blocks dependent on the - current and all preceding plaintext blocks and therefore blocks can not - be rearranged. -- The use of different starting variables prevents the same plaintext - enciphering to the same ciphertext. -- An error will affect the current and the following ciphertext blocks. - -Cipher Feedback Mode (CFB) (des_cfb_encrypt()) -- a number of bits (j) <= 64 are enciphered at a time. -- The CFB mode produces the same ciphertext whenever the same - plaintext is encrypted using the same key and starting variable. -- The chaining operation makes the ciphertext variables dependent on the - current and all preceding variables and therefore j-bit variables are - chained together and can not be rearranged. -- The use of different starting variables prevents the same plaintext - enciphering to the same ciphertext. -- The strength of the CFB mode depends on the size of k (maximal if - j == k). In my implementation this is always the case. -- Selection of a small value for j will require more cycles through - the encipherment algorithm per unit of plaintext and thus cause - greater processing overheads. -- Only multiples of j bits can be enciphered. -- An error will affect the current and the following ciphertext variables. - -Output Feedback Mode (OFB) (des_ofb_encrypt()) -- a number of bits (j) <= 64 are enciphered at a time. -- The OFB mode produces the same ciphertext whenever the same - plaintext enciphered using the same key and starting variable. More - over, in the OFB mode the same key stream is produced when the same - key and start variable are used. Consequently, for security reasons - a specific start variable should be used only once for a given key. -- The absence of chaining makes the OFB more vulnerable to specific attacks. -- The use of different start variables values prevents the same - plaintext enciphering to the same ciphertext, by producing different - key streams. -- Selection of a small value for j will require more cycles through - the encipherment algorithm per unit of plaintext and thus cause - greater processing overheads. -- Only multiples of j bits can be enciphered. -- OFB mode of operation does not extend ciphertext errors in the - resultant plaintext output. Every bit error in the ciphertext causes - only one bit to be in error in the deciphered plaintext. -- OFB mode is not self-synchronising. If the two operation of - encipherment and decipherment get out of synchronism, the system needs - to be re-initialised. -- Each re-initialisation should use a value of the start variable - different from the start variable values used before with the same - key. The reason for this is that an identical bit stream would be - produced each time from the same parameters. This would be - susceptible to a ' known plaintext' attack. - -Triple ECB Mode (des_ecb3_encrypt()) -- Encrypt with key1, decrypt with key2 and encrypt with key3 again. -- As for ECB encryption but increases the key length to 168 bits. - There are theoretic attacks that can be used that make the effective - key length 112 bits, but this attack also requires 2^56 blocks of - memory, not very likely, even for the NSA. -- If both keys are the same it is equivalent to encrypting once with - just one key. -- If the first and last key are the same, the key length is 112 bits. - There are attacks that could reduce the key space to 55 bit's but it - requires 2^56 blocks of memory. -- If all 3 keys are the same, this is effectively the same as normal - ecb mode. - -Triple CBC Mode (des_ede3_cbc_encrypt()) -- Encrypt with key1, decrypt with key2 and then encrypt with key3. -- As for CBC encryption but increases the key length to 168 bits with - the same restrictions as for triple ecb mode. - -==== digest.doc ======================================================== - - -The Message Digest subroutines. - -These routines require "evp.h" to be included. - -These functions are a higher level interface to the various message digest -routines found in this library. As such, they allow the same code to be -used to digest via different algorithms with only a change in an initial -parameter. They are basically just a front-end to the MD2, MD5, SHA -and SHA1 -routines. - -These routines all take a pointer to the following structure to specify -which message digest algorithm to use. -typedef struct evp_md_st - { - int type; - int pkey_type; - int md_size; - void (*init)(); - void (*update)(); - void (*final)(); - - int required_pkey_type; /*EVP_PKEY_xxx */ - int (*sign)(); - int (*verify)(); - } EVP_MD; - -If additional message digest algorithms are to be supported, a structure of -this type needs to be declared and populated and then the Digest routines -can be used with that algorithm. The type field is the object NID of the -digest type (read the section on Objects for an explanation). The pkey_type -is the Object type to use when the a message digest is generated by there -routines and then is to be signed with the pkey algorithm. Md_size is -the size of the message digest returned. Init, update -and final are the relevant functions to perform the message digest function -by parts. One reason for specifying the message digest to use via this -mechanism is that if you only use md5, only the md5 routines will -be included in you linked program. If you passed an integer -that specified which message digest to use, the routine that mapped that -integer to a set of message digest functions would cause all the message -digests functions to be link into the code. This setup also allows new -message digest functions to be added by the application. - -The six message digests defined in this library are - -EVP_MD *EVP_md2(void); /* RSA sign/verify */ -EVP_MD *EVP_md5(void); /* RSA sign/verify */ -EVP_MD *EVP_sha(void); /* RSA sign/verify */ -EVP_MD *EVP_sha1(void); /* RSA sign/verify */ -EVP_MD *EVP_dss(void); /* DSA sign/verify */ -EVP_MD *EVP_dss1(void); /* DSA sign/verify */ - -All the message digest routines take a EVP_MD_CTX pointer as an argument. -The state of the message digest is kept in this structure. - -typedef struct pem_md_ctx_st - { - EVP_MD *digest; - union { - unsigned char base[4]; /* this is used in my library as a - * 'pointer' to all union elements - * structures. */ - MD2_CTX md2; - MD5_CTX md5; - SHA_CTX sha; - } md; - } EVP_MD_CTX; - -The Digest functions are as follows. - -void EVP_DigestInit( -EVP_MD_CTX *ctx, -EVP_MD *type); - This function is used to initialise the EVP_MD_CTX. The message - digest that will associated with 'ctx' is specified by 'type'. - -void EVP_DigestUpdate( -EVP_MD_CTX *ctx, -unsigned char *data, -unsigned int cnt); - This function is used to pass more data to the message digest - function. 'cnt' bytes are digested from 'data'. - -void EVP_DigestFinal( -EVP_MD_CTX *ctx, -unsigned char *md, -unsigned int *len); - This function finishes the digestion and puts the message digest - into 'md'. The length of the message digest is put into len; - EVP_MAX_MD_SIZE is the size of the largest message digest that - can be returned from this function. Len can be NULL if the - size of the digest is not required. - - -==== encode.doc ======================================================== - - -void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); -void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, - int *outl,unsigned char *in,int inl); -void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); -int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n); - -void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); -int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, - unsigned char *in, int inl); -int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned - char *out, int *outl); -int EVP_DecodeBlock(unsigned char *t, unsigned - char *f, int n); - - -==== envelope.doc ======================================================== - -The following routines are use to create 'digital' envelopes. -By this I mean that they perform various 'higher' level cryptographic -functions. Have a read of 'cipher.doc' and 'digest.doc' since those -routines are used by these functions. -cipher.doc contains documentation about the cipher part of the -envelope library and digest.doc contatins the description of the -message digests supported. - -To 'sign' a document involves generating a message digest and then encrypting -the digest with an private key. - -#define EVP_SignInit(a,b) EVP_DigestInit(a,b) -#define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -Due to the fact this operation is basically just an extended message -digest, the first 2 functions are macro calls to Digest generating -functions. - -int EVP_SignFinal( -EVP_MD_CTX *ctx, -unsigned char *md, -unsigned int *s, -EVP_PKEY *pkey); - This finalisation function finishes the generation of the message -digest and then encrypts the digest (with the correct message digest -object identifier) with the EVP_PKEY private key. 'ctx' is the message digest -context. 'md' will end up containing the encrypted message digest. This -array needs to be EVP_PKEY_size(pkey) bytes long. 's' will actually -contain the exact length. 'pkey' of course is the private key. It is -one of EVP_PKEY_RSA or EVP_PKEY_DSA type. -If there is an error, 0 is returned, otherwise 1. - -Verify is used to check an signed message digest. - -#define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) -#define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) -Since the first step is to generate a message digest, the first 2 functions -are macros. - -int EVP_VerifyFinal( -EVP_MD_CTX *ctx, -unsigned char *md, -unsigned int s, -EVP_PKEY *pkey); - This function finishes the generation of the message digest and then -compares it with the supplied encrypted message digest. 'md' contains the -'s' bytes of encrypted message digest. 'pkey' is used to public key decrypt -the digest. It is then compared with the message digest just generated. -If they match, 1 is returned else 0. - -int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, - int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk); -Must have at least one public key, error is 0. I should also mention that -the buffers pointed to by 'ek' need to be EVP_PKEY_size(pubk[n]) is size. - -#define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) -void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); - - -int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, - int ekl,unsigned char *iv,EVP_PKEY *priv); -0 on failure - -#define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) - -int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); -Decrypt final return code - - -==== error.doc ======================================================== - -The error routines. - -The 'error' system I've implemented is intended to server 2 purpose, to -record the reason why a command failed and to record where in the libraries -the failure occurred. It is more or less setup to record a 'trace' of which -library components were being traversed when the error occurred. - -When an error is recorded, it is done so a as single unsigned long which is -composed of three parts. The top byte is the 'library' number, the middle -12 bytes is the function code, and the bottom 12 bits is the 'reason' code. - -Each 'library', or should a say, 'section' of the SSLeay library has a -different unique 'library' error number. Each function in the library has -a number that is unique for that library. Each 'library' also has a number -for each 'error reason' that is only unique for that 'library'. - -Due to the way these error routines record a 'error trace', there is an -array per thread that is used to store the error codes. -The various functions in this library are used to access -and manipulate this array. - -void ERR_put_error(int lib, int func,int reason); - This routine records an error in library 'lib', function 'func' -and reason 'reason'. As errors get 'put' into the buffer, they wrap -around and overwrite old errors if too many are written. It is assumed -that the last errors are the most important. - -unsigned long ERR_get_error(void ); - This function returns the last error added to the error buffer. -In effect it is popping the value off the buffer so repeated calls will -continue to return values until there are no more errors to return in which -case 0 is returned. - -unsigned long ERR_peek_error(void ); - This function returns the value of the last error added to the -error buffer but does not 'pop' it from the buffer. - -void ERR_clear_error(void ); - This function clears the error buffer, discarding all unread -errors. - -While the above described error system obviously produces lots of different -error number, a method for 'reporting' these errors in a human readable -form is required. To achieve this, each library has the option of -'registering' error strings. - -typedef struct ERR_string_data_st - { - unsigned long error; - char *string; - } ERR_STRING_DATA; - -The 'ERR_STRING_DATA' contains an error code and the corresponding text -string. To add new function error strings for a library, the -ERR_STRING_DATA needs to be 'registered' with the library. - -void ERR_load_strings(unsigned long lib,ERR_STRING_DATA *err); - This function 'registers' the array of ERR_STRING_DATA pointed to by -'err' as error text strings for the error library 'lib'. - -void ERR_free_strings(void); - This function free()s all the loaded error strings. - -char *ERR_error_string(unsigned long error,char *buf); - This function returns a text string that is a human readable -version of the error represented by 'error'. Buff should be at least 120 -bytes long and if it is NULL, the return value is a pointer to a static -variable that will contain the error string, otherwise 'buf' is returned. -If there is not a text string registered for a particular error, a text -string containing the error number is returned instead. - -void ERR_print_errors(BIO *bp); -void ERR_print_errors_fp(FILE *fp); - This function is a convenience routine that prints the error string -for each error until all errors have been accounted for. - -char *ERR_lib_error_string(unsigned long e); -char *ERR_func_error_string(unsigned long e); -char *ERR_reason_error_string(unsigned long e); -The above three functions return the 3 different components strings for the -error 'e'. ERR_error_string() uses these functions. - -void ERR_load_ERR_strings(void ); - This function 'registers' the error strings for the 'ERR' module. - -void ERR_load_crypto_strings(void ); - This function 'register' the error strings for just about every -library in the SSLeay package except for the SSL routines. There is no -need to ever register any error text strings and you will probably save in -program size. If on the other hand you do 'register' all errors, it is -quite easy to determine why a particular routine failed. - -As a final footnote as to why the error system is designed as it is. -1) I did not want a single 'global' error code. -2) I wanted to know which subroutine a failure occurred in. -3) For Windows NT etc, it should be simple to replace the 'key' routines - with code to pass error codes back to the application. -4) I wanted the option of meaningful error text strings. - -Late breaking news - the changes to support threads. - -Each 'thread' has an 'ERR_STATE' state associated with it. -ERR_STATE *ERR_get_state(void ) will return the 'state' for the calling -thread/process. - -ERR_remove_state(unsigned long pid); will 'free()' this state. If pid == 0 -the current 'thread/process' will have it's error state removed. -If you do not remove the error state of a thread, this could be considered a -form of memory leak, so just after 'reaping' a thread that has died, -call ERR_remove_state(pid). - -Have a read of thread.doc for more details for what is required for -multi-threading support. All the other error routines will -work correctly when using threads. - - -==== idea.doc ======================================================== - -The IDEA library. -IDEA is a block cipher that operates on 64bit (8 byte) quantities. It -uses a 128bit (16 byte) key. It can be used in all the modes that DES can -be used. This library implements the ecb, cbc, cfb64 and ofb64 modes. - -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'idea.h'. - -All of the encryption functions take what is called an IDEA_KEY_SCHEDULE as an -argument. An IDEA_KEY_SCHEDULE is an expanded form of the idea key. -For all modes of the IDEA algorithm, the IDEA_KEY_SCHEDULE used for -decryption is different to the one used for encryption. - -The define IDEA_ENCRYPT is passed to specify encryption for the functions -that require an encryption/decryption flag. IDEA_DECRYPT is passed to -specify decryption. For some mode there is no encryption/decryption -flag since this is determined by the IDEA_KEY_SCHEDULE. - -So to encrypt you would do the following -idea_set_encrypt_key(key,encrypt_ks); -idea_ecb_encrypt(...,encrypt_ks); -idea_cbc_encrypt(....,encrypt_ks,...,IDEA_ENCRYPT); - -To Decrypt -idea_set_encrypt_key(key,encrypt_ks); -idea_set_decrypt_key(encrypt_ks,decrypt_ks); -idea_ecb_encrypt(...,decrypt_ks); -idea_cbc_encrypt(....,decrypt_ks,...,IDEA_DECRYPT); - -Please note that any of the encryption modes specified in my DES library -could be used with IDEA. I have only implemented ecb, cbc, cfb64 and -ofb64 for the following reasons. -- ecb is the basic IDEA encryption. -- cbc is the normal 'chaining' form for block ciphers. -- cfb64 can be used to encrypt single characters, therefore input and output - do not need to be a multiple of 8. -- ofb64 is similar to cfb64 but is more like a stream cipher, not as - secure (not cipher feedback) but it does not have an encrypt/decrypt mode. -- If you want triple IDEA, thats 384 bits of key and you must be totally - obsessed with security. Still, if you want it, it is simple enough to - copy the function from the DES library and change the des_encrypt to - idea_encrypt; an exercise left for the paranoid reader :-). - -The functions are as follows: - -void idea_set_encrypt_key( -unsigned char *key; -IDEA_KEY_SCHEDULE *ks); - idea_set_encrypt_key converts a 16 byte IDEA key into an - IDEA_KEY_SCHEDULE. The IDEA_KEY_SCHEDULE is an expanded form of - the key which can be used to perform IDEA encryption. - An IDEA_KEY_SCHEDULE is an expanded form of the key which is used to - perform actual encryption. It can be regenerated from the IDEA key - so it only needs to be kept when encryption is about - to occur. Don't save or pass around IDEA_KEY_SCHEDULE's since they - are CPU architecture dependent, IDEA keys are not. - -void idea_set_decrypt_key( -IDEA_KEY_SCHEDULE *encrypt_ks, -IDEA_KEY_SCHEDULE *decrypt_ks); - This functions converts an encryption IDEA_KEY_SCHEDULE into a - decryption IDEA_KEY_SCHEDULE. For all decryption, this conversion - of the key must be done. In some modes of IDEA, an - encryption/decryption flag is also required, this is because these - functions involve block chaining and the way this is done changes - depending on which of encryption of decryption is being done. - Please note that there is no quick way to generate the decryption - key schedule other than generating the encryption key schedule and - then converting it. - -void idea_encrypt( -unsigned long *data, -IDEA_KEY_SCHEDULE *ks); - This is the IDEA encryption function that gets called by just about - every other IDEA routine in the library. You should not use this - function except to implement 'modes' of IDEA. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. - Data is a pointer to 2 unsigned long's and ks is the - IDEA_KEY_SCHEDULE to use. Encryption or decryption depends on the - IDEA_KEY_SCHEDULE. - -void idea_ecb_encrypt( -unsigned char *input, -unsigned char *output, -IDEA_KEY_SCHEDULE *ks); - This is the basic Electronic Code Book form of IDEA (in DES this - mode is called Electronic Code Book so I'm going to use the term - for idea as well :-). - Input is encrypted into output using the key represented by - ks. Depending on the IDEA_KEY_SCHEDULE, encryption or - decryption occurs. Input is 8 bytes long and output is 8 bytes. - -void idea_cbc_encrypt( -unsigned char *input, -unsigned char *output, -long length, -IDEA_KEY_SCHEDULE *ks, -unsigned char *ivec, -int enc); - This routine implements IDEA in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, bad - things will probably happen. ivec is the initialisation vector. - This function updates iv after each call so that it can be passed to - the next call to idea_cbc_encrypt(). - -void idea_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num, -int enc); - This is one of the more useful functions in this IDEA library, it - implements CFB mode of IDEA with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - Enc is used to indicate encryption or decryption. - One very important thing to remember is that when decrypting, use - the encryption form of the key. - CFB64 mode operates by using the cipher to - generate a stream of bytes which is used to encrypt the plain text. - The cipher text is then encrypted to generate the next 64 bits to - be xored (incrementally) with the next 64 bits of plain - text. As can be seen from this, to encrypt or decrypt, - the same 'cipher stream' needs to be generated but the way the next - block of data is gathered for encryption is different for - encryption and decryption. What this means is that to encrypt - idea_set_encrypt_key(key,ks); - idea_cfb64_encrypt(...,ks,..,IDEA_ENCRYPT) - do decrypt - idea_set_encrypt_key(key,ks) - idea_cfb64_encrypt(...,ks,...,IDEA_DECRYPT) - Note: The same IDEA_KEY_SCHEDULE but different encryption flags. - For idea_cbc or idea_ecb, idea_set_decrypt_key() would need to be - used to generate the IDEA_KEY_SCHEDULE for decryption. - The reason I'm stressing this point is that I just wasted 3 hours - today trying to decrypt using this mode and the decryption form of - the key :-(. - -void idea_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -des_key_schedule ks, -des_cblock *ivec, -int *num); - This functions implements OFB mode of IDEA with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - This is in effect a stream cipher, there is no encryption or - decryption mode. The same key and iv should be used to - encrypt and decrypt. - -For reading passwords, I suggest using des_read_pw_string() from my DES library. -To generate a password from a text string, I suggest using MD5 (or MD2) to -produce a 16 byte message digest that can then be passed directly to -idea_set_encrypt_key(). - -===== -For more information about the specific IDEA modes in this library -(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the -documentation on my DES library. What is said about DES is directly -applicable for IDEA. - - -==== legal.doc ======================================================== - -From eay at mincom.com Thu Jun 27 00:25:45 1996 -Received: by orb.mincom.oz.au id AA15821 - (5.65c/IDA-1.4.4 for eay); Wed, 26 Jun 1996 14:25:45 +1000 -Date: Wed, 26 Jun 1996 14:25:45 +1000 (EST) -From: Eric Young -X-Sender: eay at orb -To: Ken Toll -Cc: Eric Young , ssl-talk at netscape.com -Subject: Re: Unidentified subject! -In-Reply-To: <9606261950.ZM28943 at ren.digitalage.com> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: O -X-Status: - - -This is a little off topic but since SSLeay is a free implementation of -the SSLv2 protocol, I feel it is worth responding on the topic of if it -is actually legal for Americans to use free cryptographic software. - -On Wed, 26 Jun 1996, Ken Toll wrote: -> Is the U.S the only country that SSLeay cannot be used commercially -> (because of RSAref) or is that going to be an issue with every country -> that a client/server application (non-web browser/server) is deployed -> and sold? - ->From what I understand, the software patents that apply to algorithms -like RSA and DH only apply in the USA. The IDEA algorithm I believe is -patened in europe (USA?), but considing how little it is used by other SSL -implementations, it quite easily be left out of the SSLeay build -(this can be done with a compile flag). - -Actually if the RSA patent did apply outside the USA, it could be rather -interesting since RSA is not alowed to let RSA toolkits outside of the USA -[1], and since these are the only forms that they will alow the algorithm -to be used in, it would mean that non-one outside of the USA could produce -public key software which would be a very strong statment for -international patent law to make :-). This logic is a little flawed but -it still points out some of the more interesting permutations of USA -patent law and ITAR restrictions. - -Inside the USA there is also the unresolved issue of RC4/RC2 which were -made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have -copies of the original postings if people are interested. RSA I believe -claim that they were 'trade-secrets' and that some-one broke an NDA in -revealing them. Other claim they reverse engineered the algorithms from -compiled binaries. If the algorithms were reverse engineered, I believe -RSA had no legal leg to stand on. If an NDA was broken, I don't know. -Regardless, RSA, I believe, is willing to go to court over the issue so -licencing is probably the best idea, or at least talk to them. -If there are people who actually know more about this, pease let me know, I -don't want to vilify or spread miss-information if I can help it. - -If you are not producing a web browser, it is easy to build SSLeay with -RC2/RC4 removed. Since RC4 is the defacto standard cipher in -all web software (and it is damn fast) it is more or less required for -www use. For non www use of SSL, especially for an application where -interoperability with other vendors is not critical just leave it out. - -Removing IDEA, RC2 and RC4 would only leave DES and Triple DES but -they should be ok. Considing that Triple DES can encrypt at rates of -410k/sec on a pentium 100, and 940k/sec on a P6/200, this is quite -reasonable performance. Single DES clocks in at 1160k/s and 2467k/s -respectivly is actually quite fast for those not so paranoid (56 bit key).[1] - -> Is it possible to get a certificate for commercial use outside of the U.S.? -yes. - -Thawte Consulting issues certificates (they are the people who sell the - Sioux httpd server and are based in South Africa) -Verisign will issue certificates for Sioux (sold from South Africa), so this - proves that they will issue certificate for OS use if they are - happy with the quality of the software. - -(The above mentioned companies just the ones that I know for sure are issuing - certificates outside the USA). - -There is always the point that if you are using SSL for an intra net, -SSLeay provides programs that can be used so you can issue your own -certificates. They need polishing but at least it is a good starting point. - -I am not doing anything outside Australian law by implementing these -algorithms (to the best of my knowedge). It is another example of how -the world legal system does not cope with the internet very well. - -I may start making shared libraries available (I have now got DLL's for -Windows). This will mean that distributions into the usa could be -shipped with a version with a reduced cipher set and the versions outside -could use the DLL/shared library with all the ciphers (and without RSAref). - -This could be completly hidden from the application, so this would not -even require a re-linking. - -This is the reverse of what people were talking about doing to get around -USA export regulations :-) - -eric - -[1]: The RSAref2.0 tookit is available on at least 3 ftp sites in Europe - and one in South Africa. - -[2]: Since I always get questions when I post benchmark numbers :-), - DES performace figures are in 1000's of bytes per second in cbc - mode using an 8192 byte buffer. The pentium 100 was running Windows NT - 3.51 DLLs and the 686/200 was running NextStep. - I quote pentium 100 benchmarks because it is basically the - 'entry level' computer that most people buy for personal use. - Windows 95 is the OS shipping on those boxes, so I'll give - NT numbers (the same Win32 runtime environment). The 686 - numbers are present as an indication of where we will be in a - few years. --- -Eric Young | BOOL is tri-state according to Bill Gates. -AARNet: eay at mincom.oz.au | RTFM Win32 GetMessage(). - - - -==== lhash.doc ======================================================== - -The LHASH library. - -I wrote this library in 1991 and have since forgotten why I called it lhash. -It implements a hash table from an article I read at the -time from 'Communications of the ACM'. What makes this hash -table different is that as the table fills, the hash table is -increased (or decreased) in size via realloc(). -When a 'resize' is done, instead of all hashes being redistributed over -twice as many 'buckets', one bucket is split. So when an 'expand' is done, -there is only a minimal cost to redistribute some values. Subsequent -inserts will cause more single 'bucket' redistributions but there will -never be a sudden large cost due to redistributing all the 'buckets'. - -The state for a particular hash table is kept in the LHASH structure. -The LHASH structure also records statistics about most aspects of accessing -the hash table. This is mostly a legacy of my writing this library for -the reasons of implementing what looked like a nice algorithm rather than -for a particular software product. - -Internal stuff you probably don't want to know about. -The decision to increase or decrease the hash table size is made depending -on the 'load' of the hash table. The load is the number of items in the -hash table divided by the size of the hash table. The default values are -as follows. If (hash->up_load < load) => expand. -if (hash->down_load > load) => contract. The 'up_load' has a default value of -1 and 'down_load' has a default value of 2. These numbers can be modified -by the application by just playing with the 'up_load' and 'down_load' -variables. The 'load' is kept in a form which is multiplied by 256. So -hash->up_load=8*256; will cause a load of 8 to be set. - -If you are interested in performance the field to watch is -num_comp_calls. The hash library keeps track of the 'hash' value for -each item so when a lookup is done, the 'hashes' are compared, if -there is a match, then a full compare is done, and -hash->num_comp_calls is incremented. If num_comp_calls is not equal -to num_delete plus num_retrieve it means that your hash function is -generating hashes that are the same for different values. It is -probably worth changing your hash function if this is the case because -even if your hash table has 10 items in a 'bucked', it can be searched -with 10 'unsigned long' compares and 10 linked list traverses. This -will be much less expensive that 10 calls to you compare function. - -LHASH *lh_new( -unsigned long (*hash)(), -int (*cmp)()); - This function is used to create a new LHASH structure. It is passed - function pointers that are used to store and retrieve values passed - into the hash table. The 'hash' - function is a hashing function that will return a hashed value of - it's passed structure. 'cmp' is passed 2 parameters, it returns 0 - is they are equal, otherwise, non zero. - If there are any problems (usually malloc failures), NULL is - returned, otherwise a new LHASH structure is returned. The - hash value is normally truncated to a power of 2, so make sure - that your hash function returns well mixed low order bits. - -void lh_free( -LHASH *lh); - This function free()s a LHASH structure. If there is malloced - data in the hash table, it will not be freed. Consider using the - lh_doall function to deallocate any remaining entries in the hash - table. - -char *lh_insert( -LHASH *lh, -char *data); - This function inserts the data pointed to by data into the lh hash - table. If there is already and entry in the hash table entry, the - value being replaced is returned. A NULL is returned if the new - entry does not clash with an entry already in the table (the normal - case) or on a malloc() failure (perhaps I should change this....). - The 'char *data' is exactly what is passed to the hash and - comparison functions specified in lh_new(). - -char *lh_delete( -LHASH *lh, -char *data); - This routine deletes an entry from the hash table. The value being - deleted is returned. NULL is returned if there is no such value in - the hash table. - -char *lh_retrieve( -LHASH *lh, -char *data); - If 'data' is in the hash table it is returned, else NULL is - returned. The way these routines would normally be uses is that a - dummy structure would have key fields populated and then - ret=lh_retrieve(hash,&dummy);. Ret would now be a pointer to a fully - populated structure. - -void lh_doall( -LHASH *lh, -void (*func)(char *a)); - This function will, for every entry in the hash table, call function - 'func' with the data item as parameters. - This function can be quite useful when used as follows. - void cleanup(STUFF *a) - { STUFF_free(a); } - lh_doall(hash,cleanup); - lh_free(hash); - This can be used to free all the entries, lh_free() then - cleans up the 'buckets' that point to nothing. Be careful - when doing this. If you delete entries from the hash table, - in the call back function, the table may decrease in size, - moving item that you are - currently on down lower in the hash table. This could cause - some entries to be skipped. The best solution to this problem - is to set lh->down_load=0 before you start. This will stop - the hash table ever being decreased in size. - -void lh_doall_arg( -LHASH *lh; -void(*func)(char *a,char *arg)); -char *arg; - This function is the same as lh_doall except that the function - called will be passed 'arg' as the second argument. - -unsigned long lh_strhash( -char *c); - This function is a demo string hashing function. Since the LHASH - routines would normally be passed structures, this routine would - not normally be passed to lh_new(), rather it would be used in the - function passed to lh_new(). - -The next three routines print out various statistics about the state of the -passed hash table. These numbers are all kept in the lhash structure. - -void lh_stats( -LHASH *lh, -FILE *out); - This function prints out statistics on the size of the hash table, - how many entries are in it, and the number and result of calls to - the routines in this library. - -void lh_node_stats( -LHASH *lh, -FILE *out); - For each 'bucket' in the hash table, the number of entries is - printed. - -void lh_node_usage_stats( -LHASH *lh, -FILE *out); - This function prints out a short summary of the state of the hash - table. It prints what I call the 'load' and the 'actual load'. - The load is the average number of data items per 'bucket' in the - hash table. The 'actual load' is the average number of items per - 'bucket', but only for buckets which contain entries. So the - 'actual load' is the average number of searches that will need to - find an item in the hash table, while the 'load' is the average number - that will be done to record a miss. - -==== md2.doc ======================================================== - -The MD2 library. -MD2 is a message digest algorithm that can be used to condense an arbitrary -length message down to a 16 byte hash. The functions all need to be passed -a MD2_CTX which is used to hold the MD2 context during multiple MD2_Update() -function calls. The normal method of use for this library is as follows - -MD2_Init(...); -MD2_Update(...); -... -MD2_Update(...); -MD2_Final(...); - -This library requires the inclusion of 'md2.h'. - -The main negative about MD2 is that it is slow, especially when compared -to MD5. - -The functions are as follows: - -void MD2_Init( -MD2_CTX *c); - This function needs to be called to initiate a MD2_CTX structure for - use. - -void MD2_Update( -MD2_CTX *c; -unsigned char *data; -unsigned long len); - This updates the message digest context being generated with 'len' - bytes from the 'data' pointer. The number of bytes can be any - length. - -void MD2_Final( -unsigned char *md; -MD2_CTX *c; - This function is called when a message digest of the data digested - with MD2_Update() is wanted. The message digest is put in the 'md' - array and is MD2_DIGEST_LENGTH (16) bytes long. - -unsigned char *MD2( -unsigned long n; -unsigned char *d; -unsigned char *md; - This function performs a MD2_Init(), followed by a MD2_Update() - followed by a MD2_Final() (using a local MD2_CTX). - The resulting digest is put into 'md' if it is not NULL. - Regardless of the value of 'md', the message - digest is returned from the function. If 'md' was NULL, the message - digest returned is being stored in a static structure. - -==== md5.doc ======================================================== - -The MD5 library. -MD5 is a message digest algorithm that can be used to condense an arbitrary -length message down to a 16 byte hash. The functions all need to be passed -a MD5_CTX which is used to hold the MD5 context during multiple MD5_Update() -function calls. This library also contains random number routines that are -based on MD5 - -The normal method of use for this library is as follows - -MD5_Init(...); -MD5_Update(...); -... -MD5_Update(...); -MD5_Final(...); - -This library requires the inclusion of 'md5.h'. - -The functions are as follows: - -void MD5_Init( -MD5_CTX *c); - This function needs to be called to initiate a MD5_CTX structure for - use. - -void MD5_Update( -MD5_CTX *c; -unsigned char *data; -unsigned long len); - This updates the message digest context being generated with 'len' - bytes from the 'data' pointer. The number of bytes can be any - length. - -void MD5_Final( -unsigned char *md; -MD5_CTX *c; - This function is called when a message digest of the data digested - with MD5_Update() is wanted. The message digest is put in the 'md' - array and is MD5_DIGEST_LENGTH (16) bytes long. - -unsigned char *MD5( -unsigned char *d; -unsigned long n; -unsigned char *md; - This function performs a MD5_Init(), followed by a MD5_Update() - followed by a MD5_Final() (using a local MD5_CTX). - The resulting digest is put into 'md' if it is not NULL. - Regardless of the value of 'md', the message - digest is returned from the function. If 'md' was NULL, the message - digest returned is being stored in a static structure. - - -==== memory.doc ======================================================== - -In the interests of debugging SSLeay, there is an option to compile -using some simple memory leak checking. - -All malloc(), free() and realloc() calls in SSLeay now go via -Malloc(), Free() and Realloc() (except those in crypto/lhash). - -If CRYPTO_MDEBUG is defined, these calls are #defined to -CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc(). -If it is not defined, they are #defined to malloc(), free() and realloc(). - -the CRYPTO_malloc() routines by default just call the underlying library -functions. - -If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is -turned on. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off. - -When turned on, each Malloc() or Realloc() call is recored along with the file -and line number from where the call was made. (This is done using the -lhash library which always uses normal system malloc(3) routines). - -void CRYPTO_mem_leaks(BIO *b); -void CRYPTO_mem_leaks_fp(FILE *fp); -These both print out the list of memory that has not been free()ed. -This will probably be rather hard to read, but if you look for the 'top level' -structure allocation, this will often give an idea as to what is not being -free()ed. I don't expect people to use this stuff normally. - -==== ca.1 ======================================================== - -From eay at orb.mincom.oz.au Thu Dec 28 23:56:45 1995 -Received: by orb.mincom.oz.au id AA07374 - (5.65c/IDA-1.4.4 for eay); Thu, 28 Dec 1995 13:56:45 +1000 -Date: Thu, 28 Dec 1995 13:56:45 +1000 (EST) -From: Eric Young -X-Sender: eay at orb -To: sameer -Cc: ssleay at mincom.oz.au -Subject: Re: 'ca' -In-Reply-To: <199512230440.UAA23410 at infinity.c2.org> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: RO -X-Status: - -On Fri, 22 Dec 1995, sameer wrote: -> I could use documentation on 'ca'. Thanks. - -Very quickly. -The ca program uses the ssleay.conf file for most of its configuration - -./ca -help - - -verbose - Talk a lot while doing things - -config file - A config file. If you don't want to use the - default config file - -name arg - The particular CA definition to use - In the config file, the section to use for parameters. This lets - multiple setups to be contained in the one file. By default, the - default_ca variable is looked up in the [ ca ] section. So in the - shipped ssleay.conf, the CA definition used is CA_default. It could be - any other name. - -gencrl days - Generate a new CRL, days is when the next CRL is due - This will generate a new certificate revocion list. - -days arg - number of days to certify the certificate for - When certifiying certificates, this is the number of days to use. - -md arg - md to use, one of md2, md5, sha or sha1 - -policy arg - The CA 'policy' to support - I'll describe this later, but there are 2 policies definied in the - shipped ssleay.conf - -keyfile arg - PEM RSA private key file - -key arg - key to decode the RSA private key if it is encrypted - since we need to keep the CA's RSA key encrypted - -cert - The CA certificate - -in file - The input PEM encoded certificate request(s) - -out file - Where to put the output file(s) - -outdir dir - Where to put output certificates - The -out options concatinates all the output certificied - certificates to one file, -outdir puts them in a directory, - named by serial number. - -infiles .... - The last argument, requests to process - The certificate requests to process, -in is the same. - -Just about all the above have default values defined in ssleay.conf. - -The key variables in ssleay.conf are (for the pariticular '-name' being -used, in the default, it is CA_default). - -dir is where all the CA database stuff is kept. -certs is where all the previously issued certificates are kept. -The database is a simple text database containing the following tab separated -fields. -status: a value of 'R' - revoked, 'E' -expired or 'V' valid. -issued date: When the certificate was certified. -revoked date: When it was revoked, blank if not revoked. -serial number: The certificate serial number. -certificate: Where the certificate is located. -CN: The name of the certificate. - -The demo file has quite a few made up values it it. The last 2 were -added by the ca program and are acurate. -The CA program does not update the 'certificate' file correctly right now. -The serial field should be unique as should the CN/status combination. -The ca program checks these at startup. What still needs to be -wrtten is a program to 'regenerate' the data base file from the issued -certificate list (and a CRL list). - -Back to the CA_default variables. - -Most of the variables are commented. - -policy is the default policy. - -Ok for policies, they define the order and which fields must be present -in the certificate request and what gets filled in. - -So a value of -countryName = match -means that the country name must match the CA certificate. -organizationalUnitName = optional -The org.Unit,Name does not have to be present and -commonName = supplied -commonName must be supplied in the certificate request. - -For the 'policy_match' polocy, the order of the attributes in the -generated certiticate would be -countryName -stateOrProvinceName -organizationName -organizationalUnitName -commonName -emailAddress - -Have a play, it sort of makes sense. If you think about how the persona -requests operate, it is similar to the 'policy_match' policy and the -'policy_anything' is similar to what versign is doing. - -I hope this helps a bit. Some backend scripts are definitly needed to -update the database and to make certificate revocion easy. All -certificates issued should also be kept forever (or until they expire?) - -hope this helps -eric (who has to run off an buy some cheap knee pads for the caving in 4 -days time :-) - --- -Eric Young | Signature removed since it was generating -AARNet: eay at mincom.oz.au | more followups than the message contents :-) - - -==== ms3-ca.doc ======================================================== - -Date: Mon, 9 Jun 97 08:00:33 +0200 -From: Holger.Reif at PrakInf.TU-Ilmenau.DE (Holger Reif) -Subject: ms3-ca.doc -Organization: TU Ilmenau, Fak. IA, FG Telematik -Content-Length: 14575 -Status: RO -X-Status: - -Loading client certs into MSIE 3.01 -=================================== - -This document contains all the information necessary to successfully set up -some scripts to issue client certs to Microsoft Internet Explorer. It -includes the required knowledge about the model MSIE uses for client -certification and includes complete sample scripts ready to play with. The -scripts were tested against a modified ca program of SSLeay 0.6.6 and should -work with the regular ca program that comes with version 0.8.0. I haven't -tested against MSIE 4.0 - -You can use the information contained in this document in either way you -want. However if you feel it saved you a lot of time I ask you to be as fair -as to mention my name: Holger Reif . - -1.) The model used by MSIE --------------------------- - -The Internet Explorer doesn't come with a embedded engine for installing -client certs like Netscape's Navigator. It rather uses the CryptoAPI (CAPI) -defined by Microsoft. CAPI comes with WindowsNT 4.0 or is installed together -with Internet Explorer since 3.01. The advantage of this approach is a higher -flexibility because the certificates in the (per user) system open -certificate store may be used by other applications as well. The drawback -however is that you need to do a bit more work to get a client cert issued. - -CAPI defines functions which will handle basic cryptographic work, eg. -generating keys, encrypting some data, signing text or building a certificate -request. The procedure is as follows: A CAPI function generates you a key -pair and saves it into the certificate store. After that one builds a -Distinguished Name. Together with that key pair another CAPI function forms a -PKCS#10 request which you somehow need to submit to a CA. Finally the issued -cert is given to a yet another CAPI function which saves it into the -certificate store. - -The certificate store with the user's keys and certs is in the registry. You -will find it under HKEY_CURRENT_USER/Software/Microsoft/Cryptography/ (I -leave it to you as a little exercise to figure out what all the entries mean -;-). Note that the keys are protected only with the user's usual Windows -login password. - -2.) The practical usage ------------------------ - -Unfortunately since CAPI is a system API you can't access its functions from -HTML code directly. For this purpose Microsoft provides a wrapper called -certenr3.dll. This DLL accesses the CAPI functions and provides an interface -usable from Visual Basic Script. One needs to install that library on the -computer which wants to have client cert. The easiest way is to load it as an -ActiveX control (certenr3.dll is properly authenticode signed by MS ;-). If -you have ever enrolled e cert request at a CA you will have installed it. - -At time of writing certenr3.dll is contained in -http://www.microsoft.com/workshop/prog/security/csa/certenr3.exe. It comes -with an README file which explains the available functions. It is labeled -beta but every CA seems to use it anyway. The license.txt allows you the -usage for your own purposes (as far as I understood) and a somehow limited -distribution. - -The two functions of main interest are GenerateKeyPair and AcceptCredentials. -For complete explanation of all possible parameters see the README file. Here -are only minimal required parameters and their values. - -GenerateKeyPair(sessionID, FASLE, szName, 0, "ClientAuth", TRUE, FALSE, 1) -- sessionID is a (locally to that computer) unique string to correlate the -generated key pair with a cert installed later. -- szName is the DN of the form "C=DE; S=Thueringen; L=Ilmenau; CN=Holger -Reif; 1.2.840.113549.1.9.1=reif at prakinf.tu-ilmenau.de". Note that S is the -abreviation for StateOrProvince. The recognized abreviation include CN, O, C, -OU, G, I, L, S, T. If the abreviation is unknown (eg. for PKCS#9 email addr) -you need to use the full object identifier. The starting point for searching -them could be crypto/objects.h since all OIDs know to SSLeay are listed -there. -- note: the possible ninth parameter which should give a default name to the -certificate storage location doesn't seem to work. Changes to the constant -values in the call above doesn't seem to make sense. You can't generate -PKCS#10 extensions with that function. - -The result of GenerateKeyPair is the base64 encoded PKCS#10 request. However -it has a little strange format that SSLeay doesn't accept. (BTW I feel the -decision of rejecting that format as standard conforming.) It looks like -follows: - 1st line with 76 chars - 2nd line with 76 chars - ... - (n-2)th line with 76 chars - (n-1)th line contains a multiple of 4 chars less then 76 (possible -empty) - (n)th line has zero or 4 chars (then with 1 or 2 equal signs - the - original text's lenght wasn'T a multiple of 3) - The line separator has two chars: 0x0d 0x0a - -AcceptCredentials(sessionID, credentials, 0, FALSE) -- sessionID needs to be the same as while generating the key pair -- credentials is the base64 encoded PKCS#7 object containing the cert. - -CRL's and CA certs are not required simply just the client cert. (It seems to -me that both are not even checked somehow.) The only format of the base64 -encoded object I successfully used was all characters in a very long string -without line feeds or carriage returns. (Hey, it doesn't matter, only a -computer reads it!) - -The result should be S_OK. For error handling see the example that comes with -certenr3.dll. - -A note about ASN.1 character encodings. certenr3.dll seems to know only about -2 of them: UniversalString and PrintableString. First it is definitely wrong -for an email address which is IA5STRING (checked by ssleay's ca). Second -unfortunately MSIE (at least until version 3.02) can't handle UniversalString -correctly - they just blow up you cert store! Therefore ssleay's ca (starting -from version 0.8.0) tries to convert the encodings automatically to IA5STRING -or TeletexString. The beef is it will work only for the latin-1 (western) -charset. Microsoft still has to do abit of homework... - -3.) An example --------------- - -At least you need two steps: generating the key & request and then installing -the certificate. A real world CA would have some more steps involved, eg. -accepting some license. Note that both scripts shown below are just -experimental state without any warrenty! - -First how to generate a request. Note that we can't use a static page because -of the sessionID. I generate it from system time plus pid and hope it is -unique enough. Your are free to feed it through md5 to get more impressive -ID's ;-) Then the intended text is read in with sed which inserts the -sessionID. - ------BEGIN ms-enroll.cgi----- -#!/bin/sh -SESSION_ID=`date '+%y%m%d%H%M%S'`$$ -echo Content-type: text/html -echo -sed s/template_for_sessId/$SESSION_ID/ < -Certificate Enrollment Test Page - - - - - -

      -

      enrollment for a personal cert

      -


      -

      - - - - - - - - - - - - -
      Country
      State
      Location
      Organization
      Organizational Unit
      Name
      eMail Address
      - - -
      -


      -

      - - - - -EOF ------END ms-enroll.cgi----- - -Second, how to extract the request and feed the certificate back? We need to -"normalize" the base64 encoding of the PKCS#10 format which means -regenerating the lines and wrapping with BEGIN and END line. This is done by -gawk. The request is taken by ca the normal way. Then the cert needs to be -packed into a PKCS#7 structure (note: the use of a CRL is necessary for -crl2pkcs7 as of version 0.6.6. Starting with 0.8.0 it it might probably be -ommited). Finally we need to format the PKCS#7 object and generate the HTML -text. I use two templates to have a clearer script. - -1st note: postit2 is slightly modified from a program I found at ncsa's ftp -site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You -need utils.c from there too. - -2nd note: I'm note quite sure whether the gawk script really handles all -possible inputs for the request right! Today I don't use this construction -anymore myself. - -3d note: the cert must be of version 3! This could be done with the nsComment -line in ssleay.cnf... - -------BEGIN ms-gencert.cgi----- -#!/bin/sh -FILE="/tmp/"`date '+%y%m%d%H%M%S'-`$$ -rm -f "$FILE".* - -HOME=`pwd`; export HOME # as ssleay.cnf insists on having such an env var -cd /usr/local/ssl #where demoCA (as named in ssleay.conf) is located - -postit2 -s " " -i 0x0d > "$FILE".inp # process the FORM vars - -SESSION_ID=`gawk '$1 == "SessionId" { print $2; exit }' "$FILE".inp` - -gawk \ - 'BEGIN { \ - OFS = ""; \ - print "-----BEGIN CERTIFICATE REQUEST-----"; \ - req_seen=0 \ - } \ - $1 == "Request" { \ - req_seen=1; \ - if (length($2) == 72) print($2); \ - lastline=$2; \ - next; \ - } \ - { \ - if (req_seen == 1) { \ - if (length($1) >= 72) print($1); \ - else if (length(lastline) < 72) { \ - req_seen=0; \ - print (lastline,$1); \ - } \ - lastline=$1; \ - } \ - } \ - END { \ - print "-----END CERTIFICATE REQUEST-----"; \ - }' > "$FILE".pem < "$FILE".inp - -ssleay ca -batch -in "$FILE".pem -key passwd -out "$FILE".out -ssleay crl2pkcs7 -certfile "$FILE".out -out "$FILE".pkcs7 -in demoCA/crl.pem - -sed s/template_for_sessId/$SESSION_ID/ "$FILE".cert -/usr/local/bin/gawk \ - 'BEGIN { \ - OFS = ""; \ - dq = sprintf("%c",34); \ - } \ - $0 ~ "PKCS7" { next; } \ - { \ - print dq$0dq" & _"; \ - }' <"$FILE".pkcs7 >> "$FILE".cert -cat ms-enroll2b.html >>"$FILE".cert - -echo Content-type: text/html -echo Content-length: `wc -c "$FILE".cert` -echo -cat "$FILE".cert -rm -f "$FILE".* ------END ms-gencert.cgi----- - -----BEGIN ms-enroll2a.html---- -Certificate Acceptance Test Page - - - - -
      -

      Your personal certificate

      -


      -Press the button! -

      -

      -


      - - - - -----END ms-enroll2b.html---- - -4.) What do do with the cert? ------------------------------ - -The cert is visible (without restarting MSIE) under the following menu: -View->Options->Security->Personal certs. You can examine it's contents at -least partially. - -To use it for client authentication you need to use SSL3.0 (fortunately -SSLeay supports it with 0.8.0). Furthermore MSIE is told to only supports a -kind of automatic selection of certs (I personally wasn't able to test it -myself). But there is a requirement that the issuer of the server cert and -the issuer of the client cert needs to be the same (according to a developer -from MS). Which means: you need may more then one cert to talk to all -servers... - -I'm sure we will get a bit more experience after ApacheSSL is available for -SSLeay 0.8.8. - - -I hope you enjoyed reading and that in future questions on this topic will -rarely appear on ssl-users at moncom.com ;-) - -Ilmenau, 9th of June 1997 -Holger Reif --- -read you later - Holger Reif ----------------------------------------- Signaturprojekt Deutsche Einheit -TU Ilmenau - Informatik - Telematik (Verdamp lang her) -Holger.Reif at PrakInf.TU-Ilmenau.DE Alt wie ein Baum werden, um ueber -http://Remus.PrakInf.TU-Ilmenau.DE/Reif/ alle 7 Bruecken gehen zu koennen - - -==== ns-ca.doc ======================================================== - -The following documentation was supplied by Jeff Barber, who provided the -patch to the CA program to add this functionality. - -eric --- -Jeff Barber Email: jeffb at issl.atl.hp.com - -Hewlett Packard Phone: (404) 648-9503 -Internet and System Security Lab Fax: (404) 648-9516 - - oo ----------------------cut /\ here for ns-ca.doc ------------------------------ - -This document briefly describes how to use SSLeay to implement a -certificate authority capable of dynamically serving up client -certificates for version 3.0 beta 5 (and presumably later) versions of -the Netscape Navigator. Before describing how this is done, it's -important to understand a little about how the browser implements its -client certificate support. This is documented in some detail in the -URLs based at . -Here's a brief overview: - -- The Navigator supports a new HTML tag "KEYGEN" which will cause - the browser to generate an RSA key pair when you submit a form - containing the tag. The public key, along with an optional - challenge (supposedly provided for use in certificate revocation - but I don't use it) is signed, DER-encoded, base-64 encoded - and sent to the web server as the value of the variable - whose NAME is provided in the KEYGEN tag. The private key is - stored by the browser in a local key database. - - This "Signed Public Key And Challenge" (SPKAC) arrives formatted - into 64 character lines (which are of course URL-encoded when - sent via HTTP -- i.e. spaces, newlines and most punctuatation are - encoded as "%HH" where HH is the hex equivalent of the ASCII code). - Note that the SPKAC does not contain the other usual attributes - of a certificate request, especially the subject name fields. - These must be otherwise encoded in the form for submission along - with the SPKAC. - -- Either immediately (in response to this form submission), or at - some later date (a real CA will probably verify your identity in - some way before issuing the certificate), a web server can send a - certificate based on the public key and other attributes back to - the browser by encoding it in DER (the binary form) and sending it - to the browser as MIME type: - "Content-type: application/x-x509-user-cert" - - The browser uses the public key encoded in the certificate to - associate the certificate with the appropriate private key in - its local key database. Now, the certificate is "installed". - -- When a server wants to require authentication based on client - certificates, it uses the right signals via the SSL protocol to - trigger the Navigator to ask you which certificate you want to - send. Whether the certificate is accepted is dependent on CA - certificates and so forth installed in the server and is beyond - the scope of this document. - - -Now, here's how the SSLeay package can be used to provide client -certficates: - -- You prepare a file for input to the SSLeay ca application. - The file contains a number of "name = value" pairs that identify - the subject. The names here are the same subject name component - identifiers used in the CA section of the lib/ssleay.conf file, - such as "emailAddress", "commonName" "organizationName" and so - forth. Both the long version and the short version (e.g. "Email", - "CN", "O") can be used. - - One more name is supported: this one is "SPKAC". Its value - is simply the value of the base-64 encoded SPKAC sent by the - browser (with all the newlines and other space charaters - removed -- and newline escapes are NOT supported). - - [ As of SSLeay 0.6.4, multiple lines are supported. - Put a \ at the end of each line and it will be joined with the - previous line with the '\n' removed - eay ] - - Here's a sample input file: - -C = US -SP = Georgia -O = Some Organization, Inc. -OU = Netscape Compatibility Group -CN = John X. Doe -Email = jxdoe at someorg.com -SPKAC = MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwmk6FMJ4uAVIYbcvIOx5+bDGTfvL8X5gE+R67ccMk6rCSGbVQz2cetyQtnI+VIs0NwdD6wjuSuVtVFbLoHonowIDAQABFgAwDQYJKoZIhvcNAQEEBQADQQBFZDUWFl6BJdomtN1Bi53mwijy1rRgJ4YirF15yBEDM3DjAQkKXHYOIX+qpz4KXKnl6EYxTnGSFL5wWt8X2iyx - -- You execute the ca command (either from a CGI program run out of - the web server, or as a later manual task) giving it the above - file as input. For example, if the file were named /tmp/cert.req, - you'd run: - $SSLDIR/bin/ca -spkac /tmp/cert.req -out /tmp/cert - - The output is in DER format (binary) if a -out argument is - provided, as above; otherwise, it's in the PEM format (base-64 - encoded DER). Also, the "-batch" switch is implied by the - "-spkac" so you don't get asked whether to complete the signing - (probably it shouldn't work this way but I was only interested - in hacking together an online CA that could be used for issuing - test certificates). - - The "-spkac" capability doesn't support multiple files (I think). - - Any CHALLENGE provided in the SPKAC is simply ignored. - - The interactions between the identification fields you provide - and those identified in your lib/ssleay.conf are the same as if - you did an ordinary "ca -in infile -out outfile" -- that is, if - something is marked as required in the ssleay.conf file and it - isn't found in the -spkac file, the certificate won't be issued. - -- Now, you pick up the output from /tmp/cert and pass it back to - the Navigator prepending the Content-type string described earlier. - -- In order to run the ca command out of a CGI program, you must - provide a password to decrypt the CA's private key. You can - do this by using "echo MyKeyPassword | $SSLDIR/bin/ca ..." - I think there's a way to not encrypt the key file in the first - place, but I didn't see how to do that, so I made a small change - to the library that allows the password to be accepted from a pipe. - Either way is UTTERLY INSECURE and a real CA would never do that. - - [ You can use the 'ssleay rsa' command to remove the password - from the private key, or you can use the '-key' option to the - ca command to specify the decryption key on the command line - or use the -nodes option when generating the key. - ca will try to clear the command line version of the password - but for quite a few operating systems, this is not possible. - - eric ] - -So, what do you have to do to make use of this stuff to create an online -demo CA capability with SSLeay? - -1 Create an HTML form for your users. The form should contain - fields for all of the required or optional fields in ssleay.conf. - The form must contain a KEYGEN tag somewhere with at least a NAME - attribute. - -2 Create a CGI program to process the form input submitted by the - browser. The CGI program must URL-decode the variables and create - the file described above, containing subject identification info - as well as the SPKAC block. It should then run the the ca program - with the -spkac option. If it works (check the exit status), - return the new certificate with the appropriate MIME type. If not, - return the output of the ca command with MIME type "text/plain". - -3 Set up your web server to accept connections signed by your demo - CA. This probably involves obtaining the PEM-encoded CA certificate - (ordinarily in $SSLDIR/CA/cacert.pem) and installing it into a - server database. See your server manual for instructions. - - -==== obj.doc ======================================================== - -The Object library. - -As part of my Crypto library, I found I required a method of identifying various -objects. These objects normally had 3 different values associated with -them, a short text name, a long (or lower case) text name, and an -ASN.1 Object Identifier (which is a sequence of numbers). -This library contains a static list of objects and functions to lookup -according to one type and to return the other types. - -To use these routines, 'Object.h' needs to be included. - -For each supported object, #define entries are defined as follows -#define SN_Algorithm "Algorithm" -#define LN_algorithm "algorithm" -#define NID_algorithm 38 -#define OBJ_algorithm 1L,3L,14L,3L,2L - -SN_ stands for short name. -LN_ stands for either long name or lowercase name. -NID_ stands for Numeric ID. I each object has a unique NID and this - should be used internally to identify objects. -OBJ_ stands for ASN.1 Object Identifier or ASN1_OBJECT as defined in the - ASN1 routines. These values are used in ASN1 encoding. - -The following functions are to be used to return pointers into a static -definition of these types. What this means is "don't try to free() any -pointers returned from these functions. - -ASN1_OBJECT *OBJ_nid2obj( -int n); - Return the ASN1_OBJECT that corresponds to a NID of n. - -char *OBJ_nid2ln( -int n); - Return the long/lower case name of the object represented by the - NID of n. - -char *OBJ_nid2sn( -int n); - Return the short name for the object represented by the NID of n. - -ASN1_OBJECT *OBJ_dup( -ASN1_OBJECT *o); - Duplicate and return a new ASN1_OBJECT that is the same as the - passed parameter. - -int OBJ_obj2nid( -ASN1_OBJECT *o); - Given ASN1_OBJECT o, return the NID that corresponds. - -int OBJ_ln2nid( -char *s); - Given the long/lower case name 's', return the NID of the object. - -int OBJ_sn2nid( -char *s); - Given the short name 's', return the NID of the object. - -char *OBJ_bsearch( -char *key, -char *base, -int num, -int size, -int (*cmp)()); - Since I have come across a few platforms that do not have the - bsearch() function, OBJ_bsearch is my version of that function. - Feel free to use this function, but you may as well just use the - normal system bsearch(3) if it is present. This version also - has tolerance of being passed NULL pointers. - -==== keys =========================================================== - -EVP_PKEY_DSA -EVP_PKEY_DSA2 -EVP_PKEY_DSA3 -EVP_PKEY_DSA4 - -EVP_PKEY_RSA -EVP_PKEY_RSA2 - -valid DSA pkey types - NID_dsa - NID_dsaWithSHA - NID_dsaWithSHA1 - NID_dsaWithSHA1_2 - -valid RSA pkey types - NID_rsaEncryption - NID_rsa - -NID_dsaWithSHA NID_dsaWithSHA DSA SHA -NID_dsa NID_dsaWithSHA1 DSA SHA1 -NID_md2 NID_md2WithRSAEncryption RSA-pkcs1 MD2 -NID_md5 NID_md5WithRSAEncryption RSA-pkcs1 MD5 -NID_mdc2 NID_mdc2WithRSA RSA-none MDC2 -NID_ripemd160 NID_ripemd160WithRSA RSA-pkcs1 RIPEMD160 -NID_sha NID_shaWithRSAEncryption RSA-pkcs1 SHA -NID_sha1 NID_sha1WithRSAEncryption RSA-pkcs1 SHA1 - -==== rand.doc ======================================================== - -My Random number library. - -These routines can be used to generate pseudo random numbers and can be -used to 'seed' the pseudo random number generator (RNG). The RNG make no -effort to reproduce the same random number stream with each execution. -Various other routines in the SSLeay library 'seed' the RNG when suitable -'random' input data is available. Read the section at the end for details -on the design of the RNG. - -void RAND_bytes( -unsigned char *buf, -int num); - This routine puts 'num' random bytes into 'buf'. One should make - sure RAND_seed() has been called before using this routine. - -void RAND_seed( -unsigned char *buf, -int num); - This routine adds more 'seed' data the RNG state. 'num' bytes - are added to the RNG state, they are taken from 'buf'. This - routine can be called with sensitive data such as user entered - passwords. This sensitive data is in no way recoverable from - the RAND library routines or state. Try to pass as much data - from 'random' sources as possible into the RNG via this function. - Also strongly consider using the RAND_load_file() and - RAND_write_file() routines. - -void RAND_cleanup(); - When a program has finished with the RAND library, if it so - desires, it can 'zero' all RNG state. - -The following 3 routines are convenience routines that can be used to -'save' and 'restore' data from/to the RNG and it's state. -Since the more 'random' data that is feed as seed data the better, why not -keep it around between executions of the program? Of course the -application should pass more 'random' data in via RAND_seed() and -make sure no-one can read the 'random' data file. - -char *RAND_file_name( -char *buf, -int size); - This routine returns a 'default' name for the location of a 'rand' - file. The 'rand' file should keep a sequence of random bytes used - to initialise the RNG. The filename is put in 'buf'. Buf is 'size' - bytes long. Buf is returned if things go well, if they do not, - NULL is returned. The 'rand' file name is generated in the - following way. First, if there is a 'RANDFILE' environment - variable, it is returned. Second, if there is a 'HOME' environment - variable, $HOME/.rand is returned. Third, NULL is returned. NULL - is also returned if a buf would overflow. - -int RAND_load_file( -char *file, -long number); - This function 'adds' the 'file' into the RNG state. It does this by - doing a RAND_seed() on the value returned from a stat() system call - on the file and if 'number' is non-zero, upto 'number' bytes read - from the file. The number of bytes passed to RAND_seed() is returned. - -int RAND_write_file( -char *file), - RAND_write_file() writes N random bytes to the file 'file', where - N is the size of the internal RND state (currently 1k). - This is a suitable method of saving RNG state for reloading via - RAND_load_file(). - -What follows is a description of this RNG and a description of the rational -behind it's design. - -It should be noted that this RNG is intended to be used to generate -'random' keys for various ciphers including generation of DH and RSA keys. - -It should also be noted that I have just created a system that I am happy with. -It may be overkill but that does not worry me. I have not spent that much -time on this algorithm so if there are glaring errors, please let me know. -Speed has not been a consideration in the design of these routines. - -First up I will state the things I believe I need for a good RNG. -1) A good hashing algorithm to mix things up and to convert the RNG 'state' - to random numbers. -2) An initial source of random 'state'. -3) The state should be very large. If the RNG is being used to generate - 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum). - If your RNG state only has 128 bits, you are obviously limiting the - search space to 128 bits, not 2048. I'm probably getting a little - carried away on this last point but it does indicate that it may not be - a bad idea to keep quite a lot of RNG state. It should be easier to - break a cipher than guess the RNG seed data. -4) Any RNG seed data should influence all subsequent random numbers - generated. This implies that any random seed data entered will have - an influence on all subsequent random numbers generated. -5) When using data to seed the RNG state, the data used should not be - extractable from the RNG state. I believe this should be a - requirement because one possible source of 'secret' semi random - data would be a private key or a password. This data must - not be disclosed by either subsequent random numbers or a - 'core' dump left by a program crash. -6) Given the same initial 'state', 2 systems should deviate in their RNG state - (and hence the random numbers generated) over time if at all possible. -7) Given the random number output stream, it should not be possible to determine - the RNG state or the next random number. - - -The algorithm is as follows. - -There is global state made up of a 1023 byte buffer (the 'state'), a -working message digest ('md') and a counter ('count'). - -Whenever seed data is added, it is inserted into the 'state' as -follows. - The input is chopped up into units of 16 bytes (or less for - the last block). Each of these blocks is run through the MD5 - message digest. The data passed to the MD5 digest is the - current 'md', the same number of bytes from the 'state' - (the location determined by in incremented looping index) as - the current 'block' and the new key data 'block'. The result - of this is kept in 'md' and also xored into the 'state' at the - same locations that were used as input into the MD5. - I believe this system addresses points 1 (MD5), 3 (the 'state'), - 4 (via the 'md'), 5 (by the use of MD5 and xor). - -When bytes are extracted from the RNG, the following process is used. -For each group of 8 bytes (or less), we do the following, - Input into MD5, the top 8 bytes from 'md', the byte that are - to be overwritten by the random bytes and bytes from the - 'state' (incrementing looping index). From this digest output - (which is kept in 'md'), the top (upto) 8 bytes are - returned to the caller and the bottom (upto) 8 bytes are xored - into the 'state'. - Finally, after we have finished 'generation' random bytes for the - called, 'count' (which is incremented) and 'md' are fed into MD5 and - the results are kept in 'md'. - I believe the above addressed points 1 (use of MD5), 6 (by - hashing into the 'state' the 'old' data from the caller that - is about to be overwritten) and 7 (by not using the 8 bytes - given to the caller to update the 'state', but they are used - to update 'md'). - -So of the points raised, only 2 is not addressed, but sources of -random data will always be a problem. - - -==== rc2.doc ======================================================== - -The RC2 library. - -RC2 is a block cipher that operates on 64bit (8 byte) quantities. It -uses variable size key, but 128bit (16 byte) key would normally be considered -good. It can be used in all the modes that DES can be used. This -library implements the ecb, cbc, cfb64, ofb64 modes. - -I have implemented this library from an article posted to sci.crypt on -11-Feb-1996. I personally don't know how far to trust the RC2 cipher. -While it is capable of having a key of any size, not much reseach has -publically been done on it at this point in time (Apr-1996) -since the cipher has only been public for a few months :-) -It is of a similar speed to DES and IDEA, so unless it is required for -meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable -to stick to IDEA, or for the paranoid, Tripple DES. - -Mind you, having said all that, I should mention that I just read a lot and -implement ciphers, I'm a 'babe in the woods' when it comes to evaluating -ciphers :-). - -For all calls that have an 'input' and 'output' variables, they can be the -same. - -This library requires the inclusion of 'rc2.h'. - -All of the encryption functions take what is called an RC2_KEY as an -argument. An RC2_KEY is an expanded form of the RC2 key. -For all modes of the RC2 algorithm, the RC2_KEY used for -decryption is the same one that was used for encryption. - -The define RC2_ENCRYPT is passed to specify encryption for the functions -that require an encryption/decryption flag. RC2_DECRYPT is passed to -specify decryption. - -Please note that any of the encryption modes specified in my DES library -could be used with RC2. I have only implemented ecb, cbc, cfb64 and -ofb64 for the following reasons. -- ecb is the basic RC2 encryption. -- cbc is the normal 'chaining' form for block ciphers. -- cfb64 can be used to encrypt single characters, therefore input and output - do not need to be a multiple of 8. -- ofb64 is similar to cfb64 but is more like a stream cipher, not as - secure (not cipher feedback) but it does not have an encrypt/decrypt mode. -- If you want triple RC2, thats 384 bits of key and you must be totally - obsessed with security. Still, if you want it, it is simple enough to - copy the function from the DES library and change the des_encrypt to - RC2_encrypt; an exercise left for the paranoid reader :-). - -The functions are as follows: - -void RC2_set_key( -RC2_KEY *ks; -int len; -unsigned char *key; -int bits; - RC2_set_key converts an 'len' byte key into a RC2_KEY. - A 'ks' is an expanded form of the 'key' which is used to - perform actual encryption. It can be regenerated from the RC2 key - so it only needs to be kept when encryption or decryption is about - to occur. Don't save or pass around RC2_KEY's since they - are CPU architecture dependent, 'key's are not. RC2 is an - interesting cipher in that it can be used with a variable length - key. 'len' is the length of 'key' to be used as the key. - A 'len' of 16 is recomended. The 'bits' argument is an - interesting addition which I only found out about in Aug 96. - BSAFE uses this parameter to 'limit' the number of bits used - for the key. To use the 'key' unmodified, set bits to 1024. - This is what old versions of my RC2 library did (SSLeay 0.6.3). - RSAs BSAFE library sets this parameter to be 128 if 128 bit - keys are being used. So to be compatable with BSAFE, set it - to 128, if you don't want to reduce RC2's key length, leave it - at 1024. - -void RC2_encrypt( -unsigned long *data, -RC2_KEY *key, -int encrypt); - This is the RC2 encryption function that gets called by just about - every other RC2 routine in the library. You should not use this - function except to implement 'modes' of RC2. I say this because the - functions that call this routine do the conversion from 'char *' to - long, and this needs to be done to make sure 'non-aligned' memory - access do not occur. - Data is a pointer to 2 unsigned long's and key is the - RC2_KEY to use. Encryption or decryption is indicated by 'encrypt'. - which can have the values RC2_ENCRYPT or RC2_DECRYPT. - -void RC2_ecb_encrypt( -unsigned char *in, -unsigned char *out, -RC2_KEY *key, -int encrypt); - This is the basic Electronic Code Book form of RC2 (in DES this - mode is called Electronic Code Book so I'm going to use the term - for rc2 as well. - Input is encrypted into output using the key represented by - key. Depending on the encrypt, encryption or - decryption occurs. Input is 8 bytes long and output is 8 bytes. - -void RC2_cbc_encrypt( -unsigned char *in, -unsigned char *out, -long length, -RC2_KEY *ks, -unsigned char *ivec, -int encrypt); - This routine implements RC2 in Cipher Block Chaining mode. - Input, which should be a multiple of 8 bytes is encrypted - (or decrypted) to output which will also be a multiple of 8 bytes. - The number of bytes is in length (and from what I've said above, - should be a multiple of 8). If length is not a multiple of 8, bad - things will probably happen. ivec is the initialisation vector. - This function updates iv after each call so that it can be passed to - the next call to RC2_cbc_encrypt(). - -void RC2_cfb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -RC2_KEY *schedule, -unsigned char *ivec, -int *num, -int encrypt); - This is one of the more useful functions in this RC2 library, it - implements CFB mode of RC2 with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - 'Encrypt' is used to indicate encryption or decryption. - CFB64 mode operates by using the cipher to generate a stream - of bytes which is used to encrypt the plain text. - The cipher text is then encrypted to generate the next 64 bits to - be xored (incrementally) with the next 64 bits of plain - text. As can be seen from this, to encrypt or decrypt, - the same 'cipher stream' needs to be generated but the way the next - block of data is gathered for encryption is different for - encryption and decryption. - -void RC2_ofb64_encrypt( -unsigned char *in, -unsigned char *out, -long length, -RC2_KEY *schedule, -unsigned char *ivec, -int *num); - This functions implements OFB mode of RC2 with 64bit feedback. - This allows you to encrypt an arbitrary number of bytes, - you do not require 8 byte padding. Each call to this - routine will encrypt the input bytes to output and then update ivec - and num. Num contains 'how far' we are though ivec. - This is in effect a stream cipher, there is no encryption or - decryption mode. - -For reading passwords, I suggest using des_read_pw_string() from my DES library. -To generate a password from a text string, I suggest using MD5 (or MD2) to -produce a 16 byte message digest that can then be passed directly to -RC2_set_key(). - -===== -For more information about the specific RC2 modes in this library -(ecb, cbc, cfb and ofb), read the section entitled 'Modes of DES' from the -documentation on my DES library. What is said about DES is directly -applicable for RC2. - - -==== rc4.doc ======================================================== - -The RC4 library. -RC4 is a stream cipher that operates on a byte stream. It can be used with -any length key but I would recommend normally using 16 bytes. - -This library requires the inclusion of 'rc4.h'. - -The RC4 encryption function takes what is called an RC4_KEY as an argument. -The RC4_KEY is generated by the RC4_set_key function from the key bytes. - -RC4, being a stream cipher, does not have an encryption or decryption mode. -It produces a stream of bytes that the input stream is xor'ed against and -so decryption is just a case of 'encrypting' again with the same key. - -I have only put in one 'mode' for RC4 which is the normal one. This means -there is no initialisation vector and there is no feedback of the cipher -text into the cipher. This implies that you should not ever use the -same key twice if you can help it. If you do, you leave yourself open to -known plain text attacks; if you know the plain text and -corresponding cipher text in one message, all messages that used the same -key can have the cipher text decoded for the corresponding positions in the -cipher stream. - -The main positive feature of RC4 is that it is a very fast cipher; about 4 -times faster that DES. This makes it ideally suited to protocols where the -key is randomly chosen, like SSL. - -The functions are as follows: - -void RC4_set_key( -RC4_KEY *key; -int len; -unsigned char *data); - This function initialises the RC4_KEY structure with the key passed - in 'data', which is 'len' bytes long. The key data can be any - length but 16 bytes seems to be a good number. - -void RC4( -RC4_KEY *key; -unsigned long len; -unsigned char *in; -unsigned char *out); - Do the actual RC4 encryption/decryption. Using the 'key', 'len' - bytes are transformed from 'in' to 'out'. As mentioned above, - decryption is the operation as encryption. - -==== ref.doc ======================================================== - -I have lots more references etc, and will update this list in the future, -30 Aug 1996 - eay - - -SSL The SSL Protocol - from Netscapes. - -RC4 Newsgroups: sci.crypt - From: sterndark at netcom.com (David Sterndark) - Subject: RC4 Algorithm revealed. - Message-ID: - -RC2 Newsgroups: sci.crypt - From: pgut01 at cs.auckland.ac.nz (Peter Gutmann) - Subject: Specification for Ron Rivests Cipher No.2 - Message-ID: <4fk39f$f70 at net.auckland.ac.nz> - -MD2 RFC1319 The MD2 Message-Digest Algorithm -MD5 RFC1321 The MD5 Message-Digest Algorithm - -X509 Certificates - RFC1421 Privacy Enhancement for Internet Electronic Mail: Part I - RFC1422 Privacy Enhancement for Internet Electronic Mail: Part II - RFC1423 Privacy Enhancement for Internet Electronic Mail: Part III - RFC1424 Privacy Enhancement for Internet Electronic Mail: Part IV - -RSA and various standard encoding - PKCS#1 RSA Encryption Standard - PKCS#5 Password-Based Encryption Standard - PKCS#7 Cryptographic Message Syntax Standard - A Layman's Guide to a Subset of ASN.1, BER, and DER - An Overview of the PKCS Standards - Some Examples of the PKCS Standards - -IDEA Chapter 3 The Block Cipher IDEA - -RSA, prime number generation and bignum algorithms - Introduction To Algorithms, - Thomas Cormen, Charles Leiserson, Ronald Rivest, - Section 29 Arithmetic Circuits - Section 33 Number-Theoretic Algorithms - -Fast Private Key algorithm - Fast Decipherment Algorithm for RSA Public-Key Cryptosystem - J.-J. Quisquater and C. Couvreur, Electronics Letters, - 14th October 1982, Vol. 18 No. 21 - -Prime number generation and bignum algorithms. - PGP-2.3a - -==== rsa.doc ======================================================== - -The RSA encryption and utility routines. - -The RSA routines are built on top of a big number library (the BN library). -There are support routines in the X509 library for loading and manipulating -the various objects in the RSA library. When errors are returned, read -about the ERR library for how to access the error codes. - -All RSA encryption is done according to the PKCS-1 standard which is -compatible with PEM and RSAref. This means that any values being encrypted -must be less than the size of the modulus in bytes, minus 10, bytes long. - -This library uses RAND_bytes()() for it's random data, make sure to feed -RAND_seed() with lots of interesting and varied data before using these -routines. - -The RSA library has one specific data type, the RSA structure. -It is composed of 8 BIGNUM variables (see the BN library for details) and -can hold either a private RSA key or a public RSA key. -Some RSA libraries have different structures for public and private keys, I -don't. For my libraries, a public key is determined by the fact that the -RSA->d value is NULL. These routines will operate on any size RSA keys. -While I'm sure 4096 bit keys are very very secure, they take a lot longer -to process that 1024 bit keys :-). - -The function in the RSA library are as follows. - -RSA *RSA_new(); - This function creates a new RSA object. The sub-fields of the RSA - type are also malloced so you should always use this routine to - create RSA variables. - -void RSA_free( -RSA *rsa); - This function 'frees' an RSA structure. This routine should always - be used to free the RSA structure since it will also 'free' any - sub-fields of the RSA type that need freeing. - -int RSA_size( -RSA *rsa); - This function returns the size of the RSA modulus in bytes. Why do - I need this you may ask, well the reason is that when you encrypt - with RSA, the output string will be the size of the RSA modulus. - So the output for the RSA_encrypt and the input for the RSA_decrypt - routines need to be RSA_size() bytes long, because this is how many - bytes are expected. - -For the following 4 RSA encryption routines, it should be noted that -RSA_private_decrypt() should be used on the output from -RSA_public_encrypt() and RSA_public_decrypt() should be used on -the output from RSA_private_encrypt(). - -int RSA_public_encrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA public encryption, the rsa variable - should be a public key (but can be a private key). 'from_len' - bytes taken from 'from' and encrypted and put into 'to'. 'to' needs - to be at least RSA_size(rsa) bytes long. The number of bytes - written into 'to' is returned. -1 is returned on an error. The - operation performed is - to = from^rsa->e mod rsa->n. - -int RSA_private_encrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA private encryption, the rsa variable - should be a private key. 'from_len' bytes taken from - 'from' and encrypted and put into 'to'. 'to' needs - to be at least RSA_size(rsa) bytes long. The number of bytes - written into 'to' is returned. -1 is returned on an error. The - operation performed is - to = from^rsa->d mod rsa->n. - -int RSA_public_decrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA public decryption, the rsa variable - should be a public key (but can be a private key). 'from_len' - bytes are taken from 'from' and decrypted. The decrypted data is - put into 'to'. The number of bytes encrypted is returned. -1 is - returned to indicate an error. The operation performed is - to = from^rsa->e mod rsa->n. - -int RSA_private_decrypt( -int from_len; -unsigned char *from -unsigned char *to -RSA *rsa); - This function implements RSA private decryption, the rsa variable - should be a private key. 'from_len' bytes are taken - from 'from' and decrypted. The decrypted data is - put into 'to'. The number of bytes encrypted is returned. -1 is - returned to indicate an error. The operation performed is - to = from^rsa->d mod rsa->n. - -int RSA_mod_exp( -BIGNUM *n; -BIGNUM *p; -RSA *rsa); - Normally you will never use this routine. - This is really an internal function which is called by - RSA_private_encrypt() and RSA_private_decrypt(). It performs - n=n^p mod rsa->n except that it uses the 5 extra variables in the - RSA structure to make this more efficient. - -RSA *RSA_generate_key( -int bits; -unsigned long e; -void (*callback)(); -char *cb_arg; - This routine is used to generate RSA private keys. It takes - quite a period of time to run and should only be used to - generate initial private keys that should then be stored - for later use. The passed callback function - will be called periodically so that feedback can be given - as to how this function is progressing. - 'bits' is the length desired for the modulus, so it would be 1024 - to generate a 1024 bit private key. - 'e' is the value to use for the public exponent 'e'. Traditionally - it is set to either 3 or 0x10001. - The callback function (if not NULL) is called in the following - situations. - when we have generated a suspected prime number to test, - callback(0,num1++,cb_arg). When it passes a prime number test, - callback(1,num2++,cb_arg). When it is rejected as one of - the 2 primes required due to gcd(prime,e value) != 0, - callback(2,num3++,cb_arg). When finally accepted as one - of the 2 primes, callback(3,num4++,cb_arg). - - -==== rsaref.doc ======================================================== - -This package can be compiled to use the RSAref library. -This library is not allowed outside of the USA but inside the USA it is -claimed by RSA to be the only RSA public key library that can be used -besides BSAFE.. - -There are 2 files, rsaref/rsaref.c and rsaref/rsaref.h that contain the glue -code to use RSAref. These files were written by looking at the PGP -source code and seeing which routines it used to access RSAref. -I have also been sent by some-one a copy of the RSAref header file that -contains the library error codes. - -[ Jun 1996 update - I have recently gotten hold of RSAref 2.0 from - South Africa and have been doing some performace tests. ] - -They have now been tested against the recently announced RSAEURO -library. - -There are 2 ways to use SSLeay and RSAref. First, to build so that -the programs must be linked with RSAref, add '-DRSAref' to CFLAG in the top -level makefile and -lrsaref (or where ever you are keeping RSAref) to -EX_LIBS. - -To build a makefile via util/mk1mf.pl to do this, use the 'rsaref' option. - -The second method is to build as per normal and link applications with -the RSAglue library. The correct library order would be -cc -o cmd cmd.o -lssl -lRSAglue -lcrypto -lrsaref -ldes -The RSAglue library is built in the rsa directory and is NOT -automatically installed. - -Be warned that the RSAEURO library, that is claimed to be compatible -with RSAref contains a different value for the maximum number of bits -supported. This changes structure sizes and so if you are using -RSAEURO, change the value of RSAref_MAX_BITS in rsa/rsaref.h - - -==== s_mult.doc ======================================================== - -s_mult is a test program I hacked up on a Sunday for testing non-blocking -IO. It has a select loop at it's centre that handles multiple readers -and writers. - -Try the following command -ssleay s_mult -echo -nbio -ssl -v -echo - sends any sent text back to the sender -nbio - turns on non-blocking IO -ssl - accept SSL connections, default is normal text -v - print lots - type Q to quit - -In another window, run the following -ssleay s_client -pause new_session_cb is a function pointer to a function of type -int new_session_callback(SSL *ssl,SSL_SESSION *new); -This function, if set in the SSL_CTX structure is called whenever a new -SSL_SESSION is added to the cache. If the callback returns non-zero, it -means that the application will have to do a SSL_SESSION_free() -on the structure (this is -to do with the cache keeping the reference counts correct, without the -application needing to know about it. -The 'active' parameter is the current SSL session for which this connection -was created. - -void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,int (*cb)()); -to set the callback, -int (*cb)() SSL_CTX_sess_get_new_cb(SSL_CTX *ctx) -to get the callback. - -If the 'get session' callback is set, when a session id is looked up and -it is not in the session-id cache, this callback is called. The callback is -of the form -SSL_SESSION *get_session_callback(unsigned char *sess_id,int sess_id_len, - int *copy); - -The get_session_callback is intended to return null if no session id is found. -The reference count on the SSL_SESSION in incremented by the SSL library, -if copy is 1. Otherwise, the reference count is not modified. - -void SSL_CTX_sess_set_get_cb(ctx,cb) sets the callback and -int (*cb)()SSL_CTX_sess_get_get_cb(ctx) returns the callback. - -These callbacks are basically intended to be used by processes to -send their session-id's to other processes. I currently have not implemented -non-blocking semantics for these callbacks, it is upto the application -to make the callbacks efficient if they require blocking (perhaps -by 'saving' them and then 'posting them' when control returns from -the SSL_accept(). - -LHASH *SSL_CTX_sessions(SSL_CTX *ctx) -This returns the session cache. The lhash strucutre can be accessed for -statistics about the cache. - -void lh_stats(LHASH *lh, FILE *out); -void lh_node_stats(LHASH *lh, FILE *out); -void lh_node_usage_stats(LHASH *lh, FILE *out); - -can be used to print details about it's activity and current state. -You can also delve directly into the lhash structure for 14 different -counters that are kept against the structure. When I wrote the lhash library, -I was interested in gathering statistics :-). -Have a read of doc/lhash.doc in the SSLeay distribution area for more details -on the lhash library. - -Now as mentioned ealier, when a SSL is created, it needs a SSL_CTX. -SSL * SSL_new(SSL_CTX *); - -This stores a session. A session is secret information shared between 2 -SSL contexts. It will only be created if both ends of the connection have -authenticated their peer to their satisfaction. It basically contains -the information required to use a particular secret key cipher. - -To retrieve the SSL_CTX being used by a SSL, -SSL_CTX *SSL_get_SSL_CTX(SSL *s); - -Now when a SSL session is established between to programs, the 'session' -information that is cached in the SSL_CTX can me manipulated by the -following functions. -int SSL_set_session(SSL *s, SSL_SESSION *session); -This will set the SSL_SESSION to use for the next SSL_connect(). If you use -this function on an already 'open' established SSL connection, 'bad things -will happen'. This function is meaning-less when used on a ssl strucutre -that is just about to be used in a SSL_accept() call since the -SSL_accept() will either create a new session or retrieve one from the -cache. - -SSL_SESSION *SSL_get_session(SSL *s); -This will return the SSL_SESSION for the current SSL, NULL if there is -no session associated with the SSL structure. - -The SSL sessions are kept in the SSL_CTX in a hash table, to remove a -session -void SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); -and to add one -int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); -SSL_CTX_add_session() returns 1 if the session was already in the cache (so it -was not added). -Whenever a new session is created via SSL_connect()/SSL_accept(), -they are automatically added to the cache, depending on the session_cache_mode -settings. SSL_set_session() -does not add it to the cache. Just call SSL_CTX_add_session() if you do want the -session added. For a 'client' this would not normally be the case. -SSL_CTX_add_session() is not normally ever used, except for doing 'evil' things -which the next 2 funtions help you do. - -int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); -SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); -These 2 functions are in the standard ASN1 library form and can be used to -load and save to a byte format, the SSL_SESSION structure. -With these functions, you can save and read these structures to a files or -arbitary byte string. -The PEM_write_SSL_SESSION(fp,x) and PEM_read_SSL_SESSION(fp,x,cb) will -write to a file pointer in base64 encoding. - -What you can do with this, is pass session information between separate -processes. Please note, that you will probably also need to modify the -timeout information on the SSL_SESSIONs. - -long SSL_get_time(SSL_SESSION *s) -will return the 'time' that the session -was loaded. The timeout is relative to this time. This information is -saved when the SSL_SESSION is converted to binarary but it is stored -in as a unix long, which is rather OS dependant, but easy to convert back. - -long SSL_set_time(SSL_SESSION *s,long t) will set the above mentioned time. -The time value is just the value returned from time(3), and should really -be defined by be to be time_t. - -long SSL_get_timeout(SSL_SESSION *s); -long SSL_set_timeout(SSL_SESSION *s,long t); -These 2 retrieve and set the timeout which is just a number of secconds -from the 'SSL_get_time()' value. When this time period has elapesed, -the session will no longer be in the cache (well it will actually be removed -the next time it is attempted to be retrieved, so you could 'bump' -the timeout so it remains valid). -The 'time' and 'timeout' are set on a session when it is created, not reset -each time it is reused. If you did wish to 'bump it', just after establishing -a connection, do a -SSL_set_time(ssl,time(NULL)); - -You can also use -SSL_CTX_set_timeout(SSL_CTX *ctx,unsigned long t) and -SSL_CTX_get_timeout(SSL_CTX *ctx) to manipulate the default timeouts for -all SSL connections created against a SSL_CTX. If you set a timeout in -an SSL_CTX, all new SSL's created will inherit the timeout. It can be over -written by the SSL_set_timeout(SSL *s,unsigned long t) function call. -If you 'set' the timeout back to 0, the system default will be used. - -SSL_SESSION *SSL_SESSION_new(); -void SSL_SESSION_free(SSL_SESSION *ses); -These 2 functions are used to create and dispose of SSL_SESSION functions. -You should not ever normally need to use them unless you are using -i2d_SSL_SESSION() and/or d2i_SSL_SESSION(). If you 'load' a SSL_SESSION -via d2i_SSL_SESSION(), you will need to SSL_SESSION_free() it. -Both SSL_set_session() and SSL_CTX_add_session() will 'take copies' of the -structure (via reference counts) when it is passed to them. - -SSL_CTX_flush_sessions(ctx,time); -The first function will clear all sessions from the cache, which have expired -relative to 'time' (which could just be time(NULL)). - -SSL_CTX_flush_sessions(ctx,0); -This is a special case that clears everything. - -As a final comment, a 'session' is not enough to establish a new -connection. If a session has timed out, a certificate and private key -need to have been associated with the SSL structure. -SSL_copy_session_id(SSL *to,SSL *from); will copy not only the session -strucutre but also the private key and certificate associated with -'from'. - -EXAMPLES. - -So lets play at being a weird SSL server. - -/* setup a context */ -ctx=SSL_CTX_new(); - -/* Lets load some session from binary into the cache, why one would do - * this is not toally clear, but passing between programs does make sense - * Perhaps you are using 4096 bit keys and are happy to keep them - * valid for a week, to avoid the RSA overhead of 15 seconds, I'm not toally - * sure, perhaps this is a process called from an SSL inetd and this is being - * passed to the application. */ -session=d2i_SSL_SESSION(....) -SSL_CTX_add_session(ctx,session); - -/* Lets even add a session from a file */ -session=PEM_read_SSL_SESSION(....) -SSL_CTX_add_session(ctx,session); - -/* create a new SSL structure */ -ssl=SSL_new(ctx); - -/* At this point we want to be able to 'create' new session if - * required, so we need a certificate and RSAkey. */ -SSL_use_RSAPrivateKey_file(ssl,...) -SSL_use_certificate_file(ssl,...) - -/* Now since we are a server, it make little sence to load a session against - * the ssl strucutre since a SSL_accept() will either create a new session or - * grab an existing one from the cache. */ - -/* grab a socket descriptor */ -fd=accept(...); - -/* associated it with the ssl strucutre */ -SSL_set_fd(ssl,fd); - -SSL_accept(ssl); /* 'do' SSL using out cert and RSA key */ - -/* Lets print out the session details or lets save it to a file, - * perhaps with a secret key cipher, so that we can pass it to the FBI - * when they want to decode the session :-). While we have RSA - * this does not matter much but when I do SSLv3, this will allow a mechanism - * for the server/client to record the information needed to decode - * the traffic that went over the wire, even when using Diffie-Hellman */ -PEM_write_SSL_SESSION(SSL_get_session(ssl),stdout,....) - -Lets 'connect' back to the caller using the same session id. - -ssl2=SSL_new(ctx); -fd2=connect(them); -SSL_set_fd(ssl2,fd2); -SSL_set_session(ssl2,SSL_get_session(ssl)); -SSL_connect(ssl2); - -/* what the hell, lets accept no more connections using this session */ -SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl),SSL_get_session(ssl)); - -/* we could have just as easily used ssl2 since they both are using the - * same session. - * You will note that both ssl and ssl2 are still using the session, and - * the SSL_SESSION structure will be free()ed when both ssl and ssl2 - * finish using the session. Also note that you could continue to initiate - * connections using this session by doing SSL_get_session(ssl) to get the - * existing session, but SSL_accept() will not be able to find it to - * use for incoming connections. - * Of corse, the session will timeout at the far end and it will no - * longer be accepted after a while. The time and timeout are ignored except - * by SSL_accept(). */ - -/* Since we have had our server running for 10 weeks, and memory is getting - * short, perhaps we should clear the session cache to remove those - * 100000 session entries that have expired. Some may consider this - * a memory leak :-) */ - -SSL_CTX_flush_sessions(ctx,time(NULL)); - -/* Ok, after a bit more time we wish to flush all sessions from the cache - * so that all new connections will be authenticated and incure the - * public key operation overhead */ - -SSL_CTX_flush_sessions(ctx,0); - -/* As a final note, to copy everything to do with a SSL, use */ -SSL_copy_session_id(SSL *to,SSL *from); -/* as this also copies the certificate and RSA key so new session can - * be established using the same details */ - - -==== sha.doc ======================================================== - -The SHA (Secure Hash Algorithm) library. -SHA is a message digest algorithm that can be used to condense an arbitrary -length message down to a 20 byte hash. The functions all need to be passed -a SHA_CTX which is used to hold the SHA context during multiple SHA_Update() -function calls. The normal method of use for this library is as follows -This library contains both SHA and SHA-1 digest algorithms. SHA-1 is -an update to SHA (which should really be called SHA-0 now) which -tweaks the algorithm slightly. The SHA-1 algorithm is used by simply -using SHA1_Init(), SHA1_Update(), SHA1_Final() and SHA1() instead of the -SHA*() calls - -SHA_Init(...); -SHA_Update(...); -... -SHA_Update(...); -SHA_Final(...); - -This library requires the inclusion of 'sha.h'. - -The functions are as follows: - -void SHA_Init( -SHA_CTX *c); - This function needs to be called to initiate a SHA_CTX structure for - use. - -void SHA_Update( -SHA_CTX *c; -unsigned char *data; -unsigned long len); - This updates the message digest context being generated with 'len' - bytes from the 'data' pointer. The number of bytes can be any - length. - -void SHA_Final( -unsigned char *md; -SHA_CTX *c; - This function is called when a message digest of the data digested - with SHA_Update() is wanted. The message digest is put in the 'md' - array and is SHA_DIGEST_LENGTH (20) bytes long. - -unsigned char *SHA( -unsigned char *d; -unsigned long n; -unsigned char *md; - This function performs a SHA_Init(), followed by a SHA_Update() - followed by a SHA_Final() (using a local SHA_CTX). - The resulting digest is put into 'md' if it is not NULL. - Regardless of the value of 'md', the message - digest is returned from the function. If 'md' was NULL, the message - digest returned is being stored in a static structure. - - -==== speed.doc ======================================================== - -To get an idea of the performance of this library, use -ssleay speed - -perl util/sp-diff.pl file1 file2 - -will print out the relative differences between the 2 files which are -expected to be the output from the speed program. - -The performace of the library is very dependant on the Compiler -quality and various flags used to build. - ---- - -These are some numbers I did comparing RSAref and SSLeay on a Pentium 100. -[ These numbers are all out of date, as of SSL - 0.6.1 the RSA -operations are about 2 times faster, so check the version number ] - -RSA performance. - -SSLeay 0.6.0 -Pentium 100, 32meg, Windows NT Workstation 3.51 -linux - gcc v 2.7.0 -O3 -fomit-frame-pointer -m486 -and -Windows NT - Windows NT 3.51 - Visual C++ 4.1 - 586 code + 32bit assember -Windows 3.1 - Windows NT 3.51 - Visual C++ 1.52c - 286 code + 32bit assember -NT Dos Shell- Windows NT 3.51 - Visual C++ 1.52c - 286 code + 16bit assember - -Times are how long it takes to do an RSA private key operation. - - 512bits 1024bits -------------------------------- -SSLeay NT dll 0.042s 0.202s see above -SSLeay linux 0.046s 0.218s Assember inner loops (normal build) -SSLeay linux 0.067s 0.380s Pure C code with BN_LLONG defined -SSLeay W3.1 dll 0.108s 0.478s see above -SSLeay linux 0.109s 0.713s C without BN_LLONG. -RSAref2.0 linux 0.149s 0.936s -SSLeay MS-DOS 0.197s 1.049s see above - -486DX66, 32meg, Windows NT Server 3.51 - 512bits 1024bits -------------------------------- -SSLeay NT dll 0.084s 0.495s <- SSLeay 0.6.3 -SSLeay NT dll 0.154s 0.882s -SSLeay W3.1 dll 0.335s 1.538s -SSLeay MS-DOS 0.490s 2.790s - -What I find cute is that I'm still faster than RSAref when using standard C, -without using the 'long long' data type :-), %35 faster for 512bit and we -scale up to 3.2 times faster for the 'default linux' build. I should mention -that people should 'try' to use either x86-lnx.s (elf), x86-lnxa.s or -x86-sol.s for any x86 based unix they are building on. The only problems -with be with syntax but the performance gain is quite large, especially for -servers. The code is very simple, you just need to modify the 'header'. - -The message is, if you are stuck using RSAref, the RSA performance will be -bad. Considering the code was compiled for a pentium, the 486DX66 number -would indicate 'Use RSAref and turn you Pentium 100 into a 486DX66' :-). -[ As of verson 0.6.1, it would be correct to say 'turn you pentium 100 - into a 486DX33' :-) ] - -I won't tell people if the DLL's are using RSAref or my stuff if no-one -asks :-). - -eric - -PS while I know I could speed things up further, I will probably not do - so due to the effort involved. I did do some timings on the - SSLeay bignum format -> RSAref number format conversion that occurs - each time RSAref is used by SSLeay, and the numbers are trivial. - 0.00012s a call for 512bit vs 0.149s for the time spent in the function. - 0.00018s for 1024bit vs 0.938s. Insignificant. - So the 'way to go', to support faster RSA libraries, if people are keen, - is to write 'glue' code in a similar way that I do for RSAref and send it - to me :-). - My base library still has the advantage of being able to operate on - any size numbers, and is not that far from the performance from the - leaders in the field. (-%30?) - [ Well as of 0.6.1 I am now the leader in the filed on x86 (we at - least very close :-) ] - - I suppose I should also mention some other numbers RSAref numbers, again - on my Pentium. - DES CBC EDE-DES MD5 - RSAref linux 830k/s 302k/s 4390k/s - SSLeay linux 855k/s 319k/s 10025k/s - SSLeay NT 1158k/s 410k/s 10470k/s - SSLeay w31 378k/s 143k/s 2383k/s (fully 16bit) - - Got to admit that Visual C++ 4.[01] is a damn fine compiler :-) --- -Eric Young | BOOL is tri-state according to Bill Gates. -AARNet: eay at cryptsoft.com | RTFM Win32 GetMessage(). - - - - -==== ssl-ciph.doc ======================================================== - -This is a quick high level summery of how things work now. - -Each SSLv2 and SSLv3 cipher is composed of 4 major attributes plus a few extra -minor ones. - -They are 'The key exchange algorithm', which is RSA for SSLv2 but can also -be Diffle-Hellman for SSLv3. - -An 'Authenticion algorithm', which can be RSA, Diffle-Helman, DSS or -none. - -The cipher - -The MAC digest. - -A cipher can also be an export cipher and is either an SSLv2 or a -SSLv3 ciphers. - -To specify which ciphers to use, one can either specify all the ciphers, -one at a time, or use 'aliases' to specify the preference and order for -the ciphers. - -There are a large number of aliases, but the most importaint are -kRSA, kDHr, kDHd and kDHE for key exchange types. - -aRSA, aDSS, aNULL and aDH for authentication -DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers -MD5, SHA0 and SHA1 digests - -Now where this becomes interesting is that these can be put together to -specify the order and ciphers you wish to use. - -To speed this up there are also aliases for certian groups of ciphers. -The main ones are -SSLv2 - all SSLv2 ciphers -SSLv3 - all SSLv3 ciphers -EXP - all export ciphers -LOW - all low strngth ciphers (no export ciphers, normally single DES) -MEDIUM - 128 bit encryption -HIGH - Triple DES - -These aliases can be joined in a : separated list which specifies to -add ciphers, move them to the current location and delete them. - -A simpler way to look at all of this is to use the 'ssleay ciphers -v' command. -The default library cipher spec is -!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP -which means, first, remove from consideration any ciphers that do not -authenticate. Next up, use ciphers using RC4 and RSA. Next include the HIGH, -MEDIUM and the LOW security ciphers. Finish up by adding all the export -ciphers on the end, then 'pull' all the SSLv2 and export ciphers to -the end of the list. - -The results are -$ ssleay ciphers -v '!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP' - -RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 -RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 -DHE-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1 -DHE-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1 -DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 -IDEA-CBC-MD5 SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1 -DHE-RSA-DES-CBC-SHA SSLv3 Kx=DH Au=RSA Enc=DES(56) Mac=SHA1 -DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH Au=DSS Enc=DES(56) Mac=SHA1 -DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 -DES-CBC3-MD5 SSLv2 Kx=RSA Au=RSA Enc=3DES(168) Mac=MD5 -DES-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=DES(56) Mac=MD5 -IDEA-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=IDEA(128) Mac=MD5 -RC2-CBC-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC2(128) Mac=MD5 -RC4-MD5 SSLv2 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 -EXP-DHE-RSA-DES-CBC SSLv3 Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export -EXP-DHE-DSS-DES-CBC-SHA SSLv3 Kx=DH(512) Au=DSS Enc=DES(40) Mac=SHA1 export -EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export -EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export -EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export -EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export -EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export - -I would recoment people use the 'ssleay ciphers -v "text"' -command to check what they are going to use. - -Anyway, I'm falling asleep here so I'll do some more tomorrow. - -eric - -==== ssl.doc ======================================================== - -SSL_CTX_sessions(SSL_CTX *ctx) - the session-id hash table. - -/* Session-id cache stats */ -SSL_CTX_sess_number -SSL_CTX_sess_connect -SSL_CTX_sess_connect_good -SSL_CTX_sess_accept -SSL_CTX_sess_accept_good -SSL_CTX_sess_hits -SSL_CTX_sess_cb_hits -SSL_CTX_sess_misses -SSL_CTX_sess_timeouts - -/* Session-id application notification callbacks */ -SSL_CTX_sess_set_new_cb -SSL_CTX_sess_get_new_cb -SSL_CTX_sess_set_get_cb -SSL_CTX_sess_get_get_cb - -/* Session-id cache operation mode */ -SSL_CTX_set_session_cache_mode -SSL_CTX_get_session_cache_mode - -/* Set default timeout values to use. */ -SSL_CTX_set_timeout -SSL_CTX_get_timeout - -/* Global SSL initalisation informational callback */ -SSL_CTX_set_info_callback -SSL_CTX_get_info_callback -SSL_set_info_callback -SSL_get_info_callback - -/* If the SSL_accept/SSL_connect returned with -1, these indicate when - * we should re-call *. -SSL_want -SSL_want_nothing -SSL_want_read -SSL_want_write -SSL_want_x509_lookup - -/* Where we are in SSL initalisation, used in non-blocking, perhaps - * have a look at ssl/bio_ssl.c */ -SSL_state -SSL_is_init_finished -SSL_in_init -SSL_in_connect_init -SSL_in_accept_init - -/* Used to set the 'inital' state so SSL_in_connect_init and SSL_in_accept_init - * can be used to work out which function to call. */ -SSL_set_connect_state -SSL_set_accept_state - -/* Where to look for certificates for authentication */ -SSL_set_default_verify_paths /* calles SSL_load_verify_locations */ -SSL_load_verify_locations - -/* get info from an established connection */ -SSL_get_session -SSL_get_certificate -SSL_get_SSL_CTX - -SSL_CTX_new -SSL_CTX_free -SSL_new -SSL_clear -SSL_free - -SSL_CTX_set_cipher_list -SSL_get_cipher -SSL_set_cipher_list -SSL_get_cipher_list -SSL_get_shared_ciphers - -SSL_accept -SSL_connect -SSL_read -SSL_write - -SSL_debug - -SSL_get_read_ahead -SSL_set_read_ahead -SSL_set_verify - -SSL_pending - -SSL_set_fd -SSL_set_rfd -SSL_set_wfd -SSL_set_bio -SSL_get_fd -SSL_get_rbio -SSL_get_wbio - -SSL_use_RSAPrivateKey -SSL_use_RSAPrivateKey_ASN1 -SSL_use_RSAPrivateKey_file -SSL_use_PrivateKey -SSL_use_PrivateKey_ASN1 -SSL_use_PrivateKey_file -SSL_use_certificate -SSL_use_certificate_ASN1 -SSL_use_certificate_file - -ERR_load_SSL_strings -SSL_load_error_strings - -/* human readable version of the 'state' of the SSL connection. */ -SSL_state_string -SSL_state_string_long -/* These 2 report what kind of IO operation the library was trying to - * perform last. Probably not very usefull. */ -SSL_rstate_string -SSL_rstate_string_long - -SSL_get_peer_certificate - -SSL_SESSION_new -SSL_SESSION_print_fp -SSL_SESSION_print -SSL_SESSION_free -i2d_SSL_SESSION -d2i_SSL_SESSION - -SSL_get_time -SSL_set_time -SSL_get_timeout -SSL_set_timeout -SSL_copy_session_id -SSL_set_session -SSL_CTX_add_session -SSL_CTX_remove_session -SSL_CTX_flush_sessions - -BIO_f_ssl - -/* used to hold information as to why a certificate verification failed */ -SSL_set_verify_result -SSL_get_verify_result - -/* can be used by the application to associate data with an SSL structure. - * It needs to be 'free()ed' by the application */ -SSL_set_app_data -SSL_get_app_data - -/* The following all set values that are kept in the SSL_CTX but - * are used as the default values when an SSL session is created. - * They are over writen by the relevent SSL_xxxx functions */ - -/* SSL_set_verify */ -void SSL_CTX_set_default_verify - -/* This callback, if set, totaly overrides the normal SSLeay verification - * functions and should return 1 on success and 0 on failure */ -void SSL_CTX_set_cert_verify_callback - -/* The following are the same as the equivilent SSL_xxx functions. - * Only one copy of this information is kept and if a particular - * SSL structure has a local override, it is totally separate structure. - */ -int SSL_CTX_use_RSAPrivateKey -int SSL_CTX_use_RSAPrivateKey_ASN1 -int SSL_CTX_use_RSAPrivateKey_file -int SSL_CTX_use_PrivateKey -int SSL_CTX_use_PrivateKey_ASN1 -int SSL_CTX_use_PrivateKey_file -int SSL_CTX_use_certificate -int SSL_CTX_use_certificate_ASN1 -int SSL_CTX_use_certificate_file - - -==== ssl_ctx.doc ======================================================== - -This is now a bit dated, quite a few of the SSL_ functions could be -SSL_CTX_ functions. I will update this in the future. 30 Aug 1996 - -From eay at orb.mincom.oz.au Mon Dec 11 21:37:08 1995 -Received: by orb.mincom.oz.au id AA00696 - (5.65c/IDA-1.4.4 for eay); Mon, 11 Dec 1995 11:37:08 +1000 -Date: Mon, 11 Dec 1995 11:37:08 +1000 (EST) -From: Eric Young -X-Sender: eay at orb -To: sameer -Cc: Eric Young -Subject: Re: PEM_readX509 oesn't seem to be working -In-Reply-To: <199512110102.RAA12521 at infinity.c2.org> -Message-Id: -Mime-Version: 1.0 -Content-Type: TEXT/PLAIN; charset=US-ASCII -Status: RO -X-Status: - -On Sun, 10 Dec 1995, sameer wrote: -> OK, that's solved. I've found out that it is saying "no -> certificate set" in SSL_accept because s->conn == NULL -> so there is some place I need to initialize s->conn that I am -> not initializing it. - -The full order of things for a server should be. - -ctx=SSL_CTX_new(); - -/* The next line should not really be using ctx->cert but I'll leave it - * this way right now... I don't want a X509_ routine to know about an SSL - * structure, there should be an SSL_load_verify_locations... hmm, I may - * add it tonight. - */ -X509_load_verify_locations(ctx->cert,CAfile,CApath); - -/* Ok now for each new connection we do the following */ -con=SSL_new(ctx); -SSL_set_fd(con,s); -SSL_set_verify(con,verify,verify_callback); - -/* set the certificate and private key to use. */ -SSL_use_certificate_ASN1(con,X509_certificate); -SSL_use_RSAPrivateKey_ASN1(con,RSA_private_key); - -SSL_accept(con); - -SSL_read(con)/SSL_write(con); - -There is a bit more than that but that is basically the structure. - -Create a context and specify where to lookup certificates. - -foreach connection - { - create a SSL structure - set the certificate and private key - do a SSL_accept - - we should now be ok - } - -eric --- -Eric Young | Signature removed since it was generating -AARNet: eay at mincom.oz.au | more followups than the message contents :-) - - - -==== ssleay.doc ======================================================== - -SSLeay: a cryptographic kitchen sink. - -1st December 1995 -Way back at the start of April 1995, I was looking for a mindless -programming project. A friend of mine (Tim Hudson) said "why don't you do SSL, -it has DES encryption in it and I would not mind using it in a SSL telnet". -While it was true I had written a DES library in previous years, litle -did I know what an expansive task SSL would turn into. - -First of all, the SSL protocol contains DES encryption. Well and good. My -DES library was fast and portable. It also contained the RSA's RC4 stream -cipher. Again, not a problem, some-one had just posted to sci.crypt -something that was claimed to be RC4. It also contained IDEA, I had the -specifications, not a problem to implement. MD5, an RFC, trivial, at most -I could spend a week or so trying to see if I could speed up the -implementation. All in all a nice set of ciphers. -Then the first 'expantion of the scope', RSA public key -encryption. Since I did not knowing a thing about public key encryption -or number theory, this appeared quite a daunting task. Just writing a -big number library would be problomatic in itself, let alone making it fast. -At this point the scope of 'implementing SSL' expands eponentialy. -First of all, the RSA private keys were being kept in ASN.1 format. -Thankfully the RSA PKCS series of documents explains this format. So I now -needed to be able to encode and decode arbitary ASN.1 objects. The Public -keys were embeded in X509 certificates. Hmm... these are not only -ASN.1 objects but they make up a heirachy of authentication. To -authenticate a X509 certificate one needs to retrieve it's issuers -certificate etc etc. Hmm..., so I also need to implement some kind -of certificate management software. I would also have to implement -software to authenticate certificates. At this point the support code made -the SSL part of my library look quite small. -Around this time, the first version of SSLeay was released. - -Ah, but here was the problem, I was not happy with the code so far. As may -have become obvious, I had been treating all of this as a learning -exersize, so I have completely written the library myself. As such, due -to the way it had grown like a fungus, much of the library was not -'elagent' or neat. There were global and static variables all over the -place, the SSL part did not even handle non-blocking IO. -The Great rewrite began. - -As of this point in time, the 'Great rewrite' has almost finished. So what -follows is an approximate list of what is actually SSLeay 0.5.0 - -/********* This needs to be updated for 0.6.0+ *************/ - ---- -The library contains the following routines. Please note that most of these -functions are not specfic for SSL or any other particular cipher -implementation. I have tried to make all the routines as general purpose -as possible. So you should not think of this library as an SSL -implemtation, but rather as a library of cryptographic functions -that also contains SSL. I refer to each of these function groupings as -libraries since they are often capable of functioning as independent -libraries - -First up, the general ciphers and message digests supported by the library. - -MD2 rfc???, a standard 'by parts' interface to this algorithm. -MD5 rfc???, the same type of interface as for the MD2 library except a - different algorithm. -SHA THe Secure Hash Algorithm. Again the same type of interface as - MD2/MD5 except the digest is 20 bytes. -SHA1 The 'revised' version of SHA. Just about identical to SHA except - for one tweak of an inner loop. -DES This is my libdes library that has been floating around for the last - few years. It has been enhanced for no other reason than completeness. - It now supports ecb, cbc, cfb, ofb, cfb64, ofb64 in normal mode and - triple DES modes of ecb, cbc, cfb64 and ofb64. cfb64 and ofb64 are - functional interfaces to the 64 bit modes of cfb and ofb used in - such a way thay they function as single character interfaces. -RC4 The RSA Inc. stream cipher. -RC2 The RSA Inc. block cipher. -IDEA An implmentation of the IDEA cipher, the library supports ecb, cbc, - cfb64 and ofb64 modes of operation. - -Now all the above mentioned ciphers and digests libraries support high -speed, minimal 'crap in the way' type interfaces. For fastest and -lowest level access, these routines should be used directly. - -Now there was also the matter of public key crypto systems. These are -based on large integer arithmatic. - -BN This is my large integer library. It supports all the normal - arithmentic operations. It uses malloc extensivly and as such has - no limits of the size of the numbers being manipulated. If you - wish to use 4000 bit RSA moduli, these routines will handle it. - This library also contains routines to 'generate' prime numbers and - to test for primality. The RSA and DH libraries sit on top of this - library. As of this point in time, I don't support SHA, but - when I do add it, it will just sit on top of the routines contained - in this library. -RSA This implements the RSA public key algorithm. It also contains - routines that will generate a new private/public key pair. - All the RSA functions conform to the PKCS#1 standard. -DH This is an implementation of the - Diffie-Hellman protocol. There are all the require routines for - the protocol, plus extra routines that can be used to generate a - strong prime for use with a specified generator. While this last - routine is not generally required by applications implementing DH, - It is present for completeness and because I thing it is much - better to be able to 'generate' your own 'magic' numbers as oposed - to using numbers suplied by others. I conform to the PKCS#3 - standard where required. - -You may have noticed the preceding section mentions the 'generation' of -prime numbers. Now this requries the use of 'random numbers'. - -RAND This psuedo-random number library is based on MD5 at it's core - and a large internal state (2k bytes). Once you have entered enough - seed data into this random number algorithm I don't feel - you will ever need to worry about it generating predictable output. - Due to the way I am writing a portable library, I have left the - issue of how to get good initial random seed data upto the - application but I do have support routines for saving and loading a - persistant random number state for use between program runs. - -Now to make all these ciphers easier to use, a higher level -interface was required. In this form, the same function would be used to -encrypt 'by parts', via any one of the above mentioned ciphers. - -EVP The Digital EnVeloPe library is quite large. At it's core are - function to perform encryption and decryption by parts while using - an initial parameter to specify which of the 17 different ciphers - or 4 different message digests to use. On top of these are implmented - the digital signature functions, sign, verify, seal and open. - Base64 encoding of binary data is also done in this library. - -PEM rfc???? describe the format for Privacy Enhanced eMail. - As part of this standard, methods of encoding digital enveloped - data is an ascii format are defined. As such, I use a form of these - to encode enveloped data. While at this point in time full support - for PEM has not been built into the library, a minimal subset of - the secret key and Base64 encoding is present. These reoutines are - mostly used to Ascii encode binary data with a 'type' associated - with it and perhaps details of private key encryption used to - encrypt the data. - -PKCS7 This is another Digital Envelope encoding standard which uses ASN.1 - to encode the data. At this point in time, while there are some - routines to encode and decode this binary format, full support is - not present. - -As Mentioned, above, there are several different ways to encode -data structures. - -ASN1 This library is more a set of primatives used to encode the packing - and unpacking of data structures. It is used by the X509 - certificate standard and by the PKCS standards which are used by - this library. It also contains routines for duplicating and signing - the structures asocisated with X509. - -X509 The X509 library contains routines for packing and unpacking, - verifying and just about every thing else you would want to do with - X509 certificates. - -PKCS7 PKCS-7 is a standard for encoding digital envelope data - structures. At this point in time the routines will load and save - DER forms of these structees. They need to be re-worked to support - the BER form which is the normal way PKCS-7 is encoded. If the - previous 2 sentances don't make much sense, don't worry, this - library is not used by this version of SSLeay anyway. - -OBJ ASN.1 uses 'object identifiers' to identify objects. A set of - functions were requred to translate from ASN.1 to an intenger, to a - character string. This library provieds these translations - -Now I mentioned an X509 library. X509 specified a hieachy of certificates -which needs to be traversed to authenticate particular certificates. - -METH This library is used to push 'methods' of retrieving certificates - into the library. There are some supplied 'methods' with SSLeay - but applications can add new methods if they so desire. - This library has not been finished and is not being used in this - version. - -Now all the above are required for use in the initial point of this project. - -SSL The SSL protocol. This is a full implmentation of SSL v 2. It - support both server and client authentication. SSL v 3 support - will be added when the SSL v 3 specification is released in it's - final form. - -Now quite a few of the above mentioned libraries rely on a few 'complex' -data structures. For each of these I have a library. - -Lhash This is a hash table library which is used extensivly. - -STACK An implemetation of a Stack data structure. - -BUF A simple character array structure that also support a function to - check that the array is greater that a certain size, if it is not, - it is realloced so that is it. - -TXT_DB A simple memory based text file data base. The application can specify - unique indexes that will be enforced at update time. - -CONF Most of the programs written for this library require a configuration - file. Instead of letting programs constantly re-implment this - subsystem, the CONF library provides a consistant and flexable - interface to not only configuration files but also environment - variables. - -But what about when something goes wrong? -The one advantage (and perhaps disadvantage) of all of these -functions being in one library was the ability to implement a -single error reporting system. - -ERR This library is used to report errors. The error system records - library number, function number (in the library) and reason - number. Multiple errors can be reported so that an 'error' trace - is created. The errors can be printed in numeric or textual form. - - -==== ssluse.doc ======================================================== - -We have an SSL_CTX which contains global information for lots of -SSL connections. The session-id cache and the certificate verificate cache. -It also contains default values for use when certificates are used. - -SSL_CTX - default cipher list - session-id cache - certificate cache - default session-id timeout period - New session-id callback - Required session-id callback - session-id stats - Informational callback - Callback that is set, overrides the SSLeay X509 certificate - verification - The default Certificate/Private Key pair - Default read ahead mode. - Default verify mode and verify callback. These are not used - if the over ride callback mentioned above is used. - -Each SSL can have the following defined for it before a connection is made. - -Certificate -Private key -Ciphers to use -Certificate verify mode and callback -IO object to use in the comunication. -Some 'read-ahead' mode information. -A previous session-id to re-use. - -A connection is made by using SSL_connect or SSL_accept. -When non-blocking IO is being used, there are functions that can be used -to determin where and why the SSL_connect or SSL_accept did not complete. -This information can be used to recall the functions when the 'error' -condition has dissapeared. - -After the connection has been made, information can be retrived about the -SSL session and the session-id values that have been decided upon. -The 'peer' certificate can be retrieved. - -The session-id values include -'start time' -'timeout length' - - - -==== stack.doc ======================================================== - -The stack data structure is used to store an ordered list of objects. -It is basically misnamed to call it a stack but it can function that way -and that is what I originally used it for. Due to the way element -pointers are kept in a malloc()ed array, the most efficient way to use this -structure is to add and delete elements from the end via sk_pop() and -sk_push(). If you wish to do 'lookups' sk_find() is quite efficient since -it will sort the stack (if required) and then do a binary search to lookup -the requested item. This sorting occurs automatically so just sk_push() -elements on the stack and don't worry about the order. Do remember that if -you do a sk_find(), the order of the elements will change. - -You should never need to 'touch' this structure directly. -typedef struct stack_st - { - unsigned int num; - char **data; - int sorted; - - unsigned int num_alloc; - int (*comp)(); - } STACK; - -'num' holds the number of elements in the stack, 'data' is the array of -elements. 'sorted' is 1 is the list has been sorted, 0 if not. - -num_alloc is the number of 'nodes' allocated in 'data'. When num becomes -larger than num_alloc, data is realloced to a larger size. -If 'comp' is set, it is a function that is used to compare 2 of the items -in the stack. The function should return -1, 0 or 1, depending on the -ordering. - -#define sk_num(sk) ((sk)->num) -#define sk_value(sk,n) ((sk)->data[n]) - -These 2 macros should be used to access the number of elements in the -'stack' and to access a pointer to one of the values. - -STACK *sk_new(int (*c)()); - This creates a new stack. If 'c', the comparison function, is not -specified, the various functions that operate on a sorted 'stack' will not -work (sk_find()). NULL is returned on failure. - -void sk_free(STACK *); - This function free()'s a stack structure. The elements in the -stack will not be freed so one should 'pop' and free all elements from the -stack before calling this function or call sk_pop_free() instead. - -void sk_pop_free(STACK *st; void (*func)()); - This function calls 'func' for each element on the stack, passing -the element as the argument. sk_free() is then called to free the 'stack' -structure. - -int sk_insert(STACK *sk,char *data,int where); - This function inserts 'data' into stack 'sk' at location 'where'. -If 'where' is larger that the number of elements in the stack, the element -is put at the end. This function tends to be used by other 'stack' -functions. Returns 0 on failure, otherwise the number of elements in the -new stack. - -char *sk_delete(STACK *st,int loc); - Remove the item a location 'loc' from the stack and returns it. -Returns NULL if the 'loc' is out of range. - -char *sk_delete_ptr(STACK *st, char *p); - If the data item pointed to by 'p' is in the stack, it is deleted -from the stack and returned. NULL is returned if the element is not in the -stack. - -int sk_find(STACK *st,char *data); - Returns the location that contains a value that is equal to -the 'data' item. If the comparison function was not set, this function -does a linear search. This function actually qsort()s the stack if it is not -in order and then uses bsearch() to do the initial search. If the -search fails,, -1 is returned. For mutliple items with the same -value, the index of the first in the array is returned. - -int sk_push(STACK *st,char *data); - Append 'data' to the stack. 0 is returned if there is a failure -(due to a malloc failure), else 1. This is -sk_insert(st,data,sk_num(st)); - -int sk_unshift(STACK *st,char *data); - Prepend 'data' to the front (location 0) of the stack. This is -sk_insert(st,data,0); - -char *sk_shift(STACK *st); - Return and delete from the stack the first element in the stack. -This is sk_delete(st,0); - -char *sk_pop(STACK *st); - Return and delete the last element on the stack. This is -sk_delete(st,sk_num(sk)-1); - -void sk_zero(STACK *st); - Removes all items from the stack. It does not 'free' -pointers but is a quick way to clear a 'stack of references'. - -==== threads.doc ======================================================== - -How to compile SSLeay for multi-threading. - -Well basically it is quite simple, set the compiler flags and build. -I have only really done much testing under Solaris and Windows NT. -If you library supports localtime_r() and gmtime_r() add, --DTHREADS to the makefile parameters. You can probably survive with out -this define unless you are going to have multiple threads generating -certificates at once. It will not affect the SSL side of things. - -The approach I have taken to doing locking is to make the application provide -callbacks to perform locking and so that the SSLeay library can distinguish -between threads (for the error state). - -To have a look at an example program, 'cd mt; vi mttest.c'. -To build under solaris, sh solaris.sh, for Windows NT or Windows 95, -win32.bat - -This will build mttest which will fire up 10 threads that talk SSL -to each other 10 times. -To enable everything to work, the application needs to call - -CRYPTO_set_id_callback(id_function); -CRYPTO_set_locking_callback(locking_function); - -before any multithreading is started. -id_function does not need to be defined under Windows NT or 95, the -correct function will be called if it is not. Under unix, getpid() -is call if the id_callback is not defined, for Solaris this is wrong -(since threads id's are not pid's) but under Linux it is correct -(threads are just processes sharing the data segement). - -The locking_callback is used to perform locking by the SSLeay library. -eg. - -void solaris_locking_callback(mode,type,file,line) -int mode; -int type; -char *file; -int line; - { - if (mode & CRYPTO_LOCK) - mutex_lock(&(lock_cs[type])); - else - mutex_unlock(&(lock_cs[type])); - } - -Now in this case I have used mutexes instead of read/write locks, since they -are faster and there are not many read locks in SSLeay, you may as well -always use write locks. file and line are __FILE__ and __LINE__ from -the compile and can be usefull when debugging. - -Now as you can see, 'type' can be one of a range of values, these values are -defined in crypto/crypto.h -CRYPTO_get_lock_name(type) will return a text version of what the lock is. -There are CRYPTO_NUM_LOCKS locks required, so under solaris, the setup -for multi-threading can be - -static mutex_t lock_cs[CRYPTO_NUM_LOCKS]; - -void thread_setup() - { - int i; - - for (i=0; i => string to prompt with -# _default => default value for people -# _value => Automatically use this value for this field. -# _min => minimum number of characters for data (def. 0) -# _max => maximum number of characters for data (def. inf.) -# All of these entries are optional except for the first one. -[ req_dn ] -countryName = Country Name (2 letter code) -countryName_default = AU - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = Queensland - -localityName = Locality Name (eg, city) - -organizationName = Organization Name (eg, company) -organizationName_default = Mincom Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -organizationalUnitName_default = MTR - -commonName = Common Name (eg, YOUR name) -commonName_max = 64 - -emailAddress = Email Address -emailAddress_max = 40 - -# The next section is the attributes section. This is exactly the -# same as for the previous section except that the resulting objects are -# put in the attributes field. -[ req_attr ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - ----- -Also note that the order that attributes appear in this file is the -order they will be put into the distinguished name. - -Once this request has been generated, it can be sent to a CA for -certifying. - ----- -A few quick examples.... - -To generate a new request and a new key -req -new - -To generate a new request and a 1058 bit key -req -newkey 1058 - -To generate a new request using a pre-existing key -req -new -key key.pem - -To generate a self signed x509 certificate from a certificate -request using a supplied key, and we want to see the text form of the -output certificate (which we will put in the file selfSign.pem -req -x509 -in req.pem -key key.pem -text -out selfSign.pem - -Verify that the signature is correct on a certificate request. -req -verify -in req.pem - -Verify that the signature was made using a specified public key. -req -verify -in req.pem -key key.pem - -Print the contents of a certificate request -req -text -in req.pem - -==== danger ======================================================== - -If you specify a SSLv2 cipher, and the mode is SSLv23 and the server -can talk SSLv3, it will claim there is no cipher since you should be -using SSLv3. - -When tracing debug stuff, remember BIO_s_socket() is different to -BIO_s_connect(). - -BSD/OS assember is not working - From rsalz at openssl.org Thu Jan 22 17:44:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 22 Jan 2015 18:44:12 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122174412.D3A771DF121@butler.localdomain> The branch master has been updated via 9c46f4b9cd4912b61cb546c48b678488d7f26ed6 (commit) from 39a24e8889be8b7a63afdb6f999e4314e2b94671 (commit) - Log ----------------------------------------------------------------- commit 9c46f4b9cd4912b61cb546c48b678488d7f26ed6 Author: Rich Salz Date: Thu Jan 22 12:43:26 2015 -0500 Remove obsolete uncomiled dsagen semi-test Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/dsa/dsagen.c | 115 --------------------------------------------------- 1 file changed, 115 deletions(-) delete mode 100644 crypto/dsa/dsagen.c diff --git a/crypto/dsa/dsagen.c b/crypto/dsa/dsagen.c deleted file mode 100644 index e7d346b..0000000 --- a/crypto/dsa/dsagen.c +++ /dev/null @@ -1,115 +0,0 @@ -/* crypto/dsa/dsagen.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include - -#define TEST -#define GENUINE_DSA - -#ifdef GENUINE_DSA -# define LAST_VALUE 0xbd -#else -# define LAST_VALUE 0xd3 -#endif - -#ifdef TEST -unsigned char seed[20] = { - 0xd5, 0x01, 0x4e, 0x4b, - 0x60, 0xef, 0x2b, 0xa8, - 0xb6, 0x21, 0x1b, 0x40, - 0x62, 0xba, 0x32, 0x24, - 0xe0, 0x42, 0x7d, LAST_VALUE -}; -#endif - -int cb(int p, int n) -{ - char c = '*'; - - if (p == 0) - c = '.'; - if (p == 1) - c = '+'; - if (p == 2) - c = '*'; - if (p == 3) - c = '\n'; - printf("%c", c); - fflush(stdout); -} - -main() -{ - int i; - BIGNUM *n; - BN_CTX *ctx; - unsigned char seed_buf[20]; - DSA *dsa; - int counter, h; - BIO *bio_err = NULL; - - if (bio_err == NULL) - bio_err = BIO_new_fp(stderr, BIO_NOCLOSE); - - memcpy(seed_buf, seed, 20); - dsa = DSA_generate_parameters(1024, seed, 20, &counter, &h, cb, bio_err); - - if (dsa == NULL) - DSA_print(bio_err, dsa, 0); -} From rsalz at openssl.org Thu Jan 22 17:58:07 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 22 Jan 2015 18:58:07 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150122175807.E54131DF121@butler.localdomain> The branch master has been updated via 27c7609cf8e72dfa2956bc00f166301ee983581a (commit) from 9c46f4b9cd4912b61cb546c48b678488d7f26ed6 (commit) - Log ----------------------------------------------------------------- commit 27c7609cf8e72dfa2956bc00f166301ee983581a Author: Rich Salz Date: Thu Jan 22 12:57:29 2015 -0500 ifdef cleanup, 2 remove OPENSSL_NO_SETVBUF_IONBF Use setbuf(fp, NULL) instead of setvbuf(). This removes some ifdef complexity because all of our platforms support setbuf. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 1 + apps/apps.c | 18 +++--------------- apps/enc.c | 8 ++------ crypto/rand/randfile.c | 4 +--- makevms.com | 8 -------- 5 files changed, 7 insertions(+), 32 deletions(-) diff --git a/CHANGES b/CHANGES index 946d2a0..2cecbf6 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,7 @@ *) Start cleaning up OPENSSL_NO_xxx #define's OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF [Rich Salz] *) Experimental support for a new, fast, unbiased prime candidate generator, diff --git a/apps/apps.c b/apps/apps.c index b6549d5..ccd2182 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -852,11 +852,7 @@ X509 *load_cert(BIO *err, const char *file, int format, } if (file == NULL) { -#ifdef _IONBF -# ifndef OPENSSL_NO_SETVBUF_IONBF - setvbuf(stdin, NULL, _IONBF, 0); -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ -#endif + setbuf(stdin, NULL); /* don't do buffered reads */ BIO_set_fp(cert, stdin, BIO_NOCLOSE); } else { if (BIO_read_filename(cert, file) <= 0) { @@ -980,11 +976,7 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin, goto end; } if (file == NULL && maybe_stdin) { -#ifdef _IONBF -# ifndef OPENSSL_NO_SETVBUF_IONBF - setvbuf(stdin, NULL, _IONBF, 0); -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ -#endif + setbuf(stdin, NULL); /* don't do buffered reads */ BIO_set_fp(key, stdin, BIO_NOCLOSE); } else if (BIO_read_filename(key, file) <= 0) { BIO_printf(err, "Error opening %s %s\n", key_descrip, file); @@ -1058,11 +1050,7 @@ EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin, goto end; } if (file == NULL && maybe_stdin) { -#ifdef _IONBF -# ifndef OPENSSL_NO_SETVBUF_IONBF - setvbuf(stdin, NULL, _IONBF, 0); -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ -#endif + setbuf(stdin, NULL); /* don't do buffered reads */ BIO_set_fp(key, stdin, BIO_NOCLOSE); } else if (BIO_read_filename(key, file) <= 0) { BIO_printf(err, "Error opening %s %s\n", key_descrip, file); diff --git a/apps/enc.c b/apps/enc.c index 8334f39..3bf4a6e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -396,10 +396,8 @@ int MAIN(int argc, char **argv) } if (inf == NULL) { -#ifndef OPENSSL_NO_SETVBUF_IONBF if (bufsize != NULL) - setvbuf(stdin, (char *)NULL, _IONBF, 0); -#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + setbuf(stdin, NULL); BIO_set_fp(in, stdin, BIO_NOCLOSE); } else { if (BIO_read_filename(in, inf) <= 0) { @@ -442,10 +440,8 @@ int MAIN(int argc, char **argv) if (outf == NULL) { BIO_set_fp(out, stdout, BIO_NOCLOSE); -#ifndef OPENSSL_NO_SETVBUF_IONBF if (bufsize != NULL) - setvbuf(stdout, (char *)NULL, _IONBF, 0); -#endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + setbuf(stdin, NULL); /* don't do buffered reads */ #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index bec7058..b234be0 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -160,9 +160,7 @@ int RAND_load_file(const char *file, long bytes) * because we will waste system entropy. */ bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */ -# ifndef OPENSSL_NO_SETVBUF_IONBF - setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */ -# endif /* ndef OPENSSL_NO_SETVBUF_IONBF */ + setbuf(stdin, NULL); /* don't do buffered reads */ } #endif for (;;) { diff --git a/makevms.com b/makevms.com index 37e1e3c..82aa4ce 100755 --- a/makevms.com +++ b/makevms.com @@ -493,14 +493,6 @@ $ GOTO CONFIG_LOG_LOOP2 $ CONFIG_LOG_LOOP2_END: $! $ WRITE H_FILE "" -$ WRITE H_FILE "/* 2011-02-23 SMS." -$ WRITE H_FILE " * On VMS (V8.3), setvbuf() doesn't support a 64-bit" -$ WRITE H_FILE " * ""in"" pointer, and the help says:" -$ WRITE H_FILE " * Please note that the previously documented" -$ WRITE H_FILE " * value _IONBF is not supported." -$ WRITE H_FILE " * So, skip it on VMS." -$ WRITE H_FILE " */" -$ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF" $ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 " $ WRITE H_FILE " * enable on newer systems / 2012-02-24 arpadffy */" $ WRITE H_FILE "#define OPENSSL_NO_SCTP" From steve at openssl.org Fri Jan 23 00:14:09 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 23 Jan 2015 01:14:09 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150123001409.2FAD21DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 6fa805f516f5a6ff3872f1d1014a3dc9de460b99 (commit) from 06aab26874279547da6e2c877ad84c849fcb8ac0 (commit) - Log ----------------------------------------------------------------- commit 6fa805f516f5a6ff3872f1d1014a3dc9de460b99 Author: Dr. Stephen Henson Date: Thu Jan 22 19:43:27 2015 +0000 FIPS build fixes. PR#3673 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_curve.c | 8 ++++---- crypto/ec/ec_cvt.c | 6 +++--- ssl/t1_lib.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 023bd0e..6dbe9d8 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -69,16 +69,16 @@ * */ -#ifdef OPENSSL_FIPS -# include -#endif - #include #include "ec_lcl.h" #include #include #include +#ifdef OPENSSL_FIPS +# include +#endif + typedef struct { int field_type, /* either NID_X9_62_prime_field or * NID_X9_62_characteristic_two_field */ diff --git a/crypto/ec/ec_cvt.c b/crypto/ec/ec_cvt.c index 73cc123..5a832ba 100644 --- a/crypto/ec/ec_cvt.c +++ b/crypto/ec/ec_cvt.c @@ -69,13 +69,13 @@ * */ +#include +#include "ec_lcl.h" + #ifdef OPENSSL_FIPS # include #endif -#include -#include "ec_lcl.h" - EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 72be01d..90ef867 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -470,7 +470,7 @@ static int tls1_get_curvelist(SSL *s, int sess, # ifdef OPENSSL_FIPS if (FIPS_mode()) { *pcurves = fips_curves_default; - *pcurveslen = sizeof(fips_curves_default); + pcurveslen = sizeof(fips_curves_default); } else # endif { From appro at openssl.org Fri Jan 23 14:40:06 2015 From: appro at openssl.org (Andy Polyakov) Date: Fri, 23 Jan 2015 15:40:06 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150123144007.2CA1A1DF121@butler.localdomain> The branch master has been updated via 9b05cbc33e7895ed033b1119e300782d9e0cf23c (commit) from 27c7609cf8e72dfa2956bc00f166301ee983581a (commit) - Log ----------------------------------------------------------------- commit 9b05cbc33e7895ed033b1119e300782d9e0cf23c Author: Andy Polyakov Date: Mon Jan 5 11:25:10 2015 +0100 Add assembly support to ios64-cross. Fix typos in ios64-cross config line. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- TABLE | 12 +-- crypto/Makefile | 1 + crypto/aes/asm/aesv8-armx.pl | 14 +++- crypto/{arm64cpuid.S => arm64cpuid.pl} | 34 ++++++-- crypto/armcap.c | 6 +- crypto/modes/asm/ghashv8-armx.pl | 10 ++- crypto/perlasm/arm-xlate.pl | 140 ++++++++++++++++++++++++++++++++ crypto/sha/asm/sha1-armv8.pl | 11 ++- crypto/sha/asm/sha512-armv8.pl | 20 +++-- 10 files changed, 224 insertions(+), 26 deletions(-) rename crypto/{arm64cpuid.S => arm64cpuid.pl} (59%) mode change 100644 => 100755 create mode 100755 crypto/perlasm/arm-xlate.pl diff --git a/Configure b/Configure index 57e66e3..8d9abe7 100755 --- a/Configure +++ b/Configure @@ -599,7 +599,7 @@ my %table=( # CROSS_SDK=iPhoneOS7.0.sdk # "iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", diff --git a/TABLE b/TABLE index 8e04733..d5b5261 100644 --- a/TABLE +++ b/TABLE @@ -3509,24 +3509,24 @@ $unistd = $thread_cflag = -D_REENTRANT $sys_id = iOS $lflags = -Wl,-search_paths_first% -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR -$cpuid_obj = +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o $bn_obj = $ec_obj = $des_obj = -$aes_obj = +$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o $bf_obj = $md5_obj = -$sha1_obj = +$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = -$modes_obj = +$modes_obj = ghashv8-armx.o $engines_obj = -$perlasm_scheme = void +$perlasm_scheme = ios64 $dso_scheme = dlfcn $shared_target= darwin-shared $shared_cflag = -fPIC -fno-common diff --git a/crypto/Makefile b/crypto/Makefile index 1078240..6e1c129 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -86,6 +86,7 @@ alphacpuid.s: alphacpuid.pl (preproc=$$$$.$@.S; trap "rm $$preproc" INT; \ $(PERL) alphacpuid.pl > $$preproc && \ $(CC) -E -P $$preproc > $@ && rm $$preproc) +arm64cpuid.S: arm64cpuid.pl; $(PERL) arm64cpuid.pl $(PERLASM_SCHEME) > $@ subdirs: @target=all; $(RECURSIVE_MAKE) diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index 1e93f86..0675409 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -28,7 +28,15 @@ # Cortex-A57 3.64 1.34 1.32 $flavour = shift; -open STDOUT,">".shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $prefix="aes_v8"; @@ -56,7 +64,7 @@ my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)= $code.=<<___; .align 5 -rcon: +.Lrcon: .long 0x01,0x01,0x01,0x01 .long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat .long 0x1b,0x1b,0x1b,0x1b @@ -85,7 +93,7 @@ $code.=<<___; tst $bits,#0x3f b.ne .Lenc_key_abort - adr $ptr,rcon + adr $ptr,.Lrcon cmp $bits,#192 veor $zero,$zero,$zero diff --git a/crypto/arm64cpuid.S b/crypto/arm64cpuid.pl old mode 100644 new mode 100755 similarity index 59% rename from crypto/arm64cpuid.S rename to crypto/arm64cpuid.pl index 4778ac1..bfec664 --- a/crypto/arm64cpuid.S +++ b/crypto/arm64cpuid.pl @@ -1,46 +1,68 @@ +#!/usr/bin/env perl + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$code.=<<___; #include "arm_arch.h" .text .arch armv8-a+crypto .align 5 -.global _armv7_neon_probe +.globl _armv7_neon_probe .type _armv7_neon_probe,%function _armv7_neon_probe: orr v15.16b, v15.16b, v15.16b ret .size _armv7_neon_probe,.-_armv7_neon_probe -.global _armv7_tick +.globl _armv7_tick .type _armv7_tick,%function _armv7_tick: +#ifdef __APPLE__ + mrs x0, CNTPCT_EL0 +#else mrs x0, CNTVCT_EL0 +#endif ret .size _armv7_tick,.-_armv7_tick -.global _armv8_aes_probe +.globl _armv8_aes_probe .type _armv8_aes_probe,%function _armv8_aes_probe: aese v0.16b, v0.16b ret .size _armv8_aes_probe,.-_armv8_aes_probe -.global _armv8_sha1_probe +.globl _armv8_sha1_probe .type _armv8_sha1_probe,%function _armv8_sha1_probe: sha1h s0, s0 ret .size _armv8_sha1_probe,.-_armv8_sha1_probe -.global _armv8_sha256_probe +.globl _armv8_sha256_probe .type _armv8_sha256_probe,%function _armv8_sha256_probe: sha256su0 v0.4s, v0.4s ret .size _armv8_sha256_probe,.-_armv8_sha256_probe -.global _armv8_pmull_probe +.globl _armv8_pmull_probe .type _armv8_pmull_probe,%function _armv8_pmull_probe: pmull v0.1q, v0.1d, v0.1d ret .size _armv8_pmull_probe,.-_armv8_pmull_probe +___ + +print $code; +close STDOUT; diff --git a/crypto/armcap.c b/crypto/armcap.c index 356fa15..3dbe574 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -46,12 +46,14 @@ unsigned long OPENSSL_rdtsc(void) return 0; } +# if defined(__GNUC__) && __GNUC__>=2 +void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); +# endif /* * Use a weak reference to getauxval() so we can use it if it is available but * don't break the build if it is not. */ -# if defined(__GNUC__) && __GNUC__>=2 -void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); +# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) extern unsigned long getauxval(unsigned long type) __attribute__ ((weak)); # else static unsigned long (*getauxval) (unsigned long) = NULL; diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl index 54a1ac4..7bbe2fc 100644 --- a/crypto/modes/asm/ghashv8-armx.pl +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -26,7 +26,15 @@ # (*) presented for reference/comparison purposes; $flavour = shift; -open STDOUT,">".shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; $Xi="x0"; # argument block $Htbl="x1"; diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl new file mode 100755 index 0000000..fd185e9 --- /dev/null +++ b/crypto/perlasm/arm-xlate.pl @@ -0,0 +1,140 @@ +#!/usr/bin/env perl + +# ARM assembler distiller by . + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +$flavour = "linux32" if (!$flavour or $flavour eq "void"); + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $arch = sub { + if ($flavour =~ /linux/) { ".arch\t".join(',', at _); } + else { ""; } +}; +my $globl = sub { + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + SWITCH: for ($flavour) { + /ios/ && do { $name = "_$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $global = $globl; +my $extern = sub { + &$globl(@_); + return; # return nothing +}; +my $type = sub { + if ($flavour =~ /linux/) { ".type\t".join(',', at _); } + else { ""; } +}; +my $size = sub { + if ($flavour =~ /linux/) { ".size\t".join(',', at _); } + else { ""; } +}; +my $inst = sub { + if ($flavour =~ /linux/) { ".inst\t".join(',', at _); } + else { ".long\t".join(',', at _); } +}; +my $asciz = sub { + my $line = join(",", at _); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +sub range { + my ($r,$sfx,$start,$end) = @_; + + join(",",map("$r$_$sfx",($start..$end))); +} + +sub parse_args { + my $line = shift; + my @ret = (); + + pos($line)=0; + + while (1) { + if ($line =~ m/\G\[/gc) { + $line =~ m/\G([^\]]+\][^,]*)\s*/g; + push @ret,"[$1"; + } + elsif ($line =~ m/\G\{/gc) { + $line =~ m/\G([^\}]+\}[^,]*)\s*/g; + my $arg = $1; + $arg =~ s/([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/ge; + push @ret,"{$arg"; + } + elsif ($line =~ m/\G([^,]+)\s*/g) { + push @ret,$1; + } + + last if ($line =~ m/\G$/gc); + + $line =~ m/\G,\s*/g; + } + + map {my $s=$_;$s=~s/\b(\w+)/$GLOBALS{$1} or $1/ge;$s} @ret; +} + +while($line=<>) { + + $line =~ s|/\*.*\*/||; # get rid of C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|[\b\.]L(\w+)|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w+)|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + if ($label) { + printf "%s:",($GLOBALS{$label} or $label); + } + } + + if ($line !~ m/^#/o) { + $line =~ s|^\s*(\.?)(\S+)\s*||o; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $opcode; + if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/o) { + $opcode = eval("\$$1_$2"); + } else { + $opcode = eval("\$$mnemonic"); + } + + my @args=parse_args($line); + + if (ref($opcode) eq 'CODE') { + $line = &$opcode(@args); + } elsif ($mnemonic) { + $line = $c.$mnemonic; + $line.= "\t".join(',', at args) if ($#args>=0); + } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl index deb1238..6be8624 100644 --- a/crypto/sha/asm/sha1-armv8.pl +++ b/crypto/sha/asm/sha1-armv8.pl @@ -20,7 +20,15 @@ # (*) Software results are presented mostly for reference purposes. $flavour = shift; -open STDOUT,">".shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; ($ctx,$inp,$num)=("x0","x1","x2"); @Xw=map("w$_",(3..17,19)); @@ -154,6 +162,7 @@ $code.=<<___; .text +.extern OPENSSL_armcap_P .globl sha1_block_data_order .type sha1_block_data_order,%function .align 6 diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl index bd7a0a5..45eb719 100644 --- a/crypto/sha/asm/sha512-armv8.pl +++ b/crypto/sha/asm/sha512-armv8.pl @@ -29,7 +29,14 @@ $flavour=shift; $output=shift; -open STDOUT,">$output"; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; if ($output =~ /512/) { $BITS=512; @@ -153,6 +160,7 @@ $code.=<<___; .text +.extern OPENSSL_armcap_P .globl $func .type $func,%function .align 6 @@ -182,7 +190,7 @@ $code.=<<___; ldp $E,$F,[$ctx,#4*$SZ] add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input ldp $G,$H,[$ctx,#6*$SZ] - adr $Ktbl,K$BITS + adr $Ktbl,.LK$BITS stp $ctx,$num,[x29,#96] .Loop: @@ -232,8 +240,8 @@ $code.=<<___; .size $func,.-$func .align 6 -.type K$BITS,%object -K$BITS: +.type .LK$BITS,%object +.LK$BITS: ___ $code.=<<___ if ($SZ==8); .quad 0x428a2f98d728ae22,0x7137449123ef65cd @@ -298,7 +306,7 @@ $code.=<<___ if ($SZ==4); .long 0 //terminator ___ $code.=<<___; -.size K$BITS,.-K$BITS +.size .LK$BITS,.-.LK$BITS .align 3 .LOPENSSL_armcap_P: .quad OPENSSL_armcap_P-. @@ -323,7 +331,7 @@ sha256_block_armv8: add x29,sp,#0 ld1.32 {$ABCD,$EFGH},[$ctx] - adr $Ktbl,K256 + adr $Ktbl,.LK256 .Loop_hw: ld1 {@MSG[0]- at MSG[3]},[$inp],#64 From rsalz at openssl.org Fri Jan 23 16:59:53 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 23 Jan 2015 17:59:53 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150123165953.6BE051DF121@butler.localdomain> The branch master has been updated via 68b00c237298b2e7e382686ffd583847d57bbc0b (commit) from 9b05cbc33e7895ed033b1119e300782d9e0cf23c (commit) - Log ----------------------------------------------------------------- commit 68b00c237298b2e7e382686ffd583847d57bbc0b Author: Rich Salz Date: Fri Jan 23 11:58:26 2015 -0500 ifdef cleanup part 3: OPENSSL_SYSNAME Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx Remove MS_STATIC; it's a relic from platforms <32 bits. Reviewed-by: Andy Polyakov Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 ++ Configure | 28 +++++++++++++------------- TABLE | 24 +++++++++++------------ apps/apps.c | 4 ++-- apps/apps.h | 2 +- apps/ca.c | 2 +- apps/openssl.c | 4 ++-- apps/req.c | 2 +- apps/s_server.c | 2 +- apps/s_time.c | 2 +- crypto/bio/bio_cb.c | 2 +- crypto/des/asm/des_enc.m4 | 48 ++++++++++++++++++++++----------------------- crypto/o_str.c | 2 +- crypto/objects/obj_dat.c | 2 +- crypto/pkcs7/bio_pk7.c | 2 +- crypto/rand/md_rand.c | 4 ++-- crypto/rand/randfile.c | 2 +- crypto/ui/ui_openssl.c | 2 +- e_os.h | 10 ---------- e_os2.h | 47 ++++++++++++++++---------------------------- ssl/ssltest.c | 4 ++-- util/pl/BC-32.pl | 2 +- util/pl/VC-32.pl | 2 +- util/pl/netware.pl | 2 +- 24 files changed, 91 insertions(+), 112 deletions(-) diff --git a/CHANGES b/CHANGES index 2cecbf6..9ebbe61 100644 --- a/CHANGES +++ b/CHANGES @@ -44,6 +44,8 @@ OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + Remove MS_STATIC; it's a relic from platforms <32 bits. [Rich Salz] *) Experimental support for a new, fast, unbiased prime candidate generator, diff --git a/Configure b/Configure index 8d9abe7..c726478 100755 --- a/Configure +++ b/Configure @@ -212,8 +212,8 @@ my %table=( "cc", "cc:-O::(unknown)::::::", ####VOS Configurations -"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", -"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", +"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:", #### Solaris x86 with GNU C setups # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it @@ -519,15 +519,15 @@ my %table=( # Visual C targets # # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 -"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", +"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", +"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", # Unified CE target -"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", +"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", # Borland C++ 4.5 @@ -558,13 +558,13 @@ my %table=( # netware-clib => legacy CLib c-runtime support "netware-clib", "mwccnlm::::::${x86_gcc_opts}::", "netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", # netware-libc => LibC/NKS support "netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", @@ -1482,8 +1482,8 @@ if ($target =~ /^BSD\-/) if ($sys_id ne "") { - #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags"; - $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n"; + #$cflags="-DOPENSSL_SYS_$sys_id $cflags"; + $openssl_sys_defines="#define OPENSSL_SYS_$sys_id\n"; } if ($ranlib eq "") diff --git a/TABLE b/TABLE index d5b5261..886fa62 100644 --- a/TABLE +++ b/TABLE @@ -682,7 +682,7 @@ $multilib = *** VC-WIN32 $cc = cl -$cflags = -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN32 @@ -716,7 +716,7 @@ $multilib = *** VC-WIN64A $cc = cl -$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64A @@ -750,7 +750,7 @@ $multilib = *** VC-WIN64I $cc = cl -$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64I @@ -1430,7 +1430,7 @@ $multilib = *** debug-VC-WIN32 $cc = cl -$cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN32 @@ -1464,7 +1464,7 @@ $multilib = *** debug-VC-WIN64A $cc = cl -$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64A @@ -1498,7 +1498,7 @@ $multilib = *** debug-VC-WIN64I $cc = cl -$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$cflags = -W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE $unistd = $thread_cflag = $sys_id = WIN64I @@ -2858,7 +2858,7 @@ $multilib = *** debug-vos-gcc $cc = gcc -$cflags = -O0 -g -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG +$cflags = -O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG $unistd = $thread_cflag = (unknown) $sys_id = VOS @@ -4898,7 +4898,7 @@ $multilib = *** netware-clib-bsdsock-gcc $cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall +$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -4932,7 +4932,7 @@ $multilib = *** netware-clib-gcc $cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall +$cflags = -nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -5034,7 +5034,7 @@ $multilib = *** netware-libc-bsdsock-gcc $cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall +$cflags = -nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -5068,7 +5068,7 @@ $multilib = *** netware-libc-gcc $cc = i586-netware-gcc -$cflags = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall +$cflags = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -6088,7 +6088,7 @@ $multilib = *** vos-gcc $cc = gcc -$cflags = -O3 -Wall -DOPENSSL_SYSNAME_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN +$cflags = -O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = VOS diff --git a/apps/apps.c b/apps/apps.c index ccd2182..97f0c0e 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -119,7 +119,7 @@ #include #include #include -#if !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && !defined(NETWARE_CLIB) +#if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && !defined(NETWARE_CLIB) # include #endif #include @@ -1631,7 +1631,7 @@ BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai) { BIO *in = NULL; BIGNUM *ret = NULL; - MS_STATIC char buf[1024]; + char buf[1024]; ASN1_INTEGER *ai = NULL; ai = ASN1_INTEGER_new(); diff --git a/apps/apps.h b/apps/apps.h index 22c678a..3f53bc1 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -205,7 +205,7 @@ extern BIO *bio_err; # endif # endif -# if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE) +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) # define openssl_fdset(a,b) FD_SET((unsigned int)a, b) # else # define openssl_fdset(a,b) FD_SET(a, b) diff --git a/apps/ca.c b/apps/ca.c index a93c00e..a917112 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -323,7 +323,7 @@ int MAIN(int argc, char **argv) STACK_OF(OPENSSL_STRING) *sigopts = NULL; #undef BSIZE #define BSIZE 256 - MS_STATIC char buf[3][BSIZE]; + char buf[3][BSIZE]; char *randfile = NULL; #ifndef OPENSSL_NO_ENGINE char *engine = NULL; diff --git a/apps/openssl.c b/apps/openssl.c index d8848b5..b196285 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -221,8 +221,8 @@ int main(int Argc, char *ARGV[]) #define PROG_NAME_SIZE 39 char pname[PROG_NAME_SIZE + 1]; FUNCTION f, *fp; - MS_STATIC const char *prompt; - MS_STATIC char buf[1024]; + const char *prompt; + char buf[1024]; char *to_free = NULL; int n, i, ret = 0; int argc; diff --git a/apps/req.c b/apps/req.c index 990c5bd..6d06ed7 100644 --- a/apps/req.c +++ b/apps/req.c @@ -1354,7 +1354,7 @@ static int add_DN_object(X509_NAME *n, char *text, const char *def, unsigned long chtype, int mval) { int i, ret = 0; - MS_STATIC char buf[1024]; + char buf[1024]; start: if (!batch) BIO_printf(bio_err, "%s [%s]:", text, def); diff --git a/apps/s_server.c b/apps/s_server.c index 94de734..4dae4d5 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2557,7 +2557,7 @@ static int init_ssl_connection(SSL *con) const char *str; X509 *peer; long verify_error; - MS_STATIC char buf[BUFSIZ]; + char buf[BUFSIZ]; #ifndef OPENSSL_NO_KRB5 char *client_princ; #endif diff --git a/apps/s_time.c b/apps/s_time.c index 3520408..972dccf 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -340,7 +340,7 @@ int MAIN(int argc, char **argv) SSL *scon = NULL; long finishtime = 0; int ret = 1, i; - MS_STATIC char buf[1024 * 8]; + char buf[1024 * 8]; int ver; apps_startup(); diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 2a447c3..3607375 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -67,7 +67,7 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi, long argl, long ret) { BIO *b; - MS_STATIC char buf[256]; + char buf[256]; char *p; long r = 1; size_t p_maxlen; diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 index c4b1e48..e732ba6 100644 --- a/crypto/des/asm/des_enc.m4 +++ b/crypto/des/asm/des_enc.m4 @@ -67,8 +67,8 @@ # define STPTR stx # define ARG0 128 # define ARGSZ 8 -# ifndef OPENSSL_SYSNAME_ULTRASPARC -# define OPENSSL_SYSNAME_ULTRASPARC +# ifndef OPENSSL_SYS_ULTRASPARC +# define OPENSSL_SYS_ULTRASPARC # endif #else # define FRAME -96 @@ -429,7 +429,7 @@ $4: xor $2, local1, $2 ! 1 finished xor $2, local2, $2 ! 3 finished -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bne,pt %icc, $4 #else bne $4 @@ -791,7 +791,7 @@ define(load_little_endian, { ! first in memory to rightmost in register -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC andcc $1, 3, global0 bne,pn %icc, $5 nop @@ -854,7 +854,7 @@ define(load_little_endian_inc, { ! first in memory to rightmost in register -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC andcc $1, 3, global0 bne,pn %icc, $5 nop @@ -989,7 +989,7 @@ define(store_little_endian, { ! rightmost in register to first in memory -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC andcc $1, 3, global0 bne,pn %icc, $5 nop @@ -1195,7 +1195,7 @@ DES_encrypt1: ld [in0], in5 ! left cmp in2, 0 ! enc -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC be,pn %icc, .encrypt.dec ! enc/dec #else be .encrypt.dec @@ -1287,7 +1287,7 @@ DES_encrypt2: ! we use our own stackframe -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC be,pn %icc, .encrypt2.dec ! decryption #else be .encrypt2.dec @@ -1467,7 +1467,7 @@ DES_ncbc_encrypt: cmp in5, 0 ! enc -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC be,pn %icc, .ncbc.dec #else be .ncbc.dec @@ -1479,7 +1479,7 @@ DES_ncbc_encrypt: addcc in2, -8, in2 ! bytes missing when first block done -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bl,pn %icc, .ncbc.enc.seven.or.less #else bl .ncbc.enc.seven.or.less @@ -1507,7 +1507,7 @@ DES_ncbc_encrypt: rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bl,pn %icc, .ncbc.enc.next.block_fp #else bl .ncbc.enc.next.block_fp @@ -1552,7 +1552,7 @@ DES_ncbc_encrypt: addcc in2, -8, in2 ! bytes missing when next block done -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bpos,pt %icc, .ncbc.enc.next.block ! also jumps if 0 #else bpos .ncbc.enc.next.block @@ -1563,7 +1563,7 @@ DES_ncbc_encrypt: cmp in2, -8 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC ble,pt %icc, .ncbc.enc.finish #else ble .ncbc.enc.finish @@ -1594,7 +1594,7 @@ DES_ncbc_encrypt: add in3, 120, in3 LDPTR IVEC, local7 ! ivec -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC ble,pn %icc, .ncbc.dec.finish #else ble .ncbc.dec.finish @@ -1622,7 +1622,7 @@ DES_ncbc_encrypt: ! in2 is compared to 8 in the rounds xor out5, in0, out4 ! iv xor -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bl,pn %icc, .ncbc.dec.seven.or.less #else bl .ncbc.dec.seven.or.less @@ -1639,7 +1639,7 @@ DES_ncbc_encrypt: add local7, 8, local7 addcc in2, -8, in2 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bg,pt %icc, .ncbc.dec.next.block #else bg .ncbc.dec.next.block @@ -1694,7 +1694,7 @@ DES_ede3_cbc_encrypt: LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec cmp local3, 0 ! enc -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC be,pn %icc, .ede3.dec #else be .ede3.dec @@ -1707,7 +1707,7 @@ DES_ede3_cbc_encrypt: addcc in2, -8, in2 ! bytes missing after next block -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bl,pn %icc, .ede3.enc.seven.or.less #else bl .ede3.enc.seven.or.less @@ -1741,7 +1741,7 @@ DES_ede3_cbc_encrypt: call .des_enc ! ks3 in3 compares in2 to 8 nop -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bl,pn %icc, .ede3.enc.next.block_fp #else bl .ede3.enc.next.block_fp @@ -1787,7 +1787,7 @@ DES_ede3_cbc_encrypt: addcc in2, -8, in2 ! bytes missing when next block done -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bpos,pt %icc, .ede3.enc.next.block #else bpos .ede3.enc.next.block @@ -1798,7 +1798,7 @@ DES_ede3_cbc_encrypt: cmp in2, -8 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC ble,pt %icc, .ede3.enc.finish #else ble .ede3.enc.finish @@ -1830,7 +1830,7 @@ DES_ede3_cbc_encrypt: STPTR in3, KS1 cmp in2, 0 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC ble %icc, .ede3.dec.finish #else ble .ede3.dec.finish @@ -1863,7 +1863,7 @@ DES_ede3_cbc_encrypt: ! in2 is compared to 8 in the rounds xor out5, in0, out4 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bl,pn %icc, .ede3.dec.seven.or.less #else bl .ede3.dec.seven.or.less @@ -1878,7 +1878,7 @@ DES_ede3_cbc_encrypt: addcc in2, -8, in2 add local7, 8, local7 -#ifdef OPENSSL_SYSNAME_ULTRASPARC +#ifdef OPENSSL_SYS_ULTRASPARC bg,pt %icc, .ede3.dec.next.block #else bg .ede3.dec.next.block diff --git a/crypto/o_str.c b/crypto/o_str.c index 4e2d096..16fd4e4 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -62,7 +62,7 @@ #include "o_str.h" #if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ - !defined(OPENSSL_SYSNAME_WIN32) && !defined(OPENSSL_SYSNAME_WINCE) && \ + !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && \ !defined(NETWARE_CLIB) # include #endif diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 108c336..0b06ea4 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -722,7 +722,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num, int OBJ_create_objects(BIO *in) { - MS_STATIC char buf[512]; + char buf[512]; int i, num = 0; char *o, *s, *l = NULL; diff --git a/crypto/pkcs7/bio_pk7.c b/crypto/pkcs7/bio_pk7.c index fae1c56..31aef83 100644 --- a/crypto/pkcs7/bio_pk7.c +++ b/crypto/pkcs7/bio_pk7.c @@ -57,7 +57,7 @@ #include #include -#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS) +#if !defined(OPENSSL_SYS_NETWARE) && !defined(OPENSSL_SYS_VXWORKS) # include #endif #include diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c index 70743e1..ef43966 100644 --- a/crypto/rand/md_rand.c +++ b/crypto/rand/md_rand.c @@ -121,7 +121,7 @@ #include "e_os.h" -#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYSNAME_DSPBIOS)) +#if !(defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_DSPBIOS)) # include #endif #if defined(OPENSSL_SYS_VXWORKS) @@ -383,7 +383,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) #elif defined(OPENSSL_SYS_VXWORKS) struct timespec tv; clock_gettime(CLOCK_REALTIME, &ts); -#elif defined(OPENSSL_SYSNAME_DSPBIOS) +#elif defined(OPENSSL_SYS_DSPBIOS) unsigned long long tv, OPENSSL_rdtsc(); tv = OPENSSL_rdtsc(); #else diff --git a/crypto/rand/randfile.c b/crypto/rand/randfile.c index b234be0..e154646 100644 --- a/crypto/rand/randfile.c +++ b/crypto/rand/randfile.c @@ -118,7 +118,7 @@ int RAND_load_file(const char *file, long bytes) * if bytes == -1, read complete file. */ - MS_STATIC unsigned char buf[BUFSIZE]; + unsigned char buf[BUFSIZE]; #ifndef OPENSSL_NO_POSIX_IO struct stat sb; #endif diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index c1d2753..b033a30 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -124,7 +124,7 @@ * sigaction and fileno included. -pedantic would be more appropriate for the * intended purposes, but we can't prevent users from adding -ansi. */ -#if defined(OPENSSL_SYSNAME_VXWORKS) +#if defined(OPENSSL_SYS_VXWORKS) # include #endif diff --git a/e_os.h b/e_os.h index 5549abe..0fbc33c 100644 --- a/e_os.h +++ b/e_os.h @@ -102,16 +102,6 @@ extern "C" { /******************************************************************** The Microsoft section ********************************************************************/ -/* - * The following is used because of the small stack in some Microsoft - * operating systems - */ -# if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYSNAME_WIN32) -# define MS_STATIC static -# else -# define MS_STATIC -# endif - # if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) # define WIN32 # endif diff --git a/e_os2.h b/e_os2.h index ecc0202..12bad8a 100644 --- a/e_os2.h +++ b/e_os2.h @@ -71,7 +71,7 @@ extern "C" { # define OPENSSL_SYS_UNIX /* ---------------------- NetWare ----------------------------------------- */ -# if defined(NETWARE) || defined(OPENSSL_SYSNAME_NETWARE) +# if defined(NETWARE) && !defined(OPENSSL_SYS_NETWARE) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_NETWARE # endif @@ -82,34 +82,33 @@ extern "C" { * Note that MSDOS actually denotes 32-bit environments running on top of * MS-DOS, such as DJGPP one. */ -# if defined(OPENSSL_SYSNAME_MSDOS) +# if defined(OPENSSL_SYS_MSDOS) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_MSDOS # endif /* * For 32 bit environment, there seems to be the CygWin environment and then * all the others that try to do the same thing Microsoft does... */ -# if defined(OPENSSL_SYSNAME_UWIN) +# if defined(OPENSSL_SYS_UWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_UWIN # else -# if defined(__CYGWIN__) || defined(OPENSSL_SYSNAME_CYGWIN) +# if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN) # undef OPENSSL_SYS_UNIX # define OPENSSL_SYS_WIN32_CYGWIN # else -# if defined(_WIN32) || defined(OPENSSL_SYSNAME_WIN32) +# if defined(_WIN32) || defined(OPENSSL_SYS_WIN32) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WIN32 +# if !defined(OPENSSL_SYS_WIN32) +# define OPENSSL_SYS_WIN32 +# endif # endif -# if defined(OPENSSL_SYSNAME_WINNT) +# if defined(OPENSSL_SYS_WINNT) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WINNT # endif -# if defined(OPENSSL_SYSNAME_WINCE) +# if defined(OPENSSL_SYS_WINCE) # undef OPENSSL_SYS_UNIX -# define OPENSSL_SYS_WINCE # endif # endif # endif @@ -138,8 +137,10 @@ extern "C" { # endif /* ------------------------------- OpenVMS -------------------------------- */ -# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYSNAME_VMS) -# undef OPENSSL_SYS_UNIX +# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS) +# if !defined(OPENSSL_SYS_VMS) +# undef OPENSSL_SYS_UNIX +# endif # define OPENSSL_SYS_VMS # if defined(__DECC) # define OPENSSL_SYS_VMS_DECC @@ -159,25 +160,16 @@ extern "C" { /* -------------------------------- Unix ---------------------------------- */ # ifdef OPENSSL_SYS_UNIX -# if defined(linux) || defined(__linux__) || defined(OPENSSL_SYSNAME_LINUX) +# if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX) # define OPENSSL_SYS_LINUX # endif -# ifdef OPENSSL_SYSNAME_SNI -# define OPENSSL_SYS_SNI -# endif -# ifdef OPENSSL_SYSNAME_ULTRASPARC -# define OPENSSL_SYS_ULTRASPARC -# endif -# ifdef OPENSSL_SYSNAME_MACOSX -# define OPENSSL_SYS_MACOSX -# endif -# if defined(_AIX) || defined(OPENSSL_SYSNAME_AIX) +# if defined(_AIX) && !defined(OPENSSL_SYS_AIX) # define OPENSSL_SYS_AIX # endif # endif /* -------------------------------- VOS ----------------------------------- */ -# if defined(__VOS__) || defined(OPENSSL_SYSNAME_VOS) +# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS) # define OPENSSL_SYS_VOS # ifdef __HPPA__ # define OPENSSL_SYS_VOS_HPPA @@ -187,11 +179,6 @@ extern "C" { # endif # endif -/* ------------------------------ VxWorks --------------------------------- */ -# ifdef OPENSSL_SYSNAME_VXWORKS -# define OPENSSL_SYS_VXWORKS -# endif - /** * That's it for OS-specific stuff *****************************************************************************/ diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 9290ca2..d217efa 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1890,7 +1890,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, { /* CLIENT */ - MS_STATIC char cbuf[1024 * 8]; + char cbuf[1024 * 8]; int i, r; clock_t c_clock = clock(); @@ -1967,7 +1967,7 @@ int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, { /* SERVER */ - MS_STATIC char sbuf[1024 * 8]; + char sbuf[1024 * 8]; int i, r; clock_t s_clock = clock(); diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index ed28e65..b659227 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -18,7 +18,7 @@ $out_def="out32"; $tmp_def="tmp32"; $inc_def="inc32"; #enable max error messages, disable most common warnings -$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYSNAME_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp "; +$cflags="-DWIN32_LEAN_AND_MEAN -q -w-ccc -w-rch -w-pia -w-aus -w-par -w-inl -c -tWC -tWM -DOPENSSL_SYS_WIN32 -DL_ENDIAN -DDSO_WIN32 -D_stricmp=stricmp -D_strnicmp=strnicmp "; if ($debug) { $cflags.="-Od -y -v -vi- -D_DEBUG"; diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index f9749e4..309312c 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -122,7 +122,7 @@ elsif ($FLAVOR =~ /CE/) } $cc=($ENV{CC} or "cl"); - $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYSNAME_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT'; + $base_cflags=' /W3 /WX /GF /Gy /nologo -DUNICODE -D_UNICODE -DOPENSSL_SYS_WINCE -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DDSO_WIN32 -DNO_CHMOD -DOPENSSL_SMALL_FOOTPRINT'; $base_cflags.=" $wcecdefs"; $base_cflags.=' -I$(WCECOMPAT)/include' if (defined($ENV{'WCECOMPAT'})); $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include' if (defined($ENV{'PORTSDK_LIBPATH'})); diff --git a/util/pl/netware.pl b/util/pl/netware.pl index fe80a9b..4e6f876 100644 --- a/util/pl/netware.pl +++ b/util/pl/netware.pl @@ -222,7 +222,7 @@ else } # common defines -$cflags.=" -DL_ENDIAN -DOPENSSL_SYSNAME_NETWARE -U_WIN32"; +$cflags.=" -DL_ENDIAN -DOPENSSL_SYS_NETWARE -U_WIN32"; # If LibC build add in NKS_LIBC define and set the entry/exit # routines - The default entry/exit routines are for CLib and don't exist From appro at openssl.org Fri Jan 23 18:10:01 2015 From: appro at openssl.org (Andy Polyakov) Date: Fri, 23 Jan 2015 19:10:01 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150123181001.4DEAD1DF121@butler.localdomain> The branch master has been updated via 04f8bcf1960c1309e143718642611bb68479cbbf (commit) from 68b00c237298b2e7e382686ffd583847d57bbc0b (commit) - Log ----------------------------------------------------------------- commit 04f8bcf1960c1309e143718642611bb68479cbbf Author: Andy Polyakov Date: Fri Jan 23 14:48:11 2015 +0100 Keep disclaiming 16-bit support. If you examine changes, you are likely to wonder "but what about ILP64, elusive as they are, don't they fall victim to 16-bit rationalization?" No, the case was modeled and verified to work. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- crypto/bf/blowfish.h | 13 ++----------- crypto/md32_common.h | 4 +--- crypto/md4/md4.h | 13 ++----------- crypto/md4/md4_locl.h | 4 ---- crypto/md5/md5.h | 13 ++----------- crypto/md5/md5_locl.h | 4 ---- crypto/ripemd/ripemd.h | 9 +-------- crypto/ripemd/rmd_locl.h | 4 ---- crypto/sha/sha.h | 13 ++----------- 10 files changed, 11 insertions(+), 68 deletions(-) diff --git a/CHANGES b/CHANGES index 9ebbe61..1a8538d 100644 --- a/CHANGES +++ b/CHANGES @@ -37,7 +37,7 @@ NCR Tandem Cray - WIN16 + 16-bit platforms such as WIN16 [Rich Salz] *) Start cleaning up OPENSSL_NO_xxx #define's diff --git a/crypto/bf/blowfish.h b/crypto/bf/blowfish.h index f50a725..ae613e8 100644 --- a/crypto/bf/blowfish.h +++ b/crypto/bf/blowfish.h @@ -74,19 +74,10 @@ extern "C" { /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! BF_LONG_LOG2 has to be defined along. ! + * ! BF_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define BF_LONG unsigned long -# elif defined(__ILP64__) -# define BF_LONG unsigned long -# define BF_LONG_LOG2 3 -# else -# define BF_LONG unsigned int -# endif +# define BF_LONG unsigned int # define BF_ROUNDS 16 # define BF_BLOCK 8 diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 5d17b13..46c088c 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -64,8 +64,7 @@ * HASH_CBLOCK * size of a unit chunk HASH_BLOCK operates on. * HASH_LONG - * has to be at lest 32 bit wide, if it's wider, then - * HASH_LONG_LOG2 *has to* be defined along + * has to be at lest 32 bit wide. * HASH_CTX * context structure that at least contains following * members: @@ -98,7 +97,6 @@ * #define DATA_ORDER_IS_LITTLE_ENDIAN * * #define HASH_LONG MD5_LONG - * #define HASH_LONG_LOG2 MD5_LONG_LOG2 * #define HASH_CTX MD5_CTX * #define HASH_CBLOCK MD5_CBLOCK * #define HASH_UPDATE MD5_Update diff --git a/crypto/md4/md4.h b/crypto/md4/md4.h index d1d25d5..01052f3 100644 --- a/crypto/md4/md4.h +++ b/crypto/md4/md4.h @@ -72,19 +72,10 @@ extern "C" { /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD4_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! MD4_LONG_LOG2 has to be defined along. ! + * ! MD4_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define MD4_LONG unsigned long -# elif defined(__ILP64__) -# define MD4_LONG unsigned long -# define MD4_LONG_LOG2 3 -# else -# define MD4_LONG unsigned int -# endif +# define MD4_LONG unsigned int # define MD4_CBLOCK 64 # define MD4_LBLOCK (MD4_CBLOCK/4) diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h index dc86a86..6ed21e1 100644 --- a/crypto/md4/md4_locl.h +++ b/crypto/md4/md4_locl.h @@ -61,10 +61,6 @@ #include #include -#ifndef MD4_LONG_LOG2 -# define MD4_LONG_LOG2 2 /* default to 32 bits */ -#endif - void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); #define DATA_ORDER_IS_LITTLE_ENDIAN diff --git a/crypto/md5/md5.h b/crypto/md5/md5.h index 6f50c20..91f4251 100644 --- a/crypto/md5/md5.h +++ b/crypto/md5/md5.h @@ -72,19 +72,10 @@ extern "C" { /* * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! MD5_LONG_LOG2 has to be defined along. ! + * ! MD5_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define MD5_LONG unsigned long -# elif defined(__ILP64__) -# define MD5_LONG unsigned long -# define MD5_LONG_LOG2 3 -# else -# define MD5_LONG unsigned int -# endif +# define MD5_LONG unsigned int # define MD5_CBLOCK 64 # define MD5_LBLOCK (MD5_CBLOCK/4) diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h index 82e6921..6c1bf35 100644 --- a/crypto/md5/md5_locl.h +++ b/crypto/md5/md5_locl.h @@ -61,10 +61,6 @@ #include #include -#ifndef MD5_LONG_LOG2 -# define MD5_LONG_LOG2 2 /* default to 32 bits */ -#endif - #ifdef MD5_ASM # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) || \ defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64) diff --git a/crypto/ripemd/ripemd.h b/crypto/ripemd/ripemd.h index 898f2d0..9933078 100644 --- a/crypto/ripemd/ripemd.h +++ b/crypto/ripemd/ripemd.h @@ -70,14 +70,7 @@ extern "C" { # error RIPEMD is disabled. # endif -# if defined(__LP32__) -# define RIPEMD160_LONG unsigned long -# elif defined(__ILP64__) -# define RIPEMD160_LONG unsigned long -# define RIPEMD160_LONG_LOG2 3 -# else -# define RIPEMD160_LONG unsigned int -# endif +# define RIPEMD160_LONG unsigned int # define RIPEMD160_CBLOCK 64 # define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h index 26e0256..497a1a1 100644 --- a/crypto/ripemd/rmd_locl.h +++ b/crypto/ripemd/rmd_locl.h @@ -61,10 +61,6 @@ #include #include -#ifndef RIPEMD160_LONG_LOG2 -# define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */ -#endif - /* * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c * FOR EXPLANATIONS ON FOLLOWING "CODE." diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index 3d2d2fa..d76790b 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -72,19 +72,10 @@ extern "C" { /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! - * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! - * ! SHA_LONG_LOG2 has to be defined along. ! + * ! SHA_LONG has to be at least 32 bits wide. ! * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! */ - -# if defined(__LP32__) -# define SHA_LONG unsigned long -# elif defined(__ILP64__) -# define SHA_LONG unsigned long -# define SHA_LONG_LOG2 3 -# else -# define SHA_LONG unsigned int -# endif +# define SHA_LONG unsigned int # define SHA_LBLOCK 16 # define SHA_CBLOCK (SHA_LBLOCK*4)/* SHA treats input data as a From rsalz at openssl.org Fri Jan 23 20:40:13 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 23 Jan 2015 21:40:13 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150123204013.708511DF121@butler.localdomain> The branch master has been updated via c963c421fb3d84ca3c86284593f0439f7c152f3e (commit) from 04f8bcf1960c1309e143718642611bb68479cbbf (commit) - Log ----------------------------------------------------------------- commit c963c421fb3d84ca3c86284593f0439f7c152f3e Author: Viktor Dkhovni Date: Fri Jan 23 15:39:40 2015 -0500 Replace exit() with error return. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/engine/eng_rsax.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c index 8362754..86ee9d8 100644 --- a/crypto/engine/eng_rsax.c +++ b/crypto/engine/eng_rsax.c @@ -434,10 +434,10 @@ static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data) BN_lshift(&two_512, BN_value_one(), 512); if (0 == (m[7] & 0x8000000000000000)) { - exit(1); + goto err; } if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */ - exit(1); + goto err; } /* Precompute m1 */ From kurt at openssl.org Sat Jan 24 13:50:37 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 24 Jan 2015 14:50:37 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150124135037.31C681DF121@butler.localdomain> The branch master has been updated via 2747d73c1466c487daf64a1234b6fe2e8a62ac75 (commit) from c963c421fb3d84ca3c86284593f0439f7c152f3e (commit) - Log ----------------------------------------------------------------- commit 2747d73c1466c487daf64a1234b6fe2e8a62ac75 Author: Kurt Roeckx Date: Sat Jan 24 14:46:50 2015 +0100 Fix segfault with empty fields as last in the config. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_gen.c | 5 +++++ crypto/engine/eng_fat.c | 2 ++ ssl/ssl_conf.c | 2 ++ ssl/t1_lib.c | 4 ++++ 4 files changed, 13 insertions(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 9ef89f6..87066e8 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -279,6 +279,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr) int tmp_tag, tmp_class; + if (elem == NULL) + return 0; + for (i = 0, p = elem; i < len; p++, i++) { /* Look for the ':' in name value pairs */ if (*p == ':') { @@ -805,6 +808,8 @@ static int mask_cb(const char *elem, int len, void *arg) { unsigned long *pmask = arg, tmpmask; int tag; + if (elem == NULL) + return 0; if (len == 3 && !strncmp(elem, "DIR", 3)) { *pmask |= B_ASN1_DIRECTORYSTRING; return 1; diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index bcb4c44..4279dd9 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -103,6 +103,8 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) static int int_def_cb(const char *alg, int len, void *arg) { unsigned int *pflags = arg; + if (alg == NULL) + return 0; if (!strncmp(alg, "ALL", len)) *pflags |= ENGINE_METHOD_ALL; else if (!strncmp(alg, "RSA", len)) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index af88a47..354f218 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -167,6 +167,8 @@ static int ssl_set_option_list(const char *elem, int len, void *usr) * len == -1 indicates not being called in list context, just for single * command line switches, so don't allow +, -. */ + if (elem == NULL) + return 0; if (len != -1) { if (*elem == '+') { elem++; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8fb26a4..115aab5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -596,6 +596,8 @@ static int nid_cb(const char *elem, int len, void *arg) size_t i; int nid; char etmp[20]; + if (elem == NULL) + return 0; if (narg->nidcnt == MAX_CURVELIST) return 0; if (len > (int)(sizeof(etmp) - 1)) @@ -4001,6 +4003,8 @@ static int sig_cb(const char *elem, int len, void *arg) size_t i; char etmp[20], *p; int sig_alg, hash_alg; + if (elem == NULL) + return 0; if (sarg->sigalgcnt == MAX_SIGALGLEN) return 0; if (len > (int)(sizeof(etmp) - 1)) From kurt at openssl.org Sat Jan 24 13:57:48 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 24 Jan 2015 14:57:48 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150124135748.C4F221DF121@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 63c1d16bb85566fa3cdb13df321037a22f117957 (commit) from 6fa805f516f5a6ff3872f1d1014a3dc9de460b99 (commit) - Log ----------------------------------------------------------------- commit 63c1d16bb85566fa3cdb13df321037a22f117957 Author: Kurt Roeckx Date: Sat Jan 24 14:46:50 2015 +0100 Fix segfault with empty fields as last in the config. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_gen.c | 3 +++ crypto/engine/eng_fat.c | 2 ++ ssl/ssl_conf.c | 2 ++ ssl/t1_lib.c | 4 ++++ 4 files changed, 11 insertions(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 132a9ef..aaec009 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -279,6 +279,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr) int tmp_tag, tmp_class; + if (elem == NULL) + return 0; + for (i = 0, p = elem; i < len; p++, i++) { /* Look for the ':' in name value pairs */ if (*p == ':') { diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index bcb4c44..4279dd9 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -103,6 +103,8 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) static int int_def_cb(const char *alg, int len, void *arg) { unsigned int *pflags = arg; + if (alg == NULL) + return 0; if (!strncmp(alg, "ALL", len)) *pflags |= ENGINE_METHOD_ALL; else if (!strncmp(alg, "RSA", len)) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 0ee6e46..d950242 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -167,6 +167,8 @@ static int ssl_set_option_list(const char *elem, int len, void *usr) * len == -1 indicates not being called in list context, just for single * command line switches, so don't allow +, -. */ + if (elem == NULL) + return 0; if (len != -1) { if (*elem == '+') { elem++; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 90ef867..2c3a1ec 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -651,6 +651,8 @@ static int nid_cb(const char *elem, int len, void *arg) size_t i; int nid; char etmp[20]; + if (elem == NULL) + return 0; if (narg->nidcnt == MAX_CURVELIST) return 0; if (len > (int)(sizeof(etmp) - 1)) @@ -3948,6 +3950,8 @@ static int sig_cb(const char *elem, int len, void *arg) size_t i; char etmp[20], *p; int sig_alg, hash_alg; + if (elem == NULL) + return 0; if (sarg->sigalgcnt == MAX_SIGALGLEN) return 0; if (len > (int)(sizeof(etmp) - 1)) From kurt at openssl.org Sat Jan 24 14:08:25 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 24 Jan 2015 15:08:25 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150124140825.181FC1DF121@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 184693f4af2846dd89f473482e55df26c428da36 (commit) from 925bfca5d347d10f1a2e172be001090ae7ebafc2 (commit) - Log ----------------------------------------------------------------- commit 184693f4af2846dd89f473482e55df26c428da36 Author: Kurt Roeckx Date: Sat Jan 24 15:04:53 2015 +0100 Fix segfault with empty fields as last in the config. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_gen.c | 3 +++ crypto/engine/eng_fat.c | 2 ++ 2 files changed, 5 insertions(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 132a9ef..aaec009 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -279,6 +279,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr) int tmp_tag, tmp_class; + if (elem == NULL) + return 0; + for (i = 0, p = elem; i < len; p++, i++) { /* Look for the ':' in name value pairs */ if (*p == ':') { diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index bcb4c44..4279dd9 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -103,6 +103,8 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) static int int_def_cb(const char *alg, int len, void *arg) { unsigned int *pflags = arg; + if (alg == NULL) + return 0; if (!strncmp(alg, "ALL", len)) *pflags |= ENGINE_METHOD_ALL; else if (!strncmp(alg, "RSA", len)) From rsalz at openssl.org Sat Jan 24 15:58:46 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 24 Jan 2015 16:58:46 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150124155846.AF68A1DF121@butler.localdomain> The branch master has been updated via a2b18e657ea1a932d125154f4e13ab2258796d90 (commit) from 2747d73c1466c487daf64a1234b6fe2e8a62ac75 (commit) - Log ----------------------------------------------------------------- commit a2b18e657ea1a932d125154f4e13ab2258796d90 Author: Rich Salz Date: Sat Jan 24 10:57:19 2015 -0500 ifdef cleanup, part 4a: '#ifdef undef' This removes all code surrounded by '#ifdef undef' One case is left: memmove() replaced by open-coded for loop, in crypto/stack/stack.c That needs further review. Also removed a couple of instances of /* dead code */ if I saw them while doing the main removal. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 4 ++ apps/crl.c | 9 --- apps/dh.c | 9 --- apps/sess_id.c | 20 ------- crypto/bn/bntest.c | 5 -- crypto/des/cfb64ede.c | 10 ---- crypto/des/ofb64ede.c | 12 ---- crypto/des/rpc_enc.c | 20 ------- crypto/evp/encode.c | 32 ----------- crypto/evp/p_sign.c | 12 ---- crypto/idea/idea_lcl.h | 64 ---------------------- crypto/rand/randtest.c | 10 ---- crypto/rc2/rc2test.c | 121 ----------------------------------------- crypto/rc5/rc5test.c | 56 ------------------- crypto/threads/mttest.c | 45 --------------- crypto/x509v3/v3_info.c | 3 - demos/engines/rsaref/rsaref.c | 52 ------------------ 17 files changed, 4 insertions(+), 480 deletions(-) diff --git a/CHANGES b/CHANGES index 1a8538d..26ea797 100644 --- a/CHANGES +++ b/CHANGES @@ -48,6 +48,10 @@ Remove MS_STATIC; it's a relic from platforms <32 bits. [Rich Salz] + *) Start cleaning up dead code + Remove all but one '#ifdef undef' which is to be looked at. + [Rich Salz] + *) Experimental support for a new, fast, unbiased prime candidate generator, bn_probable_prime_dh_coprime(). Not currently used by any prime generator. [Felix Laurie von Massenbach ] diff --git a/apps/crl.c b/apps/crl.c index c9c3a5f..6819faa 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -152,15 +152,6 @@ int MAIN(int argc, char **argv) argv++; num = 0; while (argc >= 1) { -#ifdef undef - if (strcmp(*argv, "-p") == 0) { - if (--argc < 1) - goto bad; - if (!args_from_file(++argv, Nargc, Nargv)) { - goto end; - } - */} -#endif if (strcmp(*argv, "-inform") == 0) { if (--argc < 1) goto bad; diff --git a/apps/dh.c b/apps/dh.c index 48fecc9..cdb5f4a 100644 --- a/apps/dh.c +++ b/apps/dh.c @@ -233,15 +233,6 @@ int MAIN(int argc, char **argv) if (text) { DHparams_print(out, dh); -# ifdef undef - printf("p="); - BN_print(stdout, dh->p); - printf("\ng="); - BN_print(stdout, dh->g); - printf("\n"); - if (dh->length != 0) - printf("recommended private length=%ld\n", dh->length); -# endif } if (check) { diff --git a/apps/sess_id.c b/apps/sess_id.c index be10076..fcb0911 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -168,26 +168,6 @@ int MAIN(int argc, char **argv) } SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len); } -#ifdef undef - /* just testing for memory leaks :-) */ - { - SSL_SESSION *s; - char buf[1024 * 10], *p; - int i; - - s = SSL_SESSION_new(); - - p = &buf; - i = i2d_SSL_SESSION(x, &p); - p = &buf; - d2i_SSL_SESSION(&s, &p, (long)i); - p = &buf; - d2i_SSL_SESSION(&s, &p, (long)i); - p = &buf; - d2i_SSL_SESSION(&s, &p, (long)i); - SSL_SESSION_free(s); - } -#endif if (!noout || text) { out = BIO_new(BIO_s_file()); diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index 2d891a7..e03c808 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -812,11 +812,6 @@ int test_mont(BIO *bp, BN_CTX *ctx) BN_from_montgomery(A, c, mont, ctx); if (bp != NULL) { if (!results) { -#ifdef undef - fprintf(stderr, "%d * %d %% %d\n", - BN_num_bits(a), - BN_num_bits(b), BN_num_bits(&mont->N)); -#endif BN_print(bp, a); BIO_puts(bp, " * "); BN_print(bp, b); diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c index 5d709c1..ba4f00b 100644 --- a/crypto/des/cfb64ede.c +++ b/crypto/des/cfb64ede.c @@ -127,16 +127,6 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, *num = n; } -#ifdef undef /* MACRO */ -void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, - long length, DES_key_schedule ks1, - DES_key_schedule ks2, DES_cblock (*ivec), - int *num, int enc) -{ - DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc); -} -#endif - /* * This is compatible with the single key CFB-r for DES, even thought that's * not what EVP needs. diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c index 45c6750..215b38d 100644 --- a/crypto/des/ofb64ede.c +++ b/crypto/des/ofb64ede.c @@ -102,8 +102,6 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, n = (n + 1) & 0x07; } if (save) { -/*- v0=ti[0]; - v1=ti[1];*/ iv = &(*ivec)[0]; l2c(v0, iv); l2c(v1, iv); @@ -111,13 +109,3 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in, v0 = v1 = ti[0] = ti[1] = 0; *num = n; } - -#ifdef undef /* MACRO */ -void DES_ede2_ofb64_encrypt(register unsigned char *in, - register unsigned char *out, long length, - DES_key_schedule k1, DES_key_schedule k2, - DES_cblock (*ivec), int *num) -{ - DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num); -} -#endif diff --git a/crypto/des/rpc_enc.c b/crypto/des/rpc_enc.c index f5a84c5..a5cd7dd 100644 --- a/crypto/des/rpc_enc.c +++ b/crypto/des/rpc_enc.c @@ -75,26 +75,6 @@ int _des_crypt(char *buf, int len, struct desparams *desp) else { DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf, len, &ks, &desp->des_ivec, enc); -#ifdef undef - /* - * len will always be %8 if called from common_crypt in secure_rpc. - * Libdes's cbc encrypt does not copy back the iv, so we have to do - * it here. - */ - /* It does now :-) eay 20/09/95 */ - - a = (char *)&(desp->UDES.UDES_buf[len - 8]); - b = (char *)&(desp->des_ivec[0]); - - *(a++) = *(b++); - *(a++) = *(b++); - *(a++) = *(b++); - *(a++) = *(b++); - *(a++) = *(b++); - *(a++) = *(b++); - *(a++) = *(b++); - *(a++) = *(b++); -#endif } return (1); } diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 53cc586..682a914 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -418,35 +418,3 @@ int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) } else return (1); } - -#ifdef undef -int EVP_DecodeValid(unsigned char *buf, int len) -{ - int i, num = 0, bad = 0; - - if (len == 0) - return (-1); - while (conv_ascii2bin(*buf) == B64_WS) { - buf++; - len--; - if (len == 0) - return (-1); - } - - for (i = len; i >= 4; i -= 4) { - if ((conv_ascii2bin(buf[0]) >= 0x40) || - (conv_ascii2bin(buf[1]) >= 0x40) || - (conv_ascii2bin(buf[2]) >= 0x40) || - (conv_ascii2bin(buf[3]) >= 0x40)) - return (-1); - buf += 4; - num += 1 + (buf[2] != '=') + (buf[3] != '='); - } - if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN)) - return (num); - if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) && - (conv_ascii2bin(buf[0]) == B64_EOLN)) - return (num); - return (1); -} -#endif diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 8345f94..541c6e7 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -62,18 +62,6 @@ #include #include -#ifdef undef -void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) -{ - EVP_DigestInit_ex(ctx, type); -} - -void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count) -{ - EVP_DigestUpdate(ctx, data, count); -} -#endif - int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { diff --git a/crypto/idea/idea_lcl.h b/crypto/idea/idea_lcl.h index e406953..ffb06a1 100644 --- a/crypto/idea/idea_lcl.h +++ b/crypto/idea/idea_lcl.h @@ -71,18 +71,6 @@ if (ul != 0) \ else \ r=(-(int)a-b+1); /* assuming a or b is 0 and in range */ -#ifdef undef -# define idea_mul(r,a,b,ul,sl) \ -if (a == 0) r=(0x10001-b)&0xffff; \ -else if (b == 0) r=(0x10001-a)&0xffff; \ -else { \ - ul=(unsigned long)a*b; \ - sl=(ul&0xffff)-(ul>>16); \ - if (sl <= 0) sl+=0x10001; \ - r=sl; \ - } -#endif - /* * 7/12/95 - Many thanks to Rhys Weatherley for * pointing out that I was assuming little endian byte order for all @@ -144,58 +132,6 @@ else { \ #define n2s(c,l) (l =((IDEA_INT)(*((c)++)))<< 8L, \ l|=((IDEA_INT)(*((c)++))) ) -#ifdef undef -/* NOTE - c is not incremented as per c2l */ -# define c2ln(c,l1,l2,n) { \ - c+=n; \ - l1=l2=0; \ - switch (n) { \ - case 8: l2 =((unsigned long)(*(--(c))))<<24; \ - case 7: l2|=((unsigned long)(*(--(c))))<<16; \ - case 6: l2|=((unsigned long)(*(--(c))))<< 8; \ - case 5: l2|=((unsigned long)(*(--(c)))); \ - case 4: l1 =((unsigned long)(*(--(c))))<<24; \ - case 3: l1|=((unsigned long)(*(--(c))))<<16; \ - case 2: l1|=((unsigned long)(*(--(c))))<< 8; \ - case 1: l1|=((unsigned long)(*(--(c)))); \ - } \ - } - -/* NOTE - c is not incremented as per l2c */ -# define l2cn(l1,l2,c,n) { \ - c+=n; \ - switch (n) { \ - case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ - case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ - case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ - case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ - case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ - case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ - case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ - case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ - } \ - } - -# undef c2s -# define c2s(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L) - -# undef s2c -# define s2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff)) - -# undef c2l -# define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ - l|=((unsigned long)(*((c)++)))<< 8L, \ - l|=((unsigned long)(*((c)++)))<<16L, \ - l|=((unsigned long)(*((c)++)))<<24L) - -# undef l2c -# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ - *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24L)&0xff)) -#endif #define E_IDEA(num) \ x1&=0xffff; \ diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c index 91bcac9..3c2628c 100644 --- a/crypto/rand/randtest.c +++ b/crypto/rand/randtest.c @@ -133,16 +133,6 @@ int main(int argc, char **argv) printf("test 1 done\n"); /* test 2 */ -#ifdef undef - d = 0; - for (i = 0; i < 16; i++) - d += n2[i] * n2[i]; - d = d * 16.0 / 5000.0 - 5000.0; - if (!((1.03 < d) && (d < 57.4))) { - printf("test 2 failed, X=%.2f\n", d); - err++; - } -#endif d = 0; for (i = 0; i < 16; i++) d += n2[i] * n2[i]; diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index e61df34..f7eae13 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -101,50 +101,6 @@ static unsigned char RC2cipher[4][8] = { {0x50, 0xDC, 0x01, 0x62, 0xBD, 0x75, 0x7F, 0x31}, }; -/************/ -# ifdef undef -unsigned char k[16] = { - 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, - 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08 -}; - -unsigned char in[8] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03 }; -unsigned char c[8] = { 0x11, 0xFB, 0xED, 0x2B, 0x01, 0x98, 0x6D, 0xE5 }; - -unsigned char out[80]; - -char *text = "Hello to all people out there"; - -static unsigned char cfb_key[16] = { - 0xe1, 0xf0, 0xc3, 0xd2, 0xa5, 0xb4, 0x87, 0x96, - 0x69, 0x78, 0x4b, 0x5a, 0x2d, 0x3c, 0x0f, 0x1e, -}; -static unsigned char cfb_iv[80] = - { 0x34, 0x12, 0x78, 0x56, 0xab, 0x90, 0xef, 0xcd }; -static unsigned char cfb_buf1[40], cfb_buf2[40], cfb_tmp[8]; -# define CFB_TEST_SIZE 24 -static unsigned char plain[CFB_TEST_SIZE] = { - 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, - 0x69, 0x6d, 0x65, 0x20, 0x66, 0x6f, - 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20 -}; - -static unsigned char cfb_cipher64[CFB_TEST_SIZE] = { - 0x59, 0xD8, 0xE2, 0x65, 0x00, 0x58, 0x6C, 0x3F, - 0x2C, 0x17, 0x25, 0xD0, 0x1A, 0x38, 0xB7, 0x2A, - 0x39, 0x61, 0x37, 0xDC, 0x79, 0xFB, 0x9F, 0x45 -/*- 0xF9,0x78,0x32,0xB5,0x42,0x1A,0x6B,0x38, - 0x9A,0x44,0xD6,0x04,0x19,0x43,0xC4,0xD9, - 0x3D,0x1E,0xAE,0x47,0xFC,0xCF,0x29,0x0B,*/ -}; - -/* - * static int cfb64_test(unsigned char *cfb_cipher); - */ -static char *pt(unsigned char *p); -# endif - int main(int argc, char *argv[]) { int i, n, err = 0; @@ -185,27 +141,6 @@ int main(int argc, char *argv[]) if (err == 0) printf("ecb RC2 ok\n"); -# ifdef undef - memcpy(iv, k, 8); - idea_cbc_encrypt((unsigned char *)text, out, strlen(text) + 1, &key, iv, - 1); - memcpy(iv, k, 8); - idea_cbc_encrypt(out, out, 8, &dkey, iv, 0); - idea_cbc_encrypt(&(out[8]), &(out[8]), strlen(text) + 1 - 8, &dkey, iv, - 0); - if (memcmp(text, out, strlen(text) + 1) != 0) { - printf("cbc idea bad\n"); - err = 4; - } else - printf("cbc idea ok\n"); - - printf("cfb64 idea "); - if (cfb64_test(cfb_cipher64)) { - printf("bad\n"); - err = 5; - } else - printf("ok\n"); -# endif # ifdef OPENSSL_SYS_NETWARE if (err) @@ -215,60 +150,4 @@ int main(int argc, char *argv[]) return (err); } -# ifdef undef -static int cfb64_test(unsigned char *cfb_cipher) -{ - IDEA_KEY_SCHEDULE eks, dks; - int err = 0, i, n; - - idea_set_encrypt_key(cfb_key, &eks); - idea_set_decrypt_key(&eks, &dks); - memcpy(cfb_tmp, cfb_iv, 8); - n = 0; - idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks, - cfb_tmp, &n, IDEA_ENCRYPT); - idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), - (long)CFB_TEST_SIZE - 12, &eks, - cfb_tmp, &n, IDEA_ENCRYPT); - if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) { - err = 1; - printf("idea_cfb64_encrypt encrypt error\n"); - for (i = 0; i < CFB_TEST_SIZE; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp, cfb_iv, 8); - n = 0; - idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &eks, - cfb_tmp, &n, IDEA_DECRYPT); - idea_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), - (long)CFB_TEST_SIZE - 17, &dks, - cfb_tmp, &n, IDEA_DECRYPT); - if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) { - err = 1; - printf("idea_cfb_encrypt decrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf2[i]))); - } - return (err); -} - -static char *pt(unsigned char *p) -{ - static char bufs[10][20]; - static int bnum = 0; - char *ret; - int i; - static char *f = "0123456789ABCDEF"; - - ret = &(bufs[bnum++][0]); - bnum %= 10; - for (i = 0; i < 8; i++) { - ret[i * 2] = f[(p[i] >> 4) & 0xf]; - ret[i * 2 + 1] = f[p[i] & 0xf]; - } - ret[16] = '\0'; - return (ret); -} - -# endif #endif diff --git a/crypto/rc5/rc5test.c b/crypto/rc5/rc5test.c index b29a436..5ed4d21 100644 --- a/crypto/rc5/rc5test.c +++ b/crypto/rc5/rc5test.c @@ -322,60 +322,4 @@ int main(int argc, char *argv[]) return (err); } -# ifdef undef -static int cfb64_test(unsigned char *cfb_cipher) -{ - IDEA_KEY_SCHEDULE eks, dks; - int err = 0, i, n; - - idea_set_encrypt_key(cfb_key, &eks); - idea_set_decrypt_key(&eks, &dks); - memcpy(cfb_tmp, cfb_iv, 8); - n = 0; - idea_cfb64_encrypt(plain, cfb_buf1, (long)12, &eks, - cfb_tmp, &n, IDEA_ENCRYPT); - idea_cfb64_encrypt(&(plain[12]), &(cfb_buf1[12]), - (long)CFB_TEST_SIZE - 12, &eks, - cfb_tmp, &n, IDEA_ENCRYPT); - if (memcmp(cfb_cipher, cfb_buf1, CFB_TEST_SIZE) != 0) { - err = 1; - printf("idea_cfb64_encrypt encrypt error\n"); - for (i = 0; i < CFB_TEST_SIZE; i += 8) - printf("%s\n", pt(&(cfb_buf1[i]))); - } - memcpy(cfb_tmp, cfb_iv, 8); - n = 0; - idea_cfb64_encrypt(cfb_buf1, cfb_buf2, (long)17, &eks, - cfb_tmp, &n, IDEA_DECRYPT); - idea_cfb64_encrypt(&(cfb_buf1[17]), &(cfb_buf2[17]), - (long)CFB_TEST_SIZE - 17, &dks, - cfb_tmp, &n, IDEA_DECRYPT); - if (memcmp(plain, cfb_buf2, CFB_TEST_SIZE) != 0) { - err = 1; - printf("idea_cfb_encrypt decrypt error\n"); - for (i = 0; i < 24; i += 8) - printf("%s\n", pt(&(cfb_buf2[i]))); - } - return (err); -} - -static char *pt(unsigned char *p) -{ - static char bufs[10][20]; - static int bnum = 0; - char *ret; - int i; - static char *f = "0123456789ABCDEF"; - - ret = &(bufs[bnum++][0]); - bnum %= 10; - for (i = 0; i < 8; i++) { - ret[i * 2] = f[(p[i] >> 4) & 0xf]; - ret[i * 2 + 1] = f[p[i] & 0xf]; - } - ret[16] = '\0'; - return (ret); -} - -# endif #endif diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index 60b0c06..ea3784c 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -529,11 +529,6 @@ int doit(char *ctx[4]) return (1); } else { done |= C_DONE; -#ifdef undef - fprintf(stdout, "CLIENT:from server:"); - fwrite(cbuf, 1, i, stdout); - fflush(stdout); -#endif } } } @@ -560,11 +555,6 @@ int doit(char *ctx[4]) } else { s_write = 1; s_w = 1; -#ifdef undef - fprintf(stdout, "SERVER:from client:"); - fwrite(sbuf, 1, i, stdout); - fflush(stdout); -#endif } } else { i = BIO_write(s_bio, "hello from server\n", 18); @@ -602,9 +592,6 @@ int doit(char *ctx[4]) SSL_set_shutdown(c_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); SSL_set_shutdown(s_ssl, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN); -#ifdef undef - fprintf(stdout, "DONE\n"); -#endif err: /* * We have to set the BIO's to NULL otherwise they will be free()ed @@ -791,30 +778,10 @@ void thread_cleanup(void) void solaris_locking_callback(int mode, int type, char *file, int line) { -# ifdef undef - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); -# endif - - /*- - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); - */ if (mode & CRYPTO_LOCK) { - /*- - if (mode & CRYPTO_READ) - rw_rdlock(&(lock_cs[type])); - else - rw_wrlock(&(lock_cs[type])); */ - mutex_lock(&(lock_cs[type])); lock_count[type]++; } else { -/* rw_unlock(&(lock_cs[type])); */ mutex_unlock(&(lock_cs[type])); } } @@ -977,18 +944,6 @@ void thread_cleanup(void) void pthreads_locking_callback(int mode, int type, char *file, int line) { -# ifdef undef - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); -# endif -/*- - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), - mode,file,line); -*/ if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); lock_count[type]++; diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index e052a34..a377c92 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -203,8 +203,5 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a) { i2a_ASN1_OBJECT(bp, a->method); -#ifdef UNDEF - i2a_GENERAL_NAME(bp, a->location); -#endif return 2; } diff --git a/demos/engines/rsaref/rsaref.c b/demos/engines/rsaref/rsaref.c index 498cc70..b6429de 100644 --- a/demos/engines/rsaref/rsaref.c +++ b/demos/engines/rsaref/rsaref.c @@ -324,31 +324,6 @@ static int RSAref_bn2bin(BIGNUM *from, unsigned char *to, int max) return (1); } -#ifdef undef -/* unsigned char *from: [max] */ -static BIGNUM *RSAref_bin2bn(unsigned char *from, BIGNUM *to, int max) -{ - int i; - BIGNUM *ret; - - for (i = 0; i < max; i++) - if (from[i]) - break; - - ret = BN_bin2bn(&(from[i]), max - i, to); - return (ret); -} - -static int RSAref_Public_ref2eay(RSArefPublicKey * from, RSA *to) -{ - to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN); - to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN); - if ((to->n == NULL) || (to->e == NULL)) - return (0); - return (1); -} -#endif - static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY * to) { to->bits = BN_num_bits(from->n); @@ -359,33 +334,6 @@ static int RSAref_Public_eay2ref(RSA *from, R_RSA_PUBLIC_KEY * to) return (1); } -#ifdef undef -static int RSAref_Private_ref2eay(RSArefPrivateKey * from, RSA *to) -{ - if ((to->n = RSAref_bin2bn(from->m, NULL, RSAref_MAX_LEN)) == NULL) - return (0); - if ((to->e = RSAref_bin2bn(from->e, NULL, RSAref_MAX_LEN)) == NULL) - return (0); - if ((to->d = RSAref_bin2bn(from->d, NULL, RSAref_MAX_LEN)) == NULL) - return (0); - if ((to->p = - RSAref_bin2bn(from->prime[0], NULL, RSAref_MAX_PLEN)) == NULL) - return (0); - if ((to->q = - RSAref_bin2bn(from->prime[1], NULL, RSAref_MAX_PLEN)) == NULL) - return (0); - if ((to->dmp1 = RSAref_bin2bn(from->pexp[0], NULL, RSAref_MAX_PLEN)) - == NULL) - return (0); - if ((to->dmq1 = RSAref_bin2bn(from->pexp[1], NULL, RSAref_MAX_PLEN)) - == NULL) - return (0); - if ((to->iqmp = RSAref_bin2bn(from->coef, NULL, RSAref_MAX_PLEN)) == NULL) - return (0); - return (1); -} -#endif - static int RSAref_Private_eay2ref(RSA *from, R_RSA_PRIVATE_KEY * to) { to->bits = BN_num_bits(from->n); From rsalz at openssl.org Sat Jan 24 21:27:35 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 24 Jan 2015 22:27:35 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150124212735.D405B1DF121@butler.localdomain> The branch master has been updated via c436e05bdc7f49985a750df64122c960240b3ae1 (commit) from a2b18e657ea1a932d125154f4e13ab2258796d90 (commit) - Log ----------------------------------------------------------------- commit c436e05bdc7f49985a750df64122c960240b3ae1 Author: Rich Salz Date: Sat Jan 24 16:27:03 2015 -0500 Remove unused eng_rsax and related asm file Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bn/Makefile | 2 - crypto/bn/asm/modexp512-x86_64.pl | 1497 ------------------------------------- crypto/engine/eng_rsax.c | 701 ----------------- util/pl/unix.pl | 1 - 4 files changed, 2201 deletions(-) delete mode 100644 crypto/bn/asm/modexp512-x86_64.pl delete mode 100644 crypto/engine/eng_rsax.c diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index c53b189..d1019c9 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -108,8 +108,6 @@ x86_64-mont5.s: asm/x86_64-mont5.pl $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@ x86_64-gf2m.s: asm/x86_64-gf2m.pl $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@ -modexp512-x86_64.s: asm/modexp512-x86_64.pl - $(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@ rsaz-x86_64.s: asm/rsaz-x86_64.pl $(PERL) asm/rsaz-x86_64.pl $(PERLASM_SCHEME) > $@ rsaz-avx2.s: asm/rsaz-avx2.pl diff --git a/crypto/bn/asm/modexp512-x86_64.pl b/crypto/bn/asm/modexp512-x86_64.pl deleted file mode 100644 index bfd6e97..0000000 --- a/crypto/bn/asm/modexp512-x86_64.pl +++ /dev/null @@ -1,1497 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright (c) 2010-2011 Intel Corp. -# Author: Vinodh.Gopal at intel.com -# Jim Guilford -# Erdinc.Ozturk at intel.com -# Maxim.Perminov at intel.com -# -# More information about algorithm used can be found at: -# http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf -# -# ==================================================================== -# Copyright (c) 2011 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing at OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -use strict; -my $code=".text\n\n"; -my $m=0; - -# -# Define x512 macros -# - -#MULSTEP_512_ADD MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src1, src2, add_src, tmp1, tmp2 -# -# uses rax, rdx, and args -sub MULSTEP_512_ADD -{ - my ($x, $DST, $SRC2, $ASRC, $OP, $TMP)=@_; - my @X=@$x; # make a copy -$code.=<<___; - mov (+8*0)($SRC2), %rax - mul $OP # rdx:rax = %OP * [0] - mov ($ASRC), $X[0] - add %rax, $X[0] - adc \$0, %rdx - mov $X[0], $DST -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov %rdx, $TMP - - mov (+8*$i)($SRC2), %rax - mul $OP # rdx:rax = %OP * [$i] - mov (+8*$i)($ASRC), $X[$i] - add %rax, $X[$i] - adc \$0, %rdx - add $TMP, $X[$i] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $X[0] -___ -} - -#MULSTEP_512 MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src2, src1_val, tmp -# -# uses rax, rdx, and args -sub MULSTEP_512 -{ - my ($x, $DST, $SRC2, $OP, $TMP)=@_; - my @X=@$x; # make a copy -$code.=<<___; - mov (+8*0)($SRC2), %rax - mul $OP # rdx:rax = %OP * [0] - add %rax, $X[0] - adc \$0, %rdx - mov $X[0], $DST -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov %rdx, $TMP - - mov (+8*$i)($SRC2), %rax - mul $OP # rdx:rax = %OP * [$i] - add %rax, $X[$i] - adc \$0, %rdx - add $TMP, $X[$i] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $X[0] -___ -} - -# -# Swizzle Macros -# - -# macro to copy data from flat space to swizzled table -#MACRO swizzle pDst, pSrc, tmp1, tmp2 -# pDst and pSrc are modified -sub swizzle -{ - my ($pDst, $pSrc, $cnt, $d0)=@_; -$code.=<<___; - mov \$8, $cnt -loop_$m: - mov ($pSrc), $d0 - mov $d0#w, ($pDst) - shr \$16, $d0 - mov $d0#w, (+64*1)($pDst) - shr \$16, $d0 - mov $d0#w, (+64*2)($pDst) - shr \$16, $d0 - mov $d0#w, (+64*3)($pDst) - lea 8($pSrc), $pSrc - lea 64*4($pDst), $pDst - dec $cnt - jnz loop_$m -___ - - $m++; -} - -# macro to copy data from swizzled table to flat space -#MACRO unswizzle pDst, pSrc, tmp*3 -sub unswizzle -{ - my ($pDst, $pSrc, $cnt, $d0, $d1)=@_; -$code.=<<___; - mov \$4, $cnt -loop_$m: - movzxw (+64*3+256*0)($pSrc), $d0 - movzxw (+64*3+256*1)($pSrc), $d1 - shl \$16, $d0 - shl \$16, $d1 - mov (+64*2+256*0)($pSrc), $d0#w - mov (+64*2+256*1)($pSrc), $d1#w - shl \$16, $d0 - shl \$16, $d1 - mov (+64*1+256*0)($pSrc), $d0#w - mov (+64*1+256*1)($pSrc), $d1#w - shl \$16, $d0 - shl \$16, $d1 - mov (+64*0+256*0)($pSrc), $d0#w - mov (+64*0+256*1)($pSrc), $d1#w - mov $d0, (+8*0)($pDst) - mov $d1, (+8*1)($pDst) - lea 256*2($pSrc), $pSrc - lea 8*2($pDst), $pDst - sub \$1, $cnt - jnz loop_$m -___ - - $m++; -} - -# -# Data Structures -# - -# Reduce Data -# -# -# Offset Value -# 0C0 Carries -# 0B8 X2[10] -# 0B0 X2[9] -# 0A8 X2[8] -# 0A0 X2[7] -# 098 X2[6] -# 090 X2[5] -# 088 X2[4] -# 080 X2[3] -# 078 X2[2] -# 070 X2[1] -# 068 X2[0] -# 060 X1[12] P[10] -# 058 X1[11] P[9] Z[8] -# 050 X1[10] P[8] Z[7] -# 048 X1[9] P[7] Z[6] -# 040 X1[8] P[6] Z[5] -# 038 X1[7] P[5] Z[4] -# 030 X1[6] P[4] Z[3] -# 028 X1[5] P[3] Z[2] -# 020 X1[4] P[2] Z[1] -# 018 X1[3] P[1] Z[0] -# 010 X1[2] P[0] Y[2] -# 008 X1[1] Q[1] Y[1] -# 000 X1[0] Q[0] Y[0] - -my $X1_offset = 0; # 13 qwords -my $X2_offset = $X1_offset + 13*8; # 11 qwords -my $Carries_offset = $X2_offset + 11*8; # 1 qword -my $Q_offset = 0; # 2 qwords -my $P_offset = $Q_offset + 2*8; # 11 qwords -my $Y_offset = 0; # 3 qwords -my $Z_offset = $Y_offset + 3*8; # 9 qwords - -my $Red_Data_Size = $Carries_offset + 1*8; # (25 qwords) - -# -# Stack Frame -# -# -# offset value -# ... -# ... -# 280 Garray - -# 278 tmp16[15] -# ... ... -# 200 tmp16[0] - -# 1F8 tmp[7] -# ... ... -# 1C0 tmp[0] - -# 1B8 GT[7] -# ... ... -# 180 GT[0] - -# 178 Reduce Data -# ... ... -# 0B8 Reduce Data -# 0B0 reserved -# 0A8 reserved -# 0A0 reserved -# 098 reserved -# 090 reserved -# 088 reduce result addr -# 080 exp[8] - -# ... -# 048 exp[1] -# 040 exp[0] - -# 038 reserved -# 030 loop_idx -# 028 pg -# 020 i -# 018 pData ; arg 4 -# 010 pG ; arg 2 -# 008 pResult ; arg 1 -# 000 rsp ; stack pointer before subtract - -my $rsp_offset = 0; -my $pResult_offset = 8*1 + $rsp_offset; -my $pG_offset = 8*1 + $pResult_offset; -my $pData_offset = 8*1 + $pG_offset; -my $i_offset = 8*1 + $pData_offset; -my $pg_offset = 8*1 + $i_offset; -my $loop_idx_offset = 8*1 + $pg_offset; -my $reserved1_offset = 8*1 + $loop_idx_offset; -my $exp_offset = 8*1 + $reserved1_offset; -my $red_result_addr_offset= 8*9 + $exp_offset; -my $reserved2_offset = 8*1 + $red_result_addr_offset; -my $Reduce_Data_offset = 8*5 + $reserved2_offset; -my $GT_offset = $Red_Data_Size + $Reduce_Data_offset; -my $tmp_offset = 8*8 + $GT_offset; -my $tmp16_offset = 8*8 + $tmp_offset; -my $garray_offset = 8*16 + $tmp16_offset; -my $mem_size = 8*8*32 + $garray_offset; - -# -# Offsets within Reduce Data -# -# -# struct MODF_2FOLD_MONT_512_C1_DATA { -# UINT64 t[8][8]; -# UINT64 m[8]; -# UINT64 m1[8]; /* 2^768 % m */ -# UINT64 m2[8]; /* 2^640 % m */ -# UINT64 k1[2]; /* (- 1/m) % 2^128 */ -# }; - -my $T = 0; -my $M = 512; # = 8 * 8 * 8 -my $M1 = 576; # = 8 * 8 * 9 /* += 8 * 8 */ -my $M2 = 640; # = 8 * 8 * 10 /* += 8 * 8 */ -my $K1 = 704; # = 8 * 8 * 11 /* += 8 * 8 */ - -# -# FUNCTIONS -# - -{{{ -# -# MULADD_128x512 : Function to multiply 128-bits (2 qwords) by 512-bits (8 qwords) -# and add 512-bits (8 qwords) -# to get 640 bits (10 qwords) -# Input: 128-bit mul source: [rdi+8*1], rbp -# 512-bit mul source: [rsi+8*n] -# 512-bit add source: r15, r14, ..., r9, r8 -# Output: r9, r8, r15, r14, r13, r12, r11, r10, [rcx+8*1], [rcx+8*0] -# Clobbers all regs except: rcx, rsi, rdi -$code.=<<___; -.type MULADD_128x512,\@abi-omnipotent -.align 16 -MULADD_128x512: -___ - &MULSTEP_512([map("%r$_",(8..15))], "(+8*0)(%rcx)", "%rsi", "%rbp", "%rbx"); -$code.=<<___; - mov (+8*1)(%rdi), %rbp -___ - &MULSTEP_512([map("%r$_",(9..15,8))], "(+8*1)(%rcx)", "%rsi", "%rbp", "%rbx"); -$code.=<<___; - ret -.size MULADD_128x512,.-MULADD_128x512 -___ -}}} - -{{{ -#MULADD_256x512 MACRO pDst, pA, pB, OP, TMP, X7, X6, X5, X4, X3, X2, X1, X0 -# -# Inputs: pDst: Destination (768 bits, 12 qwords) -# pA: Multiplicand (1024 bits, 16 qwords) -# pB: Multiplicand (512 bits, 8 qwords) -# Dst = Ah * B + Al -# where Ah is (in qwords) A[15:12] (256 bits) and Al is A[7:0] (512 bits) -# Results in X3 X2 X1 X0 X7 X6 X5 X4 Dst[3:0] -# Uses registers: arguments, RAX, RDX -sub MULADD_256x512 -{ - my ($pDst, $pA, $pB, $OP, $TMP, $X)=@_; -$code.=<<___; - mov (+8*12)($pA), $OP -___ - &MULSTEP_512_ADD($X, "(+8*0)($pDst)", $pB, $pA, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*13)($pA), $OP -___ - &MULSTEP_512($X, "(+8*1)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*14)($pA), $OP -___ - &MULSTEP_512($X, "(+8*2)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*15)($pA), $OP -___ - &MULSTEP_512($X, "(+8*3)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); -} - -# -# mont_reduce(UINT64 *x, /* 1024 bits, 16 qwords */ -# UINT64 *m, /* 512 bits, 8 qwords */ -# MODF_2FOLD_MONT_512_C1_DATA *data, -# UINT64 *r) /* 512 bits, 8 qwords */ -# Input: x (number to be reduced): tmp16 (Implicit) -# m (modulus): [pM] (Implicit) -# data (reduce data): [pData] (Implicit) -# Output: r (result): Address in [red_res_addr] -# result also in: r9, r8, r15, r14, r13, r12, r11, r10 - -my @X=map("%r$_",(8..15)); - -$code.=<<___; -.type mont_reduce,\@abi-omnipotent -.align 16 -mont_reduce: -___ - -my $STACK_DEPTH = 8; - # - # X1 = Xh * M1 + Xl -$code.=<<___; - lea (+$Reduce_Data_offset+$X1_offset+$STACK_DEPTH)(%rsp), %rdi # pX1 (Dst) 769 bits, 13 qwords - mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rsi # pM1 (Bsrc) 512 bits, 8 qwords - add \$$M1, %rsi - lea (+$tmp16_offset+$STACK_DEPTH)(%rsp), %rcx # X (Asrc) 1024 bits, 16 qwords - -___ - - &MULADD_256x512("%rdi", "%rcx", "%rsi", "%rbp", "%rbx", \@X); # rotates @X 4 times - # results in r11, r10, r9, r8, r15, r14, r13, r12, X1[3:0] - -$code.=<<___; - xor %rax, %rax - # X1 += xl - add (+8*8)(%rcx), $X[4] - adc (+8*9)(%rcx), $X[5] - adc (+8*10)(%rcx), $X[6] - adc (+8*11)(%rcx), $X[7] - adc \$0, %rax - # X1 is now rax, r11-r8, r15-r12, tmp16[3:0] - - # - # check for carry ;; carry stored in rax - mov $X[4], (+8*8)(%rdi) # rdi points to X1 - mov $X[5], (+8*9)(%rdi) - mov $X[6], %rbp - mov $X[7], (+8*11)(%rdi) - - mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) - - mov (+8*0)(%rdi), $X[4] - mov (+8*1)(%rdi), $X[5] - mov (+8*2)(%rdi), $X[6] - mov (+8*3)(%rdi), $X[7] - - # X1 is now stored in: X1[11], rbp, X1[9:8], r15-r8 - # rdi -> X1 - # rsi -> M1 - - # - # X2 = Xh * M2 + Xl - # do first part (X2 = Xh * M2) - add \$8*10, %rdi # rdi -> pXh ; 128 bits, 2 qwords - # Xh is actually { [rdi+8*1], rbp } - add \$`$M2-$M1`, %rsi # rsi -> M2 - lea (+$Reduce_Data_offset+$X2_offset+$STACK_DEPTH)(%rsp), %rcx # rcx -> pX2 ; 641 bits, 11 qwords -___ - unshift(@X,pop(@X)); unshift(@X,pop(@X)); -$code.=<<___; - - call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 - # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] - mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rax - - # X2 += Xl - add (+8*8-8*10)(%rdi), $X[6] # (-8*10) is to adjust rdi -> Xh to Xl - adc (+8*9-8*10)(%rdi), $X[7] - mov $X[6], (+8*8)(%rcx) - mov $X[7], (+8*9)(%rcx) - - adc %rax, %rax - mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) - - lea (+$Reduce_Data_offset+$Q_offset+$STACK_DEPTH)(%rsp), %rdi # rdi -> pQ ; 128 bits, 2 qwords - add \$`$K1-$M2`, %rsi # rsi -> pK1 ; 128 bits, 2 qwords - - # MUL_128x128t128 rdi, rcx, rsi ; Q = X2 * K1 (bottom half) - # B1:B0 = rsi[1:0] = K1[1:0] - # A1:A0 = rcx[1:0] = X2[1:0] - # Result = rdi[1],rbp = Q[1],rbp - mov (%rsi), %r8 # B0 - mov (+8*1)(%rsi), %rbx # B1 - - mov (%rcx), %rax # A0 - mul %r8 # B0 - mov %rax, %rbp - mov %rdx, %r9 - - mov (+8*1)(%rcx), %rax # A1 - mul %r8 # B0 - add %rax, %r9 - - mov (%rcx), %rax # A0 - mul %rbx # B1 - add %rax, %r9 - - mov %r9, (+8*1)(%rdi) - # end MUL_128x128t128 - - sub \$`$K1-$M`, %rsi - - mov (%rcx), $X[6] - mov (+8*1)(%rcx), $X[7] # r9:r8 = X2[1:0] - - call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 - # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] - - # load first half of m to rdx, rdi, rbx, rax - # moved this here for efficiency - mov (+8*0)(%rsi), %rax - mov (+8*1)(%rsi), %rbx - mov (+8*2)(%rsi), %rdi - mov (+8*3)(%rsi), %rdx - - # continue with reduction - mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rbp - - add (+8*8)(%rcx), $X[6] - adc (+8*9)(%rcx), $X[7] - - #accumulate the final carry to rbp - adc %rbp, %rbp - - # Add in overflow corrections: R = (X2>>128) += T[overflow] - # R = {r9, r8, r15, r14, ..., r10} - shl \$3, %rbp - mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rcx # rsi -> Data (and points to T) - add %rcx, %rbp # pT ; 512 bits, 8 qwords, spread out - - # rsi will be used to generate a mask after the addition - xor %rsi, %rsi - - add (+8*8*0)(%rbp), $X[0] - adc (+8*8*1)(%rbp), $X[1] - adc (+8*8*2)(%rbp), $X[2] - adc (+8*8*3)(%rbp), $X[3] - adc (+8*8*4)(%rbp), $X[4] - adc (+8*8*5)(%rbp), $X[5] - adc (+8*8*6)(%rbp), $X[6] - adc (+8*8*7)(%rbp), $X[7] - - # if there is a carry: rsi = 0xFFFFFFFFFFFFFFFF - # if carry is clear: rsi = 0x0000000000000000 - sbb \$0, %rsi - - # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m - and %rsi, %rax - and %rsi, %rbx - and %rsi, %rdi - and %rsi, %rdx - - mov \$1, %rbp - sub %rax, $X[0] - sbb %rbx, $X[1] - sbb %rdi, $X[2] - sbb %rdx, $X[3] - - # if there is a borrow: rbp = 0 - # if there is no borrow: rbp = 1 - # this is used to save the borrows in between the first half and the 2nd half of the subtraction of m - sbb \$0, %rbp - - #load second half of m to rdx, rdi, rbx, rax - - add \$$M, %rcx - mov (+8*4)(%rcx), %rax - mov (+8*5)(%rcx), %rbx - mov (+8*6)(%rcx), %rdi - mov (+8*7)(%rcx), %rdx - - # use the rsi mask as before - # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m - and %rsi, %rax - and %rsi, %rbx - and %rsi, %rdi - and %rsi, %rdx - - # if rbp = 0, there was a borrow before, it is moved to the carry flag - # if rbp = 1, there was not a borrow before, carry flag is cleared - sub \$1, %rbp - - sbb %rax, $X[4] - sbb %rbx, $X[5] - sbb %rdi, $X[6] - sbb %rdx, $X[7] - - # write R back to memory - - mov (+$red_result_addr_offset+$STACK_DEPTH)(%rsp), %rsi - mov $X[0], (+8*0)(%rsi) - mov $X[1], (+8*1)(%rsi) - mov $X[2], (+8*2)(%rsi) - mov $X[3], (+8*3)(%rsi) - mov $X[4], (+8*4)(%rsi) - mov $X[5], (+8*5)(%rsi) - mov $X[6], (+8*6)(%rsi) - mov $X[7], (+8*7)(%rsi) - - ret -.size mont_reduce,.-mont_reduce -___ -}}} - -{{{ -#MUL_512x512 MACRO pDst, pA, pB, x7, x6, x5, x4, x3, x2, x1, x0, tmp*2 -# -# Inputs: pDst: Destination (1024 bits, 16 qwords) -# pA: Multiplicand (512 bits, 8 qwords) -# pB: Multiplicand (512 bits, 8 qwords) -# Uses registers rax, rdx, args -# B operand in [pB] and also in x7...x0 -sub MUL_512x512 -{ - my ($pDst, $pA, $pB, $x, $OP, $TMP, $pDst_o)=@_; - my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); - my @X=@$x; # make a copy - -$code.=<<___; - mov (+8*0)($pA), $OP - - mov $X[0], %rax - mul $OP # rdx:rax = %OP * [0] - mov %rax, (+$pDst_o+8*0)($pDst) - mov %rdx, $X[0] -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov $X[$i], %rax - mul $OP # rdx:rax = %OP * [$i] - add %rax, $X[$i-1] - adc \$0, %rdx - mov %rdx, $X[$i] -___ -} - -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov (+8*$i)($pA), $OP -___ - - &MULSTEP_512(\@X, "(+$pDst_o+8*$i)($pDst)", $pB, $OP, $TMP); - push(@X,shift(@X)); -} - -$code.=<<___; - mov $X[0], (+$pDst_o+8*8)($pDst) - mov $X[1], (+$pDst_o+8*9)($pDst) - mov $X[2], (+$pDst_o+8*10)($pDst) - mov $X[3], (+$pDst_o+8*11)($pDst) - mov $X[4], (+$pDst_o+8*12)($pDst) - mov $X[5], (+$pDst_o+8*13)($pDst) - mov $X[6], (+$pDst_o+8*14)($pDst) - mov $X[7], (+$pDst_o+8*15)($pDst) -___ -} - -# -# mont_mul_a3b : subroutine to compute (Src1 * Src2) % M (all 512-bits) -# Input: src1: Address of source 1: rdi -# src2: Address of source 2: rsi -# Output: dst: Address of destination: [red_res_addr] -# src2 and result also in: r9, r8, r15, r14, r13, r12, r11, r10 -# Temp: Clobbers [tmp16], all registers -$code.=<<___; -.type mont_mul_a3b,\@abi-omnipotent -.align 16 -mont_mul_a3b: - # - # multiply tmp = src1 * src2 - # For multiply: dst = rcx, src1 = rdi, src2 = rsi - # stack depth is extra 8 from call -___ - &MUL_512x512("%rsp+$tmp16_offset+8", "%rdi", "%rsi", [map("%r$_",(10..15,8..9))], "%rbp", "%rbx"); -$code.=<<___; - # - # Dst = tmp % m - # Call reduce(tmp, m, data, dst) - - # tail recursion optimization: jmp to mont_reduce and return from there - jmp mont_reduce - # call mont_reduce - # ret -.size mont_mul_a3b,.-mont_mul_a3b -___ -}}} - -{{{ -#SQR_512 MACRO pDest, pA, x7, x6, x5, x4, x3, x2, x1, x0, tmp*4 -# -# Input in memory [pA] and also in x7...x0 -# Uses all argument registers plus rax and rdx -# -# This version computes all of the off-diagonal terms into memory, -# and then it adds in the diagonal terms - -sub SQR_512 -{ - my ($pDst, $pA, $x, $A, $tmp, $x7, $x6, $pDst_o)=@_; - my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); - my @X=@$x; # make a copy -$code.=<<___; - # ------------------ - # first pass 01...07 - # ------------------ - mov $X[0], $A - - mov $X[1],%rax - mul $A - mov %rax, (+$pDst_o+8*1)($pDst) -___ -for(my $i=2;$i<8;$i++) { -$code.=<<___; - mov %rdx, $X[$i-2] - mov $X[$i],%rax - mul $A - add %rax, $X[$i-2] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $x7 - - mov $X[0], (+$pDst_o+8*2)($pDst) - - # ------------------ - # second pass 12...17 - # ------------------ - - mov (+8*1)($pA), $A - - mov (+8*2)($pA),%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*3)($pDst) - - mov %rdx, $X[0] - mov (+8*3)($pA),%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*4)($pDst) - - mov %rdx, $X[0] - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[3] - adc \$0, %rdx - add $X[0], $X[3] - adc \$0, %rdx - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[4] - adc \$0, %rdx - add $X[0], $X[4] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - - mov %rdx, $X[1] - - # ------------------ - # third pass 23...27 - # ------------------ - mov (+8*2)($pA), $A - - mov (+8*3)($pA),%rax - mul $A - add %rax, $X[3] - adc \$0, %rdx - mov $X[3], (+$pDst_o+8*5)($pDst) - - mov %rdx, $X[0] - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[4] - adc \$0, %rdx - add $X[0], $X[4] - adc \$0, %rdx - mov $X[4], (+$pDst_o+8*6)($pDst) - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - - mov %rdx, $X[2] - - # ------------------ - # fourth pass 34...37 - # ------------------ - - mov (+8*3)($pA), $A - - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - mov $X[5], (+$pDst_o+8*7)($pDst) - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - mov $x7, (+$pDst_o+8*8)($pDst) - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - - mov %rdx, $X[5] - - # ------------------ - # fifth pass 45...47 - # ------------------ - mov (+8*4)($pA), $A - - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*9)($pDst) - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*10)($pDst) - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[1] - - # ------------------ - # sixth pass 56...57 - # ------------------ - mov (+8*5)($pA), $A - - mov $X[6],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - mov $X[5], (+$pDst_o+8*11)($pDst) - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*12)($pDst) - - mov %rdx, $X[2] - - # ------------------ - # seventh pass 67 - # ------------------ - mov $X[6], $A - - mov $X[7],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*13)($pDst) - - mov %rdx, (+$pDst_o+8*14)($pDst) - - # start finalize (add in squares, and double off-terms) - mov (+$pDst_o+8*1)($pDst), $X[0] - mov (+$pDst_o+8*2)($pDst), $X[1] - mov (+$pDst_o+8*3)($pDst), $X[2] - mov (+$pDst_o+8*4)($pDst), $X[3] - mov (+$pDst_o+8*5)($pDst), $X[4] - mov (+$pDst_o+8*6)($pDst), $X[5] - - mov (+8*3)($pA), %rax - mul %rax - mov %rax, $x6 - mov %rdx, $X[6] - - add $X[0], $X[0] - adc $X[1], $X[1] - adc $X[2], $X[2] - adc $X[3], $X[3] - adc $X[4], $X[4] - adc $X[5], $X[5] - adc \$0, $X[6] - - mov (+8*0)($pA), %rax - mul %rax - mov %rax, (+$pDst_o+8*0)($pDst) - mov %rdx, $A - - mov (+8*1)($pA), %rax - mul %rax - - add $A, $X[0] - adc %rax, $X[1] - adc \$0, %rdx - - mov %rdx, $A - mov $X[0], (+$pDst_o+8*1)($pDst) - mov $X[1], (+$pDst_o+8*2)($pDst) - - mov (+8*2)($pA), %rax - mul %rax - - add $A, $X[2] - adc %rax, $X[3] - adc \$0, %rdx - - mov %rdx, $A - - mov $X[2], (+$pDst_o+8*3)($pDst) - mov $X[3], (+$pDst_o+8*4)($pDst) - - xor $tmp, $tmp - add $A, $X[4] - adc $x6, $X[5] - adc \$0, $tmp - - mov $X[4], (+$pDst_o+8*5)($pDst) - mov $X[5], (+$pDst_o+8*6)($pDst) - - # %%tmp has 0/1 in column 7 - # %%A6 has a full value in column 7 - - mov (+$pDst_o+8*7)($pDst), $X[0] - mov (+$pDst_o+8*8)($pDst), $X[1] - mov (+$pDst_o+8*9)($pDst), $X[2] - mov (+$pDst_o+8*10)($pDst), $X[3] - mov (+$pDst_o+8*11)($pDst), $X[4] - mov (+$pDst_o+8*12)($pDst), $X[5] - mov (+$pDst_o+8*13)($pDst), $x6 - mov (+$pDst_o+8*14)($pDst), $x7 - - mov $X[7], %rax - mul %rax - mov %rax, $X[7] - mov %rdx, $A - - add $X[0], $X[0] - adc $X[1], $X[1] - adc $X[2], $X[2] - adc $X[3], $X[3] - adc $X[4], $X[4] - adc $X[5], $X[5] - adc $x6, $x6 - adc $x7, $x7 - adc \$0, $A - - add $tmp, $X[0] - - mov (+8*4)($pA), %rax - mul %rax - - add $X[6], $X[0] - adc %rax, $X[1] - adc \$0, %rdx - - mov %rdx, $tmp - - mov $X[0], (+$pDst_o+8*7)($pDst) - mov $X[1], (+$pDst_o+8*8)($pDst) - - mov (+8*5)($pA), %rax - mul %rax - - add $tmp, $X[2] - adc %rax, $X[3] - adc \$0, %rdx - - mov %rdx, $tmp - - mov $X[2], (+$pDst_o+8*9)($pDst) - mov $X[3], (+$pDst_o+8*10)($pDst) - - mov (+8*6)($pA), %rax - mul %rax - - add $tmp, $X[4] - adc %rax, $X[5] - adc \$0, %rdx - - mov $X[4], (+$pDst_o+8*11)($pDst) - mov $X[5], (+$pDst_o+8*12)($pDst) - - add %rdx, $x6 - adc $X[7], $x7 - adc \$0, $A - - mov $x6, (+$pDst_o+8*13)($pDst) - mov $x7, (+$pDst_o+8*14)($pDst) - mov $A, (+$pDst_o+8*15)($pDst) -___ -} - -# -# sqr_reduce: subroutine to compute Result = reduce(Result * Result) -# -# input and result also in: r9, r8, r15, r14, r13, r12, r11, r10 -# -$code.=<<___; -.type sqr_reduce,\@abi-omnipotent -.align 16 -sqr_reduce: - mov (+$pResult_offset+8)(%rsp), %rcx -___ - &SQR_512("%rsp+$tmp16_offset+8", "%rcx", [map("%r$_",(10..15,8..9))], "%rbx", "%rbp", "%rsi", "%rdi"); -$code.=<<___; - # tail recursion optimization: jmp to mont_reduce and return from there - jmp mont_reduce - # call mont_reduce - # ret -.size sqr_reduce,.-sqr_reduce -___ -}}} - -# -# MAIN FUNCTION -# - -#mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ -# UINT64 *g, /* 512 bits, 8 qwords */ -# UINT64 *exp, /* 512 bits, 8 qwords */ -# struct mod_ctx_512 *data) - -# window size = 5 -# table size = 2^5 = 32 -#table_entries equ 32 -#table_size equ table_entries * 8 -$code.=<<___; -.globl mod_exp_512 -.type mod_exp_512,\@function,4 -mod_exp_512: - push %rbp - push %rbx - push %r12 - push %r13 - push %r14 - push %r15 - - # adjust stack down and then align it with cache boundary - mov %rsp, %r8 - sub \$$mem_size, %rsp - and \$-64, %rsp - - # store previous stack pointer and arguments - mov %r8, (+$rsp_offset)(%rsp) - mov %rdi, (+$pResult_offset)(%rsp) - mov %rsi, (+$pG_offset)(%rsp) - mov %rcx, (+$pData_offset)(%rsp) -.Lbody: - # transform g into montgomery space - # GT = reduce(g * C2) = reduce(g * (2^256)) - # reduce expects to have the input in [tmp16] - pxor %xmm4, %xmm4 - movdqu (+16*0)(%rsi), %xmm0 - movdqu (+16*1)(%rsi), %xmm1 - movdqu (+16*2)(%rsi), %xmm2 - movdqu (+16*3)(%rsi), %xmm3 - movdqa %xmm4, (+$tmp16_offset+16*0)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*1)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) - movdqa %xmm0, (+$tmp16_offset+16*2)(%rsp) - movdqa %xmm1, (+$tmp16_offset+16*3)(%rsp) - movdqa %xmm2, (+$tmp16_offset+16*4)(%rsp) - movdqa %xmm3, (+$tmp16_offset+16*5)(%rsp) - - # load pExp before rdx gets blown away - movdqu (+16*0)(%rdx), %xmm0 - movdqu (+16*1)(%rdx), %xmm1 - movdqu (+16*2)(%rdx), %xmm2 - movdqu (+16*3)(%rdx), %xmm3 - - lea (+$GT_offset)(%rsp), %rbx - mov %rbx, (+$red_result_addr_offset)(%rsp) - call mont_reduce - - # Initialize tmp = C - lea (+$tmp_offset)(%rsp), %rcx - xor %rax, %rax - mov %rax, (+8*0)(%rcx) - mov %rax, (+8*1)(%rcx) - mov %rax, (+8*3)(%rcx) - mov %rax, (+8*4)(%rcx) - mov %rax, (+8*5)(%rcx) - mov %rax, (+8*6)(%rcx) - mov %rax, (+8*7)(%rcx) - mov %rax, (+$exp_offset+8*8)(%rsp) - movq \$1, (+8*2)(%rcx) - - lea (+$garray_offset)(%rsp), %rbp - mov %rcx, %rsi # pTmp - mov %rbp, %rdi # Garray[][0] -___ - - &swizzle("%rdi", "%rcx", "%rax", "%rbx"); - - # for (rax = 31; rax != 0; rax--) { - # tmp = reduce(tmp * G) - # swizzle(pg, tmp); - # pg += 2; } -$code.=<<___; - mov \$31, %rax - mov %rax, (+$i_offset)(%rsp) - mov %rbp, (+$pg_offset)(%rsp) - # rsi -> pTmp - mov %rsi, (+$red_result_addr_offset)(%rsp) - mov (+8*0)(%rsi), %r10 - mov (+8*1)(%rsi), %r11 - mov (+8*2)(%rsi), %r12 - mov (+8*3)(%rsi), %r13 - mov (+8*4)(%rsi), %r14 - mov (+8*5)(%rsi), %r15 - mov (+8*6)(%rsi), %r8 - mov (+8*7)(%rsi), %r9 -init_loop: - lea (+$GT_offset)(%rsp), %rdi - call mont_mul_a3b - lea (+$tmp_offset)(%rsp), %rsi - mov (+$pg_offset)(%rsp), %rbp - add \$2, %rbp - mov %rbp, (+$pg_offset)(%rsp) - mov %rsi, %rcx # rcx = rsi = addr of tmp -___ - - &swizzle("%rbp", "%rcx", "%rax", "%rbx"); -$code.=<<___; - mov (+$i_offset)(%rsp), %rax - sub \$1, %rax - mov %rax, (+$i_offset)(%rsp) - jne init_loop - - # - # Copy exponent onto stack - movdqa %xmm0, (+$exp_offset+16*0)(%rsp) - movdqa %xmm1, (+$exp_offset+16*1)(%rsp) - movdqa %xmm2, (+$exp_offset+16*2)(%rsp) - movdqa %xmm3, (+$exp_offset+16*3)(%rsp) - - - # - # Do exponentiation - # Initialize result to G[exp{511:507}] - mov (+$exp_offset+62)(%rsp), %eax - mov %rax, %rdx - shr \$11, %rax - and \$0x07FF, %edx - mov %edx, (+$exp_offset+62)(%rsp) - lea (+$garray_offset)(%rsp,%rax,2), %rsi - mov (+$pResult_offset)(%rsp), %rdx -___ - - &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); - - # - # Loop variables - # rcx = [loop_idx] = index: 510-5 to 0 by 5 -$code.=<<___; - movq \$505, (+$loop_idx_offset)(%rsp) - - mov (+$pResult_offset)(%rsp), %rcx - mov %rcx, (+$red_result_addr_offset)(%rsp) - mov (+8*0)(%rcx), %r10 - mov (+8*1)(%rcx), %r11 - mov (+8*2)(%rcx), %r12 - mov (+8*3)(%rcx), %r13 - mov (+8*4)(%rcx), %r14 - mov (+8*5)(%rcx), %r15 - mov (+8*6)(%rcx), %r8 - mov (+8*7)(%rcx), %r9 - jmp sqr_2 - -main_loop_a3b: - call sqr_reduce - call sqr_reduce - call sqr_reduce -sqr_2: - call sqr_reduce - call sqr_reduce - - # - # Do multiply, first look up proper value in Garray - mov (+$loop_idx_offset)(%rsp), %rcx # bit index - mov %rcx, %rax - shr \$4, %rax # rax is word pointer - mov (+$exp_offset)(%rsp,%rax,2), %edx - and \$15, %rcx - shrq %cl, %rdx - and \$0x1F, %rdx - - lea (+$garray_offset)(%rsp,%rdx,2), %rsi - lea (+$tmp_offset)(%rsp), %rdx - mov %rdx, %rdi -___ - - &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); - # rdi = tmp = pG - - # - # Call mod_mul_a1(pDst, pSrc1, pSrc2, pM, pData) - # result result pG M Data -$code.=<<___; - mov (+$pResult_offset)(%rsp), %rsi - call mont_mul_a3b - - # - # finish loop - mov (+$loop_idx_offset)(%rsp), %rcx - sub \$5, %rcx - mov %rcx, (+$loop_idx_offset)(%rsp) - jge main_loop_a3b - - # - -end_main_loop_a3b: - # transform result out of Montgomery space - # result = reduce(result) - mov (+$pResult_offset)(%rsp), %rdx - pxor %xmm4, %xmm4 - movdqu (+16*0)(%rdx), %xmm0 - movdqu (+16*1)(%rdx), %xmm1 - movdqu (+16*2)(%rdx), %xmm2 - movdqu (+16*3)(%rdx), %xmm3 - movdqa %xmm4, (+$tmp16_offset+16*4)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*5)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) - movdqa %xmm0, (+$tmp16_offset+16*0)(%rsp) - movdqa %xmm1, (+$tmp16_offset+16*1)(%rsp) - movdqa %xmm2, (+$tmp16_offset+16*2)(%rsp) - movdqa %xmm3, (+$tmp16_offset+16*3)(%rsp) - call mont_reduce - - # If result > m, subract m - # load result into r15:r8 - mov (+$pResult_offset)(%rsp), %rax - mov (+8*0)(%rax), %r8 - mov (+8*1)(%rax), %r9 - mov (+8*2)(%rax), %r10 - mov (+8*3)(%rax), %r11 - mov (+8*4)(%rax), %r12 - mov (+8*5)(%rax), %r13 - mov (+8*6)(%rax), %r14 - mov (+8*7)(%rax), %r15 - - # subtract m - mov (+$pData_offset)(%rsp), %rbx - add \$$M, %rbx - - sub (+8*0)(%rbx), %r8 - sbb (+8*1)(%rbx), %r9 - sbb (+8*2)(%rbx), %r10 - sbb (+8*3)(%rbx), %r11 - sbb (+8*4)(%rbx), %r12 - sbb (+8*5)(%rbx), %r13 - sbb (+8*6)(%rbx), %r14 - sbb (+8*7)(%rbx), %r15 - - # if Carry is clear, replace result with difference - mov (+8*0)(%rax), %rsi - mov (+8*1)(%rax), %rdi - mov (+8*2)(%rax), %rcx - mov (+8*3)(%rax), %rdx - cmovnc %r8, %rsi - cmovnc %r9, %rdi - cmovnc %r10, %rcx - cmovnc %r11, %rdx - mov %rsi, (+8*0)(%rax) - mov %rdi, (+8*1)(%rax) - mov %rcx, (+8*2)(%rax) - mov %rdx, (+8*3)(%rax) - - mov (+8*4)(%rax), %rsi - mov (+8*5)(%rax), %rdi - mov (+8*6)(%rax), %rcx - mov (+8*7)(%rax), %rdx - cmovnc %r12, %rsi - cmovnc %r13, %rdi - cmovnc %r14, %rcx - cmovnc %r15, %rdx - mov %rsi, (+8*4)(%rax) - mov %rdi, (+8*5)(%rax) - mov %rcx, (+8*6)(%rax) - mov %rdx, (+8*7)(%rax) - - mov (+$rsp_offset)(%rsp), %rsi - mov 0(%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbx - mov 40(%rsi),%rbp - lea 48(%rsi),%rsp -.Lepilogue: - ret -.size mod_exp_512, . - mod_exp_512 -___ - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -my $rec="%rcx"; -my $frame="%rdx"; -my $context="%r8"; -my $disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type mod_exp_512_se_handler,\@abi-omnipotent -.align 16 -mod_exp_512_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lbody(%rip),%r10 - cmp %r10,%rbx # context->RipRsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov $rsp_offset(%rax),%rax # pull saved Rsp - - mov 32(%rax),%rbx - mov 40(%rax),%rbp - mov 24(%rax),%r12 - mov 16(%rax),%r13 - mov 8(%rax),%r14 - mov 0(%rax),%r15 - lea 48(%rax),%rax - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size mod_exp_512_se_handler,.-mod_exp_512_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_mod_exp_512 - .rva .LSEH_end_mod_exp_512 - .rva .LSEH_info_mod_exp_512 - -.section .xdata -.align 8 -.LSEH_info_mod_exp_512: - .byte 9,0,0,0 - .rva mod_exp_512_se_handler -___ -} - -sub reg_part { -my ($reg,$conv)=@_; - if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } - elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } - elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } - elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } - return $reg; -} - -$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/(\(\+[^)]+\))/eval $1/gem; -print $code; -close STDOUT; diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c deleted file mode 100644 index 86ee9d8..0000000 --- a/crypto/engine/eng_rsax.c +++ /dev/null @@ -1,701 +0,0 @@ -/* crypto/engine/eng_rsax.c */ -/* Copyright (c) 2010-2010 Intel Corp. - * Author: Vinodh.Gopal at intel.com - * Jim Guilford - * Erdinc.Ozturk at intel.com - * Maxim.Perminov at intel.com - * Ying.Huang at intel.com - * - * More information about algorithm used can be found at: - * http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - */ - -#include - -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_RSA -# include -#endif -#include -#include - -/* RSAX is available **ONLY* on x86_64 CPUs */ -#undef COMPILE_RSAX - -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM) -# define COMPILE_RSAX -static ENGINE *ENGINE_rsax(void); -#endif - -void ENGINE_load_rsax(void) -{ -/* On non-x86 CPUs it just returns. */ -#ifdef COMPILE_RSAX - ENGINE *toadd = ENGINE_rsax(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -#endif -} - -#ifdef COMPILE_RSAX -# define E_RSAX_LIB_NAME "rsax engine" - -static int e_rsax_destroy(ENGINE *e); -static int e_rsax_init(ENGINE *e); -static int e_rsax_finish(ENGINE *e); -static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -static int e_rsax_rsa_finish(RSA *r); -# endif - -static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = { - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD e_rsax_rsa = { - "Intel RSA-X method", - NULL, - NULL, - NULL, - NULL, - e_rsax_rsa_mod_exp, - NULL, - NULL, - e_rsax_rsa_finish, - RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE, - NULL, - NULL, - NULL -}; -# endif - -/* Constants used when creating the ENGINE */ -static const char *engine_e_rsax_id = "rsax"; -static const char *engine_e_rsax_name = "RSAX engine support"; - -/* This internal function is used by ENGINE_rsax() */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif - if (!ENGINE_set_id(e, engine_e_rsax_id) || - !ENGINE_set_name(e, engine_e_rsax_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &e_rsax_rsa) || -# endif - !ENGINE_set_destroy_function(e, e_rsax_destroy) || - !ENGINE_set_init_function(e, e_rsax_init) || - !ENGINE_set_finish_function(e, e_rsax_finish) || - !ENGINE_set_ctrl_function(e, e_rsax_ctrl) || - !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - meth1 = RSA_PKCS1_SSLeay(); - e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec; - e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp; -# endif - return 1; -} - -static ENGINE *ENGINE_rsax(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -# ifndef OPENSSL_NO_RSA -/* Used to attach our own key-data to an RSA structure */ -static int rsax_ex_data_idx = -1; -# endif - -static int e_rsax_destroy(ENGINE *e) -{ - return 1; -} - -/* (de)initialisation functions. */ -static int e_rsax_init(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - if (rsax_ex_data_idx == -1) - rsax_ex_data_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL); -# endif - if (rsax_ex_data_idx == -1) - return 0; - return 1; -} - -static int e_rsax_finish(ENGINE *e) -{ - return 1; -} - -static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int to_return = 1; - - switch (cmd) { - /* The command isn't understood by this engine */ - default: - to_return = 0; - break; - } - - return to_return; -} - -# ifndef OPENSSL_NO_RSA - -# ifdef _WIN32 -typedef unsigned __int64 UINT64; -# else -typedef unsigned long long UINT64; -# endif -typedef unsigned short UINT16; - -/* - * Table t is interleaved in the following manner: The order in memory is - * t[0][0], t[0][1], ..., t[0][7], t[1][0], ... A particular 512-bit value is - * stored in t[][index] rather than the more normal t[index][]; i.e. the - * qwords of a particular entry in t are not adjacent in memory - */ - -/* Init BIGNUM b from the interleaved UINT64 array */ -static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array); - -/* - * Extract array elements from BIGNUM b To set the whole array from b, call - * with n=8 - */ -static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, - UINT64 *array); - -struct mod_ctx_512 { - UINT64 t[8][8]; - UINT64 m[8]; - UINT64 m1[8]; /* 2^278 % m */ - UINT64 m2[8]; /* 2^640 % m */ - UINT64 k1[2]; /* (- 1/m) % 2^128 */ -}; - -static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data); - -void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ - UINT64 *g, /* 512 bits, 8 qwords */ - UINT64 *exp, /* 512 bits, 8 qwords */ - struct mod_ctx_512 *data); - -typedef struct st_e_rsax_mod_ctx { - UINT64 type; - union { - struct mod_ctx_512 b512; - } ctx; - -} E_RSAX_MOD_CTX; - -static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM *m) -{ - E_RSAX_MOD_CTX *hptr; - - if (idx < 0 || idx > 2) - return NULL; - - hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); - if (!hptr) { - hptr = OPENSSL_malloc(3 * sizeof(E_RSAX_MOD_CTX)); - if (!hptr) - return NULL; - hptr[2].type = hptr[1].type = hptr[0].type = 0; - RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr); - } - - if (hptr[idx].type == (UINT64)BN_num_bits(m)) - return hptr + idx; - - if (BN_num_bits(m) == 512) { - UINT64 _m[8]; - bn_extract_to_array_512(m, 8, _m); - memset(&hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512)); - mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512); - } - - hptr[idx].type = BN_num_bits(m); - return hptr + idx; -} - -static int e_rsax_rsa_finish(RSA *rsa) -{ - E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); - if (hptr) { - OPENSSL_free(hptr); - RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL); - } - if (rsa->_method_mod_n) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q) - BN_MONT_CTX_free(rsa->_method_mod_q); - return 1; -} - -static int e_rsax_bn_mod_exp(BIGNUM *r, const BIGNUM *g, const BIGNUM *e, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont, - E_RSAX_MOD_CTX *rsax_mod_ctx) -{ - if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) { - if (BN_num_bits(m) == 512) { - UINT64 _r[8]; - UINT64 _g[8]; - UINT64 _e[8]; - - /* Init the arrays from the BIGNUMs */ - bn_extract_to_array_512(g, 8, _g); - bn_extract_to_array_512(e, 8, _e); - - mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512); - /* Return the result in the BIGNUM */ - interleaved_array_to_bn_512(r, _r); - return 1; - } - } - - return BN_mod_exp_mont(r, g, e, m, ctx, in_mont); -} - -/* - * Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular - * exponentiation routine precalculations and a structure to hold the - * necessary values. These files are meant to live in crypto/rsa/ in the - * target openssl. - */ - -/* - * Local method: extracts a piece from a BIGNUM, to fit it into - * an array. Call with n=8 to extract an entire 512-bit BIGNUM - */ -static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, - UINT64 *array) -{ - int i; - UINT64 tmp; - unsigned char bn_buff[64]; - memset(bn_buff, 0, 64); - if (BN_num_bytes(b) > 64) { - printf("Can't support this byte size\n"); - return 0; - } - if (BN_num_bytes(b) != 0) { - if (!BN_bn2bin(b, bn_buff + (64 - BN_num_bytes(b)))) { - printf("Error's in bn2bin\n"); - /* We have to error, here */ - return 0; - } - } - while (n-- > 0) { - array[n] = 0; - for (i = 7; i >= 0; i--) { - tmp = bn_buff[63 - (n * 8 + i)]; - array[n] |= tmp << (8 * i); - } - } - return 1; -} - -/* Init a 512-bit BIGNUM from the UINT64*_ (8 * 64) interleaved array */ -static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array) -{ - unsigned char tmp[64]; - int n = 8; - int i; - while (n-- > 0) { - for (i = 7; i >= 0; i--) { - tmp[63 - (n * 8 + i)] = (unsigned char)(array[n] >> (8 * i)); - }} - BN_bin2bn(tmp, 64, b); - return 0; -} - -/* The main 512bit precompute call */ -static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data) -{ - BIGNUM two_768, two_640, two_128, two_512, tmp, _m, tmp2; - - /* We need a BN_CTX for the modulo functions */ - BN_CTX *ctx; - /* Some tmps */ - UINT64 _t[8]; - int i, j, ret = 0; - - /* Init _m with m */ - BN_init(&_m); - interleaved_array_to_bn_512(&_m, m); - memset(_t, 0, 64); - - /* Inits */ - BN_init(&two_768); - BN_init(&two_640); - BN_init(&two_128); - BN_init(&two_512); - BN_init(&tmp); - BN_init(&tmp2); - - /* Create our context */ - if ((ctx = BN_CTX_new()) == NULL) { - goto err; - } - BN_CTX_start(ctx); - - /* - * For production, if you care, these only need to be set once, - * and may be made constants. - */ - BN_lshift(&two_768, BN_value_one(), 768); - BN_lshift(&two_640, BN_value_one(), 640); - BN_lshift(&two_128, BN_value_one(), 128); - BN_lshift(&two_512, BN_value_one(), 512); - - if (0 == (m[7] & 0x8000000000000000)) { - goto err; - } - if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */ - goto err; - } - - /* Precompute m1 */ - BN_mod(&tmp, &two_768, &_m, ctx); - if (!bn_extract_to_array_512(&tmp, 8, &data->m1[0])) { - goto err; - } - - /* Precompute m2 */ - BN_mod(&tmp, &two_640, &_m, ctx); - if (!bn_extract_to_array_512(&tmp, 8, &data->m2[0])) { - goto err; - } - - /* - * Precompute k1, a 128b number = ((-1)* m-1 ) mod 2128; k1 should - * be non-negative. - */ - BN_mod_inverse(&tmp, &_m, &two_128, ctx); - if (!BN_is_zero(&tmp)) { - BN_sub(&tmp, &two_128, &tmp); - } - if (!bn_extract_to_array_512(&tmp, 2, &data->k1[0])) { - goto err; - } - - /* Precompute t */ - for (i = 0; i < 8; i++) { - BN_zero(&tmp); - if (i & 1) { - BN_add(&tmp, &two_512, &tmp); - } - if (i & 2) { - BN_add(&tmp, &two_512, &tmp); - } - if (i & 4) { - BN_add(&tmp, &two_640, &tmp); - } - - BN_nnmod(&tmp2, &tmp, &_m, ctx); - if (!bn_extract_to_array_512(&tmp2, 8, _t)) { - goto err; - } - for (j = 0; j < 8; j++) - data->t[j][i] = _t[j]; - } - - /* Precompute m */ - for (i = 0; i < 8; i++) { - data->m[i] = m[i]; - } - - ret = 1; - - err: - /* Cleanup */ - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - BN_free(&two_768); - BN_free(&two_640); - BN_free(&two_128); - BN_free(&two_512); - BN_free(&tmp); - BN_free(&tmp2); - BN_free(&_m); - - return ret; -} - -static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - BIGNUM *r1, *m1, *vrfy; - BIGNUM local_dmp1, local_dmq1, local_c, local_r1; - BIGNUM *dmp1, *dmq1, *c, *pr1; - int ret = 0; - - BN_CTX_start(ctx); - r1 = BN_CTX_get(ctx); - m1 = BN_CTX_get(ctx); - vrfy = BN_CTX_get(ctx); - - { - BIGNUM local_p, local_q; - BIGNUM *p = NULL, *q = NULL; - int error = 0; - - /* - * Make sure BN_mod_inverse in Montgomery intialization uses the - * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) - */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - BN_init(&local_p); - p = &local_p; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - - BN_init(&local_q); - q = &local_q; - BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); - } else { - p = rsa->p; - q = rsa->q; - } - - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) - error = 1; - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) - error = 1; - } - - /* clean up */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - BN_free(&local_p); - BN_free(&local_q); - } - if (error) - goto err; - } - - if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) - goto err; - - /* compute I mod q */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->q, ctx)) - goto err; - } else { - if (!BN_mod(r1, I, rsa->q, ctx)) - goto err; - } - - /* compute r1^dmq1 mod q */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - dmq1 = &local_dmq1; - BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); - } else - dmq1 = rsa->dmq1; - - if (!e_rsax_bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, - rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0, - rsa->q))) - goto err; - - /* compute I mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->p, ctx)) - goto err; - } else { - if (!BN_mod(r1, I, rsa->p, ctx)) - goto err; - } - - /* compute r1^dmp1 mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - dmp1 = &local_dmp1; - BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); - } else - dmp1 = rsa->dmp1; - - if (!e_rsax_bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, - rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1, - rsa->p))) - goto err; - - if (!BN_sub(r0, r0, m1)) - goto err; - /* - * This will help stop the size of r0 increasing, which does affect the - * multiply if it optimised for a power of 2 size - */ - if (BN_is_negative(r0)) - if (!BN_add(r0, r0, rsa->p)) - goto err; - - if (!BN_mul(r1, r0, rsa->iqmp, ctx)) - goto err; - - /* Turn BN_FLG_CONSTTIME flag on before division operation */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - pr1 = &local_r1; - BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); - } else - pr1 = r1; - if (!BN_mod(r0, pr1, rsa->p, ctx)) - goto err; - - /* - * If p < q it is occasionally possible for the correction of adding 'p' - * if r0 is negative above to leave the result still negative. This can - * break the private key operations: the following second correction - * should *always* correct this rare occurrence. This will *never* happen - * with OpenSSL generated keys because they ensure p > q [steve] - */ - if (BN_is_negative(r0)) - if (!BN_add(r0, r0, rsa->p)) - goto err; - if (!BN_mul(r1, r0, rsa->q, ctx)) - goto err; - if (!BN_add(r0, r1, m1)) - goto err; - - if (rsa->e && rsa->n) { - if (!e_rsax_bn_mod_exp - (vrfy, r0, rsa->e, rsa->n, ctx, rsa->_method_mod_n, - e_rsax_get_ctx(rsa, 2, rsa->n))) - goto err; - - /* - * If 'I' was greater than (or equal to) rsa->n, the operation will - * be equivalent to using 'I mod n'. However, the result of the - * verify will *always* be less than 'n' so we don't check for - * absolute equality, just congruency. - */ - if (!BN_sub(vrfy, vrfy, I)) - goto err; - if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) - goto err; - if (BN_is_negative(vrfy)) - if (!BN_add(vrfy, vrfy, rsa->n)) - goto err; - if (!BN_is_zero(vrfy)) { - /* - * 'I' and 'vrfy' aren't congruent mod n. Don't leak - * miscalculated CRT output, just do a raw (slower) mod_exp and - * return that instead. - */ - - BIGNUM local_d; - BIGNUM *d = NULL; - - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } else - d = rsa->d; - if (!e_rsax_bn_mod_exp(r0, I, d, rsa->n, ctx, - rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, - rsa->n))) - goto err; - } - } - ret = 1; - - err: - BN_CTX_end(ctx); - - return ret; -} -# endif /* !OPENSSL_NO_RSA */ -#endif /* !COMPILE_RSAX */ diff --git a/util/pl/unix.pl b/util/pl/unix.pl index c975cb8..df4de71 100644 --- a/util/pl/unix.pl +++ b/util/pl/unix.pl @@ -59,7 +59,6 @@ $bf_enc_src=""; 'x86_64-mont' => 'crypto/bn', 'x86_64-mont5' => 'crypto/bn', 'x86_64-gf2m' => 'crypto/bn', - 'modexp512-x86_64' => 'crypto/bn', 'aes-x86_64' => 'crypto/aes', 'vpaes-x86_64' => 'crypto/aes', 'bsaes-x86_64' => 'crypto/aes', From rsalz at openssl.org Sat Jan 24 21:35:29 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 24 Jan 2015 22:35:29 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150124213530.29C9E1DF121@butler.localdomain> The branch master has been updated via 8de24b792743d11e1d5a0dcd336a49368750c577 (commit) from c436e05bdc7f49985a750df64122c960240b3ae1 (commit) - Log ----------------------------------------------------------------- commit 8de24b792743d11e1d5a0dcd336a49368750c577 Author: Rich Salz Date: Sat Jan 24 16:35:07 2015 -0500 undef cleanup: use memmove Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/stack/stack.c | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 47457c7..758ace9 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -55,17 +55,6 @@ * copied and put under another distribution licence * [including the GNU Public Licence.] */ - -/*- - * Code for stacks - * Author - Eric Young v 1.0 - * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the - * lowest index for the searched item. - * - * 1.1 eay - Take from netdb and added to SSLeay - * - * 1.0 eay - First version 29/07/92 - */ #include #include "cryptlib.h" #include @@ -193,18 +182,8 @@ int sk_insert(_STACK *st, void *data, int loc) if ((loc >= (int)st->num) || (loc < 0)) st->data[st->num] = data; else { - int i; - char **f, **t; - - f = st->data; - t = &(st->data[1]); - for (i = st->num; i >= loc; i--) - t[i] = f[i]; - -#ifdef undef /* no memmove on sunos :-( */ memmove(&(st->data[loc + 1]), &(st->data[loc]), sizeof(char *) * (st->num - loc)); -#endif st->data[loc] = data; } st->num++; From rsalz at openssl.org Mon Jan 26 02:08:59 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 03:08:59 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150126020859.BC4AA1DF118@butler.localdomain> The branch master has been updated via abdd677125f3a9e3082f8c5692203590fdb9b860 (commit) from 8de24b792743d11e1d5a0dcd336a49368750c577 (commit) - Log ----------------------------------------------------------------- commit abdd677125f3a9e3082f8c5692203590fdb9b860 Author: Rich Salz Date: Sun Jan 25 21:07:20 2015 -0500 Make OPENSSL_config truly ignore errors. Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_sap.c | 18 ++---------------- doc/crypto/OPENSSL_config.pod | 10 ++++------ 2 files changed, 6 insertions(+), 22 deletions(-) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index a3e7896..544fe97 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -86,24 +86,10 @@ void OPENSSL_config(const char *config_name) /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); #endif - /* Add others here? */ - ERR_clear_error(); - if (CONF_modules_load_file(NULL, config_name, + CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { - BIO_printf(bio_err, "Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - fprintf(stderr, "OpenSSL could not auto-configure.\n"); - exit(1); - } - - return; + CONF_MFLAGS_IGNORE_MISSING_FILE); } void OPENSSL_no_config() diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index fefe293..91d61f3 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -17,8 +17,7 @@ OPENSSL_config() configures OpenSSL using the standard B configuration file name using B. If B is NULL then the file specified in the environment variable B will be used, and if that is not set then a system default location is used. -In case of error, a message is printed to B and the routine -exit's. +Errors are silently ignored. Multiple calls have no effect. OPENSSL_no_config() disables configuration. If called before OPENSSL_config() @@ -37,10 +36,9 @@ The OPENSSL_config() function is designed to be a very simple "call it and forget it" function. It is however B better than nothing. Applications which need finer control over their configuration functionality should use the configuration -functions such as CONF_modules_load() directly. - -It is B recommended that B new applications call -CONF_modules_load() during +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is From rsalz at openssl.org Mon Jan 26 02:12:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 03:12:15 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150126021215.580E71DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 6d09851694949a52b9075bf8c2feb54b54d27b51 (commit) from 63c1d16bb85566fa3cdb13df321037a22f117957 (commit) - Log ----------------------------------------------------------------- commit 6d09851694949a52b9075bf8c2feb54b54d27b51 Author: Rich Salz Date: Sun Jan 25 21:12:01 2015 -0500 Make OPENSSL_config truly ignore errors. Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Viktor Dukhovni (cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_sap.c | 17 ++--------------- doc/crypto/OPENSSL_config.pod | 42 ++++++++++++----------------------------- 2 files changed, 14 insertions(+), 45 deletions(-) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index d03de24..544fe97 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name) /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); #endif - /* Add others here? */ - ERR_clear_error(); - if (CONF_modules_load_file(NULL, config_name, + CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { - BIO_printf(bio_err, "Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - exit(1); - } - - return; + CONF_MFLAGS_IGNORE_MISSING_FILE); } void OPENSSL_no_config() diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index 888de88..2d25b26 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -15,31 +15,24 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions OPENSSL_config() configures OpenSSL using the standard B configuration file name using B. If B is NULL then -the default name B will be used. Any errors are ignored. Further -calls to OPENSSL_config() will have no effect. The configuration file format -is documented in the L manual page. +the file specified in the environment variable B will be used, +and if that is not set then a system default location is used. +Errors are silently ignored. +Multiple calls have no effect. OPENSSL_no_config() disables configuration. If called before OPENSSL_config() no configuration takes place. =head1 NOTES -It is B recommended that B new applications call OPENSSL_config() -or the more sophisticated functions such as CONF_modules_load() during -initialization (that is before starting any threads). By doing this -an application does not need to keep track of all configuration options -and some new functionality can be supported automatically. - -It is also possible to automatically call OPENSSL_config() when an application -calls OPENSSL_add_all_algorithms() by compiling an application with the -preprocessor symbol B #define'd. In this way configuration -can be added without source changes. - -The environment variable B can be set to specify the location -of the configuration file. - -Currently ASN1 OBJECTs and ENGINE configuration can be performed future -versions of OpenSSL will add new configuration options. +The OPENSSL_config() function is designed to be a very simple "call it and +forget it" function. +It is however B better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during +initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. @@ -55,17 +48,6 @@ configuration file. Applications should free up configuration at application closedown by calling CONF_modules_free(). -=head1 RESTRICTIONS - -The OPENSSL_config() function is designed to be a very simple "call it and -forget it" function. As a result its behaviour is somewhat limited. It ignores -all errors silently and it can only load from the standard configuration file -location for example. - -It is however B better than nothing. Applications which need finer -control over their configuration functionality should use the configuration -functions such as CONF_load_modules() directly. - =head1 RETURN VALUES Neither OPENSSL_config() nor OPENSSL_no_config() return a value. From rsalz at openssl.org Mon Jan 26 02:16:09 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 03:16:09 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150126021609.5FEA01DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 491f3e4e8e4ba8853caa02fbeff51b69768e9646 (commit) from 184693f4af2846dd89f473482e55df26c428da36 (commit) - Log ----------------------------------------------------------------- commit 491f3e4e8e4ba8853caa02fbeff51b69768e9646 Author: Rich Salz Date: Sun Jan 25 21:15:57 2015 -0500 Make OPENSSL_config truly ignore errors. Per discussion: should not exit. Should not print to stderr. Errors are ignored. Updated doc to reflect that, and the fact that this function is to be avoided. Reviewed-by: Matt Caswell Reviewed-by: Tim Hudson Reviewed-by: Viktor Dukhovni (cherry picked from commit abdd677125f3a9e3082f8c5692203590fdb9b860) ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_sap.c | 17 ++--------------- doc/crypto/OPENSSL_config.pod | 31 ++++++++++++------------------- 2 files changed, 14 insertions(+), 34 deletions(-) diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index d03de24..544fe97 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -86,23 +86,10 @@ void OPENSSL_config(const char *config_name) /* Need to load ENGINEs */ ENGINE_load_builtin_engines(); #endif - /* Add others here? */ - ERR_clear_error(); - if (CONF_modules_load_file(NULL, config_name, + CONF_modules_load_file(NULL, config_name, CONF_MFLAGS_DEFAULT_SECTION | - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) { - BIO_printf(bio_err, "Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - exit(1); - } - - return; + CONF_MFLAGS_IGNORE_MISSING_FILE); } void OPENSSL_no_config() diff --git a/doc/crypto/OPENSSL_config.pod b/doc/crypto/OPENSSL_config.pod index 888de88..5096fac 100644 --- a/doc/crypto/OPENSSL_config.pod +++ b/doc/crypto/OPENSSL_config.pod @@ -15,31 +15,24 @@ OPENSSL_config, OPENSSL_no_config - simple OpenSSL configuration functions OPENSSL_config() configures OpenSSL using the standard B configuration file name using B. If B is NULL then -the default name B will be used. Any errors are ignored. Further -calls to OPENSSL_config() will have no effect. The configuration file format -is documented in the L manual page. +the file specified in the environment variable B will be used, +and if that is not set then a system default location is used. +Errors are silently ignored. +Multiple calls have no effect. OPENSSL_no_config() disables configuration. If called before OPENSSL_config() no configuration takes place. =head1 NOTES -It is B recommended that B new applications call OPENSSL_config() -or the more sophisticated functions such as CONF_modules_load() during -initialization (that is before starting any threads). By doing this -an application does not need to keep track of all configuration options -and some new functionality can be supported automatically. - -It is also possible to automatically call OPENSSL_config() when an application -calls OPENSSL_add_all_algorithms() by compiling an application with the -preprocessor symbol B #define'd. In this way configuration -can be added without source changes. - -The environment variable B can be set to specify the location -of the configuration file. - -Currently ASN1 OBJECTs and ENGINE configuration can be performed future -versions of OpenSSL will add new configuration options. +The OPENSSL_config() function is designed to be a very simple "call it and +forget it" function. +It is however B better than nothing. Applications which need finer +control over their configuration functionality should use the configuration +functions such as CONF_modules_load() directly. This function is deprecated +and its use should be avoided. +Applications should instead call CONF_modules_load() during +initialization (that is before starting any threads). There are several reasons why calling the OpenSSL configuration routines is advisable. For example new ENGINE functionality was added to OpenSSL 0.9.7. From rsalz at openssl.org Mon Jan 26 15:21:14 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 16:21:14 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150126152120.27DC51DF118@butler.localdomain> The branch master has been updated via b2751566139bfc7c34fdbf623117d555faff11a6 (commit) from 1c8241c18a8874af8b99ce75882683a486f4e3f9 (commit) - Log ----------------------------------------------------------------- commit b2751566139bfc7c34fdbf623117d555faff11a6 Author: Rich Salz Date: Mon Jan 26 10:20:57 2015 -0500 Add link to OpenSSL Cookbook ----------------------------------------------------------------------- Summary of changes: docs/index.wml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/index.wml b/docs/index.wml index 770c8e2..316a9dc 100644 --- a/docs/index.wml +++ b/docs/index.wml @@ -39,8 +39,11 @@ features which are not present in other releases.

    -Other standards: +Other standards and documentation:

      + From rsalz at openssl.org Mon Jan 26 15:47:10 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 16:47:10 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150126154710.E23E31DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53 (commit) from 6d09851694949a52b9075bf8c2feb54b54d27b51 (commit) - Log ----------------------------------------------------------------- commit db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53 Author: Rich Salz Date: Mon Jan 26 10:46:26 2015 -0500 Remove unused eng_rsax and related asm file Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/bn/Makefile | 2 - crypto/bn/asm/modexp512-x86_64.pl | 1497 ------------------------------------- crypto/engine/eng_rsax.c | 701 ----------------- crypto/objects/obj_xref.h | 185 +++-- util/pl/unix.pl | 1 - 5 files changed, 90 insertions(+), 2296 deletions(-) delete mode 100644 crypto/bn/asm/modexp512-x86_64.pl delete mode 100644 crypto/engine/eng_rsax.c diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 0cdbd20..5361dc8 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -108,8 +108,6 @@ x86_64-mont5.s: asm/x86_64-mont5.pl $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@ x86_64-gf2m.s: asm/x86_64-gf2m.pl $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@ -modexp512-x86_64.s: asm/modexp512-x86_64.pl - $(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@ rsaz-x86_64.s: asm/rsaz-x86_64.pl $(PERL) asm/rsaz-x86_64.pl $(PERLASM_SCHEME) > $@ rsaz-avx2.s: asm/rsaz-avx2.pl diff --git a/crypto/bn/asm/modexp512-x86_64.pl b/crypto/bn/asm/modexp512-x86_64.pl deleted file mode 100644 index bfd6e97..0000000 --- a/crypto/bn/asm/modexp512-x86_64.pl +++ /dev/null @@ -1,1497 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright (c) 2010-2011 Intel Corp. -# Author: Vinodh.Gopal at intel.com -# Jim Guilford -# Erdinc.Ozturk at intel.com -# Maxim.Perminov at intel.com -# -# More information about algorithm used can be found at: -# http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf -# -# ==================================================================== -# Copyright (c) 2011 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing at OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -use strict; -my $code=".text\n\n"; -my $m=0; - -# -# Define x512 macros -# - -#MULSTEP_512_ADD MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src1, src2, add_src, tmp1, tmp2 -# -# uses rax, rdx, and args -sub MULSTEP_512_ADD -{ - my ($x, $DST, $SRC2, $ASRC, $OP, $TMP)=@_; - my @X=@$x; # make a copy -$code.=<<___; - mov (+8*0)($SRC2), %rax - mul $OP # rdx:rax = %OP * [0] - mov ($ASRC), $X[0] - add %rax, $X[0] - adc \$0, %rdx - mov $X[0], $DST -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov %rdx, $TMP - - mov (+8*$i)($SRC2), %rax - mul $OP # rdx:rax = %OP * [$i] - mov (+8*$i)($ASRC), $X[$i] - add %rax, $X[$i] - adc \$0, %rdx - add $TMP, $X[$i] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $X[0] -___ -} - -#MULSTEP_512 MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src2, src1_val, tmp -# -# uses rax, rdx, and args -sub MULSTEP_512 -{ - my ($x, $DST, $SRC2, $OP, $TMP)=@_; - my @X=@$x; # make a copy -$code.=<<___; - mov (+8*0)($SRC2), %rax - mul $OP # rdx:rax = %OP * [0] - add %rax, $X[0] - adc \$0, %rdx - mov $X[0], $DST -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov %rdx, $TMP - - mov (+8*$i)($SRC2), %rax - mul $OP # rdx:rax = %OP * [$i] - add %rax, $X[$i] - adc \$0, %rdx - add $TMP, $X[$i] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $X[0] -___ -} - -# -# Swizzle Macros -# - -# macro to copy data from flat space to swizzled table -#MACRO swizzle pDst, pSrc, tmp1, tmp2 -# pDst and pSrc are modified -sub swizzle -{ - my ($pDst, $pSrc, $cnt, $d0)=@_; -$code.=<<___; - mov \$8, $cnt -loop_$m: - mov ($pSrc), $d0 - mov $d0#w, ($pDst) - shr \$16, $d0 - mov $d0#w, (+64*1)($pDst) - shr \$16, $d0 - mov $d0#w, (+64*2)($pDst) - shr \$16, $d0 - mov $d0#w, (+64*3)($pDst) - lea 8($pSrc), $pSrc - lea 64*4($pDst), $pDst - dec $cnt - jnz loop_$m -___ - - $m++; -} - -# macro to copy data from swizzled table to flat space -#MACRO unswizzle pDst, pSrc, tmp*3 -sub unswizzle -{ - my ($pDst, $pSrc, $cnt, $d0, $d1)=@_; -$code.=<<___; - mov \$4, $cnt -loop_$m: - movzxw (+64*3+256*0)($pSrc), $d0 - movzxw (+64*3+256*1)($pSrc), $d1 - shl \$16, $d0 - shl \$16, $d1 - mov (+64*2+256*0)($pSrc), $d0#w - mov (+64*2+256*1)($pSrc), $d1#w - shl \$16, $d0 - shl \$16, $d1 - mov (+64*1+256*0)($pSrc), $d0#w - mov (+64*1+256*1)($pSrc), $d1#w - shl \$16, $d0 - shl \$16, $d1 - mov (+64*0+256*0)($pSrc), $d0#w - mov (+64*0+256*1)($pSrc), $d1#w - mov $d0, (+8*0)($pDst) - mov $d1, (+8*1)($pDst) - lea 256*2($pSrc), $pSrc - lea 8*2($pDst), $pDst - sub \$1, $cnt - jnz loop_$m -___ - - $m++; -} - -# -# Data Structures -# - -# Reduce Data -# -# -# Offset Value -# 0C0 Carries -# 0B8 X2[10] -# 0B0 X2[9] -# 0A8 X2[8] -# 0A0 X2[7] -# 098 X2[6] -# 090 X2[5] -# 088 X2[4] -# 080 X2[3] -# 078 X2[2] -# 070 X2[1] -# 068 X2[0] -# 060 X1[12] P[10] -# 058 X1[11] P[9] Z[8] -# 050 X1[10] P[8] Z[7] -# 048 X1[9] P[7] Z[6] -# 040 X1[8] P[6] Z[5] -# 038 X1[7] P[5] Z[4] -# 030 X1[6] P[4] Z[3] -# 028 X1[5] P[3] Z[2] -# 020 X1[4] P[2] Z[1] -# 018 X1[3] P[1] Z[0] -# 010 X1[2] P[0] Y[2] -# 008 X1[1] Q[1] Y[1] -# 000 X1[0] Q[0] Y[0] - -my $X1_offset = 0; # 13 qwords -my $X2_offset = $X1_offset + 13*8; # 11 qwords -my $Carries_offset = $X2_offset + 11*8; # 1 qword -my $Q_offset = 0; # 2 qwords -my $P_offset = $Q_offset + 2*8; # 11 qwords -my $Y_offset = 0; # 3 qwords -my $Z_offset = $Y_offset + 3*8; # 9 qwords - -my $Red_Data_Size = $Carries_offset + 1*8; # (25 qwords) - -# -# Stack Frame -# -# -# offset value -# ... -# ... -# 280 Garray - -# 278 tmp16[15] -# ... ... -# 200 tmp16[0] - -# 1F8 tmp[7] -# ... ... -# 1C0 tmp[0] - -# 1B8 GT[7] -# ... ... -# 180 GT[0] - -# 178 Reduce Data -# ... ... -# 0B8 Reduce Data -# 0B0 reserved -# 0A8 reserved -# 0A0 reserved -# 098 reserved -# 090 reserved -# 088 reduce result addr -# 080 exp[8] - -# ... -# 048 exp[1] -# 040 exp[0] - -# 038 reserved -# 030 loop_idx -# 028 pg -# 020 i -# 018 pData ; arg 4 -# 010 pG ; arg 2 -# 008 pResult ; arg 1 -# 000 rsp ; stack pointer before subtract - -my $rsp_offset = 0; -my $pResult_offset = 8*1 + $rsp_offset; -my $pG_offset = 8*1 + $pResult_offset; -my $pData_offset = 8*1 + $pG_offset; -my $i_offset = 8*1 + $pData_offset; -my $pg_offset = 8*1 + $i_offset; -my $loop_idx_offset = 8*1 + $pg_offset; -my $reserved1_offset = 8*1 + $loop_idx_offset; -my $exp_offset = 8*1 + $reserved1_offset; -my $red_result_addr_offset= 8*9 + $exp_offset; -my $reserved2_offset = 8*1 + $red_result_addr_offset; -my $Reduce_Data_offset = 8*5 + $reserved2_offset; -my $GT_offset = $Red_Data_Size + $Reduce_Data_offset; -my $tmp_offset = 8*8 + $GT_offset; -my $tmp16_offset = 8*8 + $tmp_offset; -my $garray_offset = 8*16 + $tmp16_offset; -my $mem_size = 8*8*32 + $garray_offset; - -# -# Offsets within Reduce Data -# -# -# struct MODF_2FOLD_MONT_512_C1_DATA { -# UINT64 t[8][8]; -# UINT64 m[8]; -# UINT64 m1[8]; /* 2^768 % m */ -# UINT64 m2[8]; /* 2^640 % m */ -# UINT64 k1[2]; /* (- 1/m) % 2^128 */ -# }; - -my $T = 0; -my $M = 512; # = 8 * 8 * 8 -my $M1 = 576; # = 8 * 8 * 9 /* += 8 * 8 */ -my $M2 = 640; # = 8 * 8 * 10 /* += 8 * 8 */ -my $K1 = 704; # = 8 * 8 * 11 /* += 8 * 8 */ - -# -# FUNCTIONS -# - -{{{ -# -# MULADD_128x512 : Function to multiply 128-bits (2 qwords) by 512-bits (8 qwords) -# and add 512-bits (8 qwords) -# to get 640 bits (10 qwords) -# Input: 128-bit mul source: [rdi+8*1], rbp -# 512-bit mul source: [rsi+8*n] -# 512-bit add source: r15, r14, ..., r9, r8 -# Output: r9, r8, r15, r14, r13, r12, r11, r10, [rcx+8*1], [rcx+8*0] -# Clobbers all regs except: rcx, rsi, rdi -$code.=<<___; -.type MULADD_128x512,\@abi-omnipotent -.align 16 -MULADD_128x512: -___ - &MULSTEP_512([map("%r$_",(8..15))], "(+8*0)(%rcx)", "%rsi", "%rbp", "%rbx"); -$code.=<<___; - mov (+8*1)(%rdi), %rbp -___ - &MULSTEP_512([map("%r$_",(9..15,8))], "(+8*1)(%rcx)", "%rsi", "%rbp", "%rbx"); -$code.=<<___; - ret -.size MULADD_128x512,.-MULADD_128x512 -___ -}}} - -{{{ -#MULADD_256x512 MACRO pDst, pA, pB, OP, TMP, X7, X6, X5, X4, X3, X2, X1, X0 -# -# Inputs: pDst: Destination (768 bits, 12 qwords) -# pA: Multiplicand (1024 bits, 16 qwords) -# pB: Multiplicand (512 bits, 8 qwords) -# Dst = Ah * B + Al -# where Ah is (in qwords) A[15:12] (256 bits) and Al is A[7:0] (512 bits) -# Results in X3 X2 X1 X0 X7 X6 X5 X4 Dst[3:0] -# Uses registers: arguments, RAX, RDX -sub MULADD_256x512 -{ - my ($pDst, $pA, $pB, $OP, $TMP, $X)=@_; -$code.=<<___; - mov (+8*12)($pA), $OP -___ - &MULSTEP_512_ADD($X, "(+8*0)($pDst)", $pB, $pA, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*13)($pA), $OP -___ - &MULSTEP_512($X, "(+8*1)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*14)($pA), $OP -___ - &MULSTEP_512($X, "(+8*2)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*15)($pA), $OP -___ - &MULSTEP_512($X, "(+8*3)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); -} - -# -# mont_reduce(UINT64 *x, /* 1024 bits, 16 qwords */ -# UINT64 *m, /* 512 bits, 8 qwords */ -# MODF_2FOLD_MONT_512_C1_DATA *data, -# UINT64 *r) /* 512 bits, 8 qwords */ -# Input: x (number to be reduced): tmp16 (Implicit) -# m (modulus): [pM] (Implicit) -# data (reduce data): [pData] (Implicit) -# Output: r (result): Address in [red_res_addr] -# result also in: r9, r8, r15, r14, r13, r12, r11, r10 - -my @X=map("%r$_",(8..15)); - -$code.=<<___; -.type mont_reduce,\@abi-omnipotent -.align 16 -mont_reduce: -___ - -my $STACK_DEPTH = 8; - # - # X1 = Xh * M1 + Xl -$code.=<<___; - lea (+$Reduce_Data_offset+$X1_offset+$STACK_DEPTH)(%rsp), %rdi # pX1 (Dst) 769 bits, 13 qwords - mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rsi # pM1 (Bsrc) 512 bits, 8 qwords - add \$$M1, %rsi - lea (+$tmp16_offset+$STACK_DEPTH)(%rsp), %rcx # X (Asrc) 1024 bits, 16 qwords - -___ - - &MULADD_256x512("%rdi", "%rcx", "%rsi", "%rbp", "%rbx", \@X); # rotates @X 4 times - # results in r11, r10, r9, r8, r15, r14, r13, r12, X1[3:0] - -$code.=<<___; - xor %rax, %rax - # X1 += xl - add (+8*8)(%rcx), $X[4] - adc (+8*9)(%rcx), $X[5] - adc (+8*10)(%rcx), $X[6] - adc (+8*11)(%rcx), $X[7] - adc \$0, %rax - # X1 is now rax, r11-r8, r15-r12, tmp16[3:0] - - # - # check for carry ;; carry stored in rax - mov $X[4], (+8*8)(%rdi) # rdi points to X1 - mov $X[5], (+8*9)(%rdi) - mov $X[6], %rbp - mov $X[7], (+8*11)(%rdi) - - mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) - - mov (+8*0)(%rdi), $X[4] - mov (+8*1)(%rdi), $X[5] - mov (+8*2)(%rdi), $X[6] - mov (+8*3)(%rdi), $X[7] - - # X1 is now stored in: X1[11], rbp, X1[9:8], r15-r8 - # rdi -> X1 - # rsi -> M1 - - # - # X2 = Xh * M2 + Xl - # do first part (X2 = Xh * M2) - add \$8*10, %rdi # rdi -> pXh ; 128 bits, 2 qwords - # Xh is actually { [rdi+8*1], rbp } - add \$`$M2-$M1`, %rsi # rsi -> M2 - lea (+$Reduce_Data_offset+$X2_offset+$STACK_DEPTH)(%rsp), %rcx # rcx -> pX2 ; 641 bits, 11 qwords -___ - unshift(@X,pop(@X)); unshift(@X,pop(@X)); -$code.=<<___; - - call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 - # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] - mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rax - - # X2 += Xl - add (+8*8-8*10)(%rdi), $X[6] # (-8*10) is to adjust rdi -> Xh to Xl - adc (+8*9-8*10)(%rdi), $X[7] - mov $X[6], (+8*8)(%rcx) - mov $X[7], (+8*9)(%rcx) - - adc %rax, %rax - mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) - - lea (+$Reduce_Data_offset+$Q_offset+$STACK_DEPTH)(%rsp), %rdi # rdi -> pQ ; 128 bits, 2 qwords - add \$`$K1-$M2`, %rsi # rsi -> pK1 ; 128 bits, 2 qwords - - # MUL_128x128t128 rdi, rcx, rsi ; Q = X2 * K1 (bottom half) - # B1:B0 = rsi[1:0] = K1[1:0] - # A1:A0 = rcx[1:0] = X2[1:0] - # Result = rdi[1],rbp = Q[1],rbp - mov (%rsi), %r8 # B0 - mov (+8*1)(%rsi), %rbx # B1 - - mov (%rcx), %rax # A0 - mul %r8 # B0 - mov %rax, %rbp - mov %rdx, %r9 - - mov (+8*1)(%rcx), %rax # A1 - mul %r8 # B0 - add %rax, %r9 - - mov (%rcx), %rax # A0 - mul %rbx # B1 - add %rax, %r9 - - mov %r9, (+8*1)(%rdi) - # end MUL_128x128t128 - - sub \$`$K1-$M`, %rsi - - mov (%rcx), $X[6] - mov (+8*1)(%rcx), $X[7] # r9:r8 = X2[1:0] - - call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 - # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] - - # load first half of m to rdx, rdi, rbx, rax - # moved this here for efficiency - mov (+8*0)(%rsi), %rax - mov (+8*1)(%rsi), %rbx - mov (+8*2)(%rsi), %rdi - mov (+8*3)(%rsi), %rdx - - # continue with reduction - mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rbp - - add (+8*8)(%rcx), $X[6] - adc (+8*9)(%rcx), $X[7] - - #accumulate the final carry to rbp - adc %rbp, %rbp - - # Add in overflow corrections: R = (X2>>128) += T[overflow] - # R = {r9, r8, r15, r14, ..., r10} - shl \$3, %rbp - mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rcx # rsi -> Data (and points to T) - add %rcx, %rbp # pT ; 512 bits, 8 qwords, spread out - - # rsi will be used to generate a mask after the addition - xor %rsi, %rsi - - add (+8*8*0)(%rbp), $X[0] - adc (+8*8*1)(%rbp), $X[1] - adc (+8*8*2)(%rbp), $X[2] - adc (+8*8*3)(%rbp), $X[3] - adc (+8*8*4)(%rbp), $X[4] - adc (+8*8*5)(%rbp), $X[5] - adc (+8*8*6)(%rbp), $X[6] - adc (+8*8*7)(%rbp), $X[7] - - # if there is a carry: rsi = 0xFFFFFFFFFFFFFFFF - # if carry is clear: rsi = 0x0000000000000000 - sbb \$0, %rsi - - # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m - and %rsi, %rax - and %rsi, %rbx - and %rsi, %rdi - and %rsi, %rdx - - mov \$1, %rbp - sub %rax, $X[0] - sbb %rbx, $X[1] - sbb %rdi, $X[2] - sbb %rdx, $X[3] - - # if there is a borrow: rbp = 0 - # if there is no borrow: rbp = 1 - # this is used to save the borrows in between the first half and the 2nd half of the subtraction of m - sbb \$0, %rbp - - #load second half of m to rdx, rdi, rbx, rax - - add \$$M, %rcx - mov (+8*4)(%rcx), %rax - mov (+8*5)(%rcx), %rbx - mov (+8*6)(%rcx), %rdi - mov (+8*7)(%rcx), %rdx - - # use the rsi mask as before - # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m - and %rsi, %rax - and %rsi, %rbx - and %rsi, %rdi - and %rsi, %rdx - - # if rbp = 0, there was a borrow before, it is moved to the carry flag - # if rbp = 1, there was not a borrow before, carry flag is cleared - sub \$1, %rbp - - sbb %rax, $X[4] - sbb %rbx, $X[5] - sbb %rdi, $X[6] - sbb %rdx, $X[7] - - # write R back to memory - - mov (+$red_result_addr_offset+$STACK_DEPTH)(%rsp), %rsi - mov $X[0], (+8*0)(%rsi) - mov $X[1], (+8*1)(%rsi) - mov $X[2], (+8*2)(%rsi) - mov $X[3], (+8*3)(%rsi) - mov $X[4], (+8*4)(%rsi) - mov $X[5], (+8*5)(%rsi) - mov $X[6], (+8*6)(%rsi) - mov $X[7], (+8*7)(%rsi) - - ret -.size mont_reduce,.-mont_reduce -___ -}}} - -{{{ -#MUL_512x512 MACRO pDst, pA, pB, x7, x6, x5, x4, x3, x2, x1, x0, tmp*2 -# -# Inputs: pDst: Destination (1024 bits, 16 qwords) -# pA: Multiplicand (512 bits, 8 qwords) -# pB: Multiplicand (512 bits, 8 qwords) -# Uses registers rax, rdx, args -# B operand in [pB] and also in x7...x0 -sub MUL_512x512 -{ - my ($pDst, $pA, $pB, $x, $OP, $TMP, $pDst_o)=@_; - my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); - my @X=@$x; # make a copy - -$code.=<<___; - mov (+8*0)($pA), $OP - - mov $X[0], %rax - mul $OP # rdx:rax = %OP * [0] - mov %rax, (+$pDst_o+8*0)($pDst) - mov %rdx, $X[0] -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov $X[$i], %rax - mul $OP # rdx:rax = %OP * [$i] - add %rax, $X[$i-1] - adc \$0, %rdx - mov %rdx, $X[$i] -___ -} - -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov (+8*$i)($pA), $OP -___ - - &MULSTEP_512(\@X, "(+$pDst_o+8*$i)($pDst)", $pB, $OP, $TMP); - push(@X,shift(@X)); -} - -$code.=<<___; - mov $X[0], (+$pDst_o+8*8)($pDst) - mov $X[1], (+$pDst_o+8*9)($pDst) - mov $X[2], (+$pDst_o+8*10)($pDst) - mov $X[3], (+$pDst_o+8*11)($pDst) - mov $X[4], (+$pDst_o+8*12)($pDst) - mov $X[5], (+$pDst_o+8*13)($pDst) - mov $X[6], (+$pDst_o+8*14)($pDst) - mov $X[7], (+$pDst_o+8*15)($pDst) -___ -} - -# -# mont_mul_a3b : subroutine to compute (Src1 * Src2) % M (all 512-bits) -# Input: src1: Address of source 1: rdi -# src2: Address of source 2: rsi -# Output: dst: Address of destination: [red_res_addr] -# src2 and result also in: r9, r8, r15, r14, r13, r12, r11, r10 -# Temp: Clobbers [tmp16], all registers -$code.=<<___; -.type mont_mul_a3b,\@abi-omnipotent -.align 16 -mont_mul_a3b: - # - # multiply tmp = src1 * src2 - # For multiply: dst = rcx, src1 = rdi, src2 = rsi - # stack depth is extra 8 from call -___ - &MUL_512x512("%rsp+$tmp16_offset+8", "%rdi", "%rsi", [map("%r$_",(10..15,8..9))], "%rbp", "%rbx"); -$code.=<<___; - # - # Dst = tmp % m - # Call reduce(tmp, m, data, dst) - - # tail recursion optimization: jmp to mont_reduce and return from there - jmp mont_reduce - # call mont_reduce - # ret -.size mont_mul_a3b,.-mont_mul_a3b -___ -}}} - -{{{ -#SQR_512 MACRO pDest, pA, x7, x6, x5, x4, x3, x2, x1, x0, tmp*4 -# -# Input in memory [pA] and also in x7...x0 -# Uses all argument registers plus rax and rdx -# -# This version computes all of the off-diagonal terms into memory, -# and then it adds in the diagonal terms - -sub SQR_512 -{ - my ($pDst, $pA, $x, $A, $tmp, $x7, $x6, $pDst_o)=@_; - my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); - my @X=@$x; # make a copy -$code.=<<___; - # ------------------ - # first pass 01...07 - # ------------------ - mov $X[0], $A - - mov $X[1],%rax - mul $A - mov %rax, (+$pDst_o+8*1)($pDst) -___ -for(my $i=2;$i<8;$i++) { -$code.=<<___; - mov %rdx, $X[$i-2] - mov $X[$i],%rax - mul $A - add %rax, $X[$i-2] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $x7 - - mov $X[0], (+$pDst_o+8*2)($pDst) - - # ------------------ - # second pass 12...17 - # ------------------ - - mov (+8*1)($pA), $A - - mov (+8*2)($pA),%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*3)($pDst) - - mov %rdx, $X[0] - mov (+8*3)($pA),%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*4)($pDst) - - mov %rdx, $X[0] - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[3] - adc \$0, %rdx - add $X[0], $X[3] - adc \$0, %rdx - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[4] - adc \$0, %rdx - add $X[0], $X[4] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - - mov %rdx, $X[1] - - # ------------------ - # third pass 23...27 - # ------------------ - mov (+8*2)($pA), $A - - mov (+8*3)($pA),%rax - mul $A - add %rax, $X[3] - adc \$0, %rdx - mov $X[3], (+$pDst_o+8*5)($pDst) - - mov %rdx, $X[0] - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[4] - adc \$0, %rdx - add $X[0], $X[4] - adc \$0, %rdx - mov $X[4], (+$pDst_o+8*6)($pDst) - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - - mov %rdx, $X[2] - - # ------------------ - # fourth pass 34...37 - # ------------------ - - mov (+8*3)($pA), $A - - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - mov $X[5], (+$pDst_o+8*7)($pDst) - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - mov $x7, (+$pDst_o+8*8)($pDst) - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - - mov %rdx, $X[5] - - # ------------------ - # fifth pass 45...47 - # ------------------ - mov (+8*4)($pA), $A - - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*9)($pDst) - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*10)($pDst) - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[1] - - # ------------------ - # sixth pass 56...57 - # ------------------ - mov (+8*5)($pA), $A - - mov $X[6],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - mov $X[5], (+$pDst_o+8*11)($pDst) - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*12)($pDst) - - mov %rdx, $X[2] - - # ------------------ - # seventh pass 67 - # ------------------ - mov $X[6], $A - - mov $X[7],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*13)($pDst) - - mov %rdx, (+$pDst_o+8*14)($pDst) - - # start finalize (add in squares, and double off-terms) - mov (+$pDst_o+8*1)($pDst), $X[0] - mov (+$pDst_o+8*2)($pDst), $X[1] - mov (+$pDst_o+8*3)($pDst), $X[2] - mov (+$pDst_o+8*4)($pDst), $X[3] - mov (+$pDst_o+8*5)($pDst), $X[4] - mov (+$pDst_o+8*6)($pDst), $X[5] - - mov (+8*3)($pA), %rax - mul %rax - mov %rax, $x6 - mov %rdx, $X[6] - - add $X[0], $X[0] - adc $X[1], $X[1] - adc $X[2], $X[2] - adc $X[3], $X[3] - adc $X[4], $X[4] - adc $X[5], $X[5] - adc \$0, $X[6] - - mov (+8*0)($pA), %rax - mul %rax - mov %rax, (+$pDst_o+8*0)($pDst) - mov %rdx, $A - - mov (+8*1)($pA), %rax - mul %rax - - add $A, $X[0] - adc %rax, $X[1] - adc \$0, %rdx - - mov %rdx, $A - mov $X[0], (+$pDst_o+8*1)($pDst) - mov $X[1], (+$pDst_o+8*2)($pDst) - - mov (+8*2)($pA), %rax - mul %rax - - add $A, $X[2] - adc %rax, $X[3] - adc \$0, %rdx - - mov %rdx, $A - - mov $X[2], (+$pDst_o+8*3)($pDst) - mov $X[3], (+$pDst_o+8*4)($pDst) - - xor $tmp, $tmp - add $A, $X[4] - adc $x6, $X[5] - adc \$0, $tmp - - mov $X[4], (+$pDst_o+8*5)($pDst) - mov $X[5], (+$pDst_o+8*6)($pDst) - - # %%tmp has 0/1 in column 7 - # %%A6 has a full value in column 7 - - mov (+$pDst_o+8*7)($pDst), $X[0] - mov (+$pDst_o+8*8)($pDst), $X[1] - mov (+$pDst_o+8*9)($pDst), $X[2] - mov (+$pDst_o+8*10)($pDst), $X[3] - mov (+$pDst_o+8*11)($pDst), $X[4] - mov (+$pDst_o+8*12)($pDst), $X[5] - mov (+$pDst_o+8*13)($pDst), $x6 - mov (+$pDst_o+8*14)($pDst), $x7 - - mov $X[7], %rax - mul %rax - mov %rax, $X[7] - mov %rdx, $A - - add $X[0], $X[0] - adc $X[1], $X[1] - adc $X[2], $X[2] - adc $X[3], $X[3] - adc $X[4], $X[4] - adc $X[5], $X[5] - adc $x6, $x6 - adc $x7, $x7 - adc \$0, $A - - add $tmp, $X[0] - - mov (+8*4)($pA), %rax - mul %rax - - add $X[6], $X[0] - adc %rax, $X[1] - adc \$0, %rdx - - mov %rdx, $tmp - - mov $X[0], (+$pDst_o+8*7)($pDst) - mov $X[1], (+$pDst_o+8*8)($pDst) - - mov (+8*5)($pA), %rax - mul %rax - - add $tmp, $X[2] - adc %rax, $X[3] - adc \$0, %rdx - - mov %rdx, $tmp - - mov $X[2], (+$pDst_o+8*9)($pDst) - mov $X[3], (+$pDst_o+8*10)($pDst) - - mov (+8*6)($pA), %rax - mul %rax - - add $tmp, $X[4] - adc %rax, $X[5] - adc \$0, %rdx - - mov $X[4], (+$pDst_o+8*11)($pDst) - mov $X[5], (+$pDst_o+8*12)($pDst) - - add %rdx, $x6 - adc $X[7], $x7 - adc \$0, $A - - mov $x6, (+$pDst_o+8*13)($pDst) - mov $x7, (+$pDst_o+8*14)($pDst) - mov $A, (+$pDst_o+8*15)($pDst) -___ -} - -# -# sqr_reduce: subroutine to compute Result = reduce(Result * Result) -# -# input and result also in: r9, r8, r15, r14, r13, r12, r11, r10 -# -$code.=<<___; -.type sqr_reduce,\@abi-omnipotent -.align 16 -sqr_reduce: - mov (+$pResult_offset+8)(%rsp), %rcx -___ - &SQR_512("%rsp+$tmp16_offset+8", "%rcx", [map("%r$_",(10..15,8..9))], "%rbx", "%rbp", "%rsi", "%rdi"); -$code.=<<___; - # tail recursion optimization: jmp to mont_reduce and return from there - jmp mont_reduce - # call mont_reduce - # ret -.size sqr_reduce,.-sqr_reduce -___ -}}} - -# -# MAIN FUNCTION -# - -#mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ -# UINT64 *g, /* 512 bits, 8 qwords */ -# UINT64 *exp, /* 512 bits, 8 qwords */ -# struct mod_ctx_512 *data) - -# window size = 5 -# table size = 2^5 = 32 -#table_entries equ 32 -#table_size equ table_entries * 8 -$code.=<<___; -.globl mod_exp_512 -.type mod_exp_512,\@function,4 -mod_exp_512: - push %rbp - push %rbx - push %r12 - push %r13 - push %r14 - push %r15 - - # adjust stack down and then align it with cache boundary - mov %rsp, %r8 - sub \$$mem_size, %rsp - and \$-64, %rsp - - # store previous stack pointer and arguments - mov %r8, (+$rsp_offset)(%rsp) - mov %rdi, (+$pResult_offset)(%rsp) - mov %rsi, (+$pG_offset)(%rsp) - mov %rcx, (+$pData_offset)(%rsp) -.Lbody: - # transform g into montgomery space - # GT = reduce(g * C2) = reduce(g * (2^256)) - # reduce expects to have the input in [tmp16] - pxor %xmm4, %xmm4 - movdqu (+16*0)(%rsi), %xmm0 - movdqu (+16*1)(%rsi), %xmm1 - movdqu (+16*2)(%rsi), %xmm2 - movdqu (+16*3)(%rsi), %xmm3 - movdqa %xmm4, (+$tmp16_offset+16*0)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*1)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) - movdqa %xmm0, (+$tmp16_offset+16*2)(%rsp) - movdqa %xmm1, (+$tmp16_offset+16*3)(%rsp) - movdqa %xmm2, (+$tmp16_offset+16*4)(%rsp) - movdqa %xmm3, (+$tmp16_offset+16*5)(%rsp) - - # load pExp before rdx gets blown away - movdqu (+16*0)(%rdx), %xmm0 - movdqu (+16*1)(%rdx), %xmm1 - movdqu (+16*2)(%rdx), %xmm2 - movdqu (+16*3)(%rdx), %xmm3 - - lea (+$GT_offset)(%rsp), %rbx - mov %rbx, (+$red_result_addr_offset)(%rsp) - call mont_reduce - - # Initialize tmp = C - lea (+$tmp_offset)(%rsp), %rcx - xor %rax, %rax - mov %rax, (+8*0)(%rcx) - mov %rax, (+8*1)(%rcx) - mov %rax, (+8*3)(%rcx) - mov %rax, (+8*4)(%rcx) - mov %rax, (+8*5)(%rcx) - mov %rax, (+8*6)(%rcx) - mov %rax, (+8*7)(%rcx) - mov %rax, (+$exp_offset+8*8)(%rsp) - movq \$1, (+8*2)(%rcx) - - lea (+$garray_offset)(%rsp), %rbp - mov %rcx, %rsi # pTmp - mov %rbp, %rdi # Garray[][0] -___ - - &swizzle("%rdi", "%rcx", "%rax", "%rbx"); - - # for (rax = 31; rax != 0; rax--) { - # tmp = reduce(tmp * G) - # swizzle(pg, tmp); - # pg += 2; } -$code.=<<___; - mov \$31, %rax - mov %rax, (+$i_offset)(%rsp) - mov %rbp, (+$pg_offset)(%rsp) - # rsi -> pTmp - mov %rsi, (+$red_result_addr_offset)(%rsp) - mov (+8*0)(%rsi), %r10 - mov (+8*1)(%rsi), %r11 - mov (+8*2)(%rsi), %r12 - mov (+8*3)(%rsi), %r13 - mov (+8*4)(%rsi), %r14 - mov (+8*5)(%rsi), %r15 - mov (+8*6)(%rsi), %r8 - mov (+8*7)(%rsi), %r9 -init_loop: - lea (+$GT_offset)(%rsp), %rdi - call mont_mul_a3b - lea (+$tmp_offset)(%rsp), %rsi - mov (+$pg_offset)(%rsp), %rbp - add \$2, %rbp - mov %rbp, (+$pg_offset)(%rsp) - mov %rsi, %rcx # rcx = rsi = addr of tmp -___ - - &swizzle("%rbp", "%rcx", "%rax", "%rbx"); -$code.=<<___; - mov (+$i_offset)(%rsp), %rax - sub \$1, %rax - mov %rax, (+$i_offset)(%rsp) - jne init_loop - - # - # Copy exponent onto stack - movdqa %xmm0, (+$exp_offset+16*0)(%rsp) - movdqa %xmm1, (+$exp_offset+16*1)(%rsp) - movdqa %xmm2, (+$exp_offset+16*2)(%rsp) - movdqa %xmm3, (+$exp_offset+16*3)(%rsp) - - - # - # Do exponentiation - # Initialize result to G[exp{511:507}] - mov (+$exp_offset+62)(%rsp), %eax - mov %rax, %rdx - shr \$11, %rax - and \$0x07FF, %edx - mov %edx, (+$exp_offset+62)(%rsp) - lea (+$garray_offset)(%rsp,%rax,2), %rsi - mov (+$pResult_offset)(%rsp), %rdx -___ - - &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); - - # - # Loop variables - # rcx = [loop_idx] = index: 510-5 to 0 by 5 -$code.=<<___; - movq \$505, (+$loop_idx_offset)(%rsp) - - mov (+$pResult_offset)(%rsp), %rcx - mov %rcx, (+$red_result_addr_offset)(%rsp) - mov (+8*0)(%rcx), %r10 - mov (+8*1)(%rcx), %r11 - mov (+8*2)(%rcx), %r12 - mov (+8*3)(%rcx), %r13 - mov (+8*4)(%rcx), %r14 - mov (+8*5)(%rcx), %r15 - mov (+8*6)(%rcx), %r8 - mov (+8*7)(%rcx), %r9 - jmp sqr_2 - -main_loop_a3b: - call sqr_reduce - call sqr_reduce - call sqr_reduce -sqr_2: - call sqr_reduce - call sqr_reduce - - # - # Do multiply, first look up proper value in Garray - mov (+$loop_idx_offset)(%rsp), %rcx # bit index - mov %rcx, %rax - shr \$4, %rax # rax is word pointer - mov (+$exp_offset)(%rsp,%rax,2), %edx - and \$15, %rcx - shrq %cl, %rdx - and \$0x1F, %rdx - - lea (+$garray_offset)(%rsp,%rdx,2), %rsi - lea (+$tmp_offset)(%rsp), %rdx - mov %rdx, %rdi -___ - - &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); - # rdi = tmp = pG - - # - # Call mod_mul_a1(pDst, pSrc1, pSrc2, pM, pData) - # result result pG M Data -$code.=<<___; - mov (+$pResult_offset)(%rsp), %rsi - call mont_mul_a3b - - # - # finish loop - mov (+$loop_idx_offset)(%rsp), %rcx - sub \$5, %rcx - mov %rcx, (+$loop_idx_offset)(%rsp) - jge main_loop_a3b - - # - -end_main_loop_a3b: - # transform result out of Montgomery space - # result = reduce(result) - mov (+$pResult_offset)(%rsp), %rdx - pxor %xmm4, %xmm4 - movdqu (+16*0)(%rdx), %xmm0 - movdqu (+16*1)(%rdx), %xmm1 - movdqu (+16*2)(%rdx), %xmm2 - movdqu (+16*3)(%rdx), %xmm3 - movdqa %xmm4, (+$tmp16_offset+16*4)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*5)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) - movdqa %xmm0, (+$tmp16_offset+16*0)(%rsp) - movdqa %xmm1, (+$tmp16_offset+16*1)(%rsp) - movdqa %xmm2, (+$tmp16_offset+16*2)(%rsp) - movdqa %xmm3, (+$tmp16_offset+16*3)(%rsp) - call mont_reduce - - # If result > m, subract m - # load result into r15:r8 - mov (+$pResult_offset)(%rsp), %rax - mov (+8*0)(%rax), %r8 - mov (+8*1)(%rax), %r9 - mov (+8*2)(%rax), %r10 - mov (+8*3)(%rax), %r11 - mov (+8*4)(%rax), %r12 - mov (+8*5)(%rax), %r13 - mov (+8*6)(%rax), %r14 - mov (+8*7)(%rax), %r15 - - # subtract m - mov (+$pData_offset)(%rsp), %rbx - add \$$M, %rbx - - sub (+8*0)(%rbx), %r8 - sbb (+8*1)(%rbx), %r9 - sbb (+8*2)(%rbx), %r10 - sbb (+8*3)(%rbx), %r11 - sbb (+8*4)(%rbx), %r12 - sbb (+8*5)(%rbx), %r13 - sbb (+8*6)(%rbx), %r14 - sbb (+8*7)(%rbx), %r15 - - # if Carry is clear, replace result with difference - mov (+8*0)(%rax), %rsi - mov (+8*1)(%rax), %rdi - mov (+8*2)(%rax), %rcx - mov (+8*3)(%rax), %rdx - cmovnc %r8, %rsi - cmovnc %r9, %rdi - cmovnc %r10, %rcx - cmovnc %r11, %rdx - mov %rsi, (+8*0)(%rax) - mov %rdi, (+8*1)(%rax) - mov %rcx, (+8*2)(%rax) - mov %rdx, (+8*3)(%rax) - - mov (+8*4)(%rax), %rsi - mov (+8*5)(%rax), %rdi - mov (+8*6)(%rax), %rcx - mov (+8*7)(%rax), %rdx - cmovnc %r12, %rsi - cmovnc %r13, %rdi - cmovnc %r14, %rcx - cmovnc %r15, %rdx - mov %rsi, (+8*4)(%rax) - mov %rdi, (+8*5)(%rax) - mov %rcx, (+8*6)(%rax) - mov %rdx, (+8*7)(%rax) - - mov (+$rsp_offset)(%rsp), %rsi - mov 0(%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbx - mov 40(%rsi),%rbp - lea 48(%rsi),%rsp -.Lepilogue: - ret -.size mod_exp_512, . - mod_exp_512 -___ - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -my $rec="%rcx"; -my $frame="%rdx"; -my $context="%r8"; -my $disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type mod_exp_512_se_handler,\@abi-omnipotent -.align 16 -mod_exp_512_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lbody(%rip),%r10 - cmp %r10,%rbx # context->RipRsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov $rsp_offset(%rax),%rax # pull saved Rsp - - mov 32(%rax),%rbx - mov 40(%rax),%rbp - mov 24(%rax),%r12 - mov 16(%rax),%r13 - mov 8(%rax),%r14 - mov 0(%rax),%r15 - lea 48(%rax),%rax - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size mod_exp_512_se_handler,.-mod_exp_512_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_mod_exp_512 - .rva .LSEH_end_mod_exp_512 - .rva .LSEH_info_mod_exp_512 - -.section .xdata -.align 8 -.LSEH_info_mod_exp_512: - .byte 9,0,0,0 - .rva mod_exp_512_se_handler -___ -} - -sub reg_part { -my ($reg,$conv)=@_; - if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } - elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } - elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } - elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } - return $reg; -} - -$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/(\(\+[^)]+\))/eval $1/gem; -print $code; -close STDOUT; diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c deleted file mode 100644 index 8362754..0000000 --- a/crypto/engine/eng_rsax.c +++ /dev/null @@ -1,701 +0,0 @@ -/* crypto/engine/eng_rsax.c */ -/* Copyright (c) 2010-2010 Intel Corp. - * Author: Vinodh.Gopal at intel.com - * Jim Guilford - * Erdinc.Ozturk at intel.com - * Maxim.Perminov at intel.com - * Ying.Huang at intel.com - * - * More information about algorithm used can be found at: - * http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - */ - -#include - -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_RSA -# include -#endif -#include -#include - -/* RSAX is available **ONLY* on x86_64 CPUs */ -#undef COMPILE_RSAX - -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM) -# define COMPILE_RSAX -static ENGINE *ENGINE_rsax(void); -#endif - -void ENGINE_load_rsax(void) -{ -/* On non-x86 CPUs it just returns. */ -#ifdef COMPILE_RSAX - ENGINE *toadd = ENGINE_rsax(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -#endif -} - -#ifdef COMPILE_RSAX -# define E_RSAX_LIB_NAME "rsax engine" - -static int e_rsax_destroy(ENGINE *e); -static int e_rsax_init(ENGINE *e); -static int e_rsax_finish(ENGINE *e); -static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -static int e_rsax_rsa_finish(RSA *r); -# endif - -static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = { - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD e_rsax_rsa = { - "Intel RSA-X method", - NULL, - NULL, - NULL, - NULL, - e_rsax_rsa_mod_exp, - NULL, - NULL, - e_rsax_rsa_finish, - RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE, - NULL, - NULL, - NULL -}; -# endif - -/* Constants used when creating the ENGINE */ -static const char *engine_e_rsax_id = "rsax"; -static const char *engine_e_rsax_name = "RSAX engine support"; - -/* This internal function is used by ENGINE_rsax() */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif - if (!ENGINE_set_id(e, engine_e_rsax_id) || - !ENGINE_set_name(e, engine_e_rsax_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &e_rsax_rsa) || -# endif - !ENGINE_set_destroy_function(e, e_rsax_destroy) || - !ENGINE_set_init_function(e, e_rsax_init) || - !ENGINE_set_finish_function(e, e_rsax_finish) || - !ENGINE_set_ctrl_function(e, e_rsax_ctrl) || - !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - meth1 = RSA_PKCS1_SSLeay(); - e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec; - e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp; -# endif - return 1; -} - -static ENGINE *ENGINE_rsax(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -# ifndef OPENSSL_NO_RSA -/* Used to attach our own key-data to an RSA structure */ -static int rsax_ex_data_idx = -1; -# endif - -static int e_rsax_destroy(ENGINE *e) -{ - return 1; -} - -/* (de)initialisation functions. */ -static int e_rsax_init(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - if (rsax_ex_data_idx == -1) - rsax_ex_data_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL); -# endif - if (rsax_ex_data_idx == -1) - return 0; - return 1; -} - -static int e_rsax_finish(ENGINE *e) -{ - return 1; -} - -static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int to_return = 1; - - switch (cmd) { - /* The command isn't understood by this engine */ - default: - to_return = 0; - break; - } - - return to_return; -} - -# ifndef OPENSSL_NO_RSA - -# ifdef _WIN32 -typedef unsigned __int64 UINT64; -# else -typedef unsigned long long UINT64; -# endif -typedef unsigned short UINT16; - -/* - * Table t is interleaved in the following manner: The order in memory is - * t[0][0], t[0][1], ..., t[0][7], t[1][0], ... A particular 512-bit value is - * stored in t[][index] rather than the more normal t[index][]; i.e. the - * qwords of a particular entry in t are not adjacent in memory - */ - -/* Init BIGNUM b from the interleaved UINT64 array */ -static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array); - -/* - * Extract array elements from BIGNUM b To set the whole array from b, call - * with n=8 - */ -static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, - UINT64 *array); - -struct mod_ctx_512 { - UINT64 t[8][8]; - UINT64 m[8]; - UINT64 m1[8]; /* 2^278 % m */ - UINT64 m2[8]; /* 2^640 % m */ - UINT64 k1[2]; /* (- 1/m) % 2^128 */ -}; - -static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data); - -void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ - UINT64 *g, /* 512 bits, 8 qwords */ - UINT64 *exp, /* 512 bits, 8 qwords */ - struct mod_ctx_512 *data); - -typedef struct st_e_rsax_mod_ctx { - UINT64 type; - union { - struct mod_ctx_512 b512; - } ctx; - -} E_RSAX_MOD_CTX; - -static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM *m) -{ - E_RSAX_MOD_CTX *hptr; - - if (idx < 0 || idx > 2) - return NULL; - - hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); - if (!hptr) { - hptr = OPENSSL_malloc(3 * sizeof(E_RSAX_MOD_CTX)); - if (!hptr) - return NULL; - hptr[2].type = hptr[1].type = hptr[0].type = 0; - RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr); - } - - if (hptr[idx].type == (UINT64)BN_num_bits(m)) - return hptr + idx; - - if (BN_num_bits(m) == 512) { - UINT64 _m[8]; - bn_extract_to_array_512(m, 8, _m); - memset(&hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512)); - mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512); - } - - hptr[idx].type = BN_num_bits(m); - return hptr + idx; -} - -static int e_rsax_rsa_finish(RSA *rsa) -{ - E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); - if (hptr) { - OPENSSL_free(hptr); - RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL); - } - if (rsa->_method_mod_n) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q) - BN_MONT_CTX_free(rsa->_method_mod_q); - return 1; -} - -static int e_rsax_bn_mod_exp(BIGNUM *r, const BIGNUM *g, const BIGNUM *e, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont, - E_RSAX_MOD_CTX *rsax_mod_ctx) -{ - if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) { - if (BN_num_bits(m) == 512) { - UINT64 _r[8]; - UINT64 _g[8]; - UINT64 _e[8]; - - /* Init the arrays from the BIGNUMs */ - bn_extract_to_array_512(g, 8, _g); - bn_extract_to_array_512(e, 8, _e); - - mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512); - /* Return the result in the BIGNUM */ - interleaved_array_to_bn_512(r, _r); - return 1; - } - } - - return BN_mod_exp_mont(r, g, e, m, ctx, in_mont); -} - -/* - * Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular - * exponentiation routine precalculations and a structure to hold the - * necessary values. These files are meant to live in crypto/rsa/ in the - * target openssl. - */ - -/* - * Local method: extracts a piece from a BIGNUM, to fit it into - * an array. Call with n=8 to extract an entire 512-bit BIGNUM - */ -static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, - UINT64 *array) -{ - int i; - UINT64 tmp; - unsigned char bn_buff[64]; - memset(bn_buff, 0, 64); - if (BN_num_bytes(b) > 64) { - printf("Can't support this byte size\n"); - return 0; - } - if (BN_num_bytes(b) != 0) { - if (!BN_bn2bin(b, bn_buff + (64 - BN_num_bytes(b)))) { - printf("Error's in bn2bin\n"); - /* We have to error, here */ - return 0; - } - } - while (n-- > 0) { - array[n] = 0; - for (i = 7; i >= 0; i--) { - tmp = bn_buff[63 - (n * 8 + i)]; - array[n] |= tmp << (8 * i); - } - } - return 1; -} - -/* Init a 512-bit BIGNUM from the UINT64*_ (8 * 64) interleaved array */ -static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array) -{ - unsigned char tmp[64]; - int n = 8; - int i; - while (n-- > 0) { - for (i = 7; i >= 0; i--) { - tmp[63 - (n * 8 + i)] = (unsigned char)(array[n] >> (8 * i)); - }} - BN_bin2bn(tmp, 64, b); - return 0; -} - -/* The main 512bit precompute call */ -static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data) -{ - BIGNUM two_768, two_640, two_128, two_512, tmp, _m, tmp2; - - /* We need a BN_CTX for the modulo functions */ - BN_CTX *ctx; - /* Some tmps */ - UINT64 _t[8]; - int i, j, ret = 0; - - /* Init _m with m */ - BN_init(&_m); - interleaved_array_to_bn_512(&_m, m); - memset(_t, 0, 64); - - /* Inits */ - BN_init(&two_768); - BN_init(&two_640); - BN_init(&two_128); - BN_init(&two_512); - BN_init(&tmp); - BN_init(&tmp2); - - /* Create our context */ - if ((ctx = BN_CTX_new()) == NULL) { - goto err; - } - BN_CTX_start(ctx); - - /* - * For production, if you care, these only need to be set once, - * and may be made constants. - */ - BN_lshift(&two_768, BN_value_one(), 768); - BN_lshift(&two_640, BN_value_one(), 640); - BN_lshift(&two_128, BN_value_one(), 128); - BN_lshift(&two_512, BN_value_one(), 512); - - if (0 == (m[7] & 0x8000000000000000)) { - exit(1); - } - if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */ - exit(1); - } - - /* Precompute m1 */ - BN_mod(&tmp, &two_768, &_m, ctx); - if (!bn_extract_to_array_512(&tmp, 8, &data->m1[0])) { - goto err; - } - - /* Precompute m2 */ - BN_mod(&tmp, &two_640, &_m, ctx); - if (!bn_extract_to_array_512(&tmp, 8, &data->m2[0])) { - goto err; - } - - /* - * Precompute k1, a 128b number = ((-1)* m-1 ) mod 2128; k1 should - * be non-negative. - */ - BN_mod_inverse(&tmp, &_m, &two_128, ctx); - if (!BN_is_zero(&tmp)) { - BN_sub(&tmp, &two_128, &tmp); - } - if (!bn_extract_to_array_512(&tmp, 2, &data->k1[0])) { - goto err; - } - - /* Precompute t */ - for (i = 0; i < 8; i++) { - BN_zero(&tmp); - if (i & 1) { - BN_add(&tmp, &two_512, &tmp); - } - if (i & 2) { - BN_add(&tmp, &two_512, &tmp); - } - if (i & 4) { - BN_add(&tmp, &two_640, &tmp); - } - - BN_nnmod(&tmp2, &tmp, &_m, ctx); - if (!bn_extract_to_array_512(&tmp2, 8, _t)) { - goto err; - } - for (j = 0; j < 8; j++) - data->t[j][i] = _t[j]; - } - - /* Precompute m */ - for (i = 0; i < 8; i++) { - data->m[i] = m[i]; - } - - ret = 1; - - err: - /* Cleanup */ - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - BN_free(&two_768); - BN_free(&two_640); - BN_free(&two_128); - BN_free(&two_512); - BN_free(&tmp); - BN_free(&tmp2); - BN_free(&_m); - - return ret; -} - -static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - BIGNUM *r1, *m1, *vrfy; - BIGNUM local_dmp1, local_dmq1, local_c, local_r1; - BIGNUM *dmp1, *dmq1, *c, *pr1; - int ret = 0; - - BN_CTX_start(ctx); - r1 = BN_CTX_get(ctx); - m1 = BN_CTX_get(ctx); - vrfy = BN_CTX_get(ctx); - - { - BIGNUM local_p, local_q; - BIGNUM *p = NULL, *q = NULL; - int error = 0; - - /* - * Make sure BN_mod_inverse in Montgomery intialization uses the - * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) - */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - BN_init(&local_p); - p = &local_p; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - - BN_init(&local_q); - q = &local_q; - BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); - } else { - p = rsa->p; - q = rsa->q; - } - - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) - error = 1; - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) - error = 1; - } - - /* clean up */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - BN_free(&local_p); - BN_free(&local_q); - } - if (error) - goto err; - } - - if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) - goto err; - - /* compute I mod q */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->q, ctx)) - goto err; - } else { - if (!BN_mod(r1, I, rsa->q, ctx)) - goto err; - } - - /* compute r1^dmq1 mod q */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - dmq1 = &local_dmq1; - BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); - } else - dmq1 = rsa->dmq1; - - if (!e_rsax_bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, - rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0, - rsa->q))) - goto err; - - /* compute I mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->p, ctx)) - goto err; - } else { - if (!BN_mod(r1, I, rsa->p, ctx)) - goto err; - } - - /* compute r1^dmp1 mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - dmp1 = &local_dmp1; - BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); - } else - dmp1 = rsa->dmp1; - - if (!e_rsax_bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, - rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1, - rsa->p))) - goto err; - - if (!BN_sub(r0, r0, m1)) - goto err; - /* - * This will help stop the size of r0 increasing, which does affect the - * multiply if it optimised for a power of 2 size - */ - if (BN_is_negative(r0)) - if (!BN_add(r0, r0, rsa->p)) - goto err; - - if (!BN_mul(r1, r0, rsa->iqmp, ctx)) - goto err; - - /* Turn BN_FLG_CONSTTIME flag on before division operation */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - pr1 = &local_r1; - BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); - } else - pr1 = r1; - if (!BN_mod(r0, pr1, rsa->p, ctx)) - goto err; - - /* - * If p < q it is occasionally possible for the correction of adding 'p' - * if r0 is negative above to leave the result still negative. This can - * break the private key operations: the following second correction - * should *always* correct this rare occurrence. This will *never* happen - * with OpenSSL generated keys because they ensure p > q [steve] - */ - if (BN_is_negative(r0)) - if (!BN_add(r0, r0, rsa->p)) - goto err; - if (!BN_mul(r1, r0, rsa->q, ctx)) - goto err; - if (!BN_add(r0, r1, m1)) - goto err; - - if (rsa->e && rsa->n) { - if (!e_rsax_bn_mod_exp - (vrfy, r0, rsa->e, rsa->n, ctx, rsa->_method_mod_n, - e_rsax_get_ctx(rsa, 2, rsa->n))) - goto err; - - /* - * If 'I' was greater than (or equal to) rsa->n, the operation will - * be equivalent to using 'I mod n'. However, the result of the - * verify will *always* be less than 'n' so we don't check for - * absolute equality, just congruency. - */ - if (!BN_sub(vrfy, vrfy, I)) - goto err; - if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) - goto err; - if (BN_is_negative(vrfy)) - if (!BN_add(vrfy, vrfy, rsa->n)) - goto err; - if (!BN_is_zero(vrfy)) { - /* - * 'I' and 'vrfy' aren't congruent mod n. Don't leak - * miscalculated CRT output, just do a raw (slower) mod_exp and - * return that instead. - */ - - BIGNUM local_d; - BIGNUM *d = NULL; - - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } else - d = rsa->d; - if (!e_rsax_bn_mod_exp(r0, I, d, rsa->n, ctx, - rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, - rsa->n))) - goto err; - } - } - ret = 1; - - err: - BN_CTX_end(ctx); - - return ret; -} -# endif /* !OPENSSL_NO_RSA */ -#endif /* !COMPILE_RSAX */ diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index e453e99..433c96b 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -1,99 +1,94 @@ /* AUTOGENERATED BY objxref.pl, DO NOT EDIT */ -typedef struct { - int sign_id; - int hash_id; - int pkey_id; -} nid_triple; +typedef struct + { + int sign_id; + int hash_id; + int pkey_id; + } nid_triple; -static const nid_triple sigoid_srt[] = { - {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, - {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, - {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, - {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, - {NID_dsaWithSHA, NID_sha, NID_dsa}, - {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, - {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, - {NID_md5WithRSA, NID_md5, NID_rsa}, - {NID_dsaWithSHA1, NID_sha1, NID_dsa}, - {NID_sha1WithRSA, NID_sha1, NID_rsa}, - {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, - {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, - {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, - {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, - {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, - {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, - {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, - {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, - {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, - {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, - {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, - {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, - NID_id_GostR3410_2001}, - {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, - NID_id_GostR3410_94}, - {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, - NID_id_GostR3410_94_cc}, - {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, - NID_id_GostR3410_2001_cc}, - {NID_rsassaPss, NID_undef, NID_rsaEncryption}, - {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, - {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, - {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, - NID_dh_cofactor_kdf}, - {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, - NID_dh_cofactor_kdf}, -}; +static const nid_triple sigoid_srt[] = + { + {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption}, + {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption}, + {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption}, + {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption}, + {NID_dsaWithSHA, NID_sha, NID_dsa}, + {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2}, + {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption}, + {NID_md5WithRSA, NID_md5, NID_rsa}, + {NID_dsaWithSHA1, NID_sha1, NID_dsa}, + {NID_sha1WithRSA, NID_sha1, NID_rsa}, + {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption}, + {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption}, + {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey}, + {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption}, + {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption}, + {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption}, + {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption}, + {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey}, + {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey}, + {NID_dsa_with_SHA224, NID_sha224, NID_dsa}, + {NID_dsa_with_SHA256, NID_sha256, NID_dsa}, + {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94, NID_id_GostR3410_2001}, + {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94}, + {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc}, + {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc}, + {NID_rsassaPss, NID_undef, NID_rsaEncryption}, + {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf}, + {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf}, + {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384, NID_dh_cofactor_kdf}, + {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512, NID_dh_cofactor_kdf}, + }; + +static const nid_triple * const sigoid_srt_xref[] = + { + &sigoid_srt[0], + &sigoid_srt[1], + &sigoid_srt[7], + &sigoid_srt[2], + &sigoid_srt[4], + &sigoid_srt[3], + &sigoid_srt[9], + &sigoid_srt[5], + &sigoid_srt[8], + &sigoid_srt[12], + &sigoid_srt[30], + &sigoid_srt[35], + &sigoid_srt[6], + &sigoid_srt[10], + &sigoid_srt[11], + &sigoid_srt[13], + &sigoid_srt[24], + &sigoid_srt[20], + &sigoid_srt[32], + &sigoid_srt[37], + &sigoid_srt[14], + &sigoid_srt[21], + &sigoid_srt[33], + &sigoid_srt[38], + &sigoid_srt[15], + &sigoid_srt[22], + &sigoid_srt[34], + &sigoid_srt[39], + &sigoid_srt[16], + &sigoid_srt[23], + &sigoid_srt[19], + &sigoid_srt[31], + &sigoid_srt[36], + &sigoid_srt[25], + &sigoid_srt[26], + &sigoid_srt[27], + &sigoid_srt[28], + }; -static const nid_triple *const sigoid_srt_xref[] = { - &sigoid_srt[0], - &sigoid_srt[1], - &sigoid_srt[7], - &sigoid_srt[2], - &sigoid_srt[4], - &sigoid_srt[3], - &sigoid_srt[9], - &sigoid_srt[5], - &sigoid_srt[8], - &sigoid_srt[12], - &sigoid_srt[30], - &sigoid_srt[35], - &sigoid_srt[6], - &sigoid_srt[10], - &sigoid_srt[11], - &sigoid_srt[13], - &sigoid_srt[24], - &sigoid_srt[20], - &sigoid_srt[32], - &sigoid_srt[37], - &sigoid_srt[14], - &sigoid_srt[21], - &sigoid_srt[33], - &sigoid_srt[38], - &sigoid_srt[15], - &sigoid_srt[22], - &sigoid_srt[34], - &sigoid_srt[39], - &sigoid_srt[16], - &sigoid_srt[23], - &sigoid_srt[19], - &sigoid_srt[31], - &sigoid_srt[36], - &sigoid_srt[25], - &sigoid_srt[26], - &sigoid_srt[27], - &sigoid_srt[28], -}; diff --git a/util/pl/unix.pl b/util/pl/unix.pl index 82f1aa7..1d4e9dc 100644 --- a/util/pl/unix.pl +++ b/util/pl/unix.pl @@ -59,7 +59,6 @@ $bf_enc_src=""; 'x86_64-mont' => 'crypto/bn', 'x86_64-mont5' => 'crypto/bn', 'x86_64-gf2m' => 'crypto/bn', - 'modexp512-x86_64' => 'crypto/bn', 'aes-x86_64' => 'crypto/aes', 'vpaes-x86_64' => 'crypto/aes', 'bsaes-x86_64' => 'crypto/aes', From rsalz at openssl.org Mon Jan 26 16:01:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 17:01:50 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150126160152.E0A691DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 5226c62b7632dfaf38480919d406307318a7d145 (commit) from 491f3e4e8e4ba8853caa02fbeff51b69768e9646 (commit) - Log ----------------------------------------------------------------- commit 5226c62b7632dfaf38480919d406307318a7d145 Author: Rich Salz Date: Mon Jan 26 10:59:14 2015 -0500 Remove engine_rsax and its asm file. cherry-picked from db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53 This wasn't cleanly cherry-picked, since the build process changed a bit for 1.0.2. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- crypto/bn/Makefile | 2 - crypto/bn/asm/modexp512-x86_64.pl | 1497 ------------------------------------- crypto/engine/Makefile | 18 +- crypto/engine/eng_all.c | 3 - crypto/engine/eng_rsax.c | 701 ----------------- 6 files changed, 3 insertions(+), 2220 deletions(-) delete mode 100644 crypto/bn/asm/modexp512-x86_64.pl delete mode 100644 crypto/engine/eng_rsax.c diff --git a/Configure b/Configure index 541be9e..02161d8 100755 --- a/Configure +++ b/Configure @@ -128,7 +128,7 @@ my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt5 my $x86_elf_asm="$x86_asm:elf"; -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:"; +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:"; my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void"; my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void"; diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 6dd136b..e1452b3 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -102,8 +102,6 @@ x86_64-mont5.s: asm/x86_64-mont5.pl $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@ x86_64-gf2m.s: asm/x86_64-gf2m.pl $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@ -modexp512-x86_64.s: asm/modexp512-x86_64.pl - $(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@ bn-ia64.s: asm/ia64.S $(CC) $(CFLAGS) -E asm/ia64.S > $@ diff --git a/crypto/bn/asm/modexp512-x86_64.pl b/crypto/bn/asm/modexp512-x86_64.pl deleted file mode 100644 index bfd6e97..0000000 --- a/crypto/bn/asm/modexp512-x86_64.pl +++ /dev/null @@ -1,1497 +0,0 @@ -#!/usr/bin/env perl -# -# Copyright (c) 2010-2011 Intel Corp. -# Author: Vinodh.Gopal at intel.com -# Jim Guilford -# Erdinc.Ozturk at intel.com -# Maxim.Perminov at intel.com -# -# More information about algorithm used can be found at: -# http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf -# -# ==================================================================== -# Copyright (c) 2011 The OpenSSL Project. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# -# 3. All advertising materials mentioning features or use of this -# software must display the following acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -# -# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -# endorse or promote products derived from this software without -# prior written permission. For written permission, please contact -# licensing at OpenSSL.org. -# -# 5. Products derived from this software may not be called "OpenSSL" -# nor may "OpenSSL" appear in their names without prior written -# permission of the OpenSSL Project. -# -# 6. Redistributions of any form whatsoever must retain the following -# acknowledgment: -# "This product includes software developed by the OpenSSL Project -# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -# -# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -# OF THE POSSIBILITY OF SUCH DAMAGE. -# ==================================================================== - -$flavour = shift; -$output = shift; -if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } - -my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); - -$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; -( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or -( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or -die "can't locate x86_64-xlate.pl"; - -open OUT,"| \"$^X\" $xlate $flavour $output"; -*STDOUT=*OUT; - -use strict; -my $code=".text\n\n"; -my $m=0; - -# -# Define x512 macros -# - -#MULSTEP_512_ADD MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src1, src2, add_src, tmp1, tmp2 -# -# uses rax, rdx, and args -sub MULSTEP_512_ADD -{ - my ($x, $DST, $SRC2, $ASRC, $OP, $TMP)=@_; - my @X=@$x; # make a copy -$code.=<<___; - mov (+8*0)($SRC2), %rax - mul $OP # rdx:rax = %OP * [0] - mov ($ASRC), $X[0] - add %rax, $X[0] - adc \$0, %rdx - mov $X[0], $DST -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov %rdx, $TMP - - mov (+8*$i)($SRC2), %rax - mul $OP # rdx:rax = %OP * [$i] - mov (+8*$i)($ASRC), $X[$i] - add %rax, $X[$i] - adc \$0, %rdx - add $TMP, $X[$i] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $X[0] -___ -} - -#MULSTEP_512 MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src2, src1_val, tmp -# -# uses rax, rdx, and args -sub MULSTEP_512 -{ - my ($x, $DST, $SRC2, $OP, $TMP)=@_; - my @X=@$x; # make a copy -$code.=<<___; - mov (+8*0)($SRC2), %rax - mul $OP # rdx:rax = %OP * [0] - add %rax, $X[0] - adc \$0, %rdx - mov $X[0], $DST -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov %rdx, $TMP - - mov (+8*$i)($SRC2), %rax - mul $OP # rdx:rax = %OP * [$i] - add %rax, $X[$i] - adc \$0, %rdx - add $TMP, $X[$i] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $X[0] -___ -} - -# -# Swizzle Macros -# - -# macro to copy data from flat space to swizzled table -#MACRO swizzle pDst, pSrc, tmp1, tmp2 -# pDst and pSrc are modified -sub swizzle -{ - my ($pDst, $pSrc, $cnt, $d0)=@_; -$code.=<<___; - mov \$8, $cnt -loop_$m: - mov ($pSrc), $d0 - mov $d0#w, ($pDst) - shr \$16, $d0 - mov $d0#w, (+64*1)($pDst) - shr \$16, $d0 - mov $d0#w, (+64*2)($pDst) - shr \$16, $d0 - mov $d0#w, (+64*3)($pDst) - lea 8($pSrc), $pSrc - lea 64*4($pDst), $pDst - dec $cnt - jnz loop_$m -___ - - $m++; -} - -# macro to copy data from swizzled table to flat space -#MACRO unswizzle pDst, pSrc, tmp*3 -sub unswizzle -{ - my ($pDst, $pSrc, $cnt, $d0, $d1)=@_; -$code.=<<___; - mov \$4, $cnt -loop_$m: - movzxw (+64*3+256*0)($pSrc), $d0 - movzxw (+64*3+256*1)($pSrc), $d1 - shl \$16, $d0 - shl \$16, $d1 - mov (+64*2+256*0)($pSrc), $d0#w - mov (+64*2+256*1)($pSrc), $d1#w - shl \$16, $d0 - shl \$16, $d1 - mov (+64*1+256*0)($pSrc), $d0#w - mov (+64*1+256*1)($pSrc), $d1#w - shl \$16, $d0 - shl \$16, $d1 - mov (+64*0+256*0)($pSrc), $d0#w - mov (+64*0+256*1)($pSrc), $d1#w - mov $d0, (+8*0)($pDst) - mov $d1, (+8*1)($pDst) - lea 256*2($pSrc), $pSrc - lea 8*2($pDst), $pDst - sub \$1, $cnt - jnz loop_$m -___ - - $m++; -} - -# -# Data Structures -# - -# Reduce Data -# -# -# Offset Value -# 0C0 Carries -# 0B8 X2[10] -# 0B0 X2[9] -# 0A8 X2[8] -# 0A0 X2[7] -# 098 X2[6] -# 090 X2[5] -# 088 X2[4] -# 080 X2[3] -# 078 X2[2] -# 070 X2[1] -# 068 X2[0] -# 060 X1[12] P[10] -# 058 X1[11] P[9] Z[8] -# 050 X1[10] P[8] Z[7] -# 048 X1[9] P[7] Z[6] -# 040 X1[8] P[6] Z[5] -# 038 X1[7] P[5] Z[4] -# 030 X1[6] P[4] Z[3] -# 028 X1[5] P[3] Z[2] -# 020 X1[4] P[2] Z[1] -# 018 X1[3] P[1] Z[0] -# 010 X1[2] P[0] Y[2] -# 008 X1[1] Q[1] Y[1] -# 000 X1[0] Q[0] Y[0] - -my $X1_offset = 0; # 13 qwords -my $X2_offset = $X1_offset + 13*8; # 11 qwords -my $Carries_offset = $X2_offset + 11*8; # 1 qword -my $Q_offset = 0; # 2 qwords -my $P_offset = $Q_offset + 2*8; # 11 qwords -my $Y_offset = 0; # 3 qwords -my $Z_offset = $Y_offset + 3*8; # 9 qwords - -my $Red_Data_Size = $Carries_offset + 1*8; # (25 qwords) - -# -# Stack Frame -# -# -# offset value -# ... -# ... -# 280 Garray - -# 278 tmp16[15] -# ... ... -# 200 tmp16[0] - -# 1F8 tmp[7] -# ... ... -# 1C0 tmp[0] - -# 1B8 GT[7] -# ... ... -# 180 GT[0] - -# 178 Reduce Data -# ... ... -# 0B8 Reduce Data -# 0B0 reserved -# 0A8 reserved -# 0A0 reserved -# 098 reserved -# 090 reserved -# 088 reduce result addr -# 080 exp[8] - -# ... -# 048 exp[1] -# 040 exp[0] - -# 038 reserved -# 030 loop_idx -# 028 pg -# 020 i -# 018 pData ; arg 4 -# 010 pG ; arg 2 -# 008 pResult ; arg 1 -# 000 rsp ; stack pointer before subtract - -my $rsp_offset = 0; -my $pResult_offset = 8*1 + $rsp_offset; -my $pG_offset = 8*1 + $pResult_offset; -my $pData_offset = 8*1 + $pG_offset; -my $i_offset = 8*1 + $pData_offset; -my $pg_offset = 8*1 + $i_offset; -my $loop_idx_offset = 8*1 + $pg_offset; -my $reserved1_offset = 8*1 + $loop_idx_offset; -my $exp_offset = 8*1 + $reserved1_offset; -my $red_result_addr_offset= 8*9 + $exp_offset; -my $reserved2_offset = 8*1 + $red_result_addr_offset; -my $Reduce_Data_offset = 8*5 + $reserved2_offset; -my $GT_offset = $Red_Data_Size + $Reduce_Data_offset; -my $tmp_offset = 8*8 + $GT_offset; -my $tmp16_offset = 8*8 + $tmp_offset; -my $garray_offset = 8*16 + $tmp16_offset; -my $mem_size = 8*8*32 + $garray_offset; - -# -# Offsets within Reduce Data -# -# -# struct MODF_2FOLD_MONT_512_C1_DATA { -# UINT64 t[8][8]; -# UINT64 m[8]; -# UINT64 m1[8]; /* 2^768 % m */ -# UINT64 m2[8]; /* 2^640 % m */ -# UINT64 k1[2]; /* (- 1/m) % 2^128 */ -# }; - -my $T = 0; -my $M = 512; # = 8 * 8 * 8 -my $M1 = 576; # = 8 * 8 * 9 /* += 8 * 8 */ -my $M2 = 640; # = 8 * 8 * 10 /* += 8 * 8 */ -my $K1 = 704; # = 8 * 8 * 11 /* += 8 * 8 */ - -# -# FUNCTIONS -# - -{{{ -# -# MULADD_128x512 : Function to multiply 128-bits (2 qwords) by 512-bits (8 qwords) -# and add 512-bits (8 qwords) -# to get 640 bits (10 qwords) -# Input: 128-bit mul source: [rdi+8*1], rbp -# 512-bit mul source: [rsi+8*n] -# 512-bit add source: r15, r14, ..., r9, r8 -# Output: r9, r8, r15, r14, r13, r12, r11, r10, [rcx+8*1], [rcx+8*0] -# Clobbers all regs except: rcx, rsi, rdi -$code.=<<___; -.type MULADD_128x512,\@abi-omnipotent -.align 16 -MULADD_128x512: -___ - &MULSTEP_512([map("%r$_",(8..15))], "(+8*0)(%rcx)", "%rsi", "%rbp", "%rbx"); -$code.=<<___; - mov (+8*1)(%rdi), %rbp -___ - &MULSTEP_512([map("%r$_",(9..15,8))], "(+8*1)(%rcx)", "%rsi", "%rbp", "%rbx"); -$code.=<<___; - ret -.size MULADD_128x512,.-MULADD_128x512 -___ -}}} - -{{{ -#MULADD_256x512 MACRO pDst, pA, pB, OP, TMP, X7, X6, X5, X4, X3, X2, X1, X0 -# -# Inputs: pDst: Destination (768 bits, 12 qwords) -# pA: Multiplicand (1024 bits, 16 qwords) -# pB: Multiplicand (512 bits, 8 qwords) -# Dst = Ah * B + Al -# where Ah is (in qwords) A[15:12] (256 bits) and Al is A[7:0] (512 bits) -# Results in X3 X2 X1 X0 X7 X6 X5 X4 Dst[3:0] -# Uses registers: arguments, RAX, RDX -sub MULADD_256x512 -{ - my ($pDst, $pA, $pB, $OP, $TMP, $X)=@_; -$code.=<<___; - mov (+8*12)($pA), $OP -___ - &MULSTEP_512_ADD($X, "(+8*0)($pDst)", $pB, $pA, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*13)($pA), $OP -___ - &MULSTEP_512($X, "(+8*1)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*14)($pA), $OP -___ - &MULSTEP_512($X, "(+8*2)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); - -$code.=<<___; - mov (+8*15)($pA), $OP -___ - &MULSTEP_512($X, "(+8*3)($pDst)", $pB, $OP, $TMP); - push(@$X,shift(@$X)); -} - -# -# mont_reduce(UINT64 *x, /* 1024 bits, 16 qwords */ -# UINT64 *m, /* 512 bits, 8 qwords */ -# MODF_2FOLD_MONT_512_C1_DATA *data, -# UINT64 *r) /* 512 bits, 8 qwords */ -# Input: x (number to be reduced): tmp16 (Implicit) -# m (modulus): [pM] (Implicit) -# data (reduce data): [pData] (Implicit) -# Output: r (result): Address in [red_res_addr] -# result also in: r9, r8, r15, r14, r13, r12, r11, r10 - -my @X=map("%r$_",(8..15)); - -$code.=<<___; -.type mont_reduce,\@abi-omnipotent -.align 16 -mont_reduce: -___ - -my $STACK_DEPTH = 8; - # - # X1 = Xh * M1 + Xl -$code.=<<___; - lea (+$Reduce_Data_offset+$X1_offset+$STACK_DEPTH)(%rsp), %rdi # pX1 (Dst) 769 bits, 13 qwords - mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rsi # pM1 (Bsrc) 512 bits, 8 qwords - add \$$M1, %rsi - lea (+$tmp16_offset+$STACK_DEPTH)(%rsp), %rcx # X (Asrc) 1024 bits, 16 qwords - -___ - - &MULADD_256x512("%rdi", "%rcx", "%rsi", "%rbp", "%rbx", \@X); # rotates @X 4 times - # results in r11, r10, r9, r8, r15, r14, r13, r12, X1[3:0] - -$code.=<<___; - xor %rax, %rax - # X1 += xl - add (+8*8)(%rcx), $X[4] - adc (+8*9)(%rcx), $X[5] - adc (+8*10)(%rcx), $X[6] - adc (+8*11)(%rcx), $X[7] - adc \$0, %rax - # X1 is now rax, r11-r8, r15-r12, tmp16[3:0] - - # - # check for carry ;; carry stored in rax - mov $X[4], (+8*8)(%rdi) # rdi points to X1 - mov $X[5], (+8*9)(%rdi) - mov $X[6], %rbp - mov $X[7], (+8*11)(%rdi) - - mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) - - mov (+8*0)(%rdi), $X[4] - mov (+8*1)(%rdi), $X[5] - mov (+8*2)(%rdi), $X[6] - mov (+8*3)(%rdi), $X[7] - - # X1 is now stored in: X1[11], rbp, X1[9:8], r15-r8 - # rdi -> X1 - # rsi -> M1 - - # - # X2 = Xh * M2 + Xl - # do first part (X2 = Xh * M2) - add \$8*10, %rdi # rdi -> pXh ; 128 bits, 2 qwords - # Xh is actually { [rdi+8*1], rbp } - add \$`$M2-$M1`, %rsi # rsi -> M2 - lea (+$Reduce_Data_offset+$X2_offset+$STACK_DEPTH)(%rsp), %rcx # rcx -> pX2 ; 641 bits, 11 qwords -___ - unshift(@X,pop(@X)); unshift(@X,pop(@X)); -$code.=<<___; - - call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 - # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] - mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rax - - # X2 += Xl - add (+8*8-8*10)(%rdi), $X[6] # (-8*10) is to adjust rdi -> Xh to Xl - adc (+8*9-8*10)(%rdi), $X[7] - mov $X[6], (+8*8)(%rcx) - mov $X[7], (+8*9)(%rcx) - - adc %rax, %rax - mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) - - lea (+$Reduce_Data_offset+$Q_offset+$STACK_DEPTH)(%rsp), %rdi # rdi -> pQ ; 128 bits, 2 qwords - add \$`$K1-$M2`, %rsi # rsi -> pK1 ; 128 bits, 2 qwords - - # MUL_128x128t128 rdi, rcx, rsi ; Q = X2 * K1 (bottom half) - # B1:B0 = rsi[1:0] = K1[1:0] - # A1:A0 = rcx[1:0] = X2[1:0] - # Result = rdi[1],rbp = Q[1],rbp - mov (%rsi), %r8 # B0 - mov (+8*1)(%rsi), %rbx # B1 - - mov (%rcx), %rax # A0 - mul %r8 # B0 - mov %rax, %rbp - mov %rdx, %r9 - - mov (+8*1)(%rcx), %rax # A1 - mul %r8 # B0 - add %rax, %r9 - - mov (%rcx), %rax # A0 - mul %rbx # B1 - add %rax, %r9 - - mov %r9, (+8*1)(%rdi) - # end MUL_128x128t128 - - sub \$`$K1-$M`, %rsi - - mov (%rcx), $X[6] - mov (+8*1)(%rcx), $X[7] # r9:r8 = X2[1:0] - - call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 - # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] - - # load first half of m to rdx, rdi, rbx, rax - # moved this here for efficiency - mov (+8*0)(%rsi), %rax - mov (+8*1)(%rsi), %rbx - mov (+8*2)(%rsi), %rdi - mov (+8*3)(%rsi), %rdx - - # continue with reduction - mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rbp - - add (+8*8)(%rcx), $X[6] - adc (+8*9)(%rcx), $X[7] - - #accumulate the final carry to rbp - adc %rbp, %rbp - - # Add in overflow corrections: R = (X2>>128) += T[overflow] - # R = {r9, r8, r15, r14, ..., r10} - shl \$3, %rbp - mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rcx # rsi -> Data (and points to T) - add %rcx, %rbp # pT ; 512 bits, 8 qwords, spread out - - # rsi will be used to generate a mask after the addition - xor %rsi, %rsi - - add (+8*8*0)(%rbp), $X[0] - adc (+8*8*1)(%rbp), $X[1] - adc (+8*8*2)(%rbp), $X[2] - adc (+8*8*3)(%rbp), $X[3] - adc (+8*8*4)(%rbp), $X[4] - adc (+8*8*5)(%rbp), $X[5] - adc (+8*8*6)(%rbp), $X[6] - adc (+8*8*7)(%rbp), $X[7] - - # if there is a carry: rsi = 0xFFFFFFFFFFFFFFFF - # if carry is clear: rsi = 0x0000000000000000 - sbb \$0, %rsi - - # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m - and %rsi, %rax - and %rsi, %rbx - and %rsi, %rdi - and %rsi, %rdx - - mov \$1, %rbp - sub %rax, $X[0] - sbb %rbx, $X[1] - sbb %rdi, $X[2] - sbb %rdx, $X[3] - - # if there is a borrow: rbp = 0 - # if there is no borrow: rbp = 1 - # this is used to save the borrows in between the first half and the 2nd half of the subtraction of m - sbb \$0, %rbp - - #load second half of m to rdx, rdi, rbx, rax - - add \$$M, %rcx - mov (+8*4)(%rcx), %rax - mov (+8*5)(%rcx), %rbx - mov (+8*6)(%rcx), %rdi - mov (+8*7)(%rcx), %rdx - - # use the rsi mask as before - # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m - and %rsi, %rax - and %rsi, %rbx - and %rsi, %rdi - and %rsi, %rdx - - # if rbp = 0, there was a borrow before, it is moved to the carry flag - # if rbp = 1, there was not a borrow before, carry flag is cleared - sub \$1, %rbp - - sbb %rax, $X[4] - sbb %rbx, $X[5] - sbb %rdi, $X[6] - sbb %rdx, $X[7] - - # write R back to memory - - mov (+$red_result_addr_offset+$STACK_DEPTH)(%rsp), %rsi - mov $X[0], (+8*0)(%rsi) - mov $X[1], (+8*1)(%rsi) - mov $X[2], (+8*2)(%rsi) - mov $X[3], (+8*3)(%rsi) - mov $X[4], (+8*4)(%rsi) - mov $X[5], (+8*5)(%rsi) - mov $X[6], (+8*6)(%rsi) - mov $X[7], (+8*7)(%rsi) - - ret -.size mont_reduce,.-mont_reduce -___ -}}} - -{{{ -#MUL_512x512 MACRO pDst, pA, pB, x7, x6, x5, x4, x3, x2, x1, x0, tmp*2 -# -# Inputs: pDst: Destination (1024 bits, 16 qwords) -# pA: Multiplicand (512 bits, 8 qwords) -# pB: Multiplicand (512 bits, 8 qwords) -# Uses registers rax, rdx, args -# B operand in [pB] and also in x7...x0 -sub MUL_512x512 -{ - my ($pDst, $pA, $pB, $x, $OP, $TMP, $pDst_o)=@_; - my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); - my @X=@$x; # make a copy - -$code.=<<___; - mov (+8*0)($pA), $OP - - mov $X[0], %rax - mul $OP # rdx:rax = %OP * [0] - mov %rax, (+$pDst_o+8*0)($pDst) - mov %rdx, $X[0] -___ -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov $X[$i], %rax - mul $OP # rdx:rax = %OP * [$i] - add %rax, $X[$i-1] - adc \$0, %rdx - mov %rdx, $X[$i] -___ -} - -for(my $i=1;$i<8;$i++) { -$code.=<<___; - mov (+8*$i)($pA), $OP -___ - - &MULSTEP_512(\@X, "(+$pDst_o+8*$i)($pDst)", $pB, $OP, $TMP); - push(@X,shift(@X)); -} - -$code.=<<___; - mov $X[0], (+$pDst_o+8*8)($pDst) - mov $X[1], (+$pDst_o+8*9)($pDst) - mov $X[2], (+$pDst_o+8*10)($pDst) - mov $X[3], (+$pDst_o+8*11)($pDst) - mov $X[4], (+$pDst_o+8*12)($pDst) - mov $X[5], (+$pDst_o+8*13)($pDst) - mov $X[6], (+$pDst_o+8*14)($pDst) - mov $X[7], (+$pDst_o+8*15)($pDst) -___ -} - -# -# mont_mul_a3b : subroutine to compute (Src1 * Src2) % M (all 512-bits) -# Input: src1: Address of source 1: rdi -# src2: Address of source 2: rsi -# Output: dst: Address of destination: [red_res_addr] -# src2 and result also in: r9, r8, r15, r14, r13, r12, r11, r10 -# Temp: Clobbers [tmp16], all registers -$code.=<<___; -.type mont_mul_a3b,\@abi-omnipotent -.align 16 -mont_mul_a3b: - # - # multiply tmp = src1 * src2 - # For multiply: dst = rcx, src1 = rdi, src2 = rsi - # stack depth is extra 8 from call -___ - &MUL_512x512("%rsp+$tmp16_offset+8", "%rdi", "%rsi", [map("%r$_",(10..15,8..9))], "%rbp", "%rbx"); -$code.=<<___; - # - # Dst = tmp % m - # Call reduce(tmp, m, data, dst) - - # tail recursion optimization: jmp to mont_reduce and return from there - jmp mont_reduce - # call mont_reduce - # ret -.size mont_mul_a3b,.-mont_mul_a3b -___ -}}} - -{{{ -#SQR_512 MACRO pDest, pA, x7, x6, x5, x4, x3, x2, x1, x0, tmp*4 -# -# Input in memory [pA] and also in x7...x0 -# Uses all argument registers plus rax and rdx -# -# This version computes all of the off-diagonal terms into memory, -# and then it adds in the diagonal terms - -sub SQR_512 -{ - my ($pDst, $pA, $x, $A, $tmp, $x7, $x6, $pDst_o)=@_; - my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); - my @X=@$x; # make a copy -$code.=<<___; - # ------------------ - # first pass 01...07 - # ------------------ - mov $X[0], $A - - mov $X[1],%rax - mul $A - mov %rax, (+$pDst_o+8*1)($pDst) -___ -for(my $i=2;$i<8;$i++) { -$code.=<<___; - mov %rdx, $X[$i-2] - mov $X[$i],%rax - mul $A - add %rax, $X[$i-2] - adc \$0, %rdx -___ -} -$code.=<<___; - mov %rdx, $x7 - - mov $X[0], (+$pDst_o+8*2)($pDst) - - # ------------------ - # second pass 12...17 - # ------------------ - - mov (+8*1)($pA), $A - - mov (+8*2)($pA),%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*3)($pDst) - - mov %rdx, $X[0] - mov (+8*3)($pA),%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*4)($pDst) - - mov %rdx, $X[0] - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[3] - adc \$0, %rdx - add $X[0], $X[3] - adc \$0, %rdx - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[4] - adc \$0, %rdx - add $X[0], $X[4] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - - mov %rdx, $X[1] - - # ------------------ - # third pass 23...27 - # ------------------ - mov (+8*2)($pA), $A - - mov (+8*3)($pA),%rax - mul $A - add %rax, $X[3] - adc \$0, %rdx - mov $X[3], (+$pDst_o+8*5)($pDst) - - mov %rdx, $X[0] - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[4] - adc \$0, %rdx - add $X[0], $X[4] - adc \$0, %rdx - mov $X[4], (+$pDst_o+8*6)($pDst) - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - - mov %rdx, $X[2] - - # ------------------ - # fourth pass 34...37 - # ------------------ - - mov (+8*3)($pA), $A - - mov (+8*4)($pA),%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - mov $X[5], (+$pDst_o+8*7)($pDst) - - mov %rdx, $X[0] - mov (+8*5)($pA),%rax - mul $A - add %rax, $x7 - adc \$0, %rdx - add $X[0], $x7 - adc \$0, %rdx - mov $x7, (+$pDst_o+8*8)($pDst) - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - - mov %rdx, $X[5] - - # ------------------ - # fifth pass 45...47 - # ------------------ - mov (+8*4)($pA), $A - - mov (+8*5)($pA),%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*9)($pDst) - - mov %rdx, $X[0] - mov $X[6],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - add $X[0], $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*10)($pDst) - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - add $X[0], $X[5] - adc \$0, %rdx - - mov %rdx, $X[1] - - # ------------------ - # sixth pass 56...57 - # ------------------ - mov (+8*5)($pA), $A - - mov $X[6],%rax - mul $A - add %rax, $X[5] - adc \$0, %rdx - mov $X[5], (+$pDst_o+8*11)($pDst) - - mov %rdx, $X[0] - mov $X[7],%rax - mul $A - add %rax, $X[1] - adc \$0, %rdx - add $X[0], $X[1] - adc \$0, %rdx - mov $X[1], (+$pDst_o+8*12)($pDst) - - mov %rdx, $X[2] - - # ------------------ - # seventh pass 67 - # ------------------ - mov $X[6], $A - - mov $X[7],%rax - mul $A - add %rax, $X[2] - adc \$0, %rdx - mov $X[2], (+$pDst_o+8*13)($pDst) - - mov %rdx, (+$pDst_o+8*14)($pDst) - - # start finalize (add in squares, and double off-terms) - mov (+$pDst_o+8*1)($pDst), $X[0] - mov (+$pDst_o+8*2)($pDst), $X[1] - mov (+$pDst_o+8*3)($pDst), $X[2] - mov (+$pDst_o+8*4)($pDst), $X[3] - mov (+$pDst_o+8*5)($pDst), $X[4] - mov (+$pDst_o+8*6)($pDst), $X[5] - - mov (+8*3)($pA), %rax - mul %rax - mov %rax, $x6 - mov %rdx, $X[6] - - add $X[0], $X[0] - adc $X[1], $X[1] - adc $X[2], $X[2] - adc $X[3], $X[3] - adc $X[4], $X[4] - adc $X[5], $X[5] - adc \$0, $X[6] - - mov (+8*0)($pA), %rax - mul %rax - mov %rax, (+$pDst_o+8*0)($pDst) - mov %rdx, $A - - mov (+8*1)($pA), %rax - mul %rax - - add $A, $X[0] - adc %rax, $X[1] - adc \$0, %rdx - - mov %rdx, $A - mov $X[0], (+$pDst_o+8*1)($pDst) - mov $X[1], (+$pDst_o+8*2)($pDst) - - mov (+8*2)($pA), %rax - mul %rax - - add $A, $X[2] - adc %rax, $X[3] - adc \$0, %rdx - - mov %rdx, $A - - mov $X[2], (+$pDst_o+8*3)($pDst) - mov $X[3], (+$pDst_o+8*4)($pDst) - - xor $tmp, $tmp - add $A, $X[4] - adc $x6, $X[5] - adc \$0, $tmp - - mov $X[4], (+$pDst_o+8*5)($pDst) - mov $X[5], (+$pDst_o+8*6)($pDst) - - # %%tmp has 0/1 in column 7 - # %%A6 has a full value in column 7 - - mov (+$pDst_o+8*7)($pDst), $X[0] - mov (+$pDst_o+8*8)($pDst), $X[1] - mov (+$pDst_o+8*9)($pDst), $X[2] - mov (+$pDst_o+8*10)($pDst), $X[3] - mov (+$pDst_o+8*11)($pDst), $X[4] - mov (+$pDst_o+8*12)($pDst), $X[5] - mov (+$pDst_o+8*13)($pDst), $x6 - mov (+$pDst_o+8*14)($pDst), $x7 - - mov $X[7], %rax - mul %rax - mov %rax, $X[7] - mov %rdx, $A - - add $X[0], $X[0] - adc $X[1], $X[1] - adc $X[2], $X[2] - adc $X[3], $X[3] - adc $X[4], $X[4] - adc $X[5], $X[5] - adc $x6, $x6 - adc $x7, $x7 - adc \$0, $A - - add $tmp, $X[0] - - mov (+8*4)($pA), %rax - mul %rax - - add $X[6], $X[0] - adc %rax, $X[1] - adc \$0, %rdx - - mov %rdx, $tmp - - mov $X[0], (+$pDst_o+8*7)($pDst) - mov $X[1], (+$pDst_o+8*8)($pDst) - - mov (+8*5)($pA), %rax - mul %rax - - add $tmp, $X[2] - adc %rax, $X[3] - adc \$0, %rdx - - mov %rdx, $tmp - - mov $X[2], (+$pDst_o+8*9)($pDst) - mov $X[3], (+$pDst_o+8*10)($pDst) - - mov (+8*6)($pA), %rax - mul %rax - - add $tmp, $X[4] - adc %rax, $X[5] - adc \$0, %rdx - - mov $X[4], (+$pDst_o+8*11)($pDst) - mov $X[5], (+$pDst_o+8*12)($pDst) - - add %rdx, $x6 - adc $X[7], $x7 - adc \$0, $A - - mov $x6, (+$pDst_o+8*13)($pDst) - mov $x7, (+$pDst_o+8*14)($pDst) - mov $A, (+$pDst_o+8*15)($pDst) -___ -} - -# -# sqr_reduce: subroutine to compute Result = reduce(Result * Result) -# -# input and result also in: r9, r8, r15, r14, r13, r12, r11, r10 -# -$code.=<<___; -.type sqr_reduce,\@abi-omnipotent -.align 16 -sqr_reduce: - mov (+$pResult_offset+8)(%rsp), %rcx -___ - &SQR_512("%rsp+$tmp16_offset+8", "%rcx", [map("%r$_",(10..15,8..9))], "%rbx", "%rbp", "%rsi", "%rdi"); -$code.=<<___; - # tail recursion optimization: jmp to mont_reduce and return from there - jmp mont_reduce - # call mont_reduce - # ret -.size sqr_reduce,.-sqr_reduce -___ -}}} - -# -# MAIN FUNCTION -# - -#mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ -# UINT64 *g, /* 512 bits, 8 qwords */ -# UINT64 *exp, /* 512 bits, 8 qwords */ -# struct mod_ctx_512 *data) - -# window size = 5 -# table size = 2^5 = 32 -#table_entries equ 32 -#table_size equ table_entries * 8 -$code.=<<___; -.globl mod_exp_512 -.type mod_exp_512,\@function,4 -mod_exp_512: - push %rbp - push %rbx - push %r12 - push %r13 - push %r14 - push %r15 - - # adjust stack down and then align it with cache boundary - mov %rsp, %r8 - sub \$$mem_size, %rsp - and \$-64, %rsp - - # store previous stack pointer and arguments - mov %r8, (+$rsp_offset)(%rsp) - mov %rdi, (+$pResult_offset)(%rsp) - mov %rsi, (+$pG_offset)(%rsp) - mov %rcx, (+$pData_offset)(%rsp) -.Lbody: - # transform g into montgomery space - # GT = reduce(g * C2) = reduce(g * (2^256)) - # reduce expects to have the input in [tmp16] - pxor %xmm4, %xmm4 - movdqu (+16*0)(%rsi), %xmm0 - movdqu (+16*1)(%rsi), %xmm1 - movdqu (+16*2)(%rsi), %xmm2 - movdqu (+16*3)(%rsi), %xmm3 - movdqa %xmm4, (+$tmp16_offset+16*0)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*1)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) - movdqa %xmm0, (+$tmp16_offset+16*2)(%rsp) - movdqa %xmm1, (+$tmp16_offset+16*3)(%rsp) - movdqa %xmm2, (+$tmp16_offset+16*4)(%rsp) - movdqa %xmm3, (+$tmp16_offset+16*5)(%rsp) - - # load pExp before rdx gets blown away - movdqu (+16*0)(%rdx), %xmm0 - movdqu (+16*1)(%rdx), %xmm1 - movdqu (+16*2)(%rdx), %xmm2 - movdqu (+16*3)(%rdx), %xmm3 - - lea (+$GT_offset)(%rsp), %rbx - mov %rbx, (+$red_result_addr_offset)(%rsp) - call mont_reduce - - # Initialize tmp = C - lea (+$tmp_offset)(%rsp), %rcx - xor %rax, %rax - mov %rax, (+8*0)(%rcx) - mov %rax, (+8*1)(%rcx) - mov %rax, (+8*3)(%rcx) - mov %rax, (+8*4)(%rcx) - mov %rax, (+8*5)(%rcx) - mov %rax, (+8*6)(%rcx) - mov %rax, (+8*7)(%rcx) - mov %rax, (+$exp_offset+8*8)(%rsp) - movq \$1, (+8*2)(%rcx) - - lea (+$garray_offset)(%rsp), %rbp - mov %rcx, %rsi # pTmp - mov %rbp, %rdi # Garray[][0] -___ - - &swizzle("%rdi", "%rcx", "%rax", "%rbx"); - - # for (rax = 31; rax != 0; rax--) { - # tmp = reduce(tmp * G) - # swizzle(pg, tmp); - # pg += 2; } -$code.=<<___; - mov \$31, %rax - mov %rax, (+$i_offset)(%rsp) - mov %rbp, (+$pg_offset)(%rsp) - # rsi -> pTmp - mov %rsi, (+$red_result_addr_offset)(%rsp) - mov (+8*0)(%rsi), %r10 - mov (+8*1)(%rsi), %r11 - mov (+8*2)(%rsi), %r12 - mov (+8*3)(%rsi), %r13 - mov (+8*4)(%rsi), %r14 - mov (+8*5)(%rsi), %r15 - mov (+8*6)(%rsi), %r8 - mov (+8*7)(%rsi), %r9 -init_loop: - lea (+$GT_offset)(%rsp), %rdi - call mont_mul_a3b - lea (+$tmp_offset)(%rsp), %rsi - mov (+$pg_offset)(%rsp), %rbp - add \$2, %rbp - mov %rbp, (+$pg_offset)(%rsp) - mov %rsi, %rcx # rcx = rsi = addr of tmp -___ - - &swizzle("%rbp", "%rcx", "%rax", "%rbx"); -$code.=<<___; - mov (+$i_offset)(%rsp), %rax - sub \$1, %rax - mov %rax, (+$i_offset)(%rsp) - jne init_loop - - # - # Copy exponent onto stack - movdqa %xmm0, (+$exp_offset+16*0)(%rsp) - movdqa %xmm1, (+$exp_offset+16*1)(%rsp) - movdqa %xmm2, (+$exp_offset+16*2)(%rsp) - movdqa %xmm3, (+$exp_offset+16*3)(%rsp) - - - # - # Do exponentiation - # Initialize result to G[exp{511:507}] - mov (+$exp_offset+62)(%rsp), %eax - mov %rax, %rdx - shr \$11, %rax - and \$0x07FF, %edx - mov %edx, (+$exp_offset+62)(%rsp) - lea (+$garray_offset)(%rsp,%rax,2), %rsi - mov (+$pResult_offset)(%rsp), %rdx -___ - - &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); - - # - # Loop variables - # rcx = [loop_idx] = index: 510-5 to 0 by 5 -$code.=<<___; - movq \$505, (+$loop_idx_offset)(%rsp) - - mov (+$pResult_offset)(%rsp), %rcx - mov %rcx, (+$red_result_addr_offset)(%rsp) - mov (+8*0)(%rcx), %r10 - mov (+8*1)(%rcx), %r11 - mov (+8*2)(%rcx), %r12 - mov (+8*3)(%rcx), %r13 - mov (+8*4)(%rcx), %r14 - mov (+8*5)(%rcx), %r15 - mov (+8*6)(%rcx), %r8 - mov (+8*7)(%rcx), %r9 - jmp sqr_2 - -main_loop_a3b: - call sqr_reduce - call sqr_reduce - call sqr_reduce -sqr_2: - call sqr_reduce - call sqr_reduce - - # - # Do multiply, first look up proper value in Garray - mov (+$loop_idx_offset)(%rsp), %rcx # bit index - mov %rcx, %rax - shr \$4, %rax # rax is word pointer - mov (+$exp_offset)(%rsp,%rax,2), %edx - and \$15, %rcx - shrq %cl, %rdx - and \$0x1F, %rdx - - lea (+$garray_offset)(%rsp,%rdx,2), %rsi - lea (+$tmp_offset)(%rsp), %rdx - mov %rdx, %rdi -___ - - &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); - # rdi = tmp = pG - - # - # Call mod_mul_a1(pDst, pSrc1, pSrc2, pM, pData) - # result result pG M Data -$code.=<<___; - mov (+$pResult_offset)(%rsp), %rsi - call mont_mul_a3b - - # - # finish loop - mov (+$loop_idx_offset)(%rsp), %rcx - sub \$5, %rcx - mov %rcx, (+$loop_idx_offset)(%rsp) - jge main_loop_a3b - - # - -end_main_loop_a3b: - # transform result out of Montgomery space - # result = reduce(result) - mov (+$pResult_offset)(%rsp), %rdx - pxor %xmm4, %xmm4 - movdqu (+16*0)(%rdx), %xmm0 - movdqu (+16*1)(%rdx), %xmm1 - movdqu (+16*2)(%rdx), %xmm2 - movdqu (+16*3)(%rdx), %xmm3 - movdqa %xmm4, (+$tmp16_offset+16*4)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*5)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) - movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) - movdqa %xmm0, (+$tmp16_offset+16*0)(%rsp) - movdqa %xmm1, (+$tmp16_offset+16*1)(%rsp) - movdqa %xmm2, (+$tmp16_offset+16*2)(%rsp) - movdqa %xmm3, (+$tmp16_offset+16*3)(%rsp) - call mont_reduce - - # If result > m, subract m - # load result into r15:r8 - mov (+$pResult_offset)(%rsp), %rax - mov (+8*0)(%rax), %r8 - mov (+8*1)(%rax), %r9 - mov (+8*2)(%rax), %r10 - mov (+8*3)(%rax), %r11 - mov (+8*4)(%rax), %r12 - mov (+8*5)(%rax), %r13 - mov (+8*6)(%rax), %r14 - mov (+8*7)(%rax), %r15 - - # subtract m - mov (+$pData_offset)(%rsp), %rbx - add \$$M, %rbx - - sub (+8*0)(%rbx), %r8 - sbb (+8*1)(%rbx), %r9 - sbb (+8*2)(%rbx), %r10 - sbb (+8*3)(%rbx), %r11 - sbb (+8*4)(%rbx), %r12 - sbb (+8*5)(%rbx), %r13 - sbb (+8*6)(%rbx), %r14 - sbb (+8*7)(%rbx), %r15 - - # if Carry is clear, replace result with difference - mov (+8*0)(%rax), %rsi - mov (+8*1)(%rax), %rdi - mov (+8*2)(%rax), %rcx - mov (+8*3)(%rax), %rdx - cmovnc %r8, %rsi - cmovnc %r9, %rdi - cmovnc %r10, %rcx - cmovnc %r11, %rdx - mov %rsi, (+8*0)(%rax) - mov %rdi, (+8*1)(%rax) - mov %rcx, (+8*2)(%rax) - mov %rdx, (+8*3)(%rax) - - mov (+8*4)(%rax), %rsi - mov (+8*5)(%rax), %rdi - mov (+8*6)(%rax), %rcx - mov (+8*7)(%rax), %rdx - cmovnc %r12, %rsi - cmovnc %r13, %rdi - cmovnc %r14, %rcx - cmovnc %r15, %rdx - mov %rsi, (+8*4)(%rax) - mov %rdi, (+8*5)(%rax) - mov %rcx, (+8*6)(%rax) - mov %rdx, (+8*7)(%rax) - - mov (+$rsp_offset)(%rsp), %rsi - mov 0(%rsi),%r15 - mov 8(%rsi),%r14 - mov 16(%rsi),%r13 - mov 24(%rsi),%r12 - mov 32(%rsi),%rbx - mov 40(%rsi),%rbp - lea 48(%rsi),%rsp -.Lepilogue: - ret -.size mod_exp_512, . - mod_exp_512 -___ - -if ($win64) { -# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, -# CONTEXT *context,DISPATCHER_CONTEXT *disp) -my $rec="%rcx"; -my $frame="%rdx"; -my $context="%r8"; -my $disp="%r9"; - -$code.=<<___; -.extern __imp_RtlVirtualUnwind -.type mod_exp_512_se_handler,\@abi-omnipotent -.align 16 -mod_exp_512_se_handler: - push %rsi - push %rdi - push %rbx - push %rbp - push %r12 - push %r13 - push %r14 - push %r15 - pushfq - sub \$64,%rsp - - mov 120($context),%rax # pull context->Rax - mov 248($context),%rbx # pull context->Rip - - lea .Lbody(%rip),%r10 - cmp %r10,%rbx # context->RipRsp - - lea .Lepilogue(%rip),%r10 - cmp %r10,%rbx # context->Rip>=epilogue label - jae .Lin_prologue - - mov $rsp_offset(%rax),%rax # pull saved Rsp - - mov 32(%rax),%rbx - mov 40(%rax),%rbp - mov 24(%rax),%r12 - mov 16(%rax),%r13 - mov 8(%rax),%r14 - mov 0(%rax),%r15 - lea 48(%rax),%rax - mov %rbx,144($context) # restore context->Rbx - mov %rbp,160($context) # restore context->Rbp - mov %r12,216($context) # restore context->R12 - mov %r13,224($context) # restore context->R13 - mov %r14,232($context) # restore context->R14 - mov %r15,240($context) # restore context->R15 - -.Lin_prologue: - mov 8(%rax),%rdi - mov 16(%rax),%rsi - mov %rax,152($context) # restore context->Rsp - mov %rsi,168($context) # restore context->Rsi - mov %rdi,176($context) # restore context->Rdi - - mov 40($disp),%rdi # disp->ContextRecord - mov $context,%rsi # context - mov \$154,%ecx # sizeof(CONTEXT) - .long 0xa548f3fc # cld; rep movsq - - mov $disp,%rsi - xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER - mov 8(%rsi),%rdx # arg2, disp->ImageBase - mov 0(%rsi),%r8 # arg3, disp->ControlPc - mov 16(%rsi),%r9 # arg4, disp->FunctionEntry - mov 40(%rsi),%r10 # disp->ContextRecord - lea 56(%rsi),%r11 # &disp->HandlerData - lea 24(%rsi),%r12 # &disp->EstablisherFrame - mov %r10,32(%rsp) # arg5 - mov %r11,40(%rsp) # arg6 - mov %r12,48(%rsp) # arg7 - mov %rcx,56(%rsp) # arg8, (NULL) - call *__imp_RtlVirtualUnwind(%rip) - - mov \$1,%eax # ExceptionContinueSearch - add \$64,%rsp - popfq - pop %r15 - pop %r14 - pop %r13 - pop %r12 - pop %rbp - pop %rbx - pop %rdi - pop %rsi - ret -.size mod_exp_512_se_handler,.-mod_exp_512_se_handler - -.section .pdata -.align 4 - .rva .LSEH_begin_mod_exp_512 - .rva .LSEH_end_mod_exp_512 - .rva .LSEH_info_mod_exp_512 - -.section .xdata -.align 8 -.LSEH_info_mod_exp_512: - .byte 9,0,0,0 - .rva mod_exp_512_se_handler -___ -} - -sub reg_part { -my ($reg,$conv)=@_; - if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } - elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } - elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } - elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } - return $reg; -} - -$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; -$code =~ s/\`([^\`]*)\`/eval $1/gem; -$code =~ s/(\(\+[^)]+\))/eval $1/gem; -print $code; -close STDOUT; diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index d29bdd0..2ee6c72 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -22,13 +22,13 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ - eng_rsax.c eng_rdrand.c + eng_rdrand.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ - eng_rsax.o eng_rdrand.o + eng_rdrand.o SRC= $(LIBSRC) @@ -265,20 +265,6 @@ eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_rdrand.o: eng_rdrand.c -eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h -eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h -eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_rsax.o: eng_rsax.c eng_table.o: ../../e_os.h ../../include/openssl/asn1.h eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 7edf12e..195a3a9 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -76,9 +76,6 @@ void ENGINE_load_builtin_engines(void) #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) ENGINE_load_cryptodev(); #endif -#ifndef OPENSSL_NO_RSAX - ENGINE_load_rsax(); -#endif #ifndef OPENSSL_NO_RDRAND ENGINE_load_rdrand(); #endif diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c deleted file mode 100644 index 8362754..0000000 --- a/crypto/engine/eng_rsax.c +++ /dev/null @@ -1,701 +0,0 @@ -/* crypto/engine/eng_rsax.c */ -/* Copyright (c) 2010-2010 Intel Corp. - * Author: Vinodh.Gopal at intel.com - * Jim Guilford - * Erdinc.Ozturk at intel.com - * Maxim.Perminov at intel.com - * Ying.Huang at intel.com - * - * More information about algorithm used can be found at: - * http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf - */ -/* ==================================================================== - * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - */ - -#include - -#include -#include -#include -#include -#include -#ifndef OPENSSL_NO_RSA -# include -#endif -#include -#include - -/* RSAX is available **ONLY* on x86_64 CPUs */ -#undef COMPILE_RSAX - -#if (defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM) -# define COMPILE_RSAX -static ENGINE *ENGINE_rsax(void); -#endif - -void ENGINE_load_rsax(void) -{ -/* On non-x86 CPUs it just returns. */ -#ifdef COMPILE_RSAX - ENGINE *toadd = ENGINE_rsax(); - if (!toadd) - return; - ENGINE_add(toadd); - ENGINE_free(toadd); - ERR_clear_error(); -#endif -} - -#ifdef COMPILE_RSAX -# define E_RSAX_LIB_NAME "rsax engine" - -static int e_rsax_destroy(ENGINE *e); -static int e_rsax_init(ENGINE *e); -static int e_rsax_finish(ENGINE *e); -static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); - -# ifndef OPENSSL_NO_RSA -/* RSA stuff */ -static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx); -static int e_rsax_rsa_finish(RSA *r); -# endif - -static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = { - {0, NULL, NULL, 0} -}; - -# ifndef OPENSSL_NO_RSA -/* Our internal RSA_METHOD that we provide pointers to */ -static RSA_METHOD e_rsax_rsa = { - "Intel RSA-X method", - NULL, - NULL, - NULL, - NULL, - e_rsax_rsa_mod_exp, - NULL, - NULL, - e_rsax_rsa_finish, - RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE, - NULL, - NULL, - NULL -}; -# endif - -/* Constants used when creating the ENGINE */ -static const char *engine_e_rsax_id = "rsax"; -static const char *engine_e_rsax_name = "RSAX engine support"; - -/* This internal function is used by ENGINE_rsax() */ -static int bind_helper(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - const RSA_METHOD *meth1; -# endif - if (!ENGINE_set_id(e, engine_e_rsax_id) || - !ENGINE_set_name(e, engine_e_rsax_name) || -# ifndef OPENSSL_NO_RSA - !ENGINE_set_RSA(e, &e_rsax_rsa) || -# endif - !ENGINE_set_destroy_function(e, e_rsax_destroy) || - !ENGINE_set_init_function(e, e_rsax_init) || - !ENGINE_set_finish_function(e, e_rsax_finish) || - !ENGINE_set_ctrl_function(e, e_rsax_ctrl) || - !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns)) - return 0; - -# ifndef OPENSSL_NO_RSA - meth1 = RSA_PKCS1_SSLeay(); - e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc; - e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec; - e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc; - e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec; - e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp; -# endif - return 1; -} - -static ENGINE *ENGINE_rsax(void) -{ - ENGINE *ret = ENGINE_new(); - if (!ret) - return NULL; - if (!bind_helper(ret)) { - ENGINE_free(ret); - return NULL; - } - return ret; -} - -# ifndef OPENSSL_NO_RSA -/* Used to attach our own key-data to an RSA structure */ -static int rsax_ex_data_idx = -1; -# endif - -static int e_rsax_destroy(ENGINE *e) -{ - return 1; -} - -/* (de)initialisation functions. */ -static int e_rsax_init(ENGINE *e) -{ -# ifndef OPENSSL_NO_RSA - if (rsax_ex_data_idx == -1) - rsax_ex_data_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL); -# endif - if (rsax_ex_data_idx == -1) - return 0; - return 1; -} - -static int e_rsax_finish(ENGINE *e) -{ - return 1; -} - -static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) -{ - int to_return = 1; - - switch (cmd) { - /* The command isn't understood by this engine */ - default: - to_return = 0; - break; - } - - return to_return; -} - -# ifndef OPENSSL_NO_RSA - -# ifdef _WIN32 -typedef unsigned __int64 UINT64; -# else -typedef unsigned long long UINT64; -# endif -typedef unsigned short UINT16; - -/* - * Table t is interleaved in the following manner: The order in memory is - * t[0][0], t[0][1], ..., t[0][7], t[1][0], ... A particular 512-bit value is - * stored in t[][index] rather than the more normal t[index][]; i.e. the - * qwords of a particular entry in t are not adjacent in memory - */ - -/* Init BIGNUM b from the interleaved UINT64 array */ -static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array); - -/* - * Extract array elements from BIGNUM b To set the whole array from b, call - * with n=8 - */ -static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, - UINT64 *array); - -struct mod_ctx_512 { - UINT64 t[8][8]; - UINT64 m[8]; - UINT64 m1[8]; /* 2^278 % m */ - UINT64 m2[8]; /* 2^640 % m */ - UINT64 k1[2]; /* (- 1/m) % 2^128 */ -}; - -static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data); - -void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ - UINT64 *g, /* 512 bits, 8 qwords */ - UINT64 *exp, /* 512 bits, 8 qwords */ - struct mod_ctx_512 *data); - -typedef struct st_e_rsax_mod_ctx { - UINT64 type; - union { - struct mod_ctx_512 b512; - } ctx; - -} E_RSAX_MOD_CTX; - -static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM *m) -{ - E_RSAX_MOD_CTX *hptr; - - if (idx < 0 || idx > 2) - return NULL; - - hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); - if (!hptr) { - hptr = OPENSSL_malloc(3 * sizeof(E_RSAX_MOD_CTX)); - if (!hptr) - return NULL; - hptr[2].type = hptr[1].type = hptr[0].type = 0; - RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr); - } - - if (hptr[idx].type == (UINT64)BN_num_bits(m)) - return hptr + idx; - - if (BN_num_bits(m) == 512) { - UINT64 _m[8]; - bn_extract_to_array_512(m, 8, _m); - memset(&hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512)); - mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512); - } - - hptr[idx].type = BN_num_bits(m); - return hptr + idx; -} - -static int e_rsax_rsa_finish(RSA *rsa) -{ - E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); - if (hptr) { - OPENSSL_free(hptr); - RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL); - } - if (rsa->_method_mod_n) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q) - BN_MONT_CTX_free(rsa->_method_mod_q); - return 1; -} - -static int e_rsax_bn_mod_exp(BIGNUM *r, const BIGNUM *g, const BIGNUM *e, - const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont, - E_RSAX_MOD_CTX *rsax_mod_ctx) -{ - if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) { - if (BN_num_bits(m) == 512) { - UINT64 _r[8]; - UINT64 _g[8]; - UINT64 _e[8]; - - /* Init the arrays from the BIGNUMs */ - bn_extract_to_array_512(g, 8, _g); - bn_extract_to_array_512(e, 8, _e); - - mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512); - /* Return the result in the BIGNUM */ - interleaved_array_to_bn_512(r, _r); - return 1; - } - } - - return BN_mod_exp_mont(r, g, e, m, ctx, in_mont); -} - -/* - * Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular - * exponentiation routine precalculations and a structure to hold the - * necessary values. These files are meant to live in crypto/rsa/ in the - * target openssl. - */ - -/* - * Local method: extracts a piece from a BIGNUM, to fit it into - * an array. Call with n=8 to extract an entire 512-bit BIGNUM - */ -static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, - UINT64 *array) -{ - int i; - UINT64 tmp; - unsigned char bn_buff[64]; - memset(bn_buff, 0, 64); - if (BN_num_bytes(b) > 64) { - printf("Can't support this byte size\n"); - return 0; - } - if (BN_num_bytes(b) != 0) { - if (!BN_bn2bin(b, bn_buff + (64 - BN_num_bytes(b)))) { - printf("Error's in bn2bin\n"); - /* We have to error, here */ - return 0; - } - } - while (n-- > 0) { - array[n] = 0; - for (i = 7; i >= 0; i--) { - tmp = bn_buff[63 - (n * 8 + i)]; - array[n] |= tmp << (8 * i); - } - } - return 1; -} - -/* Init a 512-bit BIGNUM from the UINT64*_ (8 * 64) interleaved array */ -static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array) -{ - unsigned char tmp[64]; - int n = 8; - int i; - while (n-- > 0) { - for (i = 7; i >= 0; i--) { - tmp[63 - (n * 8 + i)] = (unsigned char)(array[n] >> (8 * i)); - }} - BN_bin2bn(tmp, 64, b); - return 0; -} - -/* The main 512bit precompute call */ -static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data) -{ - BIGNUM two_768, two_640, two_128, two_512, tmp, _m, tmp2; - - /* We need a BN_CTX for the modulo functions */ - BN_CTX *ctx; - /* Some tmps */ - UINT64 _t[8]; - int i, j, ret = 0; - - /* Init _m with m */ - BN_init(&_m); - interleaved_array_to_bn_512(&_m, m); - memset(_t, 0, 64); - - /* Inits */ - BN_init(&two_768); - BN_init(&two_640); - BN_init(&two_128); - BN_init(&two_512); - BN_init(&tmp); - BN_init(&tmp2); - - /* Create our context */ - if ((ctx = BN_CTX_new()) == NULL) { - goto err; - } - BN_CTX_start(ctx); - - /* - * For production, if you care, these only need to be set once, - * and may be made constants. - */ - BN_lshift(&two_768, BN_value_one(), 768); - BN_lshift(&two_640, BN_value_one(), 640); - BN_lshift(&two_128, BN_value_one(), 128); - BN_lshift(&two_512, BN_value_one(), 512); - - if (0 == (m[7] & 0x8000000000000000)) { - exit(1); - } - if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */ - exit(1); - } - - /* Precompute m1 */ - BN_mod(&tmp, &two_768, &_m, ctx); - if (!bn_extract_to_array_512(&tmp, 8, &data->m1[0])) { - goto err; - } - - /* Precompute m2 */ - BN_mod(&tmp, &two_640, &_m, ctx); - if (!bn_extract_to_array_512(&tmp, 8, &data->m2[0])) { - goto err; - } - - /* - * Precompute k1, a 128b number = ((-1)* m-1 ) mod 2128; k1 should - * be non-negative. - */ - BN_mod_inverse(&tmp, &_m, &two_128, ctx); - if (!BN_is_zero(&tmp)) { - BN_sub(&tmp, &two_128, &tmp); - } - if (!bn_extract_to_array_512(&tmp, 2, &data->k1[0])) { - goto err; - } - - /* Precompute t */ - for (i = 0; i < 8; i++) { - BN_zero(&tmp); - if (i & 1) { - BN_add(&tmp, &two_512, &tmp); - } - if (i & 2) { - BN_add(&tmp, &two_512, &tmp); - } - if (i & 4) { - BN_add(&tmp, &two_640, &tmp); - } - - BN_nnmod(&tmp2, &tmp, &_m, ctx); - if (!bn_extract_to_array_512(&tmp2, 8, _t)) { - goto err; - } - for (j = 0; j < 8; j++) - data->t[j][i] = _t[j]; - } - - /* Precompute m */ - for (i = 0; i < 8; i++) { - data->m[i] = m[i]; - } - - ret = 1; - - err: - /* Cleanup */ - if (ctx != NULL) { - BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - BN_free(&two_768); - BN_free(&two_640); - BN_free(&two_128); - BN_free(&two_512); - BN_free(&tmp); - BN_free(&tmp2); - BN_free(&_m); - - return ret; -} - -static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, - BN_CTX *ctx) -{ - BIGNUM *r1, *m1, *vrfy; - BIGNUM local_dmp1, local_dmq1, local_c, local_r1; - BIGNUM *dmp1, *dmq1, *c, *pr1; - int ret = 0; - - BN_CTX_start(ctx); - r1 = BN_CTX_get(ctx); - m1 = BN_CTX_get(ctx); - vrfy = BN_CTX_get(ctx); - - { - BIGNUM local_p, local_q; - BIGNUM *p = NULL, *q = NULL; - int error = 0; - - /* - * Make sure BN_mod_inverse in Montgomery intialization uses the - * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) - */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - BN_init(&local_p); - p = &local_p; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - - BN_init(&local_q); - q = &local_q; - BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); - } else { - p = rsa->p; - q = rsa->q; - } - - if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) - error = 1; - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) - error = 1; - } - - /* clean up */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - BN_free(&local_p); - BN_free(&local_q); - } - if (error) - goto err; - } - - if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) - if (!BN_MONT_CTX_set_locked - (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) - goto err; - - /* compute I mod q */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->q, ctx)) - goto err; - } else { - if (!BN_mod(r1, I, rsa->q, ctx)) - goto err; - } - - /* compute r1^dmq1 mod q */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - dmq1 = &local_dmq1; - BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); - } else - dmq1 = rsa->dmq1; - - if (!e_rsax_bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, - rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0, - rsa->q))) - goto err; - - /* compute I mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - c = &local_c; - BN_with_flags(c, I, BN_FLG_CONSTTIME); - if (!BN_mod(r1, c, rsa->p, ctx)) - goto err; - } else { - if (!BN_mod(r1, I, rsa->p, ctx)) - goto err; - } - - /* compute r1^dmp1 mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - dmp1 = &local_dmp1; - BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); - } else - dmp1 = rsa->dmp1; - - if (!e_rsax_bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, - rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1, - rsa->p))) - goto err; - - if (!BN_sub(r0, r0, m1)) - goto err; - /* - * This will help stop the size of r0 increasing, which does affect the - * multiply if it optimised for a power of 2 size - */ - if (BN_is_negative(r0)) - if (!BN_add(r0, r0, rsa->p)) - goto err; - - if (!BN_mul(r1, r0, rsa->iqmp, ctx)) - goto err; - - /* Turn BN_FLG_CONSTTIME flag on before division operation */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - pr1 = &local_r1; - BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); - } else - pr1 = r1; - if (!BN_mod(r0, pr1, rsa->p, ctx)) - goto err; - - /* - * If p < q it is occasionally possible for the correction of adding 'p' - * if r0 is negative above to leave the result still negative. This can - * break the private key operations: the following second correction - * should *always* correct this rare occurrence. This will *never* happen - * with OpenSSL generated keys because they ensure p > q [steve] - */ - if (BN_is_negative(r0)) - if (!BN_add(r0, r0, rsa->p)) - goto err; - if (!BN_mul(r1, r0, rsa->q, ctx)) - goto err; - if (!BN_add(r0, r1, m1)) - goto err; - - if (rsa->e && rsa->n) { - if (!e_rsax_bn_mod_exp - (vrfy, r0, rsa->e, rsa->n, ctx, rsa->_method_mod_n, - e_rsax_get_ctx(rsa, 2, rsa->n))) - goto err; - - /* - * If 'I' was greater than (or equal to) rsa->n, the operation will - * be equivalent to using 'I mod n'. However, the result of the - * verify will *always* be less than 'n' so we don't check for - * absolute equality, just congruency. - */ - if (!BN_sub(vrfy, vrfy, I)) - goto err; - if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) - goto err; - if (BN_is_negative(vrfy)) - if (!BN_add(vrfy, vrfy, rsa->n)) - goto err; - if (!BN_is_zero(vrfy)) { - /* - * 'I' and 'vrfy' aren't congruent mod n. Don't leak - * miscalculated CRT output, just do a raw (slower) mod_exp and - * return that instead. - */ - - BIGNUM local_d; - BIGNUM *d = NULL; - - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - d = &local_d; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } else - d = rsa->d; - if (!e_rsax_bn_mod_exp(r0, I, d, rsa->n, ctx, - rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, - rsa->n))) - goto err; - } - } - ret = 1; - - err: - BN_CTX_end(ctx); - - return ret; -} -# endif /* !OPENSSL_NO_RSA */ -#endif /* !COMPILE_RSAX */ From rsalz at openssl.org Mon Jan 26 16:05:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 17:05:15 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150126160515.91B981DF118@butler.localdomain> The branch master has been updated via 3d0cf918078fecee8b040807a2603e41937092f6 (commit) from abdd677125f3a9e3082f8c5692203590fdb9b860 (commit) - Log ----------------------------------------------------------------- commit 3d0cf918078fecee8b040807a2603e41937092f6 Author: Rich Salz Date: Mon Jan 26 11:04:26 2015 -0500 Remove obsolete support for old code. Reviewed-by: Tim Hudson Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_sign.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index cdf8d79..cc45e40 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -246,19 +246,8 @@ int int_rsa_verify(int dtype, const unsigned char *m, OBJ_nid2ln(dtype)); #endif if (sigtype != dtype) { - if (((dtype == NID_md5) && - (sigtype == NID_md5WithRSAEncryption)) || - ((dtype == NID_md2) && - (sigtype == NID_md2WithRSAEncryption))) { - /* ok, we will let it through */ -#if !defined(OPENSSL_NO_STDIO) - fprintf(stderr, - "signature has problems, re-make with post SSLeay045\n"); -#endif - } else { - RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); - goto err; - } + RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); + goto err; } if (rm) { const EVP_MD *md; From rsalz at openssl.org Mon Jan 26 16:06:45 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 26 Jan 2015 17:06:45 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150126160646.330CE1DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 63ac16ccac6930ac6a1dc13b5ad72765b553b876 (commit) from db7cb7ab9a5968f32ddbe11c3fba71ccbf4ffa53 (commit) - Log ----------------------------------------------------------------- commit 63ac16ccac6930ac6a1dc13b5ad72765b553b876 Author: Rich Salz Date: Mon Jan 26 11:06:28 2015 -0500 Remove obsolete support for old code. Reviewed-by: Tim Hudson Reviewed-by: Andy Polyakov (cherry picked from commit 3d0cf918078fecee8b040807a2603e41937092f6) ----------------------------------------------------------------------- Summary of changes: crypto/rsa/rsa_sign.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index bc91da2..19461c6 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -261,19 +261,8 @@ int int_rsa_verify(int dtype, const unsigned char *m, OBJ_nid2ln(dtype)); #endif if (sigtype != dtype) { - if (((dtype == NID_md5) && - (sigtype == NID_md5WithRSAEncryption)) || - ((dtype == NID_md2) && - (sigtype == NID_md2WithRSAEncryption))) { - /* ok, we will let it through */ -#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) - fprintf(stderr, - "signature has problems, re-make with post SSLeay045\n"); -#endif - } else { - RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); - goto err; - } + RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); + goto err; } if (rm) { const EVP_MD *md; From steve at openssl.org Mon Jan 26 23:43:33 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 27 Jan 2015 00:43:33 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150126234333.BD80A1DF118@butler.localdomain> The branch master has been updated via 511ed85c5c427f28957bf7123132c0fdc667e912 (commit) from b2751566139bfc7c34fdbf623117d555faff11a6 (commit) - Log ----------------------------------------------------------------- commit 511ed85c5c427f28957bf7123132c0fdc667e912 Author: Steve Marquess Date: Mon Jan 26 14:38:21 2015 -0500 Switch to PayPal button linked to newOSF ----------------------------------------------------------------------- Summary of changes: support/donations.wml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/support/donations.wml b/support/donations.wml index adf8156..1e2031c 100644 --- a/support/donations.wml +++ b/support/donations.wml @@ -78,10 +78,13 @@ Acknowledgement in source distributions
      We also accept donations in any amount via credit card or PayPal: -
      + - - + + + +
      +

      From appro at openssl.org Tue Jan 27 11:20:23 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 27 Jan 2015 12:20:23 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127112023.7D6D71DF118@butler.localdomain> The branch master has been updated via 2863d5f3cd96d66cadeef19b8b4111de55ce78de (commit) from 3d0cf918078fecee8b040807a2603e41937092f6 (commit) - Log ----------------------------------------------------------------- commit 2863d5f3cd96d66cadeef19b8b4111de55ce78de Author: Andy Polyakov Date: Fri Jan 23 18:02:44 2015 +0100 des/asm/des_enc.m4: strip #ifdef OPENSSL_SYS_ULTRASPARC as part of pre-processor controls cleanup. It doesn't mean that it no longer works on UltraSPARC, only that it doesn't utilize sparcv9-specific features like branch prediction hints and load in little-endian byte order anymore. This "costs" ~3% in EDE3 performance regression on UltraSPARC. Reviewed-by: Rich Salz Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/des/asm/des_enc.m4 | 117 --------------------------------------------- 1 file changed, 117 deletions(-) diff --git a/crypto/des/asm/des_enc.m4 b/crypto/des/asm/des_enc.m4 index e732ba6..6ae17fd 100644 --- a/crypto/des/asm/des_enc.m4 +++ b/crypto/des/asm/des_enc.m4 @@ -67,9 +67,6 @@ # define STPTR stx # define ARG0 128 # define ARGSZ 8 -# ifndef OPENSSL_SYS_ULTRASPARC -# define OPENSSL_SYS_ULTRASPARC -# endif #else # define FRAME -96 # define BIAS 0 @@ -429,11 +426,7 @@ $4: xor $2, local1, $2 ! 1 finished xor $2, local2, $2 ! 3 finished -#ifdef OPENSSL_SYS_ULTRASPARC - bne,pt %icc, $4 -#else bne $4 -#endif and local4, 252, local1 ! sbox 1 next round ! two rounds more: @@ -791,18 +784,6 @@ define(load_little_endian, { ! first in memory to rightmost in register -#ifdef OPENSSL_SYS_ULTRASPARC - andcc $1, 3, global0 - bne,pn %icc, $5 - nop - - lda [$1] 0x88, $2 - add $1, 4, $4 - - ba,pt %icc, $5a - lda [$4] 0x88, $3 -#endif - $5: ldub [$1+3], $2 @@ -854,19 +835,6 @@ define(load_little_endian_inc, { ! first in memory to rightmost in register -#ifdef OPENSSL_SYS_ULTRASPARC - andcc $1, 3, global0 - bne,pn %icc, $5 - nop - - lda [$1] 0x88, $2 - add $1, 4, $1 - - lda [$1] 0x88, $3 - ba,pt %icc, $5a - add $1, 4, $1 -#endif - $5: ldub [$1+3], $2 @@ -989,18 +957,6 @@ define(store_little_endian, { ! rightmost in register to first in memory -#ifdef OPENSSL_SYS_ULTRASPARC - andcc $1, 3, global0 - bne,pn %icc, $5 - nop - - sta $2, [$1] 0x88 - add $1, 4, $4 - - ba,pt %icc, $5a - sta $3, [$4] 0x88 -#endif - $5: and $2, 255, $4 stub $4, [$1+0] @@ -1195,11 +1151,7 @@ DES_encrypt1: ld [in0], in5 ! left cmp in2, 0 ! enc -#ifdef OPENSSL_SYS_ULTRASPARC - be,pn %icc, .encrypt.dec ! enc/dec -#else be .encrypt.dec -#endif ld [in0+4], out5 ! right ! parameter 6 1/2 for include encryption/decryption @@ -1287,11 +1239,7 @@ DES_encrypt2: ! we use our own stackframe -#ifdef OPENSSL_SYS_ULTRASPARC - be,pn %icc, .encrypt2.dec ! decryption -#else be .encrypt2.dec -#endif STPTR in0, [%sp+BIAS+ARG0+0*ARGSZ] ld [in3], out0 ! key 7531 first round @@ -1467,11 +1415,7 @@ DES_ncbc_encrypt: cmp in5, 0 ! enc -#ifdef OPENSSL_SYS_ULTRASPARC - be,pn %icc, .ncbc.dec -#else be .ncbc.dec -#endif STPTR in4, IVEC ! addr left right temp label @@ -1479,11 +1423,7 @@ DES_ncbc_encrypt: addcc in2, -8, in2 ! bytes missing when first block done -#ifdef OPENSSL_SYS_ULTRASPARC - bl,pn %icc, .ncbc.enc.seven.or.less -#else bl .ncbc.enc.seven.or.less -#endif mov in3, in4 ! schedule .ncbc.enc.next.block: @@ -1507,11 +1447,7 @@ DES_ncbc_encrypt: rounds_macro(in5, out5, 1, .ncbc.enc.1, in3, in4) ! include encryption ks in3 -#ifdef OPENSSL_SYS_ULTRASPARC - bl,pn %icc, .ncbc.enc.next.block_fp -#else bl .ncbc.enc.next.block_fp -#endif add in0, 8, in0 ! input address ! If 8 or more bytes are to be encrypted after this block, @@ -1552,22 +1488,14 @@ DES_ncbc_encrypt: addcc in2, -8, in2 ! bytes missing when next block done -#ifdef OPENSSL_SYS_ULTRASPARC - bpos,pt %icc, .ncbc.enc.next.block ! also jumps if 0 -#else bpos .ncbc.enc.next.block -#endif add in1, 8, in1 .ncbc.enc.seven.or.less: cmp in2, -8 -#ifdef OPENSSL_SYS_ULTRASPARC - ble,pt %icc, .ncbc.enc.finish -#else ble .ncbc.enc.finish -#endif nop add in2, 8, local1 ! bytes to load @@ -1594,11 +1522,7 @@ DES_ncbc_encrypt: add in3, 120, in3 LDPTR IVEC, local7 ! ivec -#ifdef OPENSSL_SYS_ULTRASPARC - ble,pn %icc, .ncbc.dec.finish -#else ble .ncbc.dec.finish -#endif mov in3, in4 ! schedule STPTR in1, OUTPUT @@ -1622,11 +1546,7 @@ DES_ncbc_encrypt: ! in2 is compared to 8 in the rounds xor out5, in0, out4 ! iv xor -#ifdef OPENSSL_SYS_ULTRASPARC - bl,pn %icc, .ncbc.dec.seven.or.less -#else bl .ncbc.dec.seven.or.less -#endif xor in5, in1, global4 ! iv xor ! Load ivec next block now, since input and output address might be the same. @@ -1639,11 +1559,7 @@ DES_ncbc_encrypt: add local7, 8, local7 addcc in2, -8, in2 -#ifdef OPENSSL_SYS_ULTRASPARC - bg,pt %icc, .ncbc.dec.next.block -#else bg .ncbc.dec.next.block -#endif STPTR local7, OUTPUT @@ -1694,11 +1610,6 @@ DES_ede3_cbc_encrypt: LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local4 ! ivec cmp local3, 0 ! enc -#ifdef OPENSSL_SYS_ULTRASPARC - be,pn %icc, .ede3.dec -#else - be .ede3.dec -#endif STPTR in4, KS2 STPTR in5, KS3 @@ -1707,11 +1618,7 @@ DES_ede3_cbc_encrypt: addcc in2, -8, in2 ! bytes missing after next block -#ifdef OPENSSL_SYS_ULTRASPARC - bl,pn %icc, .ede3.enc.seven.or.less -#else bl .ede3.enc.seven.or.less -#endif STPTR in3, KS1 .ede3.enc.next.block: @@ -1741,11 +1648,7 @@ DES_ede3_cbc_encrypt: call .des_enc ! ks3 in3 compares in2 to 8 nop -#ifdef OPENSSL_SYS_ULTRASPARC - bl,pn %icc, .ede3.enc.next.block_fp -#else bl .ede3.enc.next.block_fp -#endif add in0, 8, in0 ! If 8 or more bytes are to be encrypted after this block, @@ -1787,22 +1690,14 @@ DES_ede3_cbc_encrypt: addcc in2, -8, in2 ! bytes missing when next block done -#ifdef OPENSSL_SYS_ULTRASPARC - bpos,pt %icc, .ede3.enc.next.block -#else bpos .ede3.enc.next.block -#endif add in1, 8, in1 .ede3.enc.seven.or.less: cmp in2, -8 -#ifdef OPENSSL_SYS_ULTRASPARC - ble,pt %icc, .ede3.enc.finish -#else ble .ede3.enc.finish -#endif nop add in2, 8, local1 ! bytes to load @@ -1830,11 +1725,7 @@ DES_ede3_cbc_encrypt: STPTR in3, KS1 cmp in2, 0 -#ifdef OPENSSL_SYS_ULTRASPARC - ble %icc, .ede3.dec.finish -#else ble .ede3.dec.finish -#endif STPTR in5, KS3 LDPTR [%fp+BIAS+ARG0+6*ARGSZ], local7 ! iv @@ -1863,11 +1754,7 @@ DES_ede3_cbc_encrypt: ! in2 is compared to 8 in the rounds xor out5, in0, out4 -#ifdef OPENSSL_SYS_ULTRASPARC - bl,pn %icc, .ede3.dec.seven.or.less -#else bl .ede3.dec.seven.or.less -#endif xor in5, in1, global4 load_little_endian_inc(local5, in0, in1, local3, .LLE10) ! iv next block @@ -1878,11 +1765,7 @@ DES_ede3_cbc_encrypt: addcc in2, -8, in2 add local7, 8, local7 -#ifdef OPENSSL_SYS_ULTRASPARC - bg,pt %icc, .ede3.dec.next.block -#else bg .ede3.dec.next.block -#endif STPTR local7, OUTPUT .ede3.dec.store.iv: From appro at openssl.org Tue Jan 27 11:24:31 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 27 Jan 2015 12:24:31 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127112432.0FF6F1DF118@butler.localdomain> The branch master has been updated via 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb (commit) from 2863d5f3cd96d66cadeef19b8b4111de55ce78de (commit) - Log ----------------------------------------------------------------- commit 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb Author: Andy Polyakov Date: Sat Jan 24 16:46:54 2015 +0100 Configure: addendum to OPENSSL_NO_[RMD160|RIPEMD] harmonization. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Configure | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Configure b/Configure index c726478..ca48b52 100755 --- a/Configure +++ b/Configure @@ -1083,6 +1083,8 @@ foreach (sort (keys %disabled)) } else { + ($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd"); + $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; print " OPENSSL_NO_$ALGO"; @@ -1093,6 +1095,8 @@ foreach (sort (keys %disabled)) push @skip, $algo; # fix-up crypto/directory name(s) @skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + @skip[$#skip]="ripemd" if $algo eq "rmd160"; + print " (skip dir)"; $depflags .= " -DOPENSSL_NO_$ALGO"; From matt at openssl.org Tue Jan 27 14:39:49 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 27 Jan 2015 15:39:49 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150127143949.B57D41DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 53e652ae447fd4eafb7763ca6e1d1254609af206 (commit) via 131d3fdfe2deae6c7ff180c561c088e3e11dd659 (commit) via 1895583835239bc44c3f6584e48f0279ad884f3b (commit) from 5226c62b7632dfaf38480919d406307318a7d145 (commit) - Log ----------------------------------------------------------------- commit 53e652ae447fd4eafb7763ca6e1d1254609af206 Author: Matt Caswell Date: Mon Jan 26 23:28:31 2015 +0000 Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead functions. Reviewed-by: Andy Polyakov (cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583) commit 131d3fdfe2deae6c7ff180c561c088e3e11dd659 Author: Matt Caswell Date: Mon Jan 26 16:46:49 2015 +0000 Remove explicit setting of read_ahead for DTLS. It never makes sense not to use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs to be the default. Reviewed-by: Andy Polyakov (cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe) Conflicts: apps/s_client.c apps/s_server.c commit 1895583835239bc44c3f6584e48f0279ad884f3b Author: Matt Caswell Date: Mon Jan 26 16:47:36 2015 +0000 Make DTLS always act as if read_ahead is set. The actual value of read_ahead is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov (cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 6 ----- apps/s_server.c | 12 --------- doc/ssl/SSL_CTX_set_read_ahead.pod | 51 ++++++++++++++++++++++++++++++++++++ doc/ssl/SSL_pending.pod | 8 +++--- doc/ssl/ssl.pod | 7 +++++ ssl/s3_pkt.c | 3 ++- 6 files changed, 65 insertions(+), 22 deletions(-) create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod diff --git a/apps/s_client.c b/apps/s_client.c index 0bbc065..758fb25 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1149,12 +1149,6 @@ int MAIN(int argc, char **argv) if (clr) SSL_CTX_clear_options(ctx, clr); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.data) diff --git a/apps/s_server.c b/apps/s_server.c index 0cac749..70ee5c3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1541,12 +1541,6 @@ int MAIN(int argc, char *argv[]) if (hack) SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); SSL_CTX_set_options(ctx, off); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); @@ -1614,12 +1608,6 @@ int MAIN(int argc, char *argv[]) if (hack) SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); SSL_CTX_set_options(ctx2, off); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( - * Setting read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx2, 1); if (state) SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod new file mode 100644 index 0000000..527164b --- /dev/null +++ b/doc/ssl/SSL_CTX_set_read_ahead.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead, +SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead +- manage whether to read as many input bytes as possible + +=head1 SYNOPSIS + + #include + + int SSL_get_read_ahead(const SSL *s); + void SSL_set_read_ahead(SSL *s, int yes); + + #define SSL_CTX_get_default_read_ahead(ctx) + #define SSL_CTX_set_default_read_ahead(ctx,m) + #define SSL_CTX_get_read_ahead(ctx) + #define SSL_CTX_set_read_ahead(ctx,m) + +=head1 DESCRIPTION + +SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +B bytes are currently required by OpenSSL, but B bytes are available from +the underlying BIO (where B > B), then OpenSSL will read all B bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or B bytes otherwise. The parameter B or B should be 0 to ensure +reading ahead is off, or non zero otherwise. + +SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and +SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead. + +SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading +ahead has been set or not. + +=head1 NOTES + +These functions have no impact when used with DTLS. The return values for +SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. + +=head1 RETURN VALUES + +SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off, +and non zero otherwise. + +=head1 SEE ALSO + +L + +=cut diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index 43f2874..9dd071b 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -29,8 +29,9 @@ The number of bytes pending is returned. SSL_pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). If the B object's -I flag is set, additional protocol bytes may have been -read containing more TLS/SSL records; these are ignored by +I flag is set (see +L), additional protocol +bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending(). Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type @@ -38,6 +39,7 @@ of pending data is application data. =head1 SEE ALSO -L, L +L, +L, L =cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 6d3ee24..660489a 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -229,6 +229,8 @@ protocol context defined in the B structure. =item int (*B(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +=item void B(SSL_CTX *ctx); + =item char *B(const SSL_CTX *s, int idx); =item int B(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) @@ -237,6 +239,8 @@ protocol context defined in the B structure. =item int B(const SSL_CTX *ctx); +=item void B(SSL_CTX *ctx); + =item int B(SSL_CTX *ctx); =item long B(const SSL_CTX *ctx); @@ -325,6 +329,8 @@ protocol context defined in the B structure. =item void B(SSL_CTX *ctx, int mode); +=item void B(SSL_CTX *ctx, int m); + =item void B(SSL_CTX *ctx, int mode); =item int B(SSL_CTX *ctx, const SSL_METHOD *meth); @@ -703,6 +709,7 @@ L, L, L, L, +L, L, L, L, diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 5644dd8..d422abf 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -217,7 +217,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->read_ahead) + /* We always act like read_ahead is set for DTLS */ + if (!s->read_ahead && !SSL_IS_DTLS(s)) /* ignore max parameter */ max = n; else { From matt at openssl.org Tue Jan 27 14:40:02 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 27 Jan 2015 15:40:02 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150127144002.693BE1DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 6ca1dc97372ca07c1a223c15de98323f5b25c329 (commit) via 0ed9ca21ae788097b030d1454152644d34131c76 (commit) via 11b32d6e29b87eaf8d14f218ff2a739af2237555 (commit) from 63ac16ccac6930ac6a1dc13b5ad72765b553b876 (commit) - Log ----------------------------------------------------------------- commit 6ca1dc97372ca07c1a223c15de98323f5b25c329 Author: Matt Caswell Date: Mon Jan 26 23:28:31 2015 +0000 Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead functions. Reviewed-by: Andy Polyakov (cherry picked from commit 8507474564f3f743f5daa3468ca97a9b707b3583) commit 0ed9ca21ae788097b030d1454152644d34131c76 Author: Matt Caswell Date: Mon Jan 26 16:46:49 2015 +0000 Remove explicit setting of read_ahead for DTLS. It never makes sense not to use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs to be the default. Reviewed-by: Andy Polyakov (cherry picked from commit f4002412518703d07fee321d4c88ee0bbe1694fe) commit 11b32d6e29b87eaf8d14f218ff2a739af2237555 Author: Matt Caswell Date: Mon Jan 26 16:47:36 2015 +0000 Make DTLS always act as if read_ahead is set. The actual value of read_ahead is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov (cherry picked from commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa) ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 6 ----- apps/s_server.c | 12 --------- doc/ssl/SSL_CTX_set_read_ahead.pod | 51 ++++++++++++++++++++++++++++++++++++ doc/ssl/SSL_pending.pod | 8 +++--- doc/ssl/ssl.pod | 7 +++++ ssl/s3_pkt.c | 3 ++- 6 files changed, 65 insertions(+), 22 deletions(-) create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod diff --git a/apps/s_client.c b/apps/s_client.c index b1152aa..8212c9f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1295,12 +1295,6 @@ int MAIN(int argc, char **argv) #endif if (exc) ssl_ctx_set_excert(ctx, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); #if !defined(OPENSSL_NO_TLSEXT) # if !defined(OPENSSL_NO_NEXTPROTONEG) diff --git a/apps/s_server.c b/apps/s_server.c index baa2455..5709546 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1736,12 +1736,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); @@ -1821,12 +1815,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx2, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( - * Setting read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx2, 1); if (state) SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod new file mode 100644 index 0000000..527164b --- /dev/null +++ b/doc/ssl/SSL_CTX_set_read_ahead.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead, +SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead +- manage whether to read as many input bytes as possible + +=head1 SYNOPSIS + + #include + + int SSL_get_read_ahead(const SSL *s); + void SSL_set_read_ahead(SSL *s, int yes); + + #define SSL_CTX_get_default_read_ahead(ctx) + #define SSL_CTX_set_default_read_ahead(ctx,m) + #define SSL_CTX_get_read_ahead(ctx) + #define SSL_CTX_set_read_ahead(ctx,m) + +=head1 DESCRIPTION + +SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +B bytes are currently required by OpenSSL, but B bytes are available from +the underlying BIO (where B > B), then OpenSSL will read all B bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or B bytes otherwise. The parameter B or B should be 0 to ensure +reading ahead is off, or non zero otherwise. + +SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and +SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead. + +SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading +ahead has been set or not. + +=head1 NOTES + +These functions have no impact when used with DTLS. The return values for +SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. + +=head1 RETURN VALUES + +SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off, +and non zero otherwise. + +=head1 SEE ALSO + +L + +=cut diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index 43f2874..9dd071b 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -29,8 +29,9 @@ The number of bytes pending is returned. SSL_pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). If the B object's -I flag is set, additional protocol bytes may have been -read containing more TLS/SSL records; these are ignored by +I flag is set (see +L), additional protocol +bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending(). Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type @@ -38,6 +39,7 @@ of pending data is application data. =head1 SEE ALSO -L, L +L, +L, L =cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 8d5b8c3..242087e 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -229,6 +229,8 @@ protocol context defined in the B structure. =item int (*B(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +=item void B(SSL_CTX *ctx); + =item char *B(const SSL_CTX *s, int idx); =item int B(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) @@ -237,6 +239,8 @@ protocol context defined in the B structure. =item int B(const SSL_CTX *ctx); +=item void B(SSL_CTX *ctx); + =item int B(SSL_CTX *ctx); =item long B(const SSL_CTX *ctx); @@ -325,6 +329,8 @@ protocol context defined in the B structure. =item void B(SSL_CTX *ctx, int mode); +=item void B(SSL_CTX *ctx, int m); + =item void B(SSL_CTX *ctx, int mode); =item int B(SSL_CTX *ctx, const SSL_METHOD *meth); @@ -707,6 +713,7 @@ L, L, L, L, +L, L, L, L, diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index ec56c55..d5ddb60 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -231,7 +231,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->read_ahead) + /* We always act like read_ahead is set for DTLS */ + if (!s->read_ahead && !SSL_IS_DTLS(s)) /* ignore max parameter */ max = n; else { From matt at openssl.org Tue Jan 27 14:40:09 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 27 Jan 2015 15:40:09 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127144009.734721DF118@butler.localdomain> The branch master has been updated via 8507474564f3f743f5daa3468ca97a9b707b3583 (commit) via f4002412518703d07fee321d4c88ee0bbe1694fe (commit) via 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa (commit) from 2a4af9478d0be41ea8c782c3c7adda00f7e20fbb (commit) - Log ----------------------------------------------------------------- commit 8507474564f3f743f5daa3468ca97a9b707b3583 Author: Matt Caswell Date: Mon Jan 26 23:28:31 2015 +0000 Provide documentation for all SSL(_CTX)?_(get|set)(_default)?_read_ahead functions. Reviewed-by: Andy Polyakov commit f4002412518703d07fee321d4c88ee0bbe1694fe Author: Matt Caswell Date: Mon Jan 26 16:46:49 2015 +0000 Remove explicit setting of read_ahead for DTLS. It never makes sense not to use read_ahead with DTLS because it doesn't work. Therefore read_ahead needs to be the default. Reviewed-by: Andy Polyakov commit 8dd4ad0ff5d1d07ec4b6dd5d5104131269a472aa Author: Matt Caswell Date: Mon Jan 26 16:47:36 2015 +0000 Make DTLS always act as if read_ahead is set. The actual value of read_ahead is ignored for DTLS. RT#3657 Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 6 ----- apps/s_server.c | 12 --------- doc/ssl/SSL_CTX_set_read_ahead.pod | 51 ++++++++++++++++++++++++++++++++++++ doc/ssl/SSL_pending.pod | 8 +++--- doc/ssl/ssl.pod | 7 +++++ ssl/s3_pkt.c | 3 ++- 6 files changed, 65 insertions(+), 22 deletions(-) create mode 100644 doc/ssl/SSL_CTX_set_read_ahead.pod diff --git a/apps/s_client.c b/apps/s_client.c index e30857f..0c4e6bd 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1299,12 +1299,6 @@ int MAIN(int argc, char **argv) #endif if (exc) ssl_ctx_set_excert(ctx, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); #if !defined(OPENSSL_NO_TLSEXT) # if !defined(OPENSSL_NO_NEXTPROTONEG) diff --git a/apps/s_server.c b/apps/s_server.c index 4dae4d5..e07df85 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1722,12 +1722,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_options(ctx, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( Setting - * read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx, 1); if (state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); @@ -1806,12 +1800,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_options(ctx2, SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG); if (exc) ssl_ctx_set_excert(ctx2, exc); - /* - * DTLS: partial reads end up discarding unread UDP bytes :-( - * Setting read ahead solves this problem. - */ - if (socket_type == SOCK_DGRAM) - SSL_CTX_set_read_ahead(ctx2, 1); if (state) SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback); diff --git a/doc/ssl/SSL_CTX_set_read_ahead.pod b/doc/ssl/SSL_CTX_set_read_ahead.pod new file mode 100644 index 0000000..527164b --- /dev/null +++ b/doc/ssl/SSL_CTX_set_read_ahead.pod @@ -0,0 +1,51 @@ +=pod + +=head1 NAME + +SSL_CTX_set_read_ahead, SSL_CTX_set_default_read_ahead, SSL_CTX_get_read_ahead, +SSL_CTX_get_default_read_ahead, SSL_set_read_ahead, SSL_get_read_ahead +- manage whether to read as many input bytes as possible + +=head1 SYNOPSIS + + #include + + int SSL_get_read_ahead(const SSL *s); + void SSL_set_read_ahead(SSL *s, int yes); + + #define SSL_CTX_get_default_read_ahead(ctx) + #define SSL_CTX_set_default_read_ahead(ctx,m) + #define SSL_CTX_get_read_ahead(ctx) + #define SSL_CTX_set_read_ahead(ctx,m) + +=head1 DESCRIPTION + +SSL_CTX_set_read_ahead() and SSL_set_read_ahead() set whether we should read as +many input bytes as possible (for non-blocking reads) or not. For example if +B bytes are currently required by OpenSSL, but B bytes are available from +the underlying BIO (where B > B), then OpenSSL will read all B bytes +into its buffer (providing that the buffer is large enough) if reading ahead is +on, or B bytes otherwise. The parameter B or B should be 0 to ensure +reading ahead is off, or non zero otherwise. + +SSL_CTX_set_default_read_ahead is a synonym for SSL_CTX_set_read_ahead, and +SSL_CTX_get_default_read_ahead is a synonym for SSL_CTX_get_read_ahead. + +SSL_CTX_get_read_ahead() and SSL_get_read_ahead() indicate whether reading +ahead has been set or not. + +=head1 NOTES + +These functions have no impact when used with DTLS. The return values for +SSL_CTX_get_read_head() and SSL_get_read_ahead() are undefined for DTLS. + +=head1 RETURN VALUES + +SSL_get_read_ahead and SSL_CTX_get_read_ahead return 0 if reading ahead is off, +and non zero otherwise. + +=head1 SEE ALSO + +L + +=cut diff --git a/doc/ssl/SSL_pending.pod b/doc/ssl/SSL_pending.pod index 43f2874..9dd071b 100644 --- a/doc/ssl/SSL_pending.pod +++ b/doc/ssl/SSL_pending.pod @@ -29,8 +29,9 @@ The number of bytes pending is returned. SSL_pending() takes into account only bytes from the TLS/SSL record that is currently being processed (if any). If the B object's -I flag is set, additional protocol bytes may have been -read containing more TLS/SSL records; these are ignored by +I flag is set (see +L), additional protocol +bytes may have been read containing more TLS/SSL records; these are ignored by SSL_pending(). Up to OpenSSL 0.9.6, SSL_pending() does not check if the record type @@ -38,6 +39,7 @@ of pending data is application data. =head1 SEE ALSO -L, L +L, +L, L =cut diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index ceb9766..3634fa9 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -217,6 +217,8 @@ protocol context defined in the B structure. =item int (*B(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey); +=item void B(SSL_CTX *ctx); + =item char *B(const SSL_CTX *s, int idx); =item int B(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void)) @@ -225,6 +227,8 @@ protocol context defined in the B structure. =item int B(const SSL_CTX *ctx); +=item void B(SSL_CTX *ctx); + =item int B(SSL_CTX *ctx); =item long B(const SSL_CTX *ctx); @@ -313,6 +317,8 @@ protocol context defined in the B structure. =item void B(SSL_CTX *ctx, int mode); +=item void B(SSL_CTX *ctx, int m); + =item void B(SSL_CTX *ctx, int mode); =item int B(SSL_CTX *ctx, const SSL_METHOD *meth); @@ -695,6 +701,7 @@ L, L, L, L, +L, L, L, L, diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 85af629..07adf0f 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -231,7 +231,8 @@ int ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->read_ahead) + /* We always act like read_ahead is set for DTLS */ + if (!s->read_ahead && !SSL_IS_DTLS(s)) /* ignore max parameter */ max = n; else { From rsalz at openssl.org Tue Jan 27 15:03:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 16:03:33 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127150333.D4F8C1DF118@butler.localdomain> The branch master has been updated via 109f1031a8d03a7c0a7c53c82314505ec5b7b207 (commit) from 8507474564f3f743f5daa3468ca97a9b707b3583 (commit) - Log ----------------------------------------------------------------- commit 109f1031a8d03a7c0a7c53c82314505ec5b7b207 Author: Rich Salz Date: Tue Jan 27 10:02:39 2015 -0500 OPENSSL_NO_xxx cleanup: DEC-CBCM removed A DES algorithm mode, known attacks, no EVP support. Flushed. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/des/Makefile | 11 +-- crypto/des/des.h | 5 -- crypto/des/des_old.h | 2 - crypto/des/destest.c | 52 +------------ crypto/des/ede_cbcm_enc.c | 189 --------------------------------------------- doc/crypto/des.pod | 6 +- 6 files changed, 4 insertions(+), 261 deletions(-) delete mode 100644 crypto/des/ede_cbcm_enc.c diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 4a63c1c..80a7add 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -28,7 +28,7 @@ LIBSRC= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ qud_cksm.c rand_key.c rpc_enc.c set_key.c \ des_enc.c fcrypt_b.c \ xcbc_enc.c \ - str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_old.c des_old2.c \ + str2key.c cfb64ede.c ofb64ede.c des_old.c des_old2.c \ read2pwd.c LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ @@ -37,7 +37,7 @@ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \ ${DES_ENC} \ fcrypt.o xcbc_enc.o rpc_enc.o cbc_cksm.o \ - ede_cbcm_enc.o des_old.o des_old2.o read2pwd.o + des_old.o des_old2.o read2pwd.o SRC= $(LIBSRC) @@ -169,13 +169,6 @@ ecb_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ecb_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ecb_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h ecb_enc.o: ../../include/openssl/ui_compat.h des_locl.h des_ver.h ecb_enc.c -ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -ede_cbcm_enc.o: ../../include/openssl/e_os2.h -ede_cbcm_enc.o: ../../include/openssl/opensslconf.h -ede_cbcm_enc.o: ../../include/openssl/ossl_typ.h -ede_cbcm_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -ede_cbcm_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ede_cbcm_enc.o: ../../include/openssl/ui_compat.h des_locl.h ede_cbcm_enc.c enc_read.o: ../../e_os.h ../../include/openssl/bio.h enc_read.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h enc_read.o: ../../include/openssl/des.h ../../include/openssl/des_old.h diff --git a/crypto/des/des.h b/crypto/des/des.h index fe02e34..0accc9b 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -182,11 +182,6 @@ void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int enc); -void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, - long length, - DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, - DES_cblock *ivec1, DES_cblock *ivec2, int enc); void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index 4dabd45..baa4b7d 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -141,8 +141,6 @@ typedef struct _ossl_old_des_ks_struct { DES_ecb3_encrypt((i),(o),&(k1),&(k2),&(k3),(e)) # define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) -# define des_ede3_cbcm_encrypt(i,o,l,k1,k2,k3,iv1,iv2,e)\ - DES_ede3_cbcm_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv1),(iv2),(e)) # define des_ede3_cfb64_encrypt(i,o,l,k1,k2,k3,iv,n,e)\ DES_ede3_cfb64_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(n),(e)) # define des_ede3_ofb64_encrypt(i,o,l,k1,k2,k3,iv,n)\ diff --git a/crypto/des/destest.c b/crypto/des/destest.c index 62cc7a5..be68d36 100644 --- a/crypto/des/destest.c +++ b/crypto/des/destest.c @@ -362,7 +362,7 @@ int main(int argc, char *argv[]) { int j, err = 0; unsigned int i; - des_cblock in, out, outin, iv3, iv2; + des_cblock in, out, outin, iv3; des_key_schedule ks, ks2, ks3; unsigned char cbc_in[40]; unsigned char cbc_out[40]; @@ -372,56 +372,6 @@ int main(int argc, char *argv[]) int num; char *str; -# ifndef OPENSSL_NO_DESCBCM - printf("Doing cbcm\n"); - if ((j = DES_set_key_checked(&cbc_key, &ks)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - if ((j = DES_set_key_checked(&cbc2_key, &ks2)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - if ((j = DES_set_key_checked(&cbc3_key, &ks3)) != 0) { - printf("Key error %d\n", j); - err = 1; - } - memset(cbc_out, 0, 40); - memset(cbc_in, 0, 40); - i = strlen((char *)cbc_data) + 1; - /* i=((i+7)/8)*8; */ - memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); - - DES_ede3_cbcm_encrypt(cbc_data, cbc_out, 16L, &ks, &ks2, &ks3, &iv3, &iv2, - DES_ENCRYPT); - DES_ede3_cbcm_encrypt(&cbc_data[16], &cbc_out[16], i - 16, &ks, &ks2, - &ks3, &iv3, &iv2, DES_ENCRYPT); -/*- if (memcmp(cbc_out,cbc3_ok, - (unsigned int)(strlen((char *)cbc_data)+1+7)/8*8) != 0) - { - printf("des_ede3_cbc_encrypt encrypt error\n"); - err=1; - } -*/ - memcpy(iv3, cbc_iv, sizeof(cbc_iv)); - memset(iv2, '\0', sizeof iv2); - DES_ede3_cbcm_encrypt(cbc_out, cbc_in, i, &ks, &ks2, &ks3, &iv3, &iv2, - DES_DECRYPT); - if (memcmp(cbc_in, cbc_data, strlen((char *)cbc_data) + 1) != 0) { - unsigned int n; - - printf("des_ede3_cbcm_encrypt decrypt error\n"); - for (n = 0; n < i; ++n) - printf(" %02x", cbc_data[n]); - printf("\n"); - for (n = 0; n < i; ++n) - printf(" %02x", cbc_in[n]); - printf("\n"); - err = 1; - } -# endif - printf("Doing ecb\n"); for (i = 0; i < NUM_TESTS; i++) { DES_set_key_unchecked(&key_data[i], &ks); diff --git a/crypto/des/ede_cbcm_enc.c b/crypto/des/ede_cbcm_enc.c deleted file mode 100644 index 86f27d0..0000000 --- a/crypto/des/ede_cbcm_enc.c +++ /dev/null @@ -1,189 +0,0 @@ -/* ede_cbcm_enc.c */ -/* - * Written by Ben Laurie for the OpenSSL project 13 Feb - * 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -/* - * - * This is an implementation of Triple DES Cipher Block Chaining with Output - * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). - * - * Note that there is a known attack on this by Biham and Knudsen but it - * takes a lot of work: - * - * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz - * - */ - -#include /* To see if OPENSSL_NO_DESCBCM is defined */ - -#ifndef OPENSSL_NO_DESCBCM -# include "des_locl.h" - -void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, - DES_key_schedule *ks2, DES_key_schedule *ks3, - DES_cblock *ivec1, DES_cblock *ivec2, int enc) -{ - register DES_LONG tin0, tin1; - register DES_LONG tout0, tout1, xor0, xor1, m0, m1; - register long l = length; - DES_LONG tin[2]; - unsigned char *iv1, *iv2; - - iv1 = &(*ivec1)[0]; - iv2 = &(*ivec2)[0]; - - if (enc) { - c2l(iv1, m0); - c2l(iv1, m1); - c2l(iv2, tout0); - c2l(iv2, tout1); - for (l -= 8; l >= -7; l -= 8) { - tin[0] = m0; - tin[1] = m1; - DES_encrypt1(tin, ks3, 1); - m0 = tin[0]; - m1 = tin[1]; - - if (l < 0) { - c2ln(in, tin0, tin1, l + 8); - } else { - c2l(in, tin0); - c2l(in, tin1); - } - tin0 ^= tout0; - tin1 ^= tout1; - - tin[0] = tin0; - tin[1] = tin1; - DES_encrypt1(tin, ks1, 1); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks2, 0); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks1, 1); - tout0 = tin[0]; - tout1 = tin[1]; - - l2c(tout0, out); - l2c(tout1, out); - } - iv1 = &(*ivec1)[0]; - l2c(m0, iv1); - l2c(m1, iv1); - - iv2 = &(*ivec2)[0]; - l2c(tout0, iv2); - l2c(tout1, iv2); - } else { - register DES_LONG t0, t1; - - c2l(iv1, m0); - c2l(iv1, m1); - c2l(iv2, xor0); - c2l(iv2, xor1); - for (l -= 8; l >= -7; l -= 8) { - tin[0] = m0; - tin[1] = m1; - DES_encrypt1(tin, ks3, 1); - m0 = tin[0]; - m1 = tin[1]; - - c2l(in, tin0); - c2l(in, tin1); - - t0 = tin0; - t1 = tin1; - - tin[0] = tin0; - tin[1] = tin1; - DES_encrypt1(tin, ks1, 0); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks2, 1); - tin[0] ^= m0; - tin[1] ^= m1; - DES_encrypt1(tin, ks1, 0); - tout0 = tin[0]; - tout1 = tin[1]; - - tout0 ^= xor0; - tout1 ^= xor1; - if (l < 0) { - l2cn(tout0, tout1, out, l + 8); - } else { - l2c(tout0, out); - l2c(tout1, out); - } - xor0 = t0; - xor1 = t1; - } - - iv1 = &(*ivec1)[0]; - l2c(m0, iv1); - l2c(m1, iv1); - - iv2 = &(*ivec2)[0]; - l2c(xor0, iv2); - l2c(xor1, iv2); - } - tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0; - tin[0] = tin[1] = 0; -} -#endif diff --git a/doc/crypto/des.pod b/doc/crypto/des.pod index 51df21a..2afe572 100644 --- a/doc/crypto/des.pod +++ b/doc/crypto/des.pod @@ -8,7 +8,7 @@ DES_ecb_encrypt, DES_ecb2_encrypt, DES_ecb3_encrypt, DES_ncbc_encrypt, DES_cfb_encrypt, DES_ofb_encrypt, DES_pcbc_encrypt, DES_cfb64_encrypt, DES_ofb64_encrypt, DES_xcbc_encrypt, DES_ede2_cbc_encrypt, DES_ede2_cfb64_encrypt, DES_ede2_ofb64_encrypt, DES_ede3_cbc_encrypt, -DES_ede3_cbcm_encrypt, DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, +DES_ede3_cfb64_encrypt, DES_ede3_ofb64_encrypt, DES_cbc_cksum, DES_quad_cksum, DES_string_to_key, DES_string_to_2keys, DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption @@ -73,10 +73,6 @@ DES_fcrypt, DES_crypt, DES_enc_read, DES_enc_write - DES encryption unsigned char *output, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int enc); - void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, - long length, DES_key_schedule *ks1, DES_key_schedule *ks2, - DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, - int enc); void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num, int enc); From rsalz at openssl.org Tue Jan 27 15:08:56 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 16:08:56 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127150857.0EDCF1DF118@butler.localdomain> The branch master has been updated via a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 (commit) from 109f1031a8d03a7c0a7c53c82314505ec5b7b207 (commit) - Log ----------------------------------------------------------------- commit a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 Author: Rich Salz Date: Tue Jan 27 10:06:22 2015 -0500 OPENSSL_NO_xxx cleanup: many removals The following compile options (#ifdef's) are removed: OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY This diff is big because of updating the indents on preprocessor lines. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/progs.h | 2 - apps/progs.pl | 2 - apps/speed.c | 1194 +++++++++++++++++++++++----------------------- crypto/asn1/asn1.h | 10 +- crypto/bn/bn_print.c | 2 - crypto/dh/dh.h | 8 +- crypto/dsa/dsa.h | 6 +- crypto/ec/ec.h | 4 - crypto/err/err.c | 2 - crypto/err/err.h | 12 +- crypto/err/err_all.c | 2 - crypto/evp/evp.h | 13 +- crypto/lhash/lh_stats.c | 79 +-- crypto/lhash/lhash.c | 9 - crypto/lhash/lhash.h | 14 +- crypto/objects/obj_dat.c | 15 +- crypto/pem/pem.h | 24 +- crypto/rsa/rsa.h | 6 +- crypto/ts/ts.h | 12 +- crypto/ts/ts_asn1.c | 8 - crypto/txt_db/txt_db.h | 9 +- crypto/x509/x509.h | 26 +- crypto/x509/x509_vfy.c | 4 - crypto/x509/x509_vfy.h | 4 +- ssl/ssl.h | 24 +- ssl/ssl_cert.c | 6 - ssl/ssltest.c | 2 - 27 files changed, 616 insertions(+), 883 deletions(-) diff --git a/apps/progs.h b/apps/progs.h index 5eb974b..c66da30 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -113,9 +113,7 @@ FUNCTION functions[] = { #if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL, "s_client", s_client_main}, #endif -#ifndef OPENSSL_NO_SPEED {FUNC_TYPE_GENERAL, "speed", speed_main}, -#endif #if !defined(OPENSSL_NO_SOCK) {FUNC_TYPE_GENERAL, "s_time", s_time_main}, #endif diff --git a/apps/progs.pl b/apps/progs.pl index 2b1efd8..8695742 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -33,8 +33,6 @@ foreach (@ARGV) $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } - elsif ( ($_ =~ /^speed$/)) - { print "#ifndef OPENSSL_NO_SPEED\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) { print "#ifndef OPENSSL_NO_ENGINE\n${str}#endif\n"; } elsif ( ($_ =~ /^rsa$/) || ($_ =~ /^genrsa$/) || ($_ =~ /^rsautl$/)) diff --git a/apps/speed.c b/apps/speed.c index 1b4d23b..f5af9a3 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -69,147 +69,140 @@ * */ -/* most of this code has been pilfered from my libdes speed.c program */ - -#ifndef OPENSSL_NO_SPEED - -# undef SECONDS -# define SECONDS 3 -# define PRIME_SECONDS 10 -# define RSA_SECONDS 10 -# define DSA_SECONDS 10 -# define ECDSA_SECONDS 10 -# define ECDH_SECONDS 10 - -/* 11-Sep-92 Andrew Daviel Support for Silicon Graphics IRIX added */ -/* 06-Apr-92 Luke Brennan Support for VMS and add extra signal calls */ - -# undef PROG -# define PROG speed_main - -# include -# include - -# include -# include -# include "apps.h" -# include -# include -# include -# include -# include -# if !defined(OPENSSL_SYS_MSDOS) -# include OPENSSL_UNISTD -# endif +#undef SECONDS +#define SECONDS 3 +#define PRIME_SECONDS 10 +#define RSA_SECONDS 10 +#define DSA_SECONDS 10 +#define ECDSA_SECONDS 10 +#define ECDH_SECONDS 10 + +#undef PROG +#define PROG speed_main + +#include +#include + +#include +#include +#include "apps.h" +#include +#include +#include +#include +#include +#if !defined(OPENSSL_SYS_MSDOS) +# include OPENSSL_UNISTD +#endif -# ifndef OPENSSL_SYS_NETWARE -# include -# endif +#ifndef OPENSSL_SYS_NETWARE +# include +#endif -# if defined(_WIN32) || defined(__CYGWIN__) -# include -# if defined(__CYGWIN__) && !defined(_WIN32) +#if defined(_WIN32) || defined(__CYGWIN__) +# include +# if defined(__CYGWIN__) && !defined(_WIN32) /* * should define _WIN32, which normally is mutually exclusive * with __CYGWIN__, but if it didn't... */ -# define _WIN32 +# define _WIN32 /* this is done because Cygwin alarm() fails sometimes. */ -# endif -# endif - -# include -# ifndef OPENSSL_NO_DES -# include -# endif -# ifndef OPENSSL_NO_AES -# include -# endif -# ifndef OPENSSL_NO_CAMELLIA -# include -# endif -# ifndef OPENSSL_NO_MD2 -# include -# endif -# ifndef OPENSSL_NO_MDC2 -# include -# endif -# ifndef OPENSSL_NO_MD4 -# include -# endif -# ifndef OPENSSL_NO_MD5 -# include -# endif -# ifndef OPENSSL_NO_HMAC -# include -# endif -# include -# ifndef OPENSSL_NO_SHA -# include -# endif -# ifndef OPENSSL_NO_RMD160 -# include -# endif -# ifndef OPENSSL_NO_WHIRLPOOL -# include -# endif -# ifndef OPENSSL_NO_RC4 -# include -# endif -# ifndef OPENSSL_NO_RC5 -# include -# endif -# ifndef OPENSSL_NO_RC2 -# include -# endif -# ifndef OPENSSL_NO_IDEA -# include -# endif -# ifndef OPENSSL_NO_SEED -# include -# endif -# ifndef OPENSSL_NO_BF -# include -# endif -# ifndef OPENSSL_NO_CAST -# include -# endif -# ifndef OPENSSL_NO_RSA -# include -# include "./testrsa.h" -# endif -# include -# ifndef OPENSSL_NO_DSA -# include -# include "./testdsa.h" -# endif -# ifndef OPENSSL_NO_ECDSA -# include # endif -# ifndef OPENSSL_NO_ECDH -# include -# endif -# include +#endif -# include +#include +#ifndef OPENSSL_NO_DES +# include +#endif +#ifndef OPENSSL_NO_AES +# include +#endif +#ifndef OPENSSL_NO_CAMELLIA +# include +#endif +#ifndef OPENSSL_NO_MD2 +# include +#endif +#ifndef OPENSSL_NO_MDC2 +# include +#endif +#ifndef OPENSSL_NO_MD4 +# include +#endif +#ifndef OPENSSL_NO_MD5 +# include +#endif +#ifndef OPENSSL_NO_HMAC +# include +#endif +#include +#ifndef OPENSSL_NO_SHA +# include +#endif +#ifndef OPENSSL_NO_RMD160 +# include +#endif +#ifndef OPENSSL_NO_WHIRLPOOL +# include +#endif +#ifndef OPENSSL_NO_RC4 +# include +#endif +#ifndef OPENSSL_NO_RC5 +# include +#endif +#ifndef OPENSSL_NO_RC2 +# include +#endif +#ifndef OPENSSL_NO_IDEA +# include +#endif +#ifndef OPENSSL_NO_SEED +# include +#endif +#ifndef OPENSSL_NO_BF +# include +#endif +#ifndef OPENSSL_NO_CAST +# include +#endif +#ifndef OPENSSL_NO_RSA +# include +# include "./testrsa.h" +#endif +#include +#ifndef OPENSSL_NO_DSA +# include +# include "./testdsa.h" +#endif +#ifndef OPENSSL_NO_ECDSA +# include +#endif +#ifndef OPENSSL_NO_ECDH +# include +#endif +#include -# ifndef HAVE_FORK -# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) -# define HAVE_FORK 0 -# else -# define HAVE_FORK 1 -# endif -# endif +#include -# if HAVE_FORK -# undef NO_FORK +#ifndef HAVE_FORK +# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_NETWARE) +# define HAVE_FORK 0 # else -# define NO_FORK +# define HAVE_FORK 1 # endif +#endif -# undef BUFSIZE -# define BUFSIZE (1024*8+1) -# define MAX_MISALIGNMENT 63 +#if HAVE_FORK +# undef NO_FORK +#else +# define NO_FORK +#endif + +#undef BUFSIZE +#define BUFSIZE (1024*8+1) +#define MAX_MISALIGNMENT 63 static volatile int run = 0; @@ -221,18 +214,18 @@ static void print_message(const char *s, long num, int length); static void pkey_print_message(const char *str, const char *str2, long num, int bits, int sec); static void print_result(int alg, int run_no, int count, double time_used); -# ifndef NO_FORK +#ifndef NO_FORK static int do_multi(int multi); -# endif +#endif -# define ALGOR_NUM 30 -# define SIZE_NUM 5 -# define PRIME_NUM 3 -# define RSA_NUM 7 -# define DSA_NUM 3 +#define ALGOR_NUM 30 +#define SIZE_NUM 5 +#define PRIME_NUM 3 +#define RSA_NUM 7 +#define DSA_NUM 3 -# define EC_NUM 16 -# define MAX_ECDH_SIZE 256 +#define EC_NUM 16 +#define MAX_ECDH_SIZE 256 static const char *names[ALGOR_NUM] = { "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4", @@ -247,31 +240,31 @@ static const char *names[ALGOR_NUM] = { static double results[ALGOR_NUM][SIZE_NUM]; static int lengths[SIZE_NUM] = { 16, 64, 256, 1024, 8 * 1024 }; -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA static double rsa_results[RSA_NUM][2]; -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA static double dsa_results[DSA_NUM][2]; -# endif -# ifndef OPENSSL_NO_ECDSA +#endif +#ifndef OPENSSL_NO_ECDSA static double ecdsa_results[EC_NUM][2]; -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH static double ecdh_results[EC_NUM][1]; -# endif +#endif -# if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) static const char rnd_seed[] = "string to make the random number generator think it has entropy"; static int rnd_fake = 0; -# endif +#endif -# ifdef SIGALRM -# if defined(__STDC__) || defined(sgi) || defined(_AIX) -# define SIGRETTYPE void -# else -# define SIGRETTYPE int -# endif +#ifdef SIGALRM +# if defined(__STDC__) || defined(sgi) || defined(_AIX) +# define SIGRETTYPE void +# else +# define SIGRETTYPE int +# endif static SIGRETTYPE sig_done(int sig); static SIGRETTYPE sig_done(int sig) @@ -279,23 +272,23 @@ static SIGRETTYPE sig_done(int sig) signal(SIGALRM, sig_done); run = 0; } -# endif +#endif -# define START 0 -# define STOP 1 +#define START 0 +#define STOP 1 -# if defined(_WIN32) +#if defined(_WIN32) -# if !defined(SIGALRM) -# define SIGALRM -# endif +# if !defined(SIGALRM) +# define SIGALRM +# endif static unsigned int lapse, schlock; static void alarm_win32(unsigned int secs) { lapse = secs * 1000; } -# define alarm alarm_win32 +# define alarm alarm_win32 static DWORD WINAPI sleepy(VOID * arg) { @@ -330,7 +323,7 @@ static double Time_F(int s) return ret; } -# else +#else static double Time_F(int s) { @@ -339,24 +332,24 @@ static double Time_F(int s) alarm(0); return ret; } -# endif +#endif -# ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_ECDH static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA +# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; else *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else +# else return NULL; -# endif /* OPENSSL_NO_SHA */ +# endif /* OPENSSL_NO_SHA */ } -# endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_ECDH */ static void multiblock_speed(const EVP_CIPHER *evp_cipher); @@ -369,67 +362,67 @@ int MAIN(int argc, char **argv) int mret = 1; long count = 0, save_count = 0; int i, j, k; -# if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) long rsa_count; -# endif -# ifndef OPENSSL_NO_RSA +#endif +#ifndef OPENSSL_NO_RSA unsigned rsa_num; -# endif +#endif unsigned char md[EVP_MAX_MD_SIZE]; -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 unsigned char md2[MD2_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_MDC2 unsigned char mdc2[MDC2_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_MD4 +#endif +#ifndef OPENSSL_NO_MD4 unsigned char md4[MD4_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_MD5 +#endif +#ifndef OPENSSL_NO_MD5 unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_SHA +#endif +#ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; -# ifndef OPENSSL_NO_SHA256 +# ifndef OPENSSL_NO_SHA256 unsigned char sha256[SHA256_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_SHA512 +# endif +# ifndef OPENSSL_NO_SHA512 unsigned char sha512[SHA512_DIGEST_LENGTH]; -# endif # endif -# ifndef OPENSSL_NO_WHIRLPOOL +#endif +#ifndef OPENSSL_NO_WHIRLPOOL unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_RMD160 unsigned char rmd160[RIPEMD160_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 RC4_KEY rc4_ks; -# endif -# ifndef OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RC5 RC5_32_KEY rc5_ks; -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 RC2_KEY rc2_ks; -# endif -# ifndef OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_IDEA IDEA_KEY_SCHEDULE idea_ks; -# endif -# ifndef OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SEED SEED_KEY_SCHEDULE seed_ks; -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF BF_KEY bf_ks; -# endif -# ifndef OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CAST CAST_KEY cast_ks; -# endif +#endif static const unsigned char key16[16] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12 }; -# ifndef OPENSSL_NO_AES +#ifndef OPENSSL_NO_AES static const unsigned char key24[24] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, @@ -441,8 +434,8 @@ int MAIN(int argc, char **argv) 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56 }; -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA static const unsigned char ckey24[24] = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, @@ -454,15 +447,15 @@ int MAIN(int argc, char **argv) 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56 }; -# endif -# ifndef OPENSSL_NO_AES -# define MAX_BLOCK_SIZE 128 -# else -# define MAX_BLOCK_SIZE 64 -# endif +#endif +#ifndef OPENSSL_NO_AES +# define MAX_BLOCK_SIZE 128 +#else +# define MAX_BLOCK_SIZE 64 +#endif unsigned char DES_iv[8]; unsigned char iv[2 * MAX_BLOCK_SIZE / 8]; -# ifndef OPENSSL_NO_DES +#ifndef OPENSSL_NO_DES static DES_cblock key = { 0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0 }; static DES_cblock key2 = @@ -472,77 +465,77 @@ int MAIN(int argc, char **argv) DES_key_schedule sch; DES_key_schedule sch2; DES_key_schedule sch3; -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES AES_KEY aes_ks1, aes_ks2, aes_ks3; -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3; -# endif -# define D_MD2 0 -# define D_MDC2 1 -# define D_MD4 2 -# define D_MD5 3 -# define D_HMAC 4 -# define D_SHA1 5 -# define D_RMD160 6 -# define D_RC4 7 -# define D_CBC_DES 8 -# define D_EDE3_DES 9 -# define D_CBC_IDEA 10 -# define D_CBC_SEED 11 -# define D_CBC_RC2 12 -# define D_CBC_RC5 13 -# define D_CBC_BF 14 -# define D_CBC_CAST 15 -# define D_CBC_128_AES 16 -# define D_CBC_192_AES 17 -# define D_CBC_256_AES 18 -# define D_CBC_128_CML 19 -# define D_CBC_192_CML 20 -# define D_CBC_256_CML 21 -# define D_EVP 22 -# define D_SHA256 23 -# define D_SHA512 24 -# define D_WHIRLPOOL 25 -# define D_IGE_128_AES 26 -# define D_IGE_192_AES 27 -# define D_IGE_256_AES 28 -# define D_GHASH 29 +#endif +#define D_MD2 0 +#define D_MDC2 1 +#define D_MD4 2 +#define D_MD5 3 +#define D_HMAC 4 +#define D_SHA1 5 +#define D_RMD160 6 +#define D_RC4 7 +#define D_CBC_DES 8 +#define D_EDE3_DES 9 +#define D_CBC_IDEA 10 +#define D_CBC_SEED 11 +#define D_CBC_RC2 12 +#define D_CBC_RC5 13 +#define D_CBC_BF 14 +#define D_CBC_CAST 15 +#define D_CBC_128_AES 16 +#define D_CBC_192_AES 17 +#define D_CBC_256_AES 18 +#define D_CBC_128_CML 19 +#define D_CBC_192_CML 20 +#define D_CBC_256_CML 21 +#define D_EVP 22 +#define D_SHA256 23 +#define D_SHA512 24 +#define D_WHIRLPOOL 25 +#define D_IGE_128_AES 26 +#define D_IGE_192_AES 27 +#define D_IGE_256_AES 28 +#define D_GHASH 29 double d = 0.0; long c[ALGOR_NUM][SIZE_NUM]; -# ifndef OPENSSL_SYS_WIN32 -# endif -# define R_DSA_512 0 -# define R_DSA_1024 1 -# define R_DSA_2048 2 -# define R_RSA_512 0 -# define R_RSA_1024 1 -# define R_RSA_2048 2 -# define R_RSA_3072 3 -# define R_RSA_4096 4 -# define R_RSA_7680 5 -# define R_RSA_15360 6 - -# define R_EC_P160 0 -# define R_EC_P192 1 -# define R_EC_P224 2 -# define R_EC_P256 3 -# define R_EC_P384 4 -# define R_EC_P521 5 -# define R_EC_K163 6 -# define R_EC_K233 7 -# define R_EC_K283 8 -# define R_EC_K409 9 -# define R_EC_K571 10 -# define R_EC_B163 11 -# define R_EC_B233 12 -# define R_EC_B283 13 -# define R_EC_B409 14 -# define R_EC_B571 15 - -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_SYS_WIN32 +#endif +#define R_DSA_512 0 +#define R_DSA_1024 1 +#define R_DSA_2048 2 +#define R_RSA_512 0 +#define R_RSA_1024 1 +#define R_RSA_2048 2 +#define R_RSA_3072 3 +#define R_RSA_4096 4 +#define R_RSA_7680 5 +#define R_RSA_15360 6 + +#define R_EC_P160 0 +#define R_EC_P192 1 +#define R_EC_P224 2 +#define R_EC_P256 3 +#define R_EC_P384 4 +#define R_EC_P521 5 +#define R_EC_K163 6 +#define R_EC_K233 7 +#define R_EC_K283 8 +#define R_EC_K409 9 +#define R_EC_K571 10 +#define R_EC_B163 11 +#define R_EC_B233 12 +#define R_EC_B283 13 +#define R_EC_B409 14 +#define R_EC_B571 15 + +#ifndef OPENSSL_NO_RSA RSA *rsa_key[RSA_NUM]; long rsa_c[RSA_NUM][2]; static unsigned int rsa_bits[RSA_NUM] = { @@ -557,13 +550,13 @@ int MAIN(int argc, char **argv) sizeof(test4096), sizeof(test7680), sizeof(test15360) }; -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA DSA *dsa_key[DSA_NUM]; long dsa_c[DSA_NUM][2]; static unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 }; -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC /* * We only test over the following curves as they are representative, To * add tests over more curves, simply add the curve NID and curve name to @@ -615,62 +608,62 @@ int MAIN(int argc, char **argv) 163, 233, 283, 409, 571 }; -# endif +#endif -# ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_ECDSA unsigned char ecdsasig[256]; unsigned int ecdsasiglen; EC_KEY *ecdsa[EC_NUM]; long ecdsa_c[EC_NUM][2]; -# endif +#endif -# ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_ECDH EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; int secret_size_a, secret_size_b; int ecdh_checks = 0; int secret_idx = 0; long ecdh_c[EC_NUM][2]; -# endif +#endif int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; -# ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_ECDSA int ecdsa_doit[EC_NUM]; -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH int ecdh_doit[EC_NUM]; -# endif +#endif int doit[ALGOR_NUM]; int pr_header = 0; const EVP_CIPHER *evp_cipher = NULL; const EVP_MD *evp_md = NULL; int decrypt = 0; -# ifndef NO_FORK +#ifndef NO_FORK int multi = 0; -# endif +#endif int multiblock = 0; int misalign = MAX_MISALIGNMENT + 1; -# ifndef TIMES +#ifndef TIMES usertime = -1; -# endif +#endif apps_startup(); memset(results, 0, sizeof(results)); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA memset(dsa_key, 0, sizeof(dsa_key)); -# endif -# ifndef OPENSSL_NO_ECDSA +#endif +#ifndef OPENSSL_NO_ECDSA for (i = 0; i < EC_NUM; i++) ecdsa[i] = NULL; -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) { ecdh_a[i] = NULL; ecdh_b[i] = NULL; } -# endif +#endif if (bio_err == NULL) if ((bio_err = BIO_new(BIO_s_file())) != NULL) @@ -679,11 +672,11 @@ int MAIN(int argc, char **argv) if (!load_config(bio_err, NULL)) goto end; -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA memset(rsa_key, 0, sizeof(rsa_key)); for (i = 0; i < RSA_NUM; i++) rsa_key[i] = NULL; -# endif +#endif if ((buf_malloc = (unsigned char *)OPENSSL_malloc(BUFSIZE + misalign)) == NULL) { @@ -711,14 +704,14 @@ int MAIN(int argc, char **argv) rsa_doit[i] = 0; for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 0; -# ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_ECDSA for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 0; -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 0; -# endif +#endif j = 0; argc--; @@ -750,7 +743,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -elapsed gets confused with an * algorithm. */ } -# ifndef OPENSSL_NO_ENGINE +#ifndef OPENSSL_NO_ENGINE else if ((argc > 0) && (strcmp(*argv, "-engine") == 0)) { argc--; argv++; @@ -766,8 +759,8 @@ int MAIN(int argc, char **argv) */ j--; } -# endif -# ifndef NO_FORK +#endif +#ifndef NO_FORK else if ((argc > 0) && (strcmp(*argv, "-multi") == 0)) { argc--; argv++; @@ -783,7 +776,7 @@ int MAIN(int argc, char **argv) j--; /* Otherwise, -mr gets confused with an * algorithm. */ } -# endif +#endif else if (argc > 0 && !strcmp(*argv, "-mr")) { mr = 1; j--; /* Otherwise, -mr gets confused with an @@ -809,54 +802,54 @@ int MAIN(int argc, char **argv) buf2 = buf2_malloc + misalign; j--; } else -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 if (strcmp(*argv, "md2") == 0) doit[D_MD2] = 1; else -# endif -# ifndef OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_MDC2 if (strcmp(*argv, "mdc2") == 0) doit[D_MDC2] = 1; else -# endif -# ifndef OPENSSL_NO_MD4 +#endif +#ifndef OPENSSL_NO_MD4 if (strcmp(*argv, "md4") == 0) doit[D_MD4] = 1; else -# endif -# ifndef OPENSSL_NO_MD5 +#endif +#ifndef OPENSSL_NO_MD5 if (strcmp(*argv, "md5") == 0) doit[D_MD5] = 1; else -# endif -# ifndef OPENSSL_NO_MD5 +#endif +#ifndef OPENSSL_NO_MD5 if (strcmp(*argv, "hmac") == 0) doit[D_HMAC] = 1; else -# endif -# ifndef OPENSSL_NO_SHA +#endif +#ifndef OPENSSL_NO_SHA if (strcmp(*argv, "sha1") == 0) doit[D_SHA1] = 1; else if (strcmp(*argv, "sha") == 0) doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1; else -# ifndef OPENSSL_NO_SHA256 +# ifndef OPENSSL_NO_SHA256 if (strcmp(*argv, "sha256") == 0) doit[D_SHA256] = 1; else -# endif -# ifndef OPENSSL_NO_SHA512 +# endif +# ifndef OPENSSL_NO_SHA512 if (strcmp(*argv, "sha512") == 0) doit[D_SHA512] = 1; else -# endif # endif -# ifndef OPENSSL_NO_WHIRLPOOL +#endif +#ifndef OPENSSL_NO_WHIRLPOOL if (strcmp(*argv, "whirlpool") == 0) doit[D_WHIRLPOOL] = 1; else -# endif -# ifndef OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_RMD160 if (strcmp(*argv, "ripemd") == 0) doit[D_RMD160] = 1; else if (strcmp(*argv, "rmd160") == 0) @@ -864,20 +857,20 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "ripemd160") == 0) doit[D_RMD160] = 1; else -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 if (strcmp(*argv, "rc4") == 0) doit[D_RC4] = 1; else -# endif -# ifndef OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DES if (strcmp(*argv, "des-cbc") == 0) doit[D_CBC_DES] = 1; else if (strcmp(*argv, "des-ede3") == 0) doit[D_EDE3_DES] = 1; else -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES if (strcmp(*argv, "aes-128-cbc") == 0) doit[D_CBC_128_AES] = 1; else if (strcmp(*argv, "aes-192-cbc") == 0) @@ -891,8 +884,8 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "aes-256-ige") == 0) doit[D_IGE_256_AES] = 1; else -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA if (strcmp(*argv, "camellia-128-cbc") == 0) doit[D_CBC_128_CML] = 1; else if (strcmp(*argv, "camellia-192-cbc") == 0) @@ -900,21 +893,21 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "camellia-256-cbc") == 0) doit[D_CBC_256_CML] = 1; else -# endif -# ifndef OPENSSL_NO_RSA -# if 0 /* was: #ifdef RSAref */ +#endif +#ifndef OPENSSL_NO_RSA +# if 0 /* was: #ifdef RSAref */ if (strcmp(*argv, "rsaref") == 0) { RSA_set_default_openssl_method(RSA_PKCS1_RSAref()); j--; } else -# endif -# ifndef RSA_NULL +# endif +# ifndef RSA_NULL if (strcmp(*argv, "openssl") == 0) { RSA_set_default_method(RSA_PKCS1_SSLeay()); j--; } else -# endif -# endif /* !OPENSSL_NO_RSA */ +# endif +#endif /* !OPENSSL_NO_RSA */ if (strcmp(*argv, "dsa512") == 0) dsa_doit[R_DSA_512] = 2; else if (strcmp(*argv, "dsa1024") == 0) @@ -936,35 +929,35 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "rsa15360") == 0) rsa_doit[R_RSA_15360] = 2; else -# ifndef OPENSSL_NO_RC2 +#ifndef OPENSSL_NO_RC2 if (strcmp(*argv, "rc2-cbc") == 0) doit[D_CBC_RC2] = 1; else if (strcmp(*argv, "rc2") == 0) doit[D_CBC_RC2] = 1; else -# endif -# ifndef OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RC5 if (strcmp(*argv, "rc5-cbc") == 0) doit[D_CBC_RC5] = 1; else if (strcmp(*argv, "rc5") == 0) doit[D_CBC_RC5] = 1; else -# endif -# ifndef OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_IDEA if (strcmp(*argv, "idea-cbc") == 0) doit[D_CBC_IDEA] = 1; else if (strcmp(*argv, "idea") == 0) doit[D_CBC_IDEA] = 1; else -# endif -# ifndef OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SEED if (strcmp(*argv, "seed-cbc") == 0) doit[D_CBC_SEED] = 1; else if (strcmp(*argv, "seed") == 0) doit[D_CBC_SEED] = 1; else -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF if (strcmp(*argv, "bf-cbc") == 0) doit[D_CBC_BF] = 1; else if (strcmp(*argv, "blowfish") == 0) @@ -972,8 +965,8 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "bf") == 0) doit[D_CBC_BF] = 1; else -# endif -# ifndef OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CAST if (strcmp(*argv, "cast-cbc") == 0) doit[D_CBC_CAST] = 1; else if (strcmp(*argv, "cast") == 0) @@ -981,14 +974,14 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "cast5") == 0) doit[D_CBC_CAST] = 1; else -# endif -# ifndef OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DES if (strcmp(*argv, "des") == 0) { doit[D_CBC_DES] = 1; doit[D_EDE3_DES] = 1; } else -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES if (strcmp(*argv, "aes") == 0) { doit[D_CBC_128_AES] = 1; doit[D_CBC_192_AES] = 1; @@ -996,15 +989,15 @@ int MAIN(int argc, char **argv) } else if (strcmp(*argv, "ghash") == 0) { doit[D_GHASH] = 1; } else -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA if (strcmp(*argv, "camellia") == 0) { doit[D_CBC_128_CML] = 1; doit[D_CBC_192_CML] = 1; doit[D_CBC_256_CML] = 1; } else -# endif -# ifndef OPENSSL_NO_RSA +#endif +#ifndef OPENSSL_NO_RSA if (strcmp(*argv, "rsa") == 0) { rsa_doit[R_RSA_512] = 1; rsa_doit[R_RSA_1024] = 1; @@ -1014,15 +1007,15 @@ int MAIN(int argc, char **argv) rsa_doit[R_RSA_7680] = 1; rsa_doit[R_RSA_15360] = 1; } else -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA if (strcmp(*argv, "dsa") == 0) { dsa_doit[R_DSA_512] = 1; dsa_doit[R_DSA_1024] = 1; dsa_doit[R_DSA_2048] = 1; } else -# endif -# ifndef OPENSSL_NO_ECDSA +#endif +#ifndef OPENSSL_NO_ECDSA if (strcmp(*argv, "ecdsap160") == 0) ecdsa_doit[R_EC_P160] = 2; else if (strcmp(*argv, "ecdsap192") == 0) @@ -1059,8 +1052,8 @@ int MAIN(int argc, char **argv) for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 1; } else -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH if (strcmp(*argv, "ecdhp160") == 0) ecdh_doit[R_EC_P160] = 2; else if (strcmp(*argv, "ecdhp192") == 0) @@ -1097,94 +1090,94 @@ int MAIN(int argc, char **argv) for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 1; } else -# endif +#endif { BIO_printf(bio_err, "Error: bad option or value\n"); BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "Available values:\n"); -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 BIO_printf(bio_err, "md2 "); -# endif -# ifndef OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_MDC2 BIO_printf(bio_err, "mdc2 "); -# endif -# ifndef OPENSSL_NO_MD4 +#endif +#ifndef OPENSSL_NO_MD4 BIO_printf(bio_err, "md4 "); -# endif -# ifndef OPENSSL_NO_MD5 +#endif +#ifndef OPENSSL_NO_MD5 BIO_printf(bio_err, "md5 "); -# ifndef OPENSSL_NO_HMAC +# ifndef OPENSSL_NO_HMAC BIO_printf(bio_err, "hmac "); -# endif # endif -# ifndef OPENSSL_NO_SHA1 +#endif +#ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err, "sha1 "); -# endif -# ifndef OPENSSL_NO_SHA256 +#endif +#ifndef OPENSSL_NO_SHA256 BIO_printf(bio_err, "sha256 "); -# endif -# ifndef OPENSSL_NO_SHA512 +#endif +#ifndef OPENSSL_NO_SHA512 BIO_printf(bio_err, "sha512 "); -# endif -# ifndef OPENSSL_NO_WHIRLPOOL +#endif +#ifndef OPENSSL_NO_WHIRLPOOL BIO_printf(bio_err, "whirlpool"); -# endif -# ifndef OPENSSL_NO_RMD160 +#endif +#ifndef OPENSSL_NO_RMD160 BIO_printf(bio_err, "rmd160"); -# endif -# if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ +#endif +#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \ !defined(OPENSSL_NO_WHIRLPOOL) BIO_printf(bio_err, "\n"); -# endif +#endif -# ifndef OPENSSL_NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, "idea-cbc "); -# endif -# ifndef OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SEED BIO_printf(bio_err, "seed-cbc "); -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 BIO_printf(bio_err, "rc2-cbc "); -# endif -# ifndef OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RC5 BIO_printf(bio_err, "rc5-cbc "); -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF BIO_printf(bio_err, "bf-cbc"); -# endif -# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \ +#endif +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || !defined(OPENSSL_NO_RC2) || \ !defined(OPENSSL_NO_BF) || !defined(OPENSSL_NO_RC5) BIO_printf(bio_err, "\n"); -# endif -# ifndef OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DES BIO_printf(bio_err, "des-cbc des-ede3 "); -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES BIO_printf(bio_err, "aes-128-cbc aes-192-cbc aes-256-cbc "); BIO_printf(bio_err, "aes-128-ige aes-192-ige aes-256-ige "); -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "camellia-128-cbc camellia-192-cbc camellia-256-cbc "); -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 BIO_printf(bio_err, "rc4"); -# endif +#endif BIO_printf(bio_err, "\n"); -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA BIO_printf(bio_err, "rsa512 rsa1024 rsa2048 rsa3072 rsa4096\n"); BIO_printf(bio_err, "rsa7680 rsa15360\n"); -# endif +#endif -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); -# endif -# ifndef OPENSSL_NO_ECDSA +#endif +#ifndef OPENSSL_NO_ECDSA BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " "ecdsap256 ecdsap384 ecdsap521\n"); BIO_printf(bio_err, @@ -1192,8 +1185,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); BIO_printf(bio_err, "ecdsa\n"); -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " "ecdhp256 ecdhp384 ecdhp521\n"); BIO_printf(bio_err, @@ -1201,50 +1194,50 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "ecdhb163 ecdhb233 ecdhb283 ecdhb409 ecdhb571\n"); BIO_printf(bio_err, "ecdh\n"); -# endif +#endif -# ifndef OPENSSL_NO_IDEA +#ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, "idea "); -# endif -# ifndef OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SEED BIO_printf(bio_err, "seed "); -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 BIO_printf(bio_err, "rc2 "); -# endif -# ifndef OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DES BIO_printf(bio_err, "des "); -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES BIO_printf(bio_err, "aes "); -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err, "camellia "); -# endif -# ifndef OPENSSL_NO_RSA +#endif +#ifndef OPENSSL_NO_RSA BIO_printf(bio_err, "rsa "); -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF BIO_printf(bio_err, "blowfish"); -# endif -# if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \ +#endif +#if !defined(OPENSSL_NO_IDEA) || !defined(OPENSSL_NO_SEED) || \ !defined(OPENSSL_NO_RC2) || !defined(OPENSSL_NO_DES) || \ !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_BF) || \ !defined(OPENSSL_NO_AES) || !defined(OPENSSL_NO_CAMELLIA) BIO_printf(bio_err, "\n"); -# endif +#endif BIO_printf(bio_err, "\n"); BIO_printf(bio_err, "Available options:\n"); -# if defined(TIMES) || defined(USE_TOD) +#if defined(TIMES) || defined(USE_TOD) BIO_printf(bio_err, "-elapsed " "measure time in real time instead of CPU user time.\n"); -# endif -# ifndef OPENSSL_NO_ENGINE +#endif +#ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, "-engine e " "use engine e, possibly a hardware device.\n"); -# endif +#endif BIO_printf(bio_err, "-evp e " "use EVP e.\n"); BIO_printf(bio_err, "-decrypt " @@ -1258,10 +1251,10 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-misalign n " "perform benchmark with misaligned data\n"); -# ifndef NO_FORK +#ifndef NO_FORK BIO_printf(bio_err, "-multi n " "run n benchmarks in parallel.\n"); -# endif +#endif goto end; } argc--; @@ -1269,10 +1262,10 @@ int MAIN(int argc, char **argv) j++; } -# ifndef NO_FORK +#ifndef NO_FORK if (multi && do_multi(multi)) goto show_res; -# endif +#endif if (j == 0) { for (i = 0; i < ALGOR_NUM; i++) { @@ -1283,14 +1276,14 @@ int MAIN(int argc, char **argv) rsa_doit[i] = 1; for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 1; -# ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_ECDSA for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 1; -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 1; -# endif +#endif } for (i = 0; i < ALGOR_NUM; i++) if (doit[i]) @@ -1301,7 +1294,7 @@ int MAIN(int argc, char **argv) "You have chosen to measure elapsed time " "instead of user CPU time.\n"); -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) { const unsigned char *p; @@ -1312,7 +1305,7 @@ int MAIN(int argc, char **argv) i); goto end; } -# if 0 +# if 0 else { BIO_printf(bio_err, mr ? "+RK:%d:" @@ -1321,57 +1314,57 @@ int MAIN(int argc, char **argv) BN_print(bio_err, rsa_key[i]->e); BIO_printf(bio_err, "\n"); } -# endif - } # endif + } +#endif -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA dsa_key[0] = get_dsa512(); dsa_key[1] = get_dsa1024(); dsa_key[2] = get_dsa2048(); -# endif +#endif -# ifndef OPENSSL_NO_DES +#ifndef OPENSSL_NO_DES DES_set_key_unchecked(&key, &sch); DES_set_key_unchecked(&key2, &sch2); DES_set_key_unchecked(&key3, &sch3); -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES AES_set_encrypt_key(key16, 128, &aes_ks1); AES_set_encrypt_key(key24, 192, &aes_ks2); AES_set_encrypt_key(key32, 256, &aes_ks3); -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA Camellia_set_key(key16, 128, &camellia_ks1); Camellia_set_key(ckey24, 192, &camellia_ks2); Camellia_set_key(ckey32, 256, &camellia_ks3); -# endif -# ifndef OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_IDEA idea_set_encrypt_key(key16, &idea_ks); -# endif -# ifndef OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SEED SEED_set_key(key16, &seed_ks); -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 RC4_set_key(&rc4_ks, 16, key16); -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 RC2_set_key(&rc2_ks, 16, key16, 128); -# endif -# ifndef OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RC5 RC5_32_set_key(&rc5_ks, 16, key16, 12); -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF BF_set_key(&bf_ks, 16, key16); -# endif -# ifndef OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CAST CAST_set_key(&cast_ks, 16, key16); -# endif -# ifndef OPENSSL_NO_RSA +#endif +#ifndef OPENSSL_NO_RSA memset(rsa_c, 0, sizeof(rsa_c)); -# endif -# ifndef SIGALRM -# ifndef OPENSSL_NO_DES +#endif +#ifndef SIGALRM +# ifndef OPENSSL_NO_DES BIO_printf(bio_err, "First we calculate the approximate speed ...\n"); count = 10; do { @@ -1453,7 +1446,7 @@ int MAIN(int argc, char **argv) c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1; } -# ifndef OPENSSL_NO_RSA +# ifndef OPENSSL_NO_RSA rsa_c[R_RSA_512][0] = count / 2000; rsa_c[R_RSA_512][1] = count / 400; for (i = 1; i < RSA_NUM; i++) { @@ -1468,9 +1461,9 @@ int MAIN(int argc, char **argv) } } } -# endif +# endif -# ifndef OPENSSL_NO_DSA +# ifndef OPENSSL_NO_DSA dsa_c[R_DSA_512][0] = count / 1000; dsa_c[R_DSA_512][1] = count / 1000 / 2; for (i = 1; i < DSA_NUM; i++) { @@ -1485,9 +1478,9 @@ int MAIN(int argc, char **argv) } } } -# endif +# endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_ECDSA ecdsa_c[R_EC_P160][0] = count / 1000; ecdsa_c[R_EC_P160][1] = count / 1000 / 2; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -1530,9 +1523,9 @@ int MAIN(int argc, char **argv) } } } -# endif +# endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_ECDH ecdh_c[R_EC_P160][0] = count / 1000; ecdh_c[R_EC_P160][1] = count / 1000; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -1575,23 +1568,23 @@ int MAIN(int argc, char **argv) } } } -# endif +# endif -# define COND(d) (count < (d)) -# define COUNT(d) (d) -# else -/* not worth fixing */ -# error "You cannot disable DES on systems without SIGALRM." -# endif /* OPENSSL_NO_DES */ +# define COND(d) (count < (d)) +# define COUNT(d) (d) # else -# define COND(c) (run && count<0x7fffffff) -# define COUNT(d) (count) -# ifndef _WIN32 +/* not worth fixing */ +# error "You cannot disable DES on systems without SIGALRM." +# endif /* OPENSSL_NO_DES */ +#else +# define COND(c) (run && count<0x7fffffff) +# define COUNT(d) (count) +# ifndef _WIN32 signal(SIGALRM, sig_done); -# endif -# endif /* SIGALRM */ +# endif +#endif /* SIGALRM */ -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 if (doit[D_MD2]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_MD2], c[D_MD2][j], lengths[j]); @@ -1603,8 +1596,8 @@ int MAIN(int argc, char **argv) print_result(D_MD2, j, count, d); } } -# endif -# ifndef OPENSSL_NO_MDC2 +#endif +#ifndef OPENSSL_NO_MDC2 if (doit[D_MDC2]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_MDC2], c[D_MDC2][j], lengths[j]); @@ -1616,9 +1609,9 @@ int MAIN(int argc, char **argv) print_result(D_MDC2, j, count, d); } } -# endif +#endif -# ifndef OPENSSL_NO_MD4 +#ifndef OPENSSL_NO_MD4 if (doit[D_MD4]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_MD4], c[D_MD4][j], lengths[j]); @@ -1630,9 +1623,9 @@ int MAIN(int argc, char **argv) print_result(D_MD4, j, count, d); } } -# endif +#endif -# ifndef OPENSSL_NO_MD5 +#ifndef OPENSSL_NO_MD5 if (doit[D_MD5]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_MD5], c[D_MD5][j], lengths[j]); @@ -1643,9 +1636,9 @@ int MAIN(int argc, char **argv) print_result(D_MD5, j, count, d); } } -# endif +#endif -# if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) +#if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_HMAC) if (doit[D_HMAC]) { HMAC_CTX hctx; @@ -1666,24 +1659,24 @@ int MAIN(int argc, char **argv) } HMAC_CTX_cleanup(&hctx); } -# endif -# ifndef OPENSSL_NO_SHA +#endif +#ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_SHA1][j]); count++) -# if 0 +# if 0 EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL, EVP_sha1(), NULL); -# else +# else SHA1(buf, lengths[j], sha); -# endif +# endif d = Time_F(STOP); print_result(D_SHA1, j, count, d); } } -# ifndef OPENSSL_NO_SHA256 +# ifndef OPENSSL_NO_SHA256 if (doit[D_SHA256]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]); @@ -1694,9 +1687,9 @@ int MAIN(int argc, char **argv) print_result(D_SHA256, j, count, d); } } -# endif +# endif -# ifndef OPENSSL_NO_SHA512 +# ifndef OPENSSL_NO_SHA512 if (doit[D_SHA512]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]); @@ -1707,10 +1700,10 @@ int MAIN(int argc, char **argv) print_result(D_SHA512, j, count, d); } } -# endif # endif +#endif -# ifndef OPENSSL_NO_WHIRLPOOL +#ifndef OPENSSL_NO_WHIRLPOOL if (doit[D_WHIRLPOOL]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][j], lengths[j]); @@ -1721,9 +1714,9 @@ int MAIN(int argc, char **argv) print_result(D_WHIRLPOOL, j, count, d); } } -# endif +#endif -# ifndef OPENSSL_NO_RMD160 +#ifndef OPENSSL_NO_RMD160 if (doit[D_RMD160]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_RMD160], c[D_RMD160][j], lengths[j]); @@ -1735,8 +1728,8 @@ int MAIN(int argc, char **argv) print_result(D_RMD160, j, count, d); } } -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 if (doit[D_RC4]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_RC4], c[D_RC4][j], lengths[j]); @@ -1747,8 +1740,8 @@ int MAIN(int argc, char **argv) print_result(D_RC4, j, count, d); } } -# endif -# ifndef OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DES if (doit[D_CBC_DES]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_DES], c[D_CBC_DES][j], lengths[j]); @@ -1773,8 +1766,8 @@ int MAIN(int argc, char **argv) print_result(D_EDE3_DES, j, count, d); } } -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES if (doit[D_CBC_128_AES]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][j], @@ -1869,8 +1862,8 @@ int MAIN(int argc, char **argv) } CRYPTO_gcm128_release(ctx); } -# endif -# ifndef OPENSSL_NO_CAMELLIA +#endif +#ifndef OPENSSL_NO_CAMELLIA if (doit[D_CBC_128_CML]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][j], @@ -1910,8 +1903,8 @@ int MAIN(int argc, char **argv) print_result(D_CBC_256_CML, j, count, d); } } -# endif -# ifndef OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_IDEA if (doit[D_CBC_IDEA]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][j], lengths[j]); @@ -1924,8 +1917,8 @@ int MAIN(int argc, char **argv) print_result(D_CBC_IDEA, j, count, d); } } -# endif -# ifndef OPENSSL_NO_SEED +#endif +#ifndef OPENSSL_NO_SEED if (doit[D_CBC_SEED]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_SEED], c[D_CBC_SEED][j], lengths[j]); @@ -1937,8 +1930,8 @@ int MAIN(int argc, char **argv) print_result(D_CBC_SEED, j, count, d); } } -# endif -# ifndef OPENSSL_NO_RC2 +#endif +#ifndef OPENSSL_NO_RC2 if (doit[D_CBC_RC2]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_RC2], c[D_CBC_RC2][j], lengths[j]); @@ -1951,8 +1944,8 @@ int MAIN(int argc, char **argv) print_result(D_CBC_RC2, j, count, d); } } -# endif -# ifndef OPENSSL_NO_RC5 +#endif +#ifndef OPENSSL_NO_RC5 if (doit[D_CBC_RC5]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_RC5], c[D_CBC_RC5][j], lengths[j]); @@ -1965,8 +1958,8 @@ int MAIN(int argc, char **argv) print_result(D_CBC_RC5, j, count, d); } } -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF if (doit[D_CBC_BF]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_BF], c[D_CBC_BF][j], lengths[j]); @@ -1979,8 +1972,8 @@ int MAIN(int argc, char **argv) print_result(D_CBC_BF, j, count, d); } } -# endif -# ifndef OPENSSL_NO_CAST +#endif +#ifndef OPENSSL_NO_CAST if (doit[D_CBC_CAST]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_CBC_CAST], c[D_CBC_CAST][j], lengths[j]); @@ -1993,10 +1986,10 @@ int MAIN(int argc, char **argv) print_result(D_CBC_CAST, j, count, d); } } -# endif +#endif if (doit[D_EVP]) { -# ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK +#ifdef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK if (multiblock && evp_cipher) { if (! (EVP_CIPHER_flags(evp_cipher) & @@ -2009,7 +2002,7 @@ int MAIN(int argc, char **argv) mret = 0; goto end; } -# endif +#endif for (j = 0; j < SIZE_NUM; j++) { if (evp_cipher) { EVP_CIPHER_CTX ctx; @@ -2061,10 +2054,10 @@ int MAIN(int argc, char **argv) print_result(D_EVP, j, count, d); } } -# ifndef OPENSSL_SYS_WIN32 -# endif +#ifndef OPENSSL_SYS_WIN32 +#endif RAND_pseudo_bytes(buf, 36); -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA for (j = 0; j < RSA_NUM; j++) { int ret; if (!rsa_doit[j]) @@ -2099,7 +2092,7 @@ int MAIN(int argc, char **argv) rsa_count = count; } -# if 1 +# if 1 ret = RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[j]); if (ret <= 0) { BIO_printf(bio_err, @@ -2127,7 +2120,7 @@ int MAIN(int argc, char **argv) count, rsa_bits[j], d); rsa_results[j][1] = d / (double)count; } -# endif +# endif if (rsa_count <= 1) { /* if longer than 10s, don't do any more */ @@ -2135,10 +2128,10 @@ int MAIN(int argc, char **argv) rsa_doit[j] = 0; } } -# endif +#endif RAND_pseudo_bytes(buf, 20); -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2215,9 +2208,9 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); -# endif +#endif -# ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_ECDSA if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2233,9 +2226,9 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); rsa_count = 1; } else { -# if 1 +# if 1 EC_KEY_precompute_mult(ecdsa[j], NULL); -# endif +# endif /* Perform ECDSA signature test */ EC_KEY_generate_key(ecdsa[j]); ret = ECDSA_sign(0, buf, 20, ecdsasig, &ecdsasiglen, ecdsa[j]); @@ -2310,9 +2303,9 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); -# endif +#endif -# ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_ECDH if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2403,33 +2396,33 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); -# endif -# ifndef NO_FORK +#endif +#ifndef NO_FORK show_res: -# endif +#endif if (!mr) { fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION)); fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON)); printf("options:"); printf("%s ", BN_options()); -# ifndef OPENSSL_NO_MD2 +#ifndef OPENSSL_NO_MD2 printf("%s ", MD2_options()); -# endif -# ifndef OPENSSL_NO_RC4 +#endif +#ifndef OPENSSL_NO_RC4 printf("%s ", RC4_options()); -# endif -# ifndef OPENSSL_NO_DES +#endif +#ifndef OPENSSL_NO_DES printf("%s ", DES_options()); -# endif -# ifndef OPENSSL_NO_AES +#endif +#ifndef OPENSSL_NO_AES printf("%s ", AES_options()); -# endif -# ifndef OPENSSL_NO_IDEA +#endif +#ifndef OPENSSL_NO_IDEA printf("%s ", idea_options()); -# endif -# ifndef OPENSSL_NO_BF +#endif +#ifndef OPENSSL_NO_BF printf("%s ", BF_options()); -# endif +#endif fprintf(stdout, "\n%s\n", SSLeay_version(SSLEAY_CFLAGS)); } @@ -2461,7 +2454,7 @@ int MAIN(int argc, char **argv) } fprintf(stdout, "\n"); } -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA j = 1; for (k = 0; k < RSA_NUM; k++) { if (!rsa_doit[k]) @@ -2478,8 +2471,8 @@ int MAIN(int argc, char **argv) rsa_bits[k], rsa_results[k][0], rsa_results[k][1], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1]); } -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA j = 1; for (k = 0; k < DSA_NUM; k++) { if (!dsa_doit[k]) @@ -2496,8 +2489,8 @@ int MAIN(int argc, char **argv) dsa_bits[k], dsa_results[k][0], dsa_results[k][1], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]); } -# endif -# ifndef OPENSSL_NO_ECDSA +#endif +#ifndef OPENSSL_NO_ECDSA j = 1; for (k = 0; k < EC_NUM; k++) { if (!ecdsa_doit[k]) @@ -2519,9 +2512,9 @@ int MAIN(int argc, char **argv) ecdsa_results[k][0], ecdsa_results[k][1], 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]); } -# endif +#endif -# ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_ECDH j = 1; for (k = 0; k < EC_NUM; k++) { if (!ecdh_doit[k]) @@ -2541,7 +2534,7 @@ int MAIN(int argc, char **argv) test_curves_names[k], ecdh_results[k][0], 1.0 / ecdh_results[k][0]); } -# endif +#endif mret = 0; @@ -2551,30 +2544,30 @@ int MAIN(int argc, char **argv) OPENSSL_free(buf_malloc); if (buf2_malloc != NULL) OPENSSL_free(buf2_malloc); -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA for (i = 0; i < RSA_NUM; i++) if (rsa_key[i] != NULL) RSA_free(rsa_key[i]); -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA for (i = 0; i < DSA_NUM; i++) if (dsa_key[i] != NULL) DSA_free(dsa_key[i]); -# endif +#endif -# ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_ECDSA for (i = 0; i < EC_NUM; i++) if (ecdsa[i] != NULL) EC_KEY_free(ecdsa[i]); -# endif -# ifndef OPENSSL_NO_ECDH +#endif +#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) { if (ecdh_a[i] != NULL) EC_KEY_free(ecdh_a[i]); if (ecdh_b[i] != NULL) EC_KEY_free(ecdh_b[i]); } -# endif +#endif apps_shutdown(); OPENSSL_EXIT(mret); @@ -2582,35 +2575,35 @@ int MAIN(int argc, char **argv) static void print_message(const char *s, long num, int length) { -# ifdef SIGALRM +#ifdef SIGALRM BIO_printf(bio_err, mr ? "+DT:%s:%d:%d\n" : "Doing %s for %ds on %d size blocks: ", s, SECONDS, length); (void)BIO_flush(bio_err); alarm(SECONDS); -# else +#else BIO_printf(bio_err, mr ? "+DN:%s:%ld:%d\n" : "Doing %s %ld times on %d size blocks: ", s, num, length); (void)BIO_flush(bio_err); -# endif +#endif } static void pkey_print_message(const char *str, const char *str2, long num, int bits, int tm) { -# ifdef SIGALRM +#ifdef SIGALRM BIO_printf(bio_err, mr ? "+DTP:%d:%s:%s:%d\n" : "Doing %d bit %s %s's for %ds: ", bits, str, str2, tm); (void)BIO_flush(bio_err); alarm(tm); -# else +#else BIO_printf(bio_err, mr ? "+DNP:%ld:%d:%s:%s\n" : "Doing %ld %d bit %s %s's: ", num, bits, str, str2); (void)BIO_flush(bio_err); -# endif +#endif } static void print_result(int alg, int run_no, int count, double time_used) @@ -2621,7 +2614,7 @@ static void print_result(int alg, int run_no, int count, double time_used) results[alg][run_no] = ((double)count) / time_used * lengths[run_no]; } -# ifndef NO_FORK +#ifndef NO_FORK static char *sstrsep(char **string, const char *delim) { char isdelim[256]; @@ -2749,7 +2742,7 @@ static int do_multi(int multi) else rsa_results[k][1] = d; } -# ifndef OPENSSL_NO_DSA +# ifndef OPENSSL_NO_DSA else if (!strncmp(buf, "+F3:", 4)) { int k; double d; @@ -2770,8 +2763,8 @@ static int do_multi(int multi) else dsa_results[k][1] = d; } -# endif -# ifndef OPENSSL_NO_ECDSA +# endif +# ifndef OPENSSL_NO_ECDSA else if (!strncmp(buf, "+F4:", 4)) { int k; double d; @@ -2794,9 +2787,9 @@ static int do_multi(int multi) else ecdsa_results[k][1] = d; } -# endif +# endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_ECDH else if (!strncmp(buf, "+F5:", 4)) { int k; double d; @@ -2812,7 +2805,7 @@ static int do_multi(int multi) ecdh_results[k][0] = d; } -# endif +# endif else if (!strncmp(buf, "+H:", 3)) { } else @@ -2824,7 +2817,7 @@ static int do_multi(int multi) free(fds); return 1; } -# endif +#endif static void multiblock_speed(const EVP_CIPHER *evp_cipher) { @@ -2925,4 +2918,3 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) OPENSSL_free(inp); OPENSSL_free(out); } -#endif diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index a8f9c0c..e3fea15 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -61,9 +61,7 @@ # include # include -# ifndef OPENSSL_NO_BIO -# include -# endif +# include # include # include @@ -827,10 +825,8 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n); int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a, const unsigned char *flags, int flags_len); -# ifndef OPENSSL_NO_BIO int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, BIT_STRING_BITNAME *tbl, int indent); -# endif int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, BIT_STRING_BITNAME *tbl); @@ -915,7 +911,6 @@ STACK_OF(OPENSSL_BLOCK) *d2i_ASN1_SET(STACK_OF(OPENSSL_BLOCK) **a, void (*free_func) (OPENSSL_BLOCK), int ex_tag, int ex_class); -# ifndef OPENSSL_NO_BIO int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size); int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); @@ -923,7 +918,6 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size); int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a); int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size); int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); -# endif int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a); int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); @@ -1015,7 +1009,6 @@ int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); -# ifndef OPENSSL_NO_BIO void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x); # define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \ @@ -1048,7 +1041,6 @@ int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num, int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent); int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump); -# endif const char *ASN1_tag2str(int tag); /* Used to load and write netscape format cert */ diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 0f356c2..1000e69 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -322,7 +322,6 @@ int BN_asc2bn(BIGNUM **bn, const char *a) return 1; } -#ifndef OPENSSL_NO_BIO # ifndef OPENSSL_NO_STDIO int BN_print_fp(FILE *fp, const BIGNUM *a) { @@ -362,7 +361,6 @@ int BN_print(BIO *bp, const BIGNUM *a) end: return (ret); } -#endif char *BN_options(void) { diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h index ececd4d..2d7c739 100644 --- a/crypto/dh/dh.h +++ b/crypto/dh/dh.h @@ -65,9 +65,7 @@ # error DH is disabled. # endif -# ifndef OPENSSL_NO_BIO -# include -# endif +# include # include # ifdef OPENSSL_USE_DEPRECATED # include @@ -233,11 +231,7 @@ int i2d_DHxparams(const DH *a, unsigned char **pp); # ifndef OPENSSL_NO_STDIO int DHparams_print_fp(FILE *fp, const DH *x); # endif -# ifndef OPENSSL_NO_BIO int DHparams_print(BIO *bp, const DH *x); -# else -int DHparams_print(char *bp, const DH *x); -# endif /* RFC 5114 parameters */ DH *DH_get_1024_160(void); diff --git a/crypto/dsa/dsa.h b/crypto/dsa/dsa.h index 2bb6b11..949360f 100644 --- a/crypto/dsa/dsa.h +++ b/crypto/dsa/dsa.h @@ -71,9 +71,7 @@ # error DSA is disabled. # endif -# ifndef OPENSSL_NO_BIO -# include -# endif +# include # include # include @@ -248,10 +246,8 @@ int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); int i2d_DSAparams(const DSA *a, unsigned char **pp); -# ifndef OPENSSL_NO_BIO int DSAparams_print(BIO *bp, const DSA *x); int DSA_print(BIO *bp, const DSA *x, int off); -# endif # ifndef OPENSSL_NO_STDIO int DSAparams_print_fp(FILE *fp, const DSA *x); int DSA_print_fp(FILE *bp, const DSA *x, int off); diff --git a/crypto/ec/ec.h b/crypto/ec/ec.h index a3d50e7..b89add6 100644 --- a/crypto/ec/ec.h +++ b/crypto/ec/ec.h @@ -729,9 +729,7 @@ int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out); # define i2d_ECPKParameters_fp(fp,x) ASN1_i2d_fp(i2d_ECPKParameters,(fp), \ (unsigned char *)(x)) -# ifndef OPENSSL_NO_BIO int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off); -# endif # ifndef OPENSSL_NO_STDIO int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off); # endif @@ -951,7 +949,6 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len); */ int i2o_ECPublicKey(EC_KEY *key, unsigned char **out); -# ifndef OPENSSL_NO_BIO /** Prints out the ec parameters on human readable form. * \param bp BIO object to which the information is printed * \param key EC_KEY object @@ -967,7 +964,6 @@ int ECParameters_print(BIO *bp, const EC_KEY *key); */ int EC_KEY_print(BIO *bp, const EC_KEY *key, int off); -# endif # ifndef OPENSSL_NO_STDIO /** Prints out the ec parameters on human readable form. * \param fp file descriptor to which the information is printed diff --git a/crypto/err/err.c b/crypto/err/err.c index ed50511..50865b8 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -109,8 +109,6 @@ * */ -#define OPENSSL_NO_FIPS_ERR - #include #include #include diff --git a/crypto/err/err.h b/crypto/err/err.h index d24ec9a..577a121 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -120,12 +120,8 @@ # endif # include -# ifndef OPENSSL_NO_BIO -# include -# endif -# ifndef OPENSSL_NO_LHASH -# include -# endif +# include +# include #ifdef __cplusplus extern "C" { @@ -341,9 +337,7 @@ void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u), # ifndef OPENSSL_NO_STDIO void ERR_print_errors_fp(FILE *fp); # endif -# ifndef OPENSSL_NO_BIO void ERR_print_errors(BIO *bp); -# endif void ERR_add_error_data(int num, ...); void ERR_add_error_vdata(int num, va_list args); void ERR_load_strings(int lib, ERR_STRING_DATA str[]); @@ -359,11 +353,9 @@ DECLARE_DEPRECATED(void ERR_remove_state(unsigned long pid)); /* if zero we # endif ERR_STATE *ERR_get_state(void); -# ifndef OPENSSL_NO_LHASH LHASH_OF(ERR_STRING_DATA) *ERR_get_string_table(void); LHASH_OF(ERR_STATE) *ERR_get_err_state_table(void); void ERR_release_err_state_table(LHASH_OF(ERR_STATE) **hash); -# endif int ERR_get_next_error_library(void); diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 54693ed..1363fb0 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -56,8 +56,6 @@ * [including the GNU Public Licence.] */ -#define OPENSSL_NO_FIPS_ERR - #include #include #include diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 0882324..7a95de0 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -71,17 +71,8 @@ # include -# ifndef OPENSSL_NO_BIO -# include -# endif +# include -/*- -#define EVP_RC2_KEY_SIZE 16 -#define EVP_RC4_KEY_SIZE 16 -#define EVP_BLOWFISH_KEY_SIZE 16 -#define EVP_CAST5_KEY_SIZE 16 -#define EVP_RC5_32_12_16_KEY_SIZE 16 -*/ # define EVP_MAX_MD_SIZE 64/* longest known is SHA512 */ # define EVP_MAX_KEY_LENGTH 64 # define EVP_MAX_IV_LENGTH 16 @@ -751,14 +742,12 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key); -# ifndef OPENSSL_NO_BIO BIO_METHOD *BIO_f_md(void); BIO_METHOD *BIO_f_base64(void); BIO_METHOD *BIO_f_cipher(void); BIO_METHOD *BIO_f_reliable(void); __owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k, const unsigned char *i, int enc); -# endif const EVP_MD *EVP_md_null(void); # ifndef OPENSSL_NO_MD2 diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 8b09966..0a21399 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -65,78 +65,9 @@ */ #include "cryptlib.h" -#ifndef OPENSSL_NO_BIO -# include -#endif +#include #include -#ifdef OPENSSL_NO_BIO - -void lh_stats(LHASH *lh, FILE *out) -{ - fprintf(out, "num_items = %lu\n", lh->num_items); - fprintf(out, "num_nodes = %u\n", lh->num_nodes); - fprintf(out, "num_alloc_nodes = %u\n", lh->num_alloc_nodes); - fprintf(out, "num_expands = %lu\n", lh->num_expands); - fprintf(out, "num_expand_reallocs = %lu\n", lh->num_expand_reallocs); - fprintf(out, "num_contracts = %lu\n", lh->num_contracts); - fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs); - fprintf(out, "num_hash_calls = %lu\n", lh->num_hash_calls); - fprintf(out, "num_comp_calls = %lu\n", lh->num_comp_calls); - fprintf(out, "num_insert = %lu\n", lh->num_insert); - fprintf(out, "num_replace = %lu\n", lh->num_replace); - fprintf(out, "num_delete = %lu\n", lh->num_delete); - fprintf(out, "num_no_delete = %lu\n", lh->num_no_delete); - fprintf(out, "num_retrieve = %lu\n", lh->num_retrieve); - fprintf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); - fprintf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -# if 0 - fprintf(out, "p = %u\n", lh->p); - fprintf(out, "pmax = %u\n", lh->pmax); - fprintf(out, "up_load = %lu\n", lh->up_load); - fprintf(out, "down_load = %lu\n", lh->down_load); -# endif -} - -void lh_node_stats(LHASH *lh, FILE *out) -{ - LHASH_NODE *n; - unsigned int i, num; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - fprintf(out, "node %6u -> %3u\n", i, num); - } -} - -void lh_node_usage_stats(LHASH *lh, FILE *out) -{ - LHASH_NODE *n; - unsigned long num; - unsigned int i; - unsigned long total = 0, n_used = 0; - - for (i = 0; i < lh->num_nodes; i++) { - for (n = lh->b[i], num = 0; n != NULL; n = n->next) - num++; - if (num != 0) { - n_used++; - total += num; - } - } - fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes); - fprintf(out, "%lu items\n", total); - if (n_used == 0) - return; - fprintf(out, "load %d.%02d actual load %d.%02d\n", - (int)(total / lh->num_nodes), - (int)((total % lh->num_nodes) * 100 / lh->num_nodes), - (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); -} - -#else - # ifndef OPENSSL_NO_STDIO void lh_stats(const _LHASH *lh, FILE *fp) { @@ -198,12 +129,6 @@ void lh_stats_bio(const _LHASH *lh, BIO *out) BIO_printf(out, "num_retrieve = %lu\n", lh->num_retrieve); BIO_printf(out, "num_retrieve_miss = %lu\n", lh->num_retrieve_miss); BIO_printf(out, "num_hash_comps = %lu\n", lh->num_hash_comps); -# if 0 - BIO_printf(out, "p = %u\n", lh->p); - BIO_printf(out, "pmax = %u\n", lh->pmax); - BIO_printf(out, "up_load = %lu\n", lh->up_load); - BIO_printf(out, "down_load = %lu\n", lh->down_load); -# endif } void lh_node_stats_bio(const _LHASH *lh, BIO *out) @@ -242,5 +167,3 @@ void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out) (int)((total % lh->num_nodes) * 100 / lh->num_nodes), (int)(total / n_used), (int)((total % n_used) * 100 / n_used)); } - -#endif diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 53c5c13..5e9bfb8 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -194,9 +194,7 @@ void *lh_insert(_LHASH *lh, void *data) } nn->data = data; nn->next = NULL; -#ifndef OPENSSL_NO_HASH_COMP nn->hash = hash; -#endif *rn = nn; ret = NULL; lh->num_insert++; @@ -315,12 +313,7 @@ static void expand(_LHASH *lh) nni = lh->num_alloc_nodes; for (np = *n1; np != NULL;) { -#ifndef OPENSSL_NO_HASH_COMP hash = np->hash; -#else - hash = lh->hash(np->data); - lh->num_hash_calls++; -#endif if ((hash % nni) != p) { /* move it */ *n1 = (*n1)->next; np->next = *n2; @@ -404,13 +397,11 @@ static LHASH_NODE **getrn(_LHASH *lh, const void *data, unsigned long *rhash) cf = lh->comp; ret = &(lh->b[(int)nn]); for (n1 = *ret; n1 != NULL; n1 = n1->next) { -#ifndef OPENSSL_NO_HASH_COMP lh->num_hash_comps++; if (n1->hash != hash) { ret = &(n1->next); continue; } -#endif lh->num_comp_calls++; if (cf(n1->data, data) == 0) break; diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index 8ddac6b..92ec80a 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -68,9 +68,7 @@ # include # endif -# ifndef OPENSSL_NO_BIO -# include -# endif +# include #ifdef __cplusplus extern "C" { @@ -79,9 +77,7 @@ extern "C" { typedef struct lhash_node_st { void *data; struct lhash_node_st *next; -# ifndef OPENSSL_NO_HASH_COMP unsigned long hash; -# endif } LHASH_NODE; typedef int (*LHASH_COMP_FN_TYPE) (const void *, const void *); @@ -182,17 +178,9 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); unsigned long lh_num_items(const _LHASH *lh); -# ifndef OPENSSL_NO_STDIO -void lh_stats(const _LHASH *lh, FILE *out); -void lh_node_stats(const _LHASH *lh, FILE *out); -void lh_node_usage_stats(const _LHASH *lh, FILE *out); -# endif - -# ifndef OPENSSL_NO_BIO void lh_stats_bio(const _LHASH *lh, BIO *out); void lh_node_stats_bio(const _LHASH *lh, BIO *out); void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); -# endif /* Type checking... */ diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 0b06ea4..e7366af 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -66,20 +66,7 @@ #include /* obj_dat.h is generated from objects.h by obj_dat.pl */ -#ifndef OPENSSL_NO_OBJECT -# include "obj_dat.h" -#else -/* You will have to load all the objects needed manually in the application */ -# define NUM_NID 0 -# define NUM_SN 0 -# define NUM_LN 0 -# define NUM_OBJ 0 -static const unsigned char lvalues[1]; -static const ASN1_OBJECT nid_objs[1]; -static const unsigned int sn_objs[1]; -static const unsigned int ln_objs[1]; -static const unsigned int obj_objs[1]; -#endif +#include "obj_dat.h" DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn); DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln); diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 848649d..d8057cb 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h @@ -60,12 +60,8 @@ # define HEADER_PEM_H # include -# ifndef OPENSSL_NO_BIO -# include -# endif -# ifndef OPENSSL_NO_STACK -# include -# endif +# include +# include # include # include # include @@ -343,7 +339,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # endif -# ifndef OPENSSL_NO_BIO # define DECLARE_PEM_read_bio(name, type) \ type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); @@ -357,13 +352,6 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ unsigned char *kstr, int klen, pem_password_cb *cb, void *u); -# else - -# define DECLARE_PEM_read_bio(name, type) /**/ -# define DECLARE_PEM_write_bio(name, type) /**/ -# define DECLARE_PEM_write_bio_const(name, type) /**/ -# define DECLARE_PEM_write_cb_bio(name, type) /**/ -# endif # define DECLARE_PEM_write(name, type) \ DECLARE_PEM_write_bio(name, type) \ DECLARE_PEM_write_fp(name, type) @@ -385,19 +373,12 @@ int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ # define DECLARE_PEM_rw_cb(name, type) \ DECLARE_PEM_read(name, type) \ DECLARE_PEM_write_cb(name, type) -# if 1 -/* "userdata": new with OpenSSL 0.9.4 */ typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata); -# else -/* OpenSSL 0.9.3, 0.9.3a */ -typedef int pem_password_cb (char *buf, int size, int rwflag); -# endif int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len, pem_password_cb *callback, void *u); -# ifndef OPENSSL_NO_BIO int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, long *len); int PEM_write_bio(BIO *bp, const char *name, const char *hdr, @@ -416,7 +397,6 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cd, void *u); -# endif int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, long *len); diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index b3d2839..9ba6497 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -61,9 +61,7 @@ # include -# ifndef OPENSSL_NO_BIO -# include -# endif +# include # include # include # ifdef OPENSSL_USE_DEPRECATED @@ -395,9 +393,7 @@ DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) int RSA_print_fp(FILE *fp, const RSA *r, int offset); # endif -# ifndef OPENSSL_NO_BIO int RSA_print(BIO *bp, const RSA *r, int offset); -# endif # ifndef OPENSSL_NO_RC4 int i2d_RSA_NET(const RSA *a, unsigned char **pp, diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h index 16eccbb..8b6b5f2 100644 --- a/crypto/ts/ts.h +++ b/crypto/ts/ts.h @@ -62,15 +62,9 @@ # include # include -# ifndef OPENSSL_NO_BUFFER -# include -# endif -# ifndef OPENSSL_NO_EVP -# include -# endif -# ifndef OPENSSL_NO_BIO -# include -# endif +# include +# include +# include # include # include # include diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index 06bf5f3..7c741d9 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -67,7 +67,6 @@ ASN1_SEQUENCE(TS_MSG_IMPRINT) = { IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT) IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT) -#ifndef OPENSSL_NO_BIO TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a) { return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new, @@ -78,7 +77,6 @@ int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a) { return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a); } -#endif #ifndef OPENSSL_NO_STDIO TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a) { @@ -103,7 +101,6 @@ ASN1_SEQUENCE(TS_REQ) = { IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ) IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ) -#ifndef OPENSSL_NO_BIO TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a) { return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a); @@ -113,7 +110,6 @@ int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a) { return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a); } -#endif #ifndef OPENSSL_NO_STDIO TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a) { @@ -150,7 +146,6 @@ ASN1_SEQUENCE(TS_TST_INFO) = { IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO) IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO) -#ifndef OPENSSL_NO_BIO TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a) { return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp, @@ -161,7 +156,6 @@ int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a) { return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a); } -#endif #ifndef OPENSSL_NO_STDIO TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a) { @@ -236,7 +230,6 @@ IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP) IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP) -#ifndef OPENSSL_NO_BIO TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a) { return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a); @@ -246,7 +239,6 @@ int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a) { return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a); } -#endif #ifndef OPENSSL_NO_STDIO TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a) { diff --git a/crypto/txt_db/txt_db.h b/crypto/txt_db/txt_db.h index 98e23a2..54b71fc 100644 --- a/crypto/txt_db/txt_db.h +++ b/crypto/txt_db/txt_db.h @@ -60,9 +60,7 @@ # define HEADER_TXT_DB_H # include -# ifndef OPENSSL_NO_BIO -# include -# endif +# include # include # include @@ -91,13 +89,8 @@ typedef struct txt_db_st { OPENSSL_STRING *arg_row; } TXT_DB; -# ifndef OPENSSL_NO_BIO TXT_DB *TXT_DB_read(BIO *in, int num); long TXT_DB_write(BIO *out, TXT_DB *db); -# else -TXT_DB *TXT_DB_read(char *in, int num); -long TXT_DB_write(char *out, TXT_DB *db); -# endif int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); void TXT_DB_free(TXT_DB *db); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 8e67262..5b25de0 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -66,15 +66,9 @@ # include # include -# ifndef OPENSSL_NO_BUFFER -# include -# endif -# ifndef OPENSSL_NO_EVP -# include -# endif -# ifndef OPENSSL_NO_BIO -# include -# endif +# include +# include +# include # include # include # include @@ -179,11 +173,7 @@ DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) struct X509_name_st { STACK_OF(X509_NAME_ENTRY) *entries; int modified; /* true if 'bytes' needs to be built */ -# ifndef OPENSSL_NO_BUFFER BUF_MEM *bytes; -# else - char *bytes; -# endif /* unsigned long hash; Keep the hash around for lookups */ unsigned char *canon_enc; int canon_enclen; @@ -492,7 +482,6 @@ typedef struct private_key_st { int references; } X509_PKEY; -# ifndef OPENSSL_NO_EVP typedef struct X509_info_st { X509 *x509; X509_CRL *crl; @@ -504,7 +493,6 @@ typedef struct X509_info_st { } X509_INFO; DECLARE_STACK_OF(X509_INFO) -# endif /* * The next 2 structures and their 8 routines were sent to me by Pat Richard @@ -627,7 +615,6 @@ void *X509_CRL_get_meth_data(X509_CRL *crl); const char *X509_verify_cert_error_string(long n); -# ifndef OPENSSL_NO_EVP int X509_verify(X509 *a, EVP_PKEY *r); int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); @@ -664,7 +651,6 @@ int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, unsigned int *len); int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, unsigned int *len); -# endif # ifndef OPENSSL_NO_STDIO X509 *d2i_X509_fp(FILE *fp, X509 **x509); @@ -705,7 +691,6 @@ int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); # endif -# ifndef OPENSSL_NO_BIO X509 *d2i_X509_bio(BIO *bp, X509 **x509); int i2d_X509_bio(BIO *bp, X509 *x509); X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl); @@ -742,7 +727,6 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); -# endif X509 *X509_dup(X509 *x509); X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); @@ -869,7 +853,6 @@ DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) -# ifndef OPENSSL_NO_EVP X509_INFO *X509_INFO_new(void); void X509_INFO_free(X509_INFO *a); char *X509_NAME_oneline(X509_NAME *a, char *buf, int size); @@ -896,7 +879,6 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx); -# endif int X509_set_version(X509 *x, long version); int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial); @@ -992,7 +974,6 @@ int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); # endif -# ifndef OPENSSL_NO_BIO int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); @@ -1005,7 +986,6 @@ int X509_CRL_print(BIO *bp, X509_CRL *x); int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag, unsigned long cflag); int X509_REQ_print(BIO *bp, X509_REQ *req); -# endif int X509_NAME_entry_count(X509_NAME *name); int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len); diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f5da926..8e639c8 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -538,9 +538,6 @@ static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) static int check_chain_extensions(X509_STORE_CTX *ctx) { -#ifdef OPENSSL_NO_CHAIN_VERIFY - return 1; -#else int i, ok = 0, must_be_ca, plen = 0; X509 *x; int (*cb) (int xok, X509_STORE_CTX *xctx); @@ -680,7 +677,6 @@ static int check_chain_extensions(X509_STORE_CTX *ctx) ok = 1; end: return ok; -#endif } static int check_name_constraints(X509_STORE_CTX *ctx) diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 105862b..959af30 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -68,9 +68,7 @@ # define HEADER_X509_VFY_H # include -# ifndef OPENSSL_NO_LHASH -# include -# endif +# include # include # include # include diff --git a/ssl/ssl.h b/ssl/ssl.h index ad2136a..a0025e6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -148,13 +148,9 @@ # ifndef OPENSSL_NO_COMP # include # endif -# ifndef OPENSSL_NO_BIO -# include -# endif +# include # ifdef OPENSSL_USE_DEPRECATED -# ifndef OPENSSL_NO_X509 -# include -# endif +# include # include # include # include @@ -1417,20 +1413,12 @@ struct ssl_st { * There are 2 BIO's even though they are normally both the same. This * is so data can be read and written to different handlers */ -# ifndef OPENSSL_NO_BIO /* used by SSL_read */ BIO *rbio; /* used by SSL_write */ BIO *wbio; /* used during session-id reuse to concatenate messages */ BIO *bbio; -# else - /* used by SSL_read */ - char *rbio; - /* used by SSL_write */ - char *wbio; - char *bbio; -# endif /* * This holds a variable that indicates what we were doing when a 0 or -1 * is returned. This is needed for non-blocking IO so we know what @@ -2108,7 +2096,7 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst) # define SSL_get0_ec_point_formats(s, plst) \ SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst) -# ifndef OPENSSL_NO_BIO + BIO_METHOD *BIO_f_ssl(void); BIO *BIO_new_ssl(SSL_CTX *ctx, int client); BIO *BIO_new_ssl_connect(SSL_CTX *ctx); @@ -2116,8 +2104,6 @@ BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx); int BIO_ssl_copy_session_id(BIO *to, BIO *from); void BIO_ssl_shutdown(BIO *ssl_bio); -# endif - int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str); SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth); void SSL_CTX_free(SSL_CTX *); @@ -2148,11 +2134,9 @@ int SSL_set_fd(SSL *s, int fd); int SSL_set_rfd(SSL *s, int fd); int SSL_set_wfd(SSL *s, int fd); # endif -# ifndef OPENSSL_NO_BIO void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio); BIO *SSL_get_rbio(const SSL *s); BIO *SSL_get_wbio(const SSL *s); -# endif int SSL_set_cipher_list(SSL *s, const char *str); void SSL_set_read_ahead(SSL *s, int yes); int SSL_get_verify_mode(const SSL *s); @@ -2222,10 +2206,8 @@ unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s); # ifndef OPENSSL_NO_STDIO int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses); # endif -# ifndef OPENSSL_NO_BIO int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses); int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x); -# endif void SSL_SESSION_free(SSL_SESSION *ses); int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp); int SSL_set_session(SSL *to, SSL_SESSION *session); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index bfaf69a..f2de54b 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -740,7 +740,6 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) i = s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ #endif else { -#ifndef OPENSSL_NO_X509_VERIFY i = X509_verify_cert(&ctx); # if 0 /* Dummy error calls so mkerr generates them */ @@ -750,11 +749,6 @@ int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk) # endif if (i > 0) i = ssl_security_cert_chain(s, ctx.chain, NULL, 1); -#else - i = 0; - ctx.error = X509_V_ERR_APPLICATION_VERIFICATION; - SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, SSL_R_NO_VERIFY_CALLBACK); -#endif } s->verify_result = ctx.error; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index d217efa..a49fd86 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -2909,9 +2909,7 @@ static int app_verify_callback(X509_STORE_CTX *ctx, void *arg) if (cb_arg->allow_proxy_certs) { X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS); } -#ifndef OPENSSL_NO_X509_VERIFY ok = X509_verify_cert(ctx); -#endif if (cb_arg->proxy_auth) { if (ok > 0) { From rsalz at openssl.org Tue Jan 27 15:20:39 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 16:20:39 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127152039.3705C1DF118@butler.localdomain> The branch master has been updated via c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit) from a00ae6c46e0d7907a7c9f9e85334e968aa5fd338 (commit) - Log ----------------------------------------------------------------- commit c73ad690174171b63a53dabdb2f2d9ebfd30053a Author: Rich Salz Date: Tue Jan 27 10:19:14 2015 -0500 OPENSSL_NO_xxx cleanup: RFC3779 Remove OPENSSL_NO_RFCF3779. Also, makevms.com was ignored by some of the other cleanups, so I caught it up. Sorry I ignored you, poor little VMS... Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_x509.c | 4 ---- crypto/x509/x509.h | 2 -- crypto/x509/x509_vfy.c | 2 -- crypto/x509v3/ext_dat.h | 2 -- crypto/x509v3/v3_addr.c | 11 ++++------- crypto/x509v3/v3_asid.c | 7 ++----- crypto/x509v3/v3_purp.c | 4 ---- crypto/x509v3/x509v3.h | 28 ++++++++++++---------------- makevms.com | 7 +------ util/mkdef.pl | 6 +----- 10 files changed, 20 insertions(+), 53 deletions(-) diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index cd838e0..f487dbb 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -95,10 +95,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ret->ex_pathlen = -1; ret->skid = NULL; ret->akid = NULL; -#ifndef OPENSSL_NO_RFC3779 ret->rfc3779_addr = NULL; ret->rfc3779_asid = NULL; -#endif ret->aux = NULL; ret->crldp = NULL; CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); @@ -119,10 +117,8 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, policy_cache_free(ret->policy_cache); GENERAL_NAMES_free(ret->altname); NAME_CONSTRAINTS_free(ret->nc); -#ifndef OPENSSL_NO_RFC3779 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ASIdentifiers_free(ret->rfc3779_asid); -#endif if (ret->name != NULL) OPENSSL_free(ret->name); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 5b25de0..13f7531 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -278,10 +278,8 @@ struct x509_st { STACK_OF(DIST_POINT) *crldp; STACK_OF(GENERAL_NAME) *altname; NAME_CONSTRAINTS *nc; -# ifndef OPENSSL_NO_RFC3779 STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; -# endif # ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; # endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8e639c8..31bb95b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -439,7 +439,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) if (!ok) goto end; -#ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); if (!ok) @@ -447,7 +446,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx) ok = v3_addr_validate_path(ctx); if (!ok) goto end; -#endif /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index c3a6fce..4e0fe92 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -103,10 +103,8 @@ static const X509V3_EXT_METHOD *standard_exts[] = { #endif &v3_sxnet, &v3_info, -#ifndef OPENSSL_NO_RFC3779 &v3_addr, &v3_asid, -#endif #ifndef OPENSSL_NO_OCSP &v3_ocsp_nonce, &v3_ocsp_crlid, diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 94cfed0..1635421 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -69,7 +69,6 @@ #include #include -#ifndef OPENSSL_NO_RFC3779 /* * OpenSSL ASN.1 template translation of RFC 3779 2.2.3. @@ -108,7 +107,7 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily) /* * How much buffer space do we need for a raw address? */ -# define ADDR_RAW_BUF_LEN 16 +#define ADDR_RAW_BUF_LEN 16 /* * What's the address length associated with this AFI? @@ -163,7 +162,7 @@ static int addr_expand(unsigned char *addr, /* * Extract the prefix length from a bitstring. */ -# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) +#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7))) /* * i2r handler for one address bitstring. @@ -1195,7 +1194,7 @@ int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) /* * Validation error handling via callback. */ -# define validation_err(_err_) \ +#define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -1315,7 +1314,7 @@ static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -# undef validation_err +#undef validation_err /* * RFC 3779 2.3 path validation -- called from X509_verify_cert(). @@ -1340,5 +1339,3 @@ int v3_addr_validate_resource_set(STACK_OF(X509) *chain, return 0; return v3_addr_validate_path_internal(NULL, chain, ext); } - -#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 68a5f68..34469eb 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -69,7 +69,6 @@ #include #include -#ifndef OPENSSL_NO_RFC3779 /* * OpenSSL ASN.1 template translation of RFC 3779 3.2.3. @@ -736,7 +735,7 @@ int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) /* * Validation error handling via callback. */ -# define validation_err(_err_) \ +#define validation_err(_err_) \ do { \ if (ctx != NULL) { \ ctx->error = _err_; \ @@ -869,7 +868,7 @@ static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx, return ret; } -# undef validation_err +#undef validation_err /* * RFC 3779 3.3 path validation -- called from X509_verify_cert(). @@ -894,5 +893,3 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, return 0; return v3_asid_validate_path_internal(NULL, chain, ext); } - -#endif /* OPENSSL_NO_RFC3779 */ diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 36b0d87..dfc8c5b 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -322,10 +322,8 @@ int X509_supported_extension(X509_EXTENSION *ex) NID_basic_constraints, /* 87 */ NID_certificate_policies, /* 89 */ NID_ext_key_usage, /* 126 */ -#ifndef OPENSSL_NO_RFC3779 NID_sbgp_ipAddrBlock, /* 290 */ NID_sbgp_autonomousSysNum, /* 291 */ -#endif NID_policy_constraints, /* 401 */ NID_proxyCertInfo, /* 663 */ NID_name_constraints, /* 666 */ @@ -508,11 +506,9 @@ static void x509v3_cache_extensions(X509 *x) x->ex_flags |= EXFLAG_INVALID; setup_crldp(x); -#ifndef OPENSSL_NO_RFC3779 x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL); x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, NULL, NULL); -#endif for (i = 0; i < X509_get_ext_count(x); i++) { ex = X509_get_ext(x, i); if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index a0c7e1a..a99d71b 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -758,14 +758,12 @@ int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk, void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent); DECLARE_STACK_OF(X509_POLICY_NODE) -# ifndef OPENSSL_NO_RFC3779 - typedef struct ASRange_st { ASN1_INTEGER *min, *max; } ASRange; -# define ASIdOrRange_id 0 -# define ASIdOrRange_range 1 +# define ASIdOrRange_id 0 +# define ASIdOrRange_range 1 typedef struct ASIdOrRange_st { int type; @@ -778,8 +776,8 @@ typedef struct ASIdOrRange_st { typedef STACK_OF(ASIdOrRange) ASIdOrRanges; DECLARE_STACK_OF(ASIdOrRange) -# define ASIdentifierChoice_inherit 0 -# define ASIdentifierChoice_asIdsOrRanges 1 +# define ASIdentifierChoice_inherit 0 +# define ASIdentifierChoice_asIdsOrRanges 1 typedef struct ASIdentifierChoice_st { int type; @@ -802,8 +800,8 @@ typedef struct IPAddressRange_st { ASN1_BIT_STRING *min, *max; } IPAddressRange; -# define IPAddressOrRange_addressPrefix 0 -# define IPAddressOrRange_addressRange 1 +# define IPAddressOrRange_addressPrefix 0 +# define IPAddressOrRange_addressRange 1 typedef struct IPAddressOrRange_st { int type; @@ -816,8 +814,8 @@ typedef struct IPAddressOrRange_st { typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges; DECLARE_STACK_OF(IPAddressOrRange) -# define IPAddressChoice_inherit 0 -# define IPAddressChoice_addressesOrRanges 1 +# define IPAddressChoice_inherit 0 +# define IPAddressChoice_addressesOrRanges 1 typedef struct IPAddressChoice_st { int type; @@ -843,8 +841,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) /* * API tag for elements of the ASIdentifer SEQUENCE. */ -# define V3_ASID_ASNUM 0 -# define V3_ASID_RDI 1 +# define V3_ASID_ASNUM 0 +# define V3_ASID_RDI 1 /* * AFI values, assigned by IANA. It'd be nice to make the AFI @@ -852,8 +850,8 @@ DECLARE_ASN1_FUNCTIONS(IPAddressFamily) * that would need to be defined for other address families for it to * be worth the trouble. */ -# define IANA_AFI_IPV4 1 -# define IANA_AFI_IPV6 2 +# define IANA_AFI_IPV4 1 +# define IANA_AFI_IPV6 2 /* * Utilities to construct and extract values from RFC3779 extensions, @@ -902,8 +900,6 @@ int v3_asid_validate_resource_set(STACK_OF(X509) *chain, int v3_addr_validate_resource_set(STACK_OF(X509) *chain, IPAddrBlocks *ext, int allow_inheritance); -# endif /* OPENSSL_NO_RFC3779 */ - /* BEGIN ERROR CODES */ /* * The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/makevms.com b/makevms.com index 82aa4ce..4705346 100755 --- a/makevms.com +++ b/makevms.com @@ -250,9 +250,6 @@ $! For that reason, the list will also always end up in alphabetical order $ CONFIG_LOGICALS := AES,- ASM,INLINE_ASM,- BF,- - BIO,- - BUFFER,- - BUF_FREELISTS,- CAMELLIA,- CAST,- CMS,- @@ -289,7 +286,6 @@ $ CONFIG_LOGICALS := AES,- RC2,- RC4,- RC5,- - RFC3779,- RIPEMD,- RSA,- SEED,- @@ -306,8 +302,7 @@ $ CONFIG_LOGICALS := AES,- STDIO,- STORE,- TLSEXT,- - WHIRLPOOL,- - X509 + WHIRLPOOL $! Add a few that we know about $ CONFIG_LOGICALS := 'CONFIG_LOGICALS',- THREADS diff --git a/util/mkdef.pl b/util/mkdef.pl index e5063b0..a6f64e3 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -97,8 +97,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", - # RFC3779 - "RFC3779", # TLS "TLSEXT", "PSK", "SRP", "HEARTBEATS", # CMS @@ -140,7 +138,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; @@ -231,7 +229,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } - elsif (/^no-rfc3779$/) { $no_rfc3779=1; } elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } @@ -1209,7 +1206,6 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } - if ($keyword eq "RFC3779" && $no_rfc3779) { return 0; } if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } From rsalz at openssl.org Tue Jan 27 17:40:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 18:40:23 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127174023.A06351DF118@butler.localdomain> The branch master has been updated via 474e469bbd056aebcf7e7d3207ef820f2faed4ce (commit) from c73ad690174171b63a53dabdb2f2d9ebfd30053a (commit) - Log ----------------------------------------------------------------- commit 474e469bbd056aebcf7e7d3207ef820f2faed4ce Author: Rich Salz Date: Tue Jan 27 12:34:45 2015 -0500 OPENSSL_NO_xxx cleanup: SHA Remove support for SHA0 and DSS0 (they were broken), and remove the ability to attempt to build without SHA (it didn't work). For simplicity, remove the option of not building various SHA algorithms; you could argue that SHA_224/256/384/512 should be kept, since they're like crypto algorithms, but I decided to go the other way. So these options are gone: GENUINE_DSA OPENSSL_NO_SHA0 OPENSSL_NO_SHA OPENSSL_NO_SHA1 OPENSSL_NO_SHA224 OPENSSL_NO_SHA256 OPENSSL_NO_SHA384 OPENSSL_NO_SHA512 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/pkcs12.c | 2 +- apps/progs.h | 14 +-- apps/progs.pl | 34 +++---- apps/speed.c | 50 +---------- crypto/asn1/x_crl.c | 2 - crypto/bn/bn_rand.c | 2 - crypto/dsa/dsa_depr.c | 33 +++---- crypto/dsa/dsa_gen.c | 30 ++----- crypto/dsa/dsa_key.c | 8 +- crypto/dsa/dsa_ossl.c | 5 +- crypto/ecdh/ecdhtest.c | 7 +- crypto/ecdsa/ecs_ossl.c | 5 +- crypto/engine/eng_openssl.c | 7 -- crypto/evp/Makefile | 17 +--- crypto/evp/c_allc.c | 4 - crypto/evp/c_alld.c | 12 --- crypto/evp/e_aes_cbc_hmac_sha1.c | 2 +- crypto/evp/e_aes_cbc_hmac_sha256.c | 2 +- crypto/evp/e_des3.c | 4 +- crypto/evp/evp.h | 12 --- crypto/evp/m_dss.c | 2 - crypto/evp/m_dss1.c | 15 ++-- crypto/evp/m_ecdsa.c | 3 - crypto/evp/m_sha.c | 105 ---------------------- crypto/evp/m_sha1.c | 19 ++-- crypto/evp/p5_crpt2.c | 2 +- crypto/evp/p5_crpt2_test.c | 15 ---- crypto/lhash/lhash.h | 4 + crypto/ocsp/ocsp_lib.c | 2 - crypto/rand/rand_lcl.h | 12 +-- crypto/rsa/rsa_eay.c | 4 - crypto/rsa/rsa_oaep.c | 21 ++--- crypto/sha/Makefile | 15 +--- crypto/sha/sha.h | 45 +++------- crypto/sha/sha1_one.c | 2 - crypto/sha/sha1dgst.c | 6 -- crypto/sha/sha1test.c | 44 +++------ crypto/sha/sha256.c | 64 +++++++------ crypto/sha/sha256t.c | 9 -- crypto/sha/sha512.c | 169 +++++++++++++++++----------------- crypto/sha/sha512t.c | 9 -- crypto/sha/sha_dgst.c | 74 --------------- crypto/sha/sha_locl.h | 38 +++----- crypto/sha/sha_one.c | 79 ---------------- crypto/sha/shatest.c | 174 ------------------------------------ crypto/x509/x509.h | 8 +- crypto/x509/x509_cmp.c | 4 - crypto/x509v3/v3_purp.c | 2 - doc/crypto/EVP_DigestInit.pod | 11 ++- engines/e_sureware.c | 2 - makevms.com | 6 -- ssl/s3_cbc.c | 21 +---- ssl/s3_clnt.c | 4 - ssl/s3_srvr.c | 2 +- ssl/ssl_algs.c | 17 +--- ssl/ssl_locl.h | 5 -- ssl/t1_lib.c | 22 +---- util/mk1mf.pl | 13 +-- util/mkdef.pl | 1 - 59 files changed, 240 insertions(+), 1062 deletions(-) delete mode 100644 crypto/evp/m_sha.c delete mode 100644 crypto/sha/sha_dgst.c delete mode 100644 crypto/sha/sha_one.c delete mode 100644 crypto/sha/shatest.c diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 1e26c13..0de46f0 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -58,7 +58,7 @@ */ #include -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_DES) # include # include diff --git a/apps/progs.h b/apps/progs.h index c66da30..9a8a192 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -128,7 +128,7 @@ FUNCTION functions[] = { {FUNC_TYPE_GENERAL, "ciphers", ciphers_main}, #endif {FUNC_TYPE_GENERAL, "nseq", nseq_main}, -#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_DES) {FUNC_TYPE_GENERAL, "pkcs12", pkcs12_main}, #endif {FUNC_TYPE_GENERAL, "pkcs8", pkcs8_main}, @@ -158,30 +158,18 @@ FUNCTION functions[] = { #ifndef OPENSSL_NO_MD5 {FUNC_TYPE_MD, "md5", dgst_main}, #endif -#ifndef OPENSSL_NO_SHA {FUNC_TYPE_MD, "sha", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA1 {FUNC_TYPE_MD, "sha1", dgst_main}, -#endif #ifndef OPENSSL_NO_MDC2 {FUNC_TYPE_MD, "mdc2", dgst_main}, #endif #ifndef OPENSSL_NO_RMD160 {FUNC_TYPE_MD, "rmd160", dgst_main}, #endif -#ifndef OPENSSL_NO_SHA224 {FUNC_TYPE_MD, "sha224", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA256 {FUNC_TYPE_MD, "sha256", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA384 {FUNC_TYPE_MD, "sha384", dgst_main}, -#endif -#ifndef OPENSSL_NO_SHA512 {FUNC_TYPE_MD, "sha512", dgst_main}, -#endif #ifndef OPENSSL_NO_AES {FUNC_TYPE_CIPHER, "aes-128-cbc", enc_main}, #endif diff --git a/apps/progs.pl b/apps/progs.pl index 8695742..09dd00b 100644 --- a/apps/progs.pl +++ b/apps/progs.pl @@ -6,22 +6,22 @@ print "/* automatically generated by progs.pl for openssl.c */\n\n"; grep(s/^asn1pars$/asn1parse/, at ARGV); foreach (@ARGV) - { printf "extern int %s_main(int argc,char *argv[]);\n",$_; } + { printf "extern int %s_main(int argc, char *argv[]);\n",$_; } print <<'EOF'; -#define FUNC_TYPE_GENERAL 1 -#define FUNC_TYPE_MD 2 -#define FUNC_TYPE_CIPHER 3 -#define FUNC_TYPE_PKEY 4 -#define FUNC_TYPE_MD_ALG 5 -#define FUNC_TYPE_CIPHER_ALG 6 +#define FUNC_TYPE_GENERAL 1 +#define FUNC_TYPE_MD 2 +#define FUNC_TYPE_CIPHER 3 +#define FUNC_TYPE_PKEY 4 +#define FUNC_TYPE_MD_ALG 5 +#define FUNC_TYPE_CIPHER_ALG 6 typedef struct { - int type; - const char *name; - int (*func)(int argc,char *argv[]); - } FUNCTION; + int type; + const char *name; + int (*func) (int argc, char *argv[]); +} FUNCTION; DECLARE_LHASH_OF(FUNCTION); FUNCTION functions[] = { @@ -30,7 +30,7 @@ EOF foreach (@ARGV) { push(@files,$_); - $str="\t{FUNC_TYPE_GENERAL,\"$_\",${_}_main},\n"; + $str=" {FUNC_TYPE_GENERAL, \"$_\", ${_}_main},\n"; if (($_ =~ /^s_/) || ($_ =~ /^ciphers$/)) { print "#if !defined(OPENSSL_NO_SOCK)\n${str}#endif\n"; } elsif ( ($_ =~ /^engine$/)) @@ -44,7 +44,7 @@ foreach (@ARGV) elsif ( ($_ =~ /^dh$/) || ($_ =~ /^gendh$/) || ($_ =~ /^dhparam$/)) { print "#ifndef OPENSSL_NO_DH\n${str}#endif\n"; } elsif ( ($_ =~ /^pkcs12$/)) - { print "#if !defined(OPENSSL_NO_DES) && !defined(OPENSSL_NO_SHA1)\n${str}#endif\n"; } + { print "#if !defined(OPENSSL_NO_DES)\n${str}#endif\n"; } elsif ( ($_ =~ /^cms$/)) { print "#ifndef OPENSSL_NO_CMS\n${str}#endif\n"; } elsif ( ($_ =~ /^ocsp$/)) @@ -58,7 +58,9 @@ foreach (@ARGV) foreach ("md2","md4","md5","sha","sha1","mdc2","rmd160","sha224","sha256","sha384","sha512") { push(@files,$_); - printf "#ifndef OPENSSL_NO_".uc($_)."\n\t{FUNC_TYPE_MD,\"".$_."\",dgst_main},\n#endif\n"; + printf "#ifndef OPENSSL_NO_".uc($_)."\n" if ! /sha/; + printf " {FUNC_TYPE_MD, \"".$_."\", dgst_main},\n"; + printf "#endif\n" if ! /sha/; } foreach ( @@ -84,7 +86,7 @@ foreach ( { push(@files,$_); - $t=sprintf("\t{FUNC_TYPE_CIPHER,\"%s\",enc_main},\n",$_); + $t=sprintf(" {FUNC_TYPE_CIPHER, \"%s\", enc_main},\n", $_); if ($_ =~ /des/) { $t="#ifndef OPENSSL_NO_DES\n${t}#endif\n"; } elsif ($_ =~ /aes/) { $t="#ifndef OPENSSL_NO_AES\n${t}#endif\n"; } elsif ($_ =~ /camellia/) { $t="#ifndef OPENSSL_NO_CAMELLIA\n${t}#endif\n"; } @@ -99,4 +101,4 @@ foreach ( print $t; } -print "\t{0,NULL,NULL}\n\t};\n"; +print " {0, NULL, NULL}\n};\n"; diff --git a/apps/speed.c b/apps/speed.c index f5af9a3..419dced 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -137,9 +137,7 @@ # include #endif #include -#ifndef OPENSSL_NO_SHA # include -#endif #ifndef OPENSSL_NO_RMD160 # include #endif @@ -339,15 +337,10 @@ static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else - return NULL; -# endif /* OPENSSL_NO_SHA */ } #endif /* OPENSSL_NO_ECDH */ @@ -382,15 +375,9 @@ int MAIN(int argc, char **argv) unsigned char md5[MD5_DIGEST_LENGTH]; unsigned char hmac[MD5_DIGEST_LENGTH]; #endif -#ifndef OPENSSL_NO_SHA unsigned char sha[SHA_DIGEST_LENGTH]; -# ifndef OPENSSL_NO_SHA256 unsigned char sha256[SHA256_DIGEST_LENGTH]; -# endif -# ifndef OPENSSL_NO_SHA512 unsigned char sha512[SHA512_DIGEST_LENGTH]; -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH]; #endif @@ -827,23 +814,15 @@ int MAIN(int argc, char **argv) doit[D_HMAC] = 1; else #endif -#ifndef OPENSSL_NO_SHA if (strcmp(*argv, "sha1") == 0) doit[D_SHA1] = 1; else if (strcmp(*argv, "sha") == 0) doit[D_SHA1] = 1, doit[D_SHA256] = 1, doit[D_SHA512] = 1; - else -# ifndef OPENSSL_NO_SHA256 - if (strcmp(*argv, "sha256") == 0) + else if (strcmp(*argv, "sha256") == 0) doit[D_SHA256] = 1; - else -# endif -# ifndef OPENSSL_NO_SHA512 - if (strcmp(*argv, "sha512") == 0) + else if (strcmp(*argv, "sha512") == 0) doit[D_SHA512] = 1; else -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL if (strcmp(*argv, "whirlpool") == 0) doit[D_WHIRLPOOL] = 1; @@ -1110,27 +1089,16 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "hmac "); # endif #endif -#ifndef OPENSSL_NO_SHA1 BIO_printf(bio_err, "sha1 "); -#endif -#ifndef OPENSSL_NO_SHA256 BIO_printf(bio_err, "sha256 "); -#endif -#ifndef OPENSSL_NO_SHA512 BIO_printf(bio_err, "sha512 "); -#endif #ifndef OPENSSL_NO_WHIRLPOOL BIO_printf(bio_err, "whirlpool"); #endif #ifndef OPENSSL_NO_RMD160 BIO_printf(bio_err, "rmd160"); #endif -#if !defined(OPENSSL_NO_MD2) || !defined(OPENSSL_NO_MDC2) || \ - !defined(OPENSSL_NO_MD4) || !defined(OPENSSL_NO_MD5) || \ - !defined(OPENSSL_NO_SHA1) || !defined(OPENSSL_NO_RMD160) || \ - !defined(OPENSSL_NO_WHIRLPOOL) BIO_printf(bio_err, "\n"); -#endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err, "idea-cbc "); @@ -1660,23 +1628,16 @@ int MAIN(int argc, char **argv) HMAC_CTX_cleanup(&hctx); } #endif -#ifndef OPENSSL_NO_SHA if (doit[D_SHA1]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA1], c[D_SHA1][j], lengths[j]); Time_F(START); for (count = 0, run = 1; COND(c[D_SHA1][j]); count++) -# if 0 - EVP_Digest(buf, (unsigned long)lengths[j], &(sha[0]), NULL, - EVP_sha1(), NULL); -# else SHA1(buf, lengths[j], sha); -# endif d = Time_F(STOP); print_result(D_SHA1, j, count, d); } } -# ifndef OPENSSL_NO_SHA256 if (doit[D_SHA256]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA256], c[D_SHA256][j], lengths[j]); @@ -1687,9 +1648,6 @@ int MAIN(int argc, char **argv) print_result(D_SHA256, j, count, d); } } -# endif - -# ifndef OPENSSL_NO_SHA512 if (doit[D_SHA512]) { for (j = 0; j < SIZE_NUM; j++) { print_message(names[D_SHA512], c[D_SHA512][j], lengths[j]); @@ -1700,8 +1658,6 @@ int MAIN(int argc, char **argv) print_result(D_SHA512, j, count, d); } } -# endif -#endif #ifndef OPENSSL_NO_WHIRLPOOL if (doit[D_WHIRLPOOL]) { diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 0279503..79eab4f 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -220,9 +220,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: -#ifndef OPENSSL_NO_SHA X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL); -#endif crl->idp = X509_CRL_get_ext_d2i(crl, NID_issuing_distribution_point, NULL, NULL); diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index de60286..ecdce9f 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -289,7 +289,6 @@ int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range) return bn_rand_range(1, r, range); } -#ifndef OPENSSL_NO_SHA512 /* * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike * BN_rand_range, it also includes the contents of |priv| and |message| in @@ -362,4 +361,3 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, OPENSSL_free(k_bytes); return ret; } -#endif /* OPENSSL_NO_SHA512 */ diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index b3d0fab..be1df13 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -58,37 +58,25 @@ * version(s). */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() static void *dummy = &dummy; -#ifndef OPENSSL_NO_SHA - -# include -# include -# include "cryptlib.h" -# include -# include -# include -# include -# include +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include -# ifndef OPENSSL_NO_DEPRECATED +#ifndef OPENSSL_NO_DEPRECATED DSA *DSA_generate_parameters(int bits, unsigned char *seed_in, int seed_len, int *counter_ret, unsigned long *h_ret, @@ -117,5 +105,4 @@ DSA *DSA_generate_parameters(int bits, DSA_free(ret); return NULL; } -# endif #endif diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 5e92d93..37b23c9 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -56,35 +56,23 @@ * [including the GNU Public Licence.] */ -#undef GENUINE_DSA - -#ifdef GENUINE_DSA -/* - * Parameter generation follows the original release of FIPS PUB 186, - * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) - */ -# define HASH EVP_sha() -#else /* * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB * 180-1) */ -# define HASH EVP_sha1() -#endif +#define xxxHASH EVP_sha1() #include /* To see if OPENSSL_NO_SHA is defined */ -#ifndef OPENSSL_NO_SHA +#include +#include "cryptlib.h" +#include +#include +#include +#include -# include -# include "cryptlib.h" -# include -# include -# include -# include - -# include "dsa_locl.h" +#include "dsa_locl.h" int DSA_generate_parameters_ex(DSA *ret, int bits, const unsigned char *seed_in, int seed_len, @@ -714,5 +702,3 @@ int dsa_paramgen_check_g(DSA *dsa) return rv; } - -#endif diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 8584963..1c05b0f 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -59,10 +59,9 @@ #include #include #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA -# include -# include -# include +#include +#include +#include static int dsa_builtin_keygen(DSA *dsa); @@ -133,4 +132,3 @@ static int dsa_builtin_keygen(DSA *dsa) BN_CTX_free(ctx); return (ok); } -#endif diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index bd83227..96f5d6f 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -258,7 +258,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, /* Get random k */ do { -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { /* * We calculate k from SHA512(private_key + H(message) + random). @@ -267,9 +266,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst, dlen, ctx)) goto err; - } else -#endif - if (!BN_rand_range(k, dsa->q)) + } else if (!BN_rand_range(k, dsa->q)) goto err; } while (BN_is_zero(k)); diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index a791d63..04b0cf3 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -103,15 +103,10 @@ static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) { -# ifndef OPENSSL_NO_SHA if (*outlen < SHA_DIGEST_LENGTH) return NULL; - else - *outlen = SHA_DIGEST_LENGTH; + *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); -# else - return NULL; -# endif } static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index 95d9dad..c232321 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -140,7 +140,6 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, do { /* get random k */ do -#ifndef OPENSSL_NO_SHA512 if (dgst != NULL) { if (!BN_generate_dsa_nonce (k, order, EC_KEY_get0_private_key(eckey), dgst, dlen, @@ -149,9 +148,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); goto err; } - } else -#endif - { + } else { if (!BN_rand_range(k, order)) { ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED); diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 19c5213..3e12ecf 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -108,13 +108,6 @@ # undef TEST_ENG_OPENSSL_RC4_P_INIT # undef TEST_ENG_OPENSSL_RC4_P_CIPHER #endif -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1) -# undef TEST_ENG_OPENSSL_SHA -# undef TEST_ENG_OPENSSL_SHA_OTHERS -# undef TEST_ENG_OPENSSL_SHA_P_INIT -# undef TEST_ENG_OPENSSL_SHA_P_UPDATE -# undef TEST_ENG_OPENSSL_SHA_P_FINAL -#endif #ifdef TEST_ENG_OPENSSL_RC4 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index fd5727d..f882096 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -22,7 +22,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ - m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c \ + m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ @@ -35,7 +35,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ - m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o m_wp.o \ + m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ @@ -568,19 +568,6 @@ m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c -m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -m_sha.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_sha.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_sha.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_sha.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h -m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_sha.o: ../cryptlib.h m_sha.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 0a1f90a..174a419 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -214,14 +214,10 @@ void OpenSSL_add_all_ciphers(void) EVP_add_cipher(EVP_aes_256_wrap_pad()); EVP_add_cipher_alias(SN_aes_256_cbc, "AES256"); EVP_add_cipher_alias(SN_aes_256_cbc, "aes256"); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -# endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -# endif #endif #ifndef OPENSSL_NO_CAMELLIA diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 7e1200b..0d4278b 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -71,13 +71,6 @@ void OpenSSL_add_all_digests(void) EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - EVP_add_digest(EVP_sha()); -# ifndef OPENSSL_NO_DSA - EVP_add_digest(EVP_dss()); -# endif -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_digest(EVP_sha1()); EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); @@ -90,7 +83,6 @@ void OpenSSL_add_all_digests(void) # ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); # endif -#endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) EVP_add_digest(EVP_mdc2()); #endif @@ -99,14 +91,10 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_ripemd160, "ripemd"); EVP_add_digest_alias(SN_ripemd160, "rmd160"); #endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif #ifndef OPENSSL_NO_WHIRLPOOL EVP_add_digest(EVP_whirlpool()); #endif diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c index e0127a9..960be3c 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha1.c +++ b/crypto/evp/e_aes_cbc_hmac_sha1.c @@ -52,7 +52,7 @@ #include #include -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA1) +#if !defined(OPENSSL_NO_AES) # include # include diff --git a/crypto/evp/e_aes_cbc_hmac_sha256.c b/crypto/evp/e_aes_cbc_hmac_sha256.c index 598c096..bea8f6d 100644 --- a/crypto/evp/e_aes_cbc_hmac_sha256.c +++ b/crypto/evp/e_aes_cbc_hmac_sha256.c @@ -52,7 +52,7 @@ #include #include -#if !defined(OPENSSL_NO_AES) && !defined(OPENSSL_NO_SHA256) +#if !defined(OPENSSL_NO_AES) # include # include diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 0627a63..73d7923 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -374,9 +374,8 @@ const EVP_CIPHER *EVP_des_ede3(void) return &des_ede3_ecb; } -# ifndef OPENSSL_NO_SHA -# include +# include static const unsigned char wrap_iv[8] = { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 }; @@ -482,5 +481,4 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void) return &des3_wrap; } -# endif #endif diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 7a95de0..ca7447f 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -759,21 +759,13 @@ const EVP_MD *EVP_md4(void); # ifndef OPENSSL_NO_MD5 const EVP_MD *EVP_md5(void); # endif -# ifndef OPENSSL_NO_SHA -const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); -const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); const EVP_MD *EVP_ecdsa(void); -# endif -# ifndef OPENSSL_NO_SHA256 const EVP_MD *EVP_sha224(void); const EVP_MD *EVP_sha256(void); -# endif -# ifndef OPENSSL_NO_SHA512 const EVP_MD *EVP_sha384(void); const EVP_MD *EVP_sha512(void); -# endif # ifndef OPENSSL_NO_MDC2 const EVP_MD *EVP_mdc2(void); # endif @@ -917,14 +909,10 @@ const EVP_CIPHER *EVP_aes_256_wrap_pad(void); # ifndef OPENSSL_NO_OCB const EVP_CIPHER *EVP_aes_256_ocb(void); # endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void); -# endif -# ifndef OPENSSL_NO_SHA256 const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void); const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void); -# endif # endif # ifndef OPENSSL_NO_CAMELLIA const EVP_CIPHER *EVP_camellia_128_ecb(void); diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c index 221eda4..7fa1ca3 100644 --- a/crypto/evp/m_dss.c +++ b/crypto/evp/m_dss.c @@ -65,7 +65,6 @@ # include #endif -#ifndef OPENSSL_NO_SHA static int init(EVP_MD_CTX *ctx) { @@ -101,4 +100,3 @@ const EVP_MD *EVP_dss(void) { return (&dsa_md); } -#endif diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index a80a865..41b837c 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -59,14 +59,12 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA - -# include -# include -# include -# ifndef OPENSSL_NO_DSA -# include -# endif +#include +#include +#include +#ifndef OPENSSL_NO_DSA +# include +#endif static int init(EVP_MD_CTX *ctx) { @@ -102,4 +100,3 @@ const EVP_MD *EVP_dss1(void) { return (&dss1_md); } -#endif diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c index b774e41..181f19f 100644 --- a/crypto/evp/m_ecdsa.c +++ b/crypto/evp/m_ecdsa.c @@ -115,8 +115,6 @@ #include #include -#ifndef OPENSSL_NO_SHA - static int init(EVP_MD_CTX *ctx) { return SHA1_Init(ctx->md_data); @@ -151,4 +149,3 @@ const EVP_MD *EVP_ecdsa(void) { return (&ecdsa_md); } -#endif diff --git a/crypto/evp/m_sha.c b/crypto/evp/m_sha.c deleted file mode 100644 index 548fae4..0000000 --- a/crypto/evp/m_sha.c +++ /dev/null @@ -1,105 +0,0 @@ -/* crypto/evp/m_sha.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" - -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) - -# include -# include -# include -# ifndef OPENSSL_NO_RSA -# include -# endif - -static int init(EVP_MD_CTX *ctx) -{ - return SHA_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA_Final(md, ctx->md_data); -} - -static const EVP_MD sha_md = { - NID_sha, - NID_shaWithRSAEncryption, - SHA_DIGEST_LENGTH, - 0, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_RSA_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_sha(void) -{ - return (&sha_md); -} -#endif diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 83edc40..9ab8c90 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -59,14 +59,12 @@ #include #include "cryptlib.h" -#ifndef OPENSSL_NO_SHA - -# include -# include -# include -# ifndef OPENSSL_NO_RSA -# include -# endif +#include +#include +#include +#ifndef OPENSSL_NO_RSA +# include +#endif static int init(EVP_MD_CTX *ctx) { @@ -102,9 +100,7 @@ const EVP_MD *EVP_sha1(void) { return (&sha1_md); } -#endif -#ifndef OPENSSL_NO_SHA256 static int init224(EVP_MD_CTX *ctx) { return SHA224_Init(ctx->md_data); @@ -169,9 +165,7 @@ const EVP_MD *EVP_sha256(void) { return (&sha256_md); } -#endif /* ifndef OPENSSL_NO_SHA256 */ -#ifndef OPENSSL_NO_SHA512 static int init384(EVP_MD_CTX *ctx) { return SHA384_Init(ctx->md_data); @@ -232,4 +226,3 @@ const EVP_MD *EVP_sha512(void) { return (&sha512_md); } -#endif /* ifndef OPENSSL_NO_SHA512 */ diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index f2ae1e5..b9c4dcb 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -59,7 +59,7 @@ #include #include #include "cryptlib.h" -#if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) +#if !defined(OPENSSL_NO_HMAC) # include # include # include diff --git a/crypto/evp/p5_crpt2_test.c b/crypto/evp/p5_crpt2_test.c index 451c580..01661b1 100644 --- a/crypto/evp/p5_crpt2_test.c +++ b/crypto/evp/p5_crpt2_test.c @@ -60,14 +60,6 @@ #include #include -#ifdef OPENSSL_NO_SHA -int main(int argc, char *argv[]) -{ - printf("No SHA support\n"); - return (0); -} -#else - typedef struct { const char *pass; int passlen; @@ -200,15 +192,9 @@ int main(int argc, char **argv) printf("PKCS5_PBKDF2_HMAC() tests "); for (i = 0; test->pass != NULL; i++, test++) { -# ifndef OPENSSL_NO_SHA0 test_p5_pbkdf2(i, "sha1", test, sha1_results[i]); -# endif -# ifndef OPENSSL_NO_SHA256 test_p5_pbkdf2(i, "sha256", test, sha256_results[i]); -# endif -# ifndef OPENSSL_NO_SHA512 test_p5_pbkdf2(i, "sha512", test, sha512_results[i]); -# endif printf("."); } printf(" done\n"); @@ -223,4 +209,3 @@ int main(int argc, char **argv) CRYPTO_mem_leaks_fp(stderr); return 0; } -#endif /* OPENSSL_NO_SHA */ diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index 92ec80a..cb01854 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -178,6 +178,10 @@ void lh_doall_arg(_LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); unsigned long lh_strhash(const char *c); unsigned long lh_num_items(const _LHASH *lh); +# ifndef OPENSSL_NO_STDIO +void lh_stats(const _LHASH *lh, FILE *fp); +void lh_node_stats(const _LHASH *lh, FILE *fp); +# endif void lh_stats_bio(const _LHASH *lh, BIO *out); void lh_node_stats_bio(const _LHASH *lh, BIO *out); void lh_node_usage_stats_bio(const _LHASH *lh, BIO *out); diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 442a5b6..24ca40e 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -81,10 +81,8 @@ OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer) X509_NAME *iname; ASN1_INTEGER *serial; ASN1_BIT_STRING *ikey; -#ifndef OPENSSL_NO_SHA1 if (!dgst) dgst = EVP_sha1(); -#endif if (subject) { iname = X509_get_issuer_name(subject); serial = X509_get_serialNumber(subject); diff --git a/crypto/rand/rand_lcl.h b/crypto/rand/rand_lcl.h index e2f7844..3ced44d 100644 --- a/crypto/rand/rand_lcl.h +++ b/crypto/rand/rand_lcl.h @@ -115,17 +115,7 @@ # define ENTROPY_NEEDED 32 /* require 256 bits = 32 bytes of randomness */ # if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND) -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -# define USE_SHA1_RAND -# elif !defined(OPENSSL_NO_MD5) -# define USE_MD5_RAND -# elif !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) -# define USE_MDC2_RAND -# elif !defined(OPENSSL_NO_MD2) -# define USE_MD2_RAND -# else -# error No message digest algorithm available -# endif +# define USE_SHA1_RAND # endif # include diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index b8d9221..73a8e07 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -193,11 +193,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen); break; -# ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); break; -# endif case RSA_SSLV23_PADDING: i = RSA_padding_add_SSLv23(buf, num, from, flen); break; @@ -603,11 +601,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, case RSA_PKCS1_PADDING: r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); break; -# ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); break; -# endif case RSA_SSLV23_PADDING: r = RSA_padding_check_SSLv23(to, num, buf, j, num); break; diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index ebaad1a..ab8f9ec 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -19,14 +19,13 @@ #include "constant_time_locl.h" -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) -# include -# include "cryptlib.h" -# include -# include -# include -# include -# include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, const unsigned char *from, int flen, @@ -76,11 +75,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen); if (RAND_bytes(seed, mdlen) <= 0) return 0; -# ifdef PKCS_TESTVECT +#ifdef PKCS_TESTVECT memcpy(seed, "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", 20); -# endif +#endif dbmask = OPENSSL_malloc(emlen - mdlen); if (dbmask == NULL) { @@ -279,5 +278,3 @@ int PKCS1_MGF1(unsigned char *mask, long len, EVP_MD_CTX_cleanup(&c); return rv; } - -#endif diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index a8c0cf7..c72bba6 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -22,8 +22,8 @@ TEST=shatest.c sha1test.c sha256t.c sha512t.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c -LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ) +LIBSRC=sha1dgst.c sha1_one.c sha256.c sha512.c +LIBOBJ=sha1dgst.o sha1_one.o sha256.o sha512.o $(SHA1_ASM_OBJ) SRC= $(LIBSRC) @@ -162,14 +162,3 @@ sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h sha512.o: ../cryptlib.h sha512.c -sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha_dgst.o: ../../include/openssl/opensslconf.h -sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h -sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -sha_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -sha_one.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha_one.o: ../../include/openssl/symhacks.h sha_one.c diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h index d76790b..e35f328 100644 --- a/crypto/sha/sha.h +++ b/crypto/sha/sha.h @@ -66,10 +66,6 @@ extern "C" { #endif -# if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) -# error SHA is disabled. -# endif - /*- * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! * ! SHA_LONG has to be at least 32 bits wide. ! @@ -91,26 +87,15 @@ typedef struct SHAstate_st { unsigned int num; } SHA_CTX; -# ifndef OPENSSL_NO_SHA0 -int SHA_Init(SHA_CTX *c); -int SHA_Update(SHA_CTX *c, const void *data, size_t len); -int SHA_Final(unsigned char *md, SHA_CTX *c); -unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md); -void SHA_Transform(SHA_CTX *c, const unsigned char *data); -# endif -# ifndef OPENSSL_NO_SHA1 int SHA1_Init(SHA_CTX *c); int SHA1_Update(SHA_CTX *c, const void *data, size_t len); int SHA1_Final(unsigned char *md, SHA_CTX *c); unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md); void SHA1_Transform(SHA_CTX *c, const unsigned char *data); -# endif # define SHA256_CBLOCK (SHA_LBLOCK*4)/* SHA-256 treats input data as a * contiguous array of 32 bit wide * big-endian values. */ -# define SHA224_DIGEST_LENGTH 28 -# define SHA256_DIGEST_LENGTH 32 typedef struct SHA256state_st { SHA_LONG h[8]; @@ -119,7 +104,6 @@ typedef struct SHA256state_st { unsigned int num, md_len; } SHA256_CTX; -# ifndef OPENSSL_NO_SHA256 int SHA224_Init(SHA256_CTX *c); int SHA224_Update(SHA256_CTX *c, const void *data, size_t len); int SHA224_Final(unsigned char *md, SHA256_CTX *c); @@ -129,12 +113,12 @@ int SHA256_Update(SHA256_CTX *c, const void *data, size_t len); int SHA256_Final(unsigned char *md, SHA256_CTX *c); unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md); void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); -# endif +# define SHA224_DIGEST_LENGTH 28 +# define SHA256_DIGEST_LENGTH 32 # define SHA384_DIGEST_LENGTH 48 # define SHA512_DIGEST_LENGTH 64 -# ifndef OPENSSL_NO_SHA512 /* * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64 * being exactly 64-bit wide. See Implementation Notes in sha512.c @@ -145,17 +129,17 @@ void SHA256_Transform(SHA256_CTX *c, const unsigned char *data); * contiguous array of 64 bit * wide big-endian values. */ -# define SHA512_CBLOCK (SHA_LBLOCK*8) -# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SHA_LONG64 unsigned __int64 -# define U64(C) C##UI64 -# elif defined(__arch64__) -# define SHA_LONG64 unsigned long -# define U64(C) C##UL -# else -# define SHA_LONG64 unsigned long long -# define U64(C) C##ULL -# endif +# define SHA512_CBLOCK (SHA_LBLOCK*8) +# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) +# define SHA_LONG64 unsigned __int64 +# define U64(C) C##UI64 +# elif defined(__arch64__) +# define SHA_LONG64 unsigned long +# define U64(C) C##UL +# else +# define SHA_LONG64 unsigned long long +# define U64(C) C##ULL +# endif typedef struct SHA512state_st { SHA_LONG64 h[8]; @@ -166,9 +150,7 @@ typedef struct SHA512state_st { } u; unsigned int num, md_len; } SHA512_CTX; -# endif -# ifndef OPENSSL_NO_SHA512 int SHA384_Init(SHA512_CTX *c); int SHA384_Update(SHA512_CTX *c, const void *data, size_t len); int SHA384_Final(unsigned char *md, SHA512_CTX *c); @@ -178,7 +160,6 @@ int SHA512_Update(SHA512_CTX *c, const void *data, size_t len); int SHA512_Final(unsigned char *md, SHA512_CTX *c); unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md); void SHA512_Transform(SHA512_CTX *c, const unsigned char *data); -# endif #ifdef __cplusplus } diff --git a/crypto/sha/sha1_one.c b/crypto/sha/sha1_one.c index a6dd760..4a59115 100644 --- a/crypto/sha/sha1_one.c +++ b/crypto/sha/sha1_one.c @@ -61,7 +61,6 @@ #include #include -#ifndef OPENSSL_NO_SHA1 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) { SHA_CTX c; @@ -76,4 +75,3 @@ unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md) OPENSSL_cleanse(&c, sizeof(c)); return (md); } -#endif diff --git a/crypto/sha/sha1dgst.c b/crypto/sha/sha1dgst.c index a67f1fe..9f1b8f0 100644 --- a/crypto/sha/sha1dgst.c +++ b/crypto/sha/sha1dgst.c @@ -58,10 +58,6 @@ #include #include -#if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) - -# undef SHA_0 -# define SHA_1 # include @@ -70,5 +66,3 @@ const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT; /* The implementation is in ../md32_common.h */ # include "sha_locl.h" - -#endif diff --git a/crypto/sha/sha1test.c b/crypto/sha/sha1test.c index 0052a95..cc3633d 100644 --- a/crypto/sha/sha1test.c +++ b/crypto/sha/sha1test.c @@ -61,23 +61,12 @@ #include #include "../e_os.h" +#include +#include -#ifdef OPENSSL_NO_SHA -int main(int argc, char *argv[]) -{ - printf("No SHA support\n"); - return (0); -} -#else -# include -# include - -# ifdef CHARSET_EBCDIC -# include -# endif - -# undef SHA_0 /* FIPS 180 */ -# define SHA_1 /* FIPS 180-1 */ +#ifdef CHARSET_EBCDIC +# include +#endif static char *test[] = { "abc", @@ -85,22 +74,12 @@ static char *test[] = { NULL, }; -# ifdef SHA_0 -static char *ret[] = { - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", -}; - -static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603"; -# endif -# ifdef SHA_1 static char *ret[] = { "a9993e364706816aba3e25717850c26c9cd0d89d", "84983e441c3bd26ebaae4aa1f95129e5e54670f1", }; static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -# endif static char *pt(unsigned char *md); int main(int argc, char *argv[]) @@ -112,10 +91,10 @@ int main(int argc, char *argv[]) EVP_MD_CTX c; unsigned char md[SHA_DIGEST_LENGTH]; -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC ebcdic2ascii(test[0], test[0], strlen(test[0])); ebcdic2ascii(test[1], test[1], strlen(test[1])); -# endif +#endif EVP_MD_CTX_init(&c); P = test; @@ -136,9 +115,9 @@ int main(int argc, char *argv[]) } memset(buf, 'a', 1000); -# ifdef CHARSET_EBCDIC +#ifdef CHARSET_EBCDIC ebcdic2ascii(buf, buf, 1000); -# endif /* CHARSET_EBCDIC */ +#endif /* CHARSET_EBCDIC */ EVP_DigestInit_ex(&c, EVP_sha1(), NULL); for (i = 0; i < 1000; i++) EVP_DigestUpdate(&c, buf, 1000); @@ -153,10 +132,10 @@ int main(int argc, char *argv[]) } else printf("test 3 ok\n"); -# ifdef OPENSSL_SYS_NETWARE +#ifdef OPENSSL_SYS_NETWARE if (err) printf("ERROR: %d\n", err); -# endif +#endif EXIT(err); EVP_MD_CTX_cleanup(&c); return (0); @@ -171,4 +150,3 @@ static char *pt(unsigned char *md) sprintf(&(buf[i * 2]), "%02x", md[i]); return (buf); } -#endif diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index 92d8dd8..eec0cad 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -5,14 +5,13 @@ * ==================================================================== */ #include -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) -# include -# include +#include +#include -# include -# include -# include +#include +#include +#include const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT; @@ -84,11 +83,12 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) return SHA256_Final(md, c); } -# define DATA_ORDER_IS_BIG_ENDIAN +#define DATA_ORDER_IS_BIG_ENDIAN + +#define HASH_LONG SHA_LONG +#define HASH_CTX SHA256_CTX +#define HASH_CBLOCK SHA_CBLOCK -# define HASH_LONG SHA_LONG -# define HASH_CTX SHA256_CTX -# define HASH_CBLOCK SHA_CBLOCK /* * Note that FIPS180-2 discusses "Truncation of the Hash Function Output." * default: case below covers for it. It's not clear however if it's @@ -97,7 +97,7 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) * Idea behind separate cases for pre-defined lenghts is to let the * compiler decide if it's appropriate to unroll small loops. */ -# define HASH_MAKE_STRING(c,s) do { \ +#define HASH_MAKE_STRING(c,s) do { \ unsigned long ll; \ unsigned int nn; \ switch ((c)->md_len) \ @@ -118,18 +118,18 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c) } \ } while (0) -# define HASH_UPDATE SHA256_Update -# define HASH_TRANSFORM SHA256_Transform -# define HASH_FINAL SHA256_Final -# define HASH_BLOCK_DATA_ORDER sha256_block_data_order -# ifndef SHA256_ASM +#define HASH_UPDATE SHA256_Update +#define HASH_TRANSFORM SHA256_Transform +#define HASH_FINAL SHA256_Final +#define HASH_BLOCK_DATA_ORDER sha256_block_data_order +#ifndef SHA256_ASM static -# endif +#endif void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -# include "md32_common.h" +#include "md32_common.h" -# ifndef SHA256_ASM +#ifndef SHA256_ASM static const SHA_LONG K256[64] = { 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, @@ -154,15 +154,15 @@ static const SHA_LONG K256[64] = { * is left one. This is why you might notice that rotation coefficients * differ from those observed in FIPS document by 32-N... */ -# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) -# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) -# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) -# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) +# define Sigma0(x) (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10)) +# define Sigma1(x) (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7)) +# define sigma0(x) (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3)) +# define sigma1(x) (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -# ifdef OPENSSL_SMALL_FOOTPRINT +# ifdef OPENSSL_SMALL_FOOTPRINT static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num) @@ -229,14 +229,14 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, } } -# else +# else -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ +# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i]; \ h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ +# define ROUND_16_63(i,a,b,c,d,e,f,g,h,X) do { \ s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ @@ -381,7 +381,5 @@ static void sha256_block_data_order(SHA256_CTX *ctx, const void *in, } } -# endif -# endif /* SHA256_ASM */ - -#endif /* OPENSSL_NO_SHA256 */ +# endif +#endif /* SHA256_ASM */ diff --git a/crypto/sha/sha256t.c b/crypto/sha/sha256t.c index 476702c..0872f34 100644 --- a/crypto/sha/sha256t.c +++ b/crypto/sha/sha256t.c @@ -10,14 +10,6 @@ #include #include -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA256) -int main(int argc, char *argv[]) -{ - printf("No SHA256 support\n"); - return (0); -} -#else - unsigned char app_b1[SHA256_DIGEST_LENGTH] = { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, @@ -159,4 +151,3 @@ int main(int argc, char **argv) return 0; } -#endif diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index d79c2a0..f934c74 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -5,7 +5,6 @@ * ==================================================================== */ #include -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) /*- * IMPLEMENTATION NOTES. * @@ -41,24 +40,24 @@ * 16-bit platforms. * */ -# include -# include +#include +#include -# include -# include -# include +#include +#include +#include -# include "cryptlib.h" +#include "cryptlib.h" const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \ defined(__s390__) || defined(__s390x__) || \ defined(__aarch64__) || \ defined(SHA512_ASM) -# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA -# endif +# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#endif int SHA384_Init(SHA512_CTX *c) { @@ -96,9 +95,9 @@ int SHA512_Init(SHA512_CTX *c) return 1; } -# ifndef SHA512_ASM +#ifndef SHA512_ASM static -# endif +#endif void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num); int SHA512_Final(unsigned char *md, SHA512_CTX *c) @@ -113,10 +112,10 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) sha512_block_data_order(c, p, 1); memset(p + n, 0, sizeof(c->u) - 16 - n); -# ifdef B_ENDIAN +#ifdef B_ENDIAN c->u.d[SHA_LBLOCK - 2] = c->Nh; c->u.d[SHA_LBLOCK - 1] = c->Nl; -# else +#else p[sizeof(c->u) - 1] = (unsigned char)(c->Nl); p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8); p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16); @@ -133,7 +132,7 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40); p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48); p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56); -# endif +#endif sha512_block_data_order(c, p, 1); @@ -213,14 +212,14 @@ int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len) } if (len >= sizeof(c->u)) { -# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)data % sizeof(c->u.d[0]) != 0) while (len >= sizeof(c->u)) memcpy(p, data, sizeof(c->u)), sha512_block_data_order(c, p, 1), len -= sizeof(c->u), data += sizeof(c->u); else -# endif +#endif sha512_block_data_order(c, data, len / sizeof(c->u)), data += len, len %= sizeof(c->u), data -= len; } @@ -238,10 +237,10 @@ int SHA384_Update(SHA512_CTX *c, const void *data, size_t len) void SHA512_Transform(SHA512_CTX *c, const unsigned char *data) { -# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA +#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA if ((size_t)data % sizeof(c->u.d[0]) != 0) memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p; -# endif +#endif sha512_block_data_order(c, data, 1); } @@ -273,7 +272,7 @@ unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) return (md); } -# ifndef SHA512_ASM +#ifndef SHA512_ASM static const SHA_LONG64 K512[80] = { U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd), U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc), @@ -317,23 +316,23 @@ static const SHA_LONG64 K512[80] = { U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817) }; -# ifndef PEDANTIC -# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(__x86_64) || defined(__x86_64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +# ifndef PEDANTIC +# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(__x86_64) || defined(__x86_64__) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rorq %1,%0" \ : "=r"(ret) \ : "J"(n),"0"(a) \ : "cc"); ret; }) -# if !defined(B_ENDIAN) -# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ +# if !defined(B_ENDIAN) +# define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ asm ("bswapq %0" \ : "=r"(ret) \ : "0"(ret)); ret; }) -# endif -# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) -# if defined(I386_ONLY) -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +# endif +# elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN) +# if defined(I386_ONLY) +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ unsigned int hi=p[0],lo=p[1]; \ asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\ "roll $16,%%eax; roll $16,%%edx; "\ @@ -341,39 +340,39 @@ static const SHA_LONG64 K512[80] = { : "=a"(lo),"=d"(hi) \ : "0"(lo),"1"(hi) : "cc"); \ ((SHA_LONG64)hi)<<32|lo; }) -# else -# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ +# else +# define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\ unsigned int hi=p[0],lo=p[1]; \ asm ("bswapl %0; bswapl %1;" \ : "=r"(lo),"=r"(hi) \ : "0"(lo),"1"(hi)); \ ((SHA_LONG64)hi)<<32|lo; }) -# endif -# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +# endif +# elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("rotrdi %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"K"(n)); ret; }) -# elif defined(__aarch64__) -# define ROTR(a,n) ({ SHA_LONG64 ret; \ +# elif defined(__aarch64__) +# define ROTR(a,n) ({ SHA_LONG64 ret; \ asm ("ror %0,%1,%2" \ : "=r"(ret) \ : "r"(a),"I"(n)); ret; }) -# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \ __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__ -# define PULL64(x) ({ SHA_LONG64 ret; \ +# define PULL64(x) ({ SHA_LONG64 ret; \ asm ("rev %0,%1" \ : "=r"(ret) \ : "r"(*((const SHA_LONG64 *)(&(x))))); ret; }) -# endif # endif -# elif defined(_MSC_VER) -# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ -# pragma intrinsic(_rotr64) -# define ROTR(a,n) _rotr64((a),n) -# endif -# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) -# if defined(I386_ONLY) +# endif +# elif defined(_MSC_VER) +# if defined(_WIN64) /* applies to both IA-64 and AMD64 */ +# pragma intrinsic(_rotr64) +# define ROTR(a,n) _rotr64((a),n) +# endif +# if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) +# if defined(I386_ONLY) static SHA_LONG64 __fastcall __pull64be(const void *x) { _asm mov edx,[ecx + 0] @@ -381,34 +380,34 @@ static SHA_LONG64 __fastcall __pull64be(const void *x) _asm xchg dh, dl _asm xchg ah, al _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al} -# else +# else static SHA_LONG64 __fastcall __pull64be(const void *x) { _asm mov edx,[ecx + 0] _asm mov eax,[ecx + 4] _asm bswap edx _asm bswap eax} -# endif -# define PULL64(x) __pull64be(&(x)) -# if _MSC_VER<=1200 -# pragma inline_depth(0) -# endif +# endif +# define PULL64(x) __pull64be(&(x)) +# if _MSC_VER<=1200 +# pragma inline_depth(0) # endif # endif # endif -# ifndef PULL64 -# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) -# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) -# endif -# ifndef ROTR -# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) -# endif -# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) -# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) -# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) -# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) -# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) -# if defined(__i386) || defined(__i386__) || defined(_M_IX86) +# endif +# ifndef PULL64 +# define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) +# define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) +# endif +# ifndef ROTR +# define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) +# endif +# define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) +# define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) +# define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) +# define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) +# define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +# define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) +# if defined(__i386) || defined(__i386__) || defined(_M_IX86) /* * This code should give better results on 32-bit CPU with less than * ~24 registers, both size and performance wise... @@ -433,11 +432,11 @@ _asm bswap edx _asm bswap eax} F[7] = ctx->h[7]; for (i = 0; i < 16; i++, F--) { -# ifdef B_ENDIAN +# ifdef B_ENDIAN T = W[i]; -# else +# else T = PULL64(W[i]); -# endif +# endif F[0] = A; F[4] = E; F[8] = T; @@ -472,7 +471,7 @@ _asm bswap edx _asm bswap eax} } } -# elif defined(OPENSSL_SMALL_FOOTPRINT) +# elif defined(OPENSSL_SMALL_FOOTPRINT) static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num) { @@ -493,11 +492,11 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, h = ctx->h[7]; for (i = 0; i < 16; i++) { -# ifdef B_ENDIAN +# ifdef B_ENDIAN T1 = X[i] = W[i]; -# else +# else T1 = X[i] = PULL64(W[i]); -# endif +# endif T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i]; T2 = Sigma0(a) + Maj(a, b, c); h = g; @@ -542,12 +541,12 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, } } -# else -# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ +# else +# define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ h = Sigma0(a) + Maj(a,b,c); \ d += T1; h += T1; } while (0) -# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ +# define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X) do { \ s0 = X[(j+1)&0x0f]; s0 = sigma0(s0); \ s1 = X[(j+14)&0x0f]; s1 = sigma1(s1); \ T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f]; \ @@ -571,7 +570,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, g = ctx->h[6]; h = ctx->h[7]; -# ifdef B_ENDIAN +# ifdef B_ENDIAN T1 = X[0] = W[0]; ROUND_00_15(0, a, b, c, d, e, f, g, h); T1 = X[1] = W[1]; @@ -604,7 +603,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ROUND_00_15(14, c, d, e, f, g, h, a, b); T1 = X[15] = W[15]; ROUND_00_15(15, b, c, d, e, f, g, h, a); -# else +# else T1 = X[0] = PULL64(W[0]); ROUND_00_15(0, a, b, c, d, e, f, g, h); T1 = X[1] = PULL64(W[1]); @@ -637,7 +636,7 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, ROUND_00_15(14, c, d, e, f, g, h, a, b); T1 = X[15] = PULL64(W[15]); ROUND_00_15(15, b, c, d, e, f, g, h, a); -# endif +# endif for (i = 16; i < 80; i += 16) { ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X); @@ -671,14 +670,6 @@ static void sha512_block_data_order(SHA512_CTX *ctx, const void *in, } } -# endif - -# endif /* SHA512_ASM */ - -#else /* !OPENSSL_NO_SHA512 */ - -# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX) -static void *dummy = &dummy; # endif -#endif /* !OPENSSL_NO_SHA512 */ +#endif /* SHA512_ASM */ diff --git a/crypto/sha/sha512t.c b/crypto/sha/sha512t.c index 178882f..a4d4b5e 100644 --- a/crypto/sha/sha512t.c +++ b/crypto/sha/sha512t.c @@ -11,14 +11,6 @@ #include #include -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA512) -int main(int argc, char *argv[]) -{ - printf("No SHA512 support\n"); - return (0); -} -#else - unsigned char app_c1[SHA512_DIGEST_LENGTH] = { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, @@ -193,4 +185,3 @@ int main(int argc, char **argv) return 0; } -#endif diff --git a/crypto/sha/sha_dgst.c b/crypto/sha/sha_dgst.c deleted file mode 100644 index f77cf5e..0000000 --- a/crypto/sha/sha_dgst.c +++ /dev/null @@ -1,74 +0,0 @@ -/* crypto/sha/sha1dgst.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA) - -# undef SHA_1 -# define SHA_0 - -# include - -const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT; - -/* The implementation is in ../md32_common.h */ - -# include "sha_locl.h" - -#endif diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index 2a44f57..af62d9e 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -76,35 +76,19 @@ ll=(c)->h4; (void)HOST_l2c(ll,(s)); \ } while (0) -#if defined(SHA_0) - -# define HASH_UPDATE SHA_Update -# define HASH_TRANSFORM SHA_Transform -# define HASH_FINAL SHA_Final -# define HASH_INIT SHA_Init -# define HASH_BLOCK_DATA_ORDER sha_block_data_order -# define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) - -static void sha_block_data_order(SHA_CTX *c, const void *p, size_t num); - -#elif defined(SHA_1) - -# define HASH_UPDATE SHA1_Update -# define HASH_TRANSFORM SHA1_Transform -# define HASH_FINAL SHA1_Final -# define HASH_INIT SHA1_Init -# define HASH_BLOCK_DATA_ORDER sha1_block_data_order -# define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ +#define HASH_UPDATE SHA1_Update +#define HASH_TRANSFORM SHA1_Transform +#define HASH_FINAL SHA1_Final +#define HASH_INIT SHA1_Init +#define HASH_BLOCK_DATA_ORDER sha1_block_data_order +#define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ ix=(a)=ROTATE((a),1) \ ) -# ifndef SHA1_ASM -static -# endif -void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); - +#ifndef SHA1_ASM +static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #else -# error "Either SHA_0 or SHA_1 must be defined." +void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #endif #include "md32_common.h" @@ -197,7 +181,7 @@ int HASH_INIT(SHA_CTX *c) # define X(i) XX[i] # endif -# if !defined(SHA_1) || !defined(SHA1_ASM) +# if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const unsigned char *data = p; @@ -431,7 +415,7 @@ static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) E=D, D=C, C=ROTATE(B,30), B=A; \ A=ROTATE(A,5)+T+xa; } while(0) -# if !defined(SHA_1) || !defined(SHA1_ASM) +# if !defined(SHA1_ASM) static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num) { const unsigned char *data = p; diff --git a/crypto/sha/sha_one.c b/crypto/sha/sha_one.c deleted file mode 100644 index 0930b98..0000000 --- a/crypto/sha/sha_one.c +++ /dev/null @@ -1,79 +0,0 @@ -/* crypto/sha/sha_one.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include - -#ifndef OPENSSL_NO_SHA0 -unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md) -{ - SHA_CTX c; - static unsigned char m[SHA_DIGEST_LENGTH]; - - if (md == NULL) - md = m; - if (!SHA_Init(&c)) - return NULL; - SHA_Update(&c, d, n); - SHA_Final(md, &c); - OPENSSL_cleanse(&c, sizeof(c)); - return (md); -} -#endif diff --git a/crypto/sha/shatest.c b/crypto/sha/shatest.c deleted file mode 100644 index 105060a..0000000 --- a/crypto/sha/shatest.c +++ /dev/null @@ -1,174 +0,0 @@ -/* crypto/sha/shatest.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include - -#include "../e_os.h" - -#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) -int main(int argc, char *argv[]) -{ - printf("No SHA0 support\n"); - return (0); -} -#else -# include -# include - -# ifdef CHARSET_EBCDIC -# include -# endif - -# define SHA_0 /* FIPS 180 */ -# undef SHA_1 /* FIPS 180-1 */ - -static char *test[] = { - "abc", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - NULL, -}; - -# ifdef SHA_0 -static char *ret[] = { - "0164b8a914cd2a5e74c4f7ff082c4d97f1edf880", - "d2516ee1acfa5baf33dfc1c471e438449ef134c8", -}; - -static char *bigret = "3232affa48628a26653b5aaa44541fd90d690603"; -# endif -# ifdef SHA_1 -static char *ret[] = { - "a9993e364706816aba3e25717850c26c9cd0d89d", - "84983e441c3bd26ebaae4aa1f95129e5e54670f1", -}; - -static char *bigret = "34aa973cd4c4daa4f61eeb2bdbad27316534016f"; -# endif - -static char *pt(unsigned char *md); -int main(int argc, char *argv[]) -{ - int i, err = 0; - char **P, **R; - static unsigned char buf[1000]; - char *p, *r; - EVP_MD_CTX c; - unsigned char md[SHA_DIGEST_LENGTH]; - -# ifdef CHARSET_EBCDIC - ebcdic2ascii(test[0], test[0], strlen(test[0])); - ebcdic2ascii(test[1], test[1], strlen(test[1])); -# endif - - EVP_MD_CTX_init(&c); - P = test; - R = ret; - i = 1; - while (*P != NULL) { - EVP_Digest(*P, strlen(*P), md, NULL, EVP_sha(), NULL); - p = pt(md); - if (strcmp(p, *R) != 0) { - printf("error calculating SHA on '%s'\n", *P); - printf("got %s instead of %s\n", p, *R); - err++; - } else - printf("test %d ok\n", i); - i++; - R++; - P++; - } - - memset(buf, 'a', 1000); -# ifdef CHARSET_EBCDIC - ebcdic2ascii(buf, buf, 1000); -# endif /* CHARSET_EBCDIC */ - EVP_DigestInit_ex(&c, EVP_sha(), NULL); - for (i = 0; i < 1000; i++) - EVP_DigestUpdate(&c, buf, 1000); - EVP_DigestFinal_ex(&c, md, NULL); - p = pt(md); - - r = bigret; - if (strcmp(p, r) != 0) { - printf("error calculating SHA on '%s'\n", p); - printf("got %s instead of %s\n", p, r); - err++; - } else - printf("test 3 ok\n"); - -# ifdef OPENSSL_SYS_NETWARE - if (err) - printf("ERROR: %d\n", err); -# endif - EVP_MD_CTX_cleanup(&c); - EXIT(err); - return (0); -} - -static char *pt(unsigned char *md) -{ - int i; - static char buf[80]; - - for (i = 0; i < SHA_DIGEST_LENGTH; i++) - sprintf(&(buf[i * 2]), "%02x", md[i]); - return (buf); -} -#endif diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 13f7531..fae320f 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -97,9 +97,7 @@ # endif # endif -# ifndef OPENSSL_NO_SHA -# include -# endif +# include # include #ifdef __cplusplus @@ -280,9 +278,7 @@ struct x509_st { NAME_CONSTRAINTS *nc; STACK_OF(IPAddressFamily) *rfc3779_addr; struct ASIdentifiers_st *rfc3779_asid; -# ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -# endif X509_CERT_AUX *aux; } /* X509 */ ; @@ -453,9 +449,7 @@ struct X509_crl_st { /* CRL and base CRL numbers for delta processing */ ASN1_INTEGER *crl_number; ASN1_INTEGER *base_crl_number; -# ifndef OPENSSL_NO_SHA unsigned char sha1_hash[SHA_DIGEST_LENGTH]; -# endif STACK_OF(GENERAL_NAMES) *issuers; const X509_CRL_METHOD *meth; void *meth_data; diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index 49c71b9..04cecad 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -122,12 +122,10 @@ int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer)); } -#ifndef OPENSSL_NO_SHA int X509_CRL_match(const X509_CRL *a, const X509_CRL *b) { return memcmp(a->sha1_hash, b->sha1_hash, 20); } -#endif X509_NAME *X509_get_issuer_name(X509 *a) { @@ -168,7 +166,6 @@ unsigned long X509_subject_name_hash_old(X509 *x) } #endif -#ifndef OPENSSL_NO_SHA /* * Compare two certificates: they must be identical for this to work. NB: * Although "cmp" operations are generally prototyped to take "const" @@ -197,7 +194,6 @@ int X509_cmp(const X509 *a, const X509 *b) } return rv; } -#endif int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) { diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index dfc8c5b..b748e98 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -390,9 +390,7 @@ static void x509v3_cache_extensions(X509 *x) int i; if (x->ex_flags & EXFLAG_SET) return; -#ifndef OPENSSL_NO_SHA X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); -#endif /* V1 should mean no extensions ... */ if (!X509_get_version(x)) x->ex_flags |= EXFLAG_V1; diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index d9fada9..6605507 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -6,7 +6,7 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, -EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, +EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -49,7 +49,6 @@ EVP digest routines const EVP_MD *EVP_md_null(void); const EVP_MD *EVP_md2(void); const EVP_MD *EVP_md5(void); - const EVP_MD *EVP_sha(void); const EVP_MD *EVP_sha1(void); const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); @@ -134,9 +133,9 @@ return B. Since digests and signature algorithms are no longer linked this function is only retained for compatibility reasons. -EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(), +EVP_md2(), EVP_md5(), EVP_sha1(), EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B -structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 +structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 and RIPEMD160 digest algorithms respectively. EVP_dss() and EVP_dss1() return B structures for SHA and SHA1 digest @@ -165,7 +164,7 @@ corresponding OBJECT IDENTIFIER or NID_undef if none exists. EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and EVP_MD_CTX_block_size() return the digest or block size in bytes. -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the corresponding EVP_MD structures. @@ -269,7 +268,7 @@ EVP_MD_CTX_init(), EVP_MD_CTX_create(), EVP_MD_CTX_copy_ex(), EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were changed to return truly const EVP_MD * in OpenSSL 0.9.7. diff --git a/engines/e_sureware.c b/engines/e_sureware.c index dc3e21f..aae568a 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -946,13 +946,11 @@ static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, } memcpy(buf, to, tlen); /* transfert to into buf */ switch (padding) { /* check padding in software */ -# ifndef OPENSSL_NO_SHA case RSA_PKCS1_OAEP_PADDING: ret = RSA_padding_check_PKCS1_OAEP(to, tlen, (unsigned char *)buf, tlen, tlen, NULL, 0); break; -# endif case RSA_SSLV23_PADDING: ret = RSA_padding_check_SSLv23(to, tlen, (unsigned char *)buf, flen, diff --git a/makevms.com b/makevms.com index 4705346..331b1be 100755 --- a/makevms.com +++ b/makevms.com @@ -566,12 +566,6 @@ $ WRITE H_FILE "#undef SIXTEEN_BIT" $ WRITE H_FILE "#undef EIGHT_BIT" $ WRITE H_FILE "#endif" $! -$! Oddly enough, the following symbol is tested in crypto/sha/sha512.c -$! before sha.h gets included (and HEADER_SHA_H defined), so we will not -$! protect this one... -$ WRITE H_FILE "#undef OPENSSL_NO_SHA512" -$ WRITE H_FILE "#define OPENSSL_NO_SHA512" -$! $ WRITE H_FILE "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION" $ WRITE H_FILE "#define OPENSSL_EXPORT_VAR_AS_FUNCTION" $! diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index e5a04ac..53e3c87 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -328,9 +328,6 @@ static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out) l2n(sha1->h4, md_out); } -#define LARGEST_DIGEST_CTX SHA_CTX - -#ifndef OPENSSL_NO_SHA256 static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out) { SHA256_CTX *sha256 = ctx; @@ -341,11 +338,6 @@ static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out) } } -# undef LARGEST_DIGEST_CTX -# define LARGEST_DIGEST_CTX SHA256_CTX -#endif - -#ifndef OPENSSL_NO_SHA512 static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) { SHA512_CTX *sha512 = ctx; @@ -356,9 +348,8 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out) } } -# undef LARGEST_DIGEST_CTX -# define LARGEST_DIGEST_CTX SHA512_CTX -#endif +#undef LARGEST_DIGEST_CTX +#define LARGEST_DIGEST_CTX SHA512_CTX /* * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function @@ -371,14 +362,10 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx) switch (EVP_MD_CTX_type(ctx)) { case NID_md5: case NID_sha1: -#ifndef OPENSSL_NO_SHA256 case NID_sha224: case NID_sha256: -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: case NID_sha512: -#endif return 1; default: return 0; @@ -465,7 +452,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, (void (*)(void *ctx, const unsigned char *block))SHA1_Transform; md_size = 20; break; -#ifndef OPENSSL_NO_SHA256 case NID_sha224: SHA224_Init((SHA256_CTX *)md_state.c); md_final_raw = tls1_sha256_final_raw; @@ -480,8 +466,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, (void (*)(void *ctx, const unsigned char *block))SHA256_Transform; md_size = 32; break; -#endif -#ifndef OPENSSL_NO_SHA512 case NID_sha384: SHA384_Init((SHA512_CTX *)md_state.c); md_final_raw = tls1_sha512_final_raw; @@ -500,7 +484,6 @@ void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, md_block_size = 128; md_length_size = 16; break; -#endif default: /* * ssl3_cbc_record_digest_supported should have been called first to diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 93518b8..a383eee 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2225,11 +2225,7 @@ int ssl3_get_new_session_ticket(SSL *s) */ EVP_Digest(p, ticklen, s->session->session_id, &s->session->session_id_length, -# ifndef OPENSSL_NO_SHA256 EVP_sha256(), NULL); -# else - EVP_sha1(), NULL); -# endif ret = 1; return (ret); f_err: diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ccc418a..e929658 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3385,7 +3385,7 @@ int ssl3_send_newsession_ticket(SSL *s) EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, iv); HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + EVP_sha256(), NULL); memcpy(key_name, tctx->tlsext_tick_key_name, 16); } diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index fdf1481..3843aef 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -91,14 +91,10 @@ int SSL_library_init(void) EVP_add_cipher(EVP_aes_256_cbc()); EVP_add_cipher(EVP_aes_128_gcm()); EVP_add_cipher(EVP_aes_256_gcm()); -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1()); -# endif -# if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256) EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256()); EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256()); -# endif #endif #ifndef OPENSSL_NO_CAMELLIA EVP_add_cipher(EVP_camellia_128_cbc()); @@ -113,20 +109,14 @@ int SSL_library_init(void) EVP_add_digest(EVP_md5()); EVP_add_digest_alias(SN_md5, "ssl3-md5"); #endif -#ifndef OPENSSL_NO_SHA EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ EVP_add_digest_alias(SN_sha1, "ssl3-sha1"); EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA); -#endif -#ifndef OPENSSL_NO_SHA256 EVP_add_digest(EVP_sha224()); EVP_add_digest(EVP_sha256()); -#endif -#ifndef OPENSSL_NO_SHA512 EVP_add_digest(EVP_sha384()); EVP_add_digest(EVP_sha512()); -#endif -#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) +#if !defined(OPENSSL_NO_DSA) EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); @@ -135,11 +125,6 @@ int SSL_library_init(void) #ifndef OPENSSL_NO_ECDSA EVP_add_digest(EVP_ecdsa()); #endif - /* If you want support for phased out ciphers, add the following */ -#if 0 - EVP_add_digest(EVP_sha()); - EVP_add_digest(EVP_dss()); -#endif #ifndef OPENSSL_NO_COMP /* * This will initialise the built-in compression algorithms. The value diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f58a605..fcf5f8d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1329,11 +1329,6 @@ int tls1_process_heartbeat(SSL *s); int dtls1_process_heartbeat(SSL *s); # endif -# ifdef OPENSSL_NO_SHA256 -# define tlsext_tick_md EVP_sha1 -# else -# define tlsext_tick_md EVP_sha256 -# endif int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 115aab5..6a1ed6a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -906,17 +906,11 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) tlsext_sigalg_ecdsa(md) static const unsigned char tls12_sigalgs[] = { -# ifndef OPENSSL_NO_SHA512 tlsext_sigalg(TLSEXT_hash_sha512) tlsext_sigalg(TLSEXT_hash_sha384) -# endif -# ifndef OPENSSL_NO_SHA256 tlsext_sigalg(TLSEXT_hash_sha256) tlsext_sigalg(TLSEXT_hash_sha224) -# endif -# ifndef OPENSSL_NO_SHA tlsext_sigalg(TLSEXT_hash_sha1) -# endif }; # ifndef OPENSSL_NO_ECDSA @@ -3318,7 +3312,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) return 2; HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, - tlsext_tick_md(), NULL); + EVP_sha256(), NULL); EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, tctx->tlsext_tick_aes_key, etick + 16); } @@ -3462,25 +3456,11 @@ static const tls12_hash_info tls12_md_info[] = { # else {NID_md5, 64, EVP_md5}, # endif -# ifdef OPENSSL_NO_SHA - {NID_sha1, 80, 0}, -# else {NID_sha1, 80, EVP_sha1}, -# endif -# ifdef OPENSSL_NO_SHA256 - {NID_sha224, 112, 0}, - {NID_sha256, 128, 0}, -# else {NID_sha224, 112, EVP_sha224}, {NID_sha256, 128, EVP_sha256}, -# endif -# ifdef OPENSSL_NO_SHA512 - {NID_sha384, 192, 0}, - {NID_sha512, 256, 0} -# else {NID_sha384, 192, EVP_sha384}, {NID_sha512, 256, EVP_sha512} -# endif }; static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 07f6fdd..5424ed5 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -177,7 +177,7 @@ $no_static_engine = 0 if (!$shlib); $no_mdc2=1 if ($no_des); -$no_ssl3=1 if ($no_md5 || $no_sha); +$no_ssl3=1 if ($no_md5); $no_ssl3=1 if ($no_rsa && $no_dh); $out_def="out"; @@ -281,8 +281,6 @@ $cflags.=" -DOPENSSL_NO_RC5" if $no_rc5; $cflags.=" -DOPENSSL_NO_MD2" if $no_md2; $cflags.=" -DOPENSSL_NO_MD4" if $no_md4; $cflags.=" -DOPENSSL_NO_MD5" if $no_md5; -$cflags.=" -DOPENSSL_NO_SHA" if $no_sha; -$cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1; $cflags.=" -DOPENSSL_NO_RMD160" if $no_ripemd; $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2; $cflags.=" -DOPENSSL_NO_BF" if $no_bf; @@ -1123,8 +1121,6 @@ sub var_add @a=grep(!/_dhp$/, at a) if $no_dh; - @a=grep(!/(^sha[^1])|(_sha$)|(m_dss$)/, at a) if $no_sha; - @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1; @a=grep(!/_mdc2$/, at a) if $no_mdc2; @a=grep(!/(srp)/, at a) if $no_srp; @@ -1133,11 +1129,8 @@ sub var_add @a=grep(!/^hw$/, at a) if $no_hw; @a=grep(!/(^rsa$)|(^genrsa$)/, at a) if $no_rsa; @a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/, at a) if $no_dsa; - @a=grep(!/^gendsa$/, at a) if $no_sha1; @a=grep(!/(^dh$)|(^gendh$)/, at a) if $no_dh; - @a=grep(!/(^dh)|(_sha1$)|(m_dss1$)/, at a) if $no_sha1; - grep($_="$dir/$_", at a); @a=grep(!/(^|\/)s_/, at a) if $no_sock; @a=grep(!/(^|\/)bio_sock/, at a) if $no_sock; @@ -1409,8 +1402,6 @@ sub read_options "no-md2" => \$no_md2, "no-md4" => \$no_md4, "no-md5" => \$no_md5, - "no-sha" => \$no_sha, - "no-sha1" => \$no_sha1, "no-ripemd" => \$no_ripemd, "no-mdc2" => \$no_mdc2, "no-whirlpool" => \$no_whirlpool, @@ -1444,7 +1435,7 @@ sub read_options "no-hw" => \$no_hw, "just-ssl" => [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, - \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, + \$no_md2, \$no_mdc2, \$no_dsa, \$no_dh, \$no_err, \$no_ripemd, \$no_rc5, \$no_aes, \$no_camellia, \$no_seed, \$no_srp], "rsaref" => 0, diff --git a/util/mkdef.pl b/util/mkdef.pl index a6f64e3..1dbd555 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -972,7 +972,6 @@ sub do_defs $a .= ",RC4" if($s =~ /EVP_rc4/); $a .= ",RC5" if($s =~ /EVP_rc5/); $a .= ",RIPEMD" if($s =~ /EVP_ripemd/); - $a .= ",SHA" if($s =~ /EVP_sha/); $a .= ",RSA" if($s =~ /EVP_(Open|Seal)(Final|Init)/); $a .= ",RSA" if($s =~ /PEM_Seal(Final|Init|Update)/); $a .= ",RSA" if($s =~ /RSAPrivateKey/); From rsalz at openssl.org Tue Jan 27 20:14:55 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 21:14:55 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127201455.399C91DF118@butler.localdomain> The branch master has been updated via daa48704cc04c61cf8f3e74759a7a3139b6aff01 (commit) from 474e469bbd056aebcf7e7d3207ef820f2faed4ce (commit) - Log ----------------------------------------------------------------- commit daa48704cc04c61cf8f3e74759a7a3139b6aff01 Author: Rich Salz Date: Tue Jan 27 15:14:12 2015 -0500 OPENSSL_NO_XXX cleanup: NO_TLS, NO_TLS1 TLS and TLS1 are no longer optional. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/ciphers.c | 2 -- apps/s_client.c | 2 -- apps/s_server.c | 2 -- ssl/d1_pkt.c | 2 -- ssl/s23_meth.c | 2 -- ssl/s3_pkt.c | 2 -- ssl/ssltest.c | 8 -------- 7 files changed, 20 deletions(-) diff --git a/apps/ciphers.c b/apps/ciphers.c index f36db20..803b021 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -129,10 +129,8 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-ssl3") == 0) meth = SSLv3_client_method(); #endif -#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv, "-tls1") == 0) meth = TLSv1_client_method(); -#endif else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) { badops = 1; break; diff --git a/apps/s_client.c b/apps/s_client.c index 0c4e6bd..512c258 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -931,14 +931,12 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "-ssl3") == 0) meth = SSLv3_client_method(); #endif -#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv, "-tls1_2") == 0) meth = TLSv1_2_client_method(); else if (strcmp(*argv, "-tls1_1") == 0) meth = TLSv1_1_client_method(); else if (strcmp(*argv, "-tls1") == 0) meth = TLSv1_client_method(); -#endif #ifndef OPENSSL_NO_DTLS1 else if (strcmp(*argv, "-dtls") == 0) { meth = DTLS_client_method(); diff --git a/apps/s_server.c b/apps/s_server.c index e07df85..48ac6b3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1404,7 +1404,6 @@ int MAIN(int argc, char *argv[]) meth = SSLv3_server_method(); } #endif -#ifndef OPENSSL_NO_TLS1 else if (strcmp(*argv, "-tls1") == 0) { meth = TLSv1_server_method(); } else if (strcmp(*argv, "-tls1_1") == 0) { @@ -1412,7 +1411,6 @@ int MAIN(int argc, char *argv[]) } else if (strcmp(*argv, "-tls1_2") == 0) { meth = TLSv1_2_server_method(); } -#endif #ifndef OPENSSL_NO_DTLS1 else if (strcmp(*argv, "-dtls") == 0) { meth = DTLS_server_method(); diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 598002b..331a50f 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1343,13 +1343,11 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* TLS just ignores unknown message types */ if (s->version == TLS1_VERSION) { rr->length = 0; goto start; } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c index 05fb4f9..757c5a9 100644 --- a/ssl/s23_meth.c +++ b/ssl/s23_meth.c @@ -68,7 +68,6 @@ static const SSL_METHOD *ssl23_get_method(int ver) return (SSLv3_method()); else #endif -#ifndef OPENSSL_NO_TLS1 if (ver == TLS1_VERSION) return (TLSv1_method()); else if (ver == TLS1_1_VERSION) @@ -76,7 +75,6 @@ static const SSL_METHOD *ssl23_get_method(int ver) else if (ver == TLS1_2_VERSION) return (TLSv1_2_method()); else -#endif return (NULL); } diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 07adf0f..a8fd16c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1649,7 +1649,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) switch (rr->type) { default: -#ifndef OPENSSL_NO_TLS /* * TLS up to v1.1 just ignores unknown message types: TLS v1.2 give * an unexpected message alert. @@ -1658,7 +1657,6 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) rr->length = 0; goto start; } -#endif al = SSL_AD_UNEXPECTED_MESSAGE; SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_RECORD); goto f_err; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index a49fd86..0b4df3e 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -791,9 +791,7 @@ static void sv_usage(void) #ifndef OPENSSL_NO_SSL3_METHOD fprintf(stderr, " -ssl3 - use SSLv3\n"); #endif -#ifndef OPENSSL_NO_TLS1 fprintf(stderr, " -tls1 - use TLSv1\n"); -#endif fprintf(stderr, " -CApath arg - PEM format directory of CA's\n"); fprintf(stderr, " -CAfile arg - PEM format file of CA's\n"); fprintf(stderr, " -cert arg - Server certificate file\n"); @@ -1160,9 +1158,7 @@ int main(int argc, char *argv[]) } #endif else if (strcmp(*argv, "-tls1") == 0) { -#ifdef OPENSSL_NO_TLS1 no_protocol = 1; -#endif tls1 = 1; } else if (strcmp(*argv, "-ssl3") == 0) { #ifdef OPENSSL_NO_SSL3_METHOD @@ -1436,11 +1432,9 @@ int main(int argc, char *argv[]) meth = SSLv3_method(); else #endif -#ifndef OPENSSL_NO_TLS1 if (tls1) meth = TLSv1_method(); else -#endif meth = SSLv23_method(); c_ctx = SSL_CTX_new(meth); @@ -3204,7 +3198,6 @@ static int do_test_cipherlist(void) } fprintf(stderr, "ok\n"); #endif -#ifndef OPENSSL_NO_TLS1 fprintf(stderr, "testing TLSv1 cipher list order: "); meth = TLSv1_method(); tci = NULL; @@ -3217,7 +3210,6 @@ static int do_test_cipherlist(void) tci = ci; } fprintf(stderr, "ok\n"); -#endif return 1; } From kurt at openssl.org Tue Jan 27 20:15:49 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Tue, 27 Jan 2015 21:15:49 +0100 (CET) Subject: [openssl-commits] [web] master update Message-ID: <20150127201550.3C0F31DF118@butler.localdomain> The branch master has been updated via a043553a84caf3cb4334833186c29cf4de80fe00 (commit) from 511ed85c5c427f28957bf7123132c0fdc667e912 (commit) - Log ----------------------------------------------------------------- commit a043553a84caf3cb4334833186c29cf4de80fe00 Author: Kurt Roeckx Date: Tue Jan 27 21:14:45 2015 +0100 Fix affected versions CVE-2014-3569. It was broken by the fix for CVE-2014-3568. ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xml | 52 ---------------------------------------------- 1 file changed, 52 deletions(-) diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index 2a4b5d8..f13418b 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -120,60 +120,8 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - From rsalz at openssl.org Tue Jan 27 21:36:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 22:36:33 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150127213633.6F9311DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 324a9774928c362083ab581cbc9052ac0b787283 (commit) via 69aeb99f3277e97754a98285f8b92cf54dafd256 (commit) from 53e652ae447fd4eafb7763ca6e1d1254609af206 (commit) - Log ----------------------------------------------------------------- commit 324a9774928c362083ab581cbc9052ac0b787283 Author: Viktor Dkhovni Date: Fri Jan 23 15:39:40 2015 -0500 Replace exit() with error return. Reviewed-by: Tim Hudson commit 69aeb99f3277e97754a98285f8b92cf54dafd256 Author: Rich Salz Date: Tue Jan 27 16:35:55 2015 -0500 Revert "Remove engine_rsax and its asm file." This reverts commit 5226c62b7632dfaf38480919d406307318a7d145. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- crypto/bn/Makefile | 2 + crypto/bn/asm/modexp512-x86_64.pl | 1497 +++++++++++++++++++++++++++++++++++++ crypto/engine/Makefile | 18 +- crypto/engine/eng_all.c | 3 + crypto/engine/eng_rsax.c | 701 +++++++++++++++++ 6 files changed, 2220 insertions(+), 3 deletions(-) create mode 100644 crypto/bn/asm/modexp512-x86_64.pl create mode 100644 crypto/engine/eng_rsax.c diff --git a/Configure b/Configure index 02161d8..541be9e 100755 --- a/Configure +++ b/Configure @@ -128,7 +128,7 @@ my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt5 my $x86_elf_asm="$x86_asm:elf"; -my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:"; +my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:"; my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void"; my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void"; diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index e1452b3..6dd136b 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -102,6 +102,8 @@ x86_64-mont5.s: asm/x86_64-mont5.pl $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@ x86_64-gf2m.s: asm/x86_64-gf2m.pl $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@ +modexp512-x86_64.s: asm/modexp512-x86_64.pl + $(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@ bn-ia64.s: asm/ia64.S $(CC) $(CFLAGS) -E asm/ia64.S > $@ diff --git a/crypto/bn/asm/modexp512-x86_64.pl b/crypto/bn/asm/modexp512-x86_64.pl new file mode 100644 index 0000000..bfd6e97 --- /dev/null +++ b/crypto/bn/asm/modexp512-x86_64.pl @@ -0,0 +1,1497 @@ +#!/usr/bin/env perl +# +# Copyright (c) 2010-2011 Intel Corp. +# Author: Vinodh.Gopal at intel.com +# Jim Guilford +# Erdinc.Ozturk at intel.com +# Maxim.Perminov at intel.com +# +# More information about algorithm used can be found at: +# http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf +# +# ==================================================================== +# Copyright (c) 2011 The OpenSSL Project. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# +# 3. All advertising materials mentioning features or use of this +# software must display the following acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +# +# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +# endorse or promote products derived from this software without +# prior written permission. For written permission, please contact +# licensing at OpenSSL.org. +# +# 5. Products derived from this software may not be called "OpenSSL" +# nor may "OpenSSL" appear in their names without prior written +# permission of the OpenSSL Project. +# +# 6. Redistributions of any form whatsoever must retain the following +# acknowledgment: +# "This product includes software developed by the OpenSSL Project +# for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +# +# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +# OF THE POSSIBILITY OF SUCH DAMAGE. +# ==================================================================== + +$flavour = shift; +$output = shift; +if ($flavour =~ /\./) { $output = $flavour; undef $flavour; } + +my $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/); + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or +die "can't locate x86_64-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +use strict; +my $code=".text\n\n"; +my $m=0; + +# +# Define x512 macros +# + +#MULSTEP_512_ADD MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src1, src2, add_src, tmp1, tmp2 +# +# uses rax, rdx, and args +sub MULSTEP_512_ADD +{ + my ($x, $DST, $SRC2, $ASRC, $OP, $TMP)=@_; + my @X=@$x; # make a copy +$code.=<<___; + mov (+8*0)($SRC2), %rax + mul $OP # rdx:rax = %OP * [0] + mov ($ASRC), $X[0] + add %rax, $X[0] + adc \$0, %rdx + mov $X[0], $DST +___ +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov %rdx, $TMP + + mov (+8*$i)($SRC2), %rax + mul $OP # rdx:rax = %OP * [$i] + mov (+8*$i)($ASRC), $X[$i] + add %rax, $X[$i] + adc \$0, %rdx + add $TMP, $X[$i] + adc \$0, %rdx +___ +} +$code.=<<___; + mov %rdx, $X[0] +___ +} + +#MULSTEP_512 MACRO x7, x6, x5, x4, x3, x2, x1, x0, dst, src2, src1_val, tmp +# +# uses rax, rdx, and args +sub MULSTEP_512 +{ + my ($x, $DST, $SRC2, $OP, $TMP)=@_; + my @X=@$x; # make a copy +$code.=<<___; + mov (+8*0)($SRC2), %rax + mul $OP # rdx:rax = %OP * [0] + add %rax, $X[0] + adc \$0, %rdx + mov $X[0], $DST +___ +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov %rdx, $TMP + + mov (+8*$i)($SRC2), %rax + mul $OP # rdx:rax = %OP * [$i] + add %rax, $X[$i] + adc \$0, %rdx + add $TMP, $X[$i] + adc \$0, %rdx +___ +} +$code.=<<___; + mov %rdx, $X[0] +___ +} + +# +# Swizzle Macros +# + +# macro to copy data from flat space to swizzled table +#MACRO swizzle pDst, pSrc, tmp1, tmp2 +# pDst and pSrc are modified +sub swizzle +{ + my ($pDst, $pSrc, $cnt, $d0)=@_; +$code.=<<___; + mov \$8, $cnt +loop_$m: + mov ($pSrc), $d0 + mov $d0#w, ($pDst) + shr \$16, $d0 + mov $d0#w, (+64*1)($pDst) + shr \$16, $d0 + mov $d0#w, (+64*2)($pDst) + shr \$16, $d0 + mov $d0#w, (+64*3)($pDst) + lea 8($pSrc), $pSrc + lea 64*4($pDst), $pDst + dec $cnt + jnz loop_$m +___ + + $m++; +} + +# macro to copy data from swizzled table to flat space +#MACRO unswizzle pDst, pSrc, tmp*3 +sub unswizzle +{ + my ($pDst, $pSrc, $cnt, $d0, $d1)=@_; +$code.=<<___; + mov \$4, $cnt +loop_$m: + movzxw (+64*3+256*0)($pSrc), $d0 + movzxw (+64*3+256*1)($pSrc), $d1 + shl \$16, $d0 + shl \$16, $d1 + mov (+64*2+256*0)($pSrc), $d0#w + mov (+64*2+256*1)($pSrc), $d1#w + shl \$16, $d0 + shl \$16, $d1 + mov (+64*1+256*0)($pSrc), $d0#w + mov (+64*1+256*1)($pSrc), $d1#w + shl \$16, $d0 + shl \$16, $d1 + mov (+64*0+256*0)($pSrc), $d0#w + mov (+64*0+256*1)($pSrc), $d1#w + mov $d0, (+8*0)($pDst) + mov $d1, (+8*1)($pDst) + lea 256*2($pSrc), $pSrc + lea 8*2($pDst), $pDst + sub \$1, $cnt + jnz loop_$m +___ + + $m++; +} + +# +# Data Structures +# + +# Reduce Data +# +# +# Offset Value +# 0C0 Carries +# 0B8 X2[10] +# 0B0 X2[9] +# 0A8 X2[8] +# 0A0 X2[7] +# 098 X2[6] +# 090 X2[5] +# 088 X2[4] +# 080 X2[3] +# 078 X2[2] +# 070 X2[1] +# 068 X2[0] +# 060 X1[12] P[10] +# 058 X1[11] P[9] Z[8] +# 050 X1[10] P[8] Z[7] +# 048 X1[9] P[7] Z[6] +# 040 X1[8] P[6] Z[5] +# 038 X1[7] P[5] Z[4] +# 030 X1[6] P[4] Z[3] +# 028 X1[5] P[3] Z[2] +# 020 X1[4] P[2] Z[1] +# 018 X1[3] P[1] Z[0] +# 010 X1[2] P[0] Y[2] +# 008 X1[1] Q[1] Y[1] +# 000 X1[0] Q[0] Y[0] + +my $X1_offset = 0; # 13 qwords +my $X2_offset = $X1_offset + 13*8; # 11 qwords +my $Carries_offset = $X2_offset + 11*8; # 1 qword +my $Q_offset = 0; # 2 qwords +my $P_offset = $Q_offset + 2*8; # 11 qwords +my $Y_offset = 0; # 3 qwords +my $Z_offset = $Y_offset + 3*8; # 9 qwords + +my $Red_Data_Size = $Carries_offset + 1*8; # (25 qwords) + +# +# Stack Frame +# +# +# offset value +# ... +# ... +# 280 Garray + +# 278 tmp16[15] +# ... ... +# 200 tmp16[0] + +# 1F8 tmp[7] +# ... ... +# 1C0 tmp[0] + +# 1B8 GT[7] +# ... ... +# 180 GT[0] + +# 178 Reduce Data +# ... ... +# 0B8 Reduce Data +# 0B0 reserved +# 0A8 reserved +# 0A0 reserved +# 098 reserved +# 090 reserved +# 088 reduce result addr +# 080 exp[8] + +# ... +# 048 exp[1] +# 040 exp[0] + +# 038 reserved +# 030 loop_idx +# 028 pg +# 020 i +# 018 pData ; arg 4 +# 010 pG ; arg 2 +# 008 pResult ; arg 1 +# 000 rsp ; stack pointer before subtract + +my $rsp_offset = 0; +my $pResult_offset = 8*1 + $rsp_offset; +my $pG_offset = 8*1 + $pResult_offset; +my $pData_offset = 8*1 + $pG_offset; +my $i_offset = 8*1 + $pData_offset; +my $pg_offset = 8*1 + $i_offset; +my $loop_idx_offset = 8*1 + $pg_offset; +my $reserved1_offset = 8*1 + $loop_idx_offset; +my $exp_offset = 8*1 + $reserved1_offset; +my $red_result_addr_offset= 8*9 + $exp_offset; +my $reserved2_offset = 8*1 + $red_result_addr_offset; +my $Reduce_Data_offset = 8*5 + $reserved2_offset; +my $GT_offset = $Red_Data_Size + $Reduce_Data_offset; +my $tmp_offset = 8*8 + $GT_offset; +my $tmp16_offset = 8*8 + $tmp_offset; +my $garray_offset = 8*16 + $tmp16_offset; +my $mem_size = 8*8*32 + $garray_offset; + +# +# Offsets within Reduce Data +# +# +# struct MODF_2FOLD_MONT_512_C1_DATA { +# UINT64 t[8][8]; +# UINT64 m[8]; +# UINT64 m1[8]; /* 2^768 % m */ +# UINT64 m2[8]; /* 2^640 % m */ +# UINT64 k1[2]; /* (- 1/m) % 2^128 */ +# }; + +my $T = 0; +my $M = 512; # = 8 * 8 * 8 +my $M1 = 576; # = 8 * 8 * 9 /* += 8 * 8 */ +my $M2 = 640; # = 8 * 8 * 10 /* += 8 * 8 */ +my $K1 = 704; # = 8 * 8 * 11 /* += 8 * 8 */ + +# +# FUNCTIONS +# + +{{{ +# +# MULADD_128x512 : Function to multiply 128-bits (2 qwords) by 512-bits (8 qwords) +# and add 512-bits (8 qwords) +# to get 640 bits (10 qwords) +# Input: 128-bit mul source: [rdi+8*1], rbp +# 512-bit mul source: [rsi+8*n] +# 512-bit add source: r15, r14, ..., r9, r8 +# Output: r9, r8, r15, r14, r13, r12, r11, r10, [rcx+8*1], [rcx+8*0] +# Clobbers all regs except: rcx, rsi, rdi +$code.=<<___; +.type MULADD_128x512,\@abi-omnipotent +.align 16 +MULADD_128x512: +___ + &MULSTEP_512([map("%r$_",(8..15))], "(+8*0)(%rcx)", "%rsi", "%rbp", "%rbx"); +$code.=<<___; + mov (+8*1)(%rdi), %rbp +___ + &MULSTEP_512([map("%r$_",(9..15,8))], "(+8*1)(%rcx)", "%rsi", "%rbp", "%rbx"); +$code.=<<___; + ret +.size MULADD_128x512,.-MULADD_128x512 +___ +}}} + +{{{ +#MULADD_256x512 MACRO pDst, pA, pB, OP, TMP, X7, X6, X5, X4, X3, X2, X1, X0 +# +# Inputs: pDst: Destination (768 bits, 12 qwords) +# pA: Multiplicand (1024 bits, 16 qwords) +# pB: Multiplicand (512 bits, 8 qwords) +# Dst = Ah * B + Al +# where Ah is (in qwords) A[15:12] (256 bits) and Al is A[7:0] (512 bits) +# Results in X3 X2 X1 X0 X7 X6 X5 X4 Dst[3:0] +# Uses registers: arguments, RAX, RDX +sub MULADD_256x512 +{ + my ($pDst, $pA, $pB, $OP, $TMP, $X)=@_; +$code.=<<___; + mov (+8*12)($pA), $OP +___ + &MULSTEP_512_ADD($X, "(+8*0)($pDst)", $pB, $pA, $OP, $TMP); + push(@$X,shift(@$X)); + +$code.=<<___; + mov (+8*13)($pA), $OP +___ + &MULSTEP_512($X, "(+8*1)($pDst)", $pB, $OP, $TMP); + push(@$X,shift(@$X)); + +$code.=<<___; + mov (+8*14)($pA), $OP +___ + &MULSTEP_512($X, "(+8*2)($pDst)", $pB, $OP, $TMP); + push(@$X,shift(@$X)); + +$code.=<<___; + mov (+8*15)($pA), $OP +___ + &MULSTEP_512($X, "(+8*3)($pDst)", $pB, $OP, $TMP); + push(@$X,shift(@$X)); +} + +# +# mont_reduce(UINT64 *x, /* 1024 bits, 16 qwords */ +# UINT64 *m, /* 512 bits, 8 qwords */ +# MODF_2FOLD_MONT_512_C1_DATA *data, +# UINT64 *r) /* 512 bits, 8 qwords */ +# Input: x (number to be reduced): tmp16 (Implicit) +# m (modulus): [pM] (Implicit) +# data (reduce data): [pData] (Implicit) +# Output: r (result): Address in [red_res_addr] +# result also in: r9, r8, r15, r14, r13, r12, r11, r10 + +my @X=map("%r$_",(8..15)); + +$code.=<<___; +.type mont_reduce,\@abi-omnipotent +.align 16 +mont_reduce: +___ + +my $STACK_DEPTH = 8; + # + # X1 = Xh * M1 + Xl +$code.=<<___; + lea (+$Reduce_Data_offset+$X1_offset+$STACK_DEPTH)(%rsp), %rdi # pX1 (Dst) 769 bits, 13 qwords + mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rsi # pM1 (Bsrc) 512 bits, 8 qwords + add \$$M1, %rsi + lea (+$tmp16_offset+$STACK_DEPTH)(%rsp), %rcx # X (Asrc) 1024 bits, 16 qwords + +___ + + &MULADD_256x512("%rdi", "%rcx", "%rsi", "%rbp", "%rbx", \@X); # rotates @X 4 times + # results in r11, r10, r9, r8, r15, r14, r13, r12, X1[3:0] + +$code.=<<___; + xor %rax, %rax + # X1 += xl + add (+8*8)(%rcx), $X[4] + adc (+8*9)(%rcx), $X[5] + adc (+8*10)(%rcx), $X[6] + adc (+8*11)(%rcx), $X[7] + adc \$0, %rax + # X1 is now rax, r11-r8, r15-r12, tmp16[3:0] + + # + # check for carry ;; carry stored in rax + mov $X[4], (+8*8)(%rdi) # rdi points to X1 + mov $X[5], (+8*9)(%rdi) + mov $X[6], %rbp + mov $X[7], (+8*11)(%rdi) + + mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) + + mov (+8*0)(%rdi), $X[4] + mov (+8*1)(%rdi), $X[5] + mov (+8*2)(%rdi), $X[6] + mov (+8*3)(%rdi), $X[7] + + # X1 is now stored in: X1[11], rbp, X1[9:8], r15-r8 + # rdi -> X1 + # rsi -> M1 + + # + # X2 = Xh * M2 + Xl + # do first part (X2 = Xh * M2) + add \$8*10, %rdi # rdi -> pXh ; 128 bits, 2 qwords + # Xh is actually { [rdi+8*1], rbp } + add \$`$M2-$M1`, %rsi # rsi -> M2 + lea (+$Reduce_Data_offset+$X2_offset+$STACK_DEPTH)(%rsp), %rcx # rcx -> pX2 ; 641 bits, 11 qwords +___ + unshift(@X,pop(@X)); unshift(@X,pop(@X)); +$code.=<<___; + + call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 + # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] + mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rax + + # X2 += Xl + add (+8*8-8*10)(%rdi), $X[6] # (-8*10) is to adjust rdi -> Xh to Xl + adc (+8*9-8*10)(%rdi), $X[7] + mov $X[6], (+8*8)(%rcx) + mov $X[7], (+8*9)(%rcx) + + adc %rax, %rax + mov %rax, (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp) + + lea (+$Reduce_Data_offset+$Q_offset+$STACK_DEPTH)(%rsp), %rdi # rdi -> pQ ; 128 bits, 2 qwords + add \$`$K1-$M2`, %rsi # rsi -> pK1 ; 128 bits, 2 qwords + + # MUL_128x128t128 rdi, rcx, rsi ; Q = X2 * K1 (bottom half) + # B1:B0 = rsi[1:0] = K1[1:0] + # A1:A0 = rcx[1:0] = X2[1:0] + # Result = rdi[1],rbp = Q[1],rbp + mov (%rsi), %r8 # B0 + mov (+8*1)(%rsi), %rbx # B1 + + mov (%rcx), %rax # A0 + mul %r8 # B0 + mov %rax, %rbp + mov %rdx, %r9 + + mov (+8*1)(%rcx), %rax # A1 + mul %r8 # B0 + add %rax, %r9 + + mov (%rcx), %rax # A0 + mul %rbx # B1 + add %rax, %r9 + + mov %r9, (+8*1)(%rdi) + # end MUL_128x128t128 + + sub \$`$K1-$M`, %rsi + + mov (%rcx), $X[6] + mov (+8*1)(%rcx), $X[7] # r9:r8 = X2[1:0] + + call MULADD_128x512 # args in rcx, rdi / rbp, rsi, r15-r8 + # result in r9, r8, r15, r14, r13, r12, r11, r10, X2[1:0] + + # load first half of m to rdx, rdi, rbx, rax + # moved this here for efficiency + mov (+8*0)(%rsi), %rax + mov (+8*1)(%rsi), %rbx + mov (+8*2)(%rsi), %rdi + mov (+8*3)(%rsi), %rdx + + # continue with reduction + mov (+$Reduce_Data_offset+$Carries_offset+$STACK_DEPTH)(%rsp), %rbp + + add (+8*8)(%rcx), $X[6] + adc (+8*9)(%rcx), $X[7] + + #accumulate the final carry to rbp + adc %rbp, %rbp + + # Add in overflow corrections: R = (X2>>128) += T[overflow] + # R = {r9, r8, r15, r14, ..., r10} + shl \$3, %rbp + mov (+$pData_offset+$STACK_DEPTH)(%rsp), %rcx # rsi -> Data (and points to T) + add %rcx, %rbp # pT ; 512 bits, 8 qwords, spread out + + # rsi will be used to generate a mask after the addition + xor %rsi, %rsi + + add (+8*8*0)(%rbp), $X[0] + adc (+8*8*1)(%rbp), $X[1] + adc (+8*8*2)(%rbp), $X[2] + adc (+8*8*3)(%rbp), $X[3] + adc (+8*8*4)(%rbp), $X[4] + adc (+8*8*5)(%rbp), $X[5] + adc (+8*8*6)(%rbp), $X[6] + adc (+8*8*7)(%rbp), $X[7] + + # if there is a carry: rsi = 0xFFFFFFFFFFFFFFFF + # if carry is clear: rsi = 0x0000000000000000 + sbb \$0, %rsi + + # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m + and %rsi, %rax + and %rsi, %rbx + and %rsi, %rdi + and %rsi, %rdx + + mov \$1, %rbp + sub %rax, $X[0] + sbb %rbx, $X[1] + sbb %rdi, $X[2] + sbb %rdx, $X[3] + + # if there is a borrow: rbp = 0 + # if there is no borrow: rbp = 1 + # this is used to save the borrows in between the first half and the 2nd half of the subtraction of m + sbb \$0, %rbp + + #load second half of m to rdx, rdi, rbx, rax + + add \$$M, %rcx + mov (+8*4)(%rcx), %rax + mov (+8*5)(%rcx), %rbx + mov (+8*6)(%rcx), %rdi + mov (+8*7)(%rcx), %rdx + + # use the rsi mask as before + # if carry is clear, subtract 0. Otherwise, subtract 256 bits of m + and %rsi, %rax + and %rsi, %rbx + and %rsi, %rdi + and %rsi, %rdx + + # if rbp = 0, there was a borrow before, it is moved to the carry flag + # if rbp = 1, there was not a borrow before, carry flag is cleared + sub \$1, %rbp + + sbb %rax, $X[4] + sbb %rbx, $X[5] + sbb %rdi, $X[6] + sbb %rdx, $X[7] + + # write R back to memory + + mov (+$red_result_addr_offset+$STACK_DEPTH)(%rsp), %rsi + mov $X[0], (+8*0)(%rsi) + mov $X[1], (+8*1)(%rsi) + mov $X[2], (+8*2)(%rsi) + mov $X[3], (+8*3)(%rsi) + mov $X[4], (+8*4)(%rsi) + mov $X[5], (+8*5)(%rsi) + mov $X[6], (+8*6)(%rsi) + mov $X[7], (+8*7)(%rsi) + + ret +.size mont_reduce,.-mont_reduce +___ +}}} + +{{{ +#MUL_512x512 MACRO pDst, pA, pB, x7, x6, x5, x4, x3, x2, x1, x0, tmp*2 +# +# Inputs: pDst: Destination (1024 bits, 16 qwords) +# pA: Multiplicand (512 bits, 8 qwords) +# pB: Multiplicand (512 bits, 8 qwords) +# Uses registers rax, rdx, args +# B operand in [pB] and also in x7...x0 +sub MUL_512x512 +{ + my ($pDst, $pA, $pB, $x, $OP, $TMP, $pDst_o)=@_; + my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); + my @X=@$x; # make a copy + +$code.=<<___; + mov (+8*0)($pA), $OP + + mov $X[0], %rax + mul $OP # rdx:rax = %OP * [0] + mov %rax, (+$pDst_o+8*0)($pDst) + mov %rdx, $X[0] +___ +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov $X[$i], %rax + mul $OP # rdx:rax = %OP * [$i] + add %rax, $X[$i-1] + adc \$0, %rdx + mov %rdx, $X[$i] +___ +} + +for(my $i=1;$i<8;$i++) { +$code.=<<___; + mov (+8*$i)($pA), $OP +___ + + &MULSTEP_512(\@X, "(+$pDst_o+8*$i)($pDst)", $pB, $OP, $TMP); + push(@X,shift(@X)); +} + +$code.=<<___; + mov $X[0], (+$pDst_o+8*8)($pDst) + mov $X[1], (+$pDst_o+8*9)($pDst) + mov $X[2], (+$pDst_o+8*10)($pDst) + mov $X[3], (+$pDst_o+8*11)($pDst) + mov $X[4], (+$pDst_o+8*12)($pDst) + mov $X[5], (+$pDst_o+8*13)($pDst) + mov $X[6], (+$pDst_o+8*14)($pDst) + mov $X[7], (+$pDst_o+8*15)($pDst) +___ +} + +# +# mont_mul_a3b : subroutine to compute (Src1 * Src2) % M (all 512-bits) +# Input: src1: Address of source 1: rdi +# src2: Address of source 2: rsi +# Output: dst: Address of destination: [red_res_addr] +# src2 and result also in: r9, r8, r15, r14, r13, r12, r11, r10 +# Temp: Clobbers [tmp16], all registers +$code.=<<___; +.type mont_mul_a3b,\@abi-omnipotent +.align 16 +mont_mul_a3b: + # + # multiply tmp = src1 * src2 + # For multiply: dst = rcx, src1 = rdi, src2 = rsi + # stack depth is extra 8 from call +___ + &MUL_512x512("%rsp+$tmp16_offset+8", "%rdi", "%rsi", [map("%r$_",(10..15,8..9))], "%rbp", "%rbx"); +$code.=<<___; + # + # Dst = tmp % m + # Call reduce(tmp, m, data, dst) + + # tail recursion optimization: jmp to mont_reduce and return from there + jmp mont_reduce + # call mont_reduce + # ret +.size mont_mul_a3b,.-mont_mul_a3b +___ +}}} + +{{{ +#SQR_512 MACRO pDest, pA, x7, x6, x5, x4, x3, x2, x1, x0, tmp*4 +# +# Input in memory [pA] and also in x7...x0 +# Uses all argument registers plus rax and rdx +# +# This version computes all of the off-diagonal terms into memory, +# and then it adds in the diagonal terms + +sub SQR_512 +{ + my ($pDst, $pA, $x, $A, $tmp, $x7, $x6, $pDst_o)=@_; + my ($pDst, $pDst_o) = ($pDst =~ m/([^+]*)\+?(.*)?/); + my @X=@$x; # make a copy +$code.=<<___; + # ------------------ + # first pass 01...07 + # ------------------ + mov $X[0], $A + + mov $X[1],%rax + mul $A + mov %rax, (+$pDst_o+8*1)($pDst) +___ +for(my $i=2;$i<8;$i++) { +$code.=<<___; + mov %rdx, $X[$i-2] + mov $X[$i],%rax + mul $A + add %rax, $X[$i-2] + adc \$0, %rdx +___ +} +$code.=<<___; + mov %rdx, $x7 + + mov $X[0], (+$pDst_o+8*2)($pDst) + + # ------------------ + # second pass 12...17 + # ------------------ + + mov (+8*1)($pA), $A + + mov (+8*2)($pA),%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + mov $X[1], (+$pDst_o+8*3)($pDst) + + mov %rdx, $X[0] + mov (+8*3)($pA),%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + add $X[0], $X[2] + adc \$0, %rdx + mov $X[2], (+$pDst_o+8*4)($pDst) + + mov %rdx, $X[0] + mov (+8*4)($pA),%rax + mul $A + add %rax, $X[3] + adc \$0, %rdx + add $X[0], $X[3] + adc \$0, %rdx + + mov %rdx, $X[0] + mov (+8*5)($pA),%rax + mul $A + add %rax, $X[4] + adc \$0, %rdx + add $X[0], $X[4] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + add $X[0], $X[5] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $x7 + adc \$0, %rdx + add $X[0], $x7 + adc \$0, %rdx + + mov %rdx, $X[1] + + # ------------------ + # third pass 23...27 + # ------------------ + mov (+8*2)($pA), $A + + mov (+8*3)($pA),%rax + mul $A + add %rax, $X[3] + adc \$0, %rdx + mov $X[3], (+$pDst_o+8*5)($pDst) + + mov %rdx, $X[0] + mov (+8*4)($pA),%rax + mul $A + add %rax, $X[4] + adc \$0, %rdx + add $X[0], $X[4] + adc \$0, %rdx + mov $X[4], (+$pDst_o+8*6)($pDst) + + mov %rdx, $X[0] + mov (+8*5)($pA),%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + add $X[0], $X[5] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $x7 + adc \$0, %rdx + add $X[0], $x7 + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + add $X[0], $X[1] + adc \$0, %rdx + + mov %rdx, $X[2] + + # ------------------ + # fourth pass 34...37 + # ------------------ + + mov (+8*3)($pA), $A + + mov (+8*4)($pA),%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + mov $X[5], (+$pDst_o+8*7)($pDst) + + mov %rdx, $X[0] + mov (+8*5)($pA),%rax + mul $A + add %rax, $x7 + adc \$0, %rdx + add $X[0], $x7 + adc \$0, %rdx + mov $x7, (+$pDst_o+8*8)($pDst) + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + add $X[0], $X[1] + adc \$0, %rdx + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + add $X[0], $X[2] + adc \$0, %rdx + + mov %rdx, $X[5] + + # ------------------ + # fifth pass 45...47 + # ------------------ + mov (+8*4)($pA), $A + + mov (+8*5)($pA),%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + mov $X[1], (+$pDst_o+8*9)($pDst) + + mov %rdx, $X[0] + mov $X[6],%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + add $X[0], $X[2] + adc \$0, %rdx + mov $X[2], (+$pDst_o+8*10)($pDst) + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + add $X[0], $X[5] + adc \$0, %rdx + + mov %rdx, $X[1] + + # ------------------ + # sixth pass 56...57 + # ------------------ + mov (+8*5)($pA), $A + + mov $X[6],%rax + mul $A + add %rax, $X[5] + adc \$0, %rdx + mov $X[5], (+$pDst_o+8*11)($pDst) + + mov %rdx, $X[0] + mov $X[7],%rax + mul $A + add %rax, $X[1] + adc \$0, %rdx + add $X[0], $X[1] + adc \$0, %rdx + mov $X[1], (+$pDst_o+8*12)($pDst) + + mov %rdx, $X[2] + + # ------------------ + # seventh pass 67 + # ------------------ + mov $X[6], $A + + mov $X[7],%rax + mul $A + add %rax, $X[2] + adc \$0, %rdx + mov $X[2], (+$pDst_o+8*13)($pDst) + + mov %rdx, (+$pDst_o+8*14)($pDst) + + # start finalize (add in squares, and double off-terms) + mov (+$pDst_o+8*1)($pDst), $X[0] + mov (+$pDst_o+8*2)($pDst), $X[1] + mov (+$pDst_o+8*3)($pDst), $X[2] + mov (+$pDst_o+8*4)($pDst), $X[3] + mov (+$pDst_o+8*5)($pDst), $X[4] + mov (+$pDst_o+8*6)($pDst), $X[5] + + mov (+8*3)($pA), %rax + mul %rax + mov %rax, $x6 + mov %rdx, $X[6] + + add $X[0], $X[0] + adc $X[1], $X[1] + adc $X[2], $X[2] + adc $X[3], $X[3] + adc $X[4], $X[4] + adc $X[5], $X[5] + adc \$0, $X[6] + + mov (+8*0)($pA), %rax + mul %rax + mov %rax, (+$pDst_o+8*0)($pDst) + mov %rdx, $A + + mov (+8*1)($pA), %rax + mul %rax + + add $A, $X[0] + adc %rax, $X[1] + adc \$0, %rdx + + mov %rdx, $A + mov $X[0], (+$pDst_o+8*1)($pDst) + mov $X[1], (+$pDst_o+8*2)($pDst) + + mov (+8*2)($pA), %rax + mul %rax + + add $A, $X[2] + adc %rax, $X[3] + adc \$0, %rdx + + mov %rdx, $A + + mov $X[2], (+$pDst_o+8*3)($pDst) + mov $X[3], (+$pDst_o+8*4)($pDst) + + xor $tmp, $tmp + add $A, $X[4] + adc $x6, $X[5] + adc \$0, $tmp + + mov $X[4], (+$pDst_o+8*5)($pDst) + mov $X[5], (+$pDst_o+8*6)($pDst) + + # %%tmp has 0/1 in column 7 + # %%A6 has a full value in column 7 + + mov (+$pDst_o+8*7)($pDst), $X[0] + mov (+$pDst_o+8*8)($pDst), $X[1] + mov (+$pDst_o+8*9)($pDst), $X[2] + mov (+$pDst_o+8*10)($pDst), $X[3] + mov (+$pDst_o+8*11)($pDst), $X[4] + mov (+$pDst_o+8*12)($pDst), $X[5] + mov (+$pDst_o+8*13)($pDst), $x6 + mov (+$pDst_o+8*14)($pDst), $x7 + + mov $X[7], %rax + mul %rax + mov %rax, $X[7] + mov %rdx, $A + + add $X[0], $X[0] + adc $X[1], $X[1] + adc $X[2], $X[2] + adc $X[3], $X[3] + adc $X[4], $X[4] + adc $X[5], $X[5] + adc $x6, $x6 + adc $x7, $x7 + adc \$0, $A + + add $tmp, $X[0] + + mov (+8*4)($pA), %rax + mul %rax + + add $X[6], $X[0] + adc %rax, $X[1] + adc \$0, %rdx + + mov %rdx, $tmp + + mov $X[0], (+$pDst_o+8*7)($pDst) + mov $X[1], (+$pDst_o+8*8)($pDst) + + mov (+8*5)($pA), %rax + mul %rax + + add $tmp, $X[2] + adc %rax, $X[3] + adc \$0, %rdx + + mov %rdx, $tmp + + mov $X[2], (+$pDst_o+8*9)($pDst) + mov $X[3], (+$pDst_o+8*10)($pDst) + + mov (+8*6)($pA), %rax + mul %rax + + add $tmp, $X[4] + adc %rax, $X[5] + adc \$0, %rdx + + mov $X[4], (+$pDst_o+8*11)($pDst) + mov $X[5], (+$pDst_o+8*12)($pDst) + + add %rdx, $x6 + adc $X[7], $x7 + adc \$0, $A + + mov $x6, (+$pDst_o+8*13)($pDst) + mov $x7, (+$pDst_o+8*14)($pDst) + mov $A, (+$pDst_o+8*15)($pDst) +___ +} + +# +# sqr_reduce: subroutine to compute Result = reduce(Result * Result) +# +# input and result also in: r9, r8, r15, r14, r13, r12, r11, r10 +# +$code.=<<___; +.type sqr_reduce,\@abi-omnipotent +.align 16 +sqr_reduce: + mov (+$pResult_offset+8)(%rsp), %rcx +___ + &SQR_512("%rsp+$tmp16_offset+8", "%rcx", [map("%r$_",(10..15,8..9))], "%rbx", "%rbp", "%rsi", "%rdi"); +$code.=<<___; + # tail recursion optimization: jmp to mont_reduce and return from there + jmp mont_reduce + # call mont_reduce + # ret +.size sqr_reduce,.-sqr_reduce +___ +}}} + +# +# MAIN FUNCTION +# + +#mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ +# UINT64 *g, /* 512 bits, 8 qwords */ +# UINT64 *exp, /* 512 bits, 8 qwords */ +# struct mod_ctx_512 *data) + +# window size = 5 +# table size = 2^5 = 32 +#table_entries equ 32 +#table_size equ table_entries * 8 +$code.=<<___; +.globl mod_exp_512 +.type mod_exp_512,\@function,4 +mod_exp_512: + push %rbp + push %rbx + push %r12 + push %r13 + push %r14 + push %r15 + + # adjust stack down and then align it with cache boundary + mov %rsp, %r8 + sub \$$mem_size, %rsp + and \$-64, %rsp + + # store previous stack pointer and arguments + mov %r8, (+$rsp_offset)(%rsp) + mov %rdi, (+$pResult_offset)(%rsp) + mov %rsi, (+$pG_offset)(%rsp) + mov %rcx, (+$pData_offset)(%rsp) +.Lbody: + # transform g into montgomery space + # GT = reduce(g * C2) = reduce(g * (2^256)) + # reduce expects to have the input in [tmp16] + pxor %xmm4, %xmm4 + movdqu (+16*0)(%rsi), %xmm0 + movdqu (+16*1)(%rsi), %xmm1 + movdqu (+16*2)(%rsi), %xmm2 + movdqu (+16*3)(%rsi), %xmm3 + movdqa %xmm4, (+$tmp16_offset+16*0)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*1)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) + movdqa %xmm0, (+$tmp16_offset+16*2)(%rsp) + movdqa %xmm1, (+$tmp16_offset+16*3)(%rsp) + movdqa %xmm2, (+$tmp16_offset+16*4)(%rsp) + movdqa %xmm3, (+$tmp16_offset+16*5)(%rsp) + + # load pExp before rdx gets blown away + movdqu (+16*0)(%rdx), %xmm0 + movdqu (+16*1)(%rdx), %xmm1 + movdqu (+16*2)(%rdx), %xmm2 + movdqu (+16*3)(%rdx), %xmm3 + + lea (+$GT_offset)(%rsp), %rbx + mov %rbx, (+$red_result_addr_offset)(%rsp) + call mont_reduce + + # Initialize tmp = C + lea (+$tmp_offset)(%rsp), %rcx + xor %rax, %rax + mov %rax, (+8*0)(%rcx) + mov %rax, (+8*1)(%rcx) + mov %rax, (+8*3)(%rcx) + mov %rax, (+8*4)(%rcx) + mov %rax, (+8*5)(%rcx) + mov %rax, (+8*6)(%rcx) + mov %rax, (+8*7)(%rcx) + mov %rax, (+$exp_offset+8*8)(%rsp) + movq \$1, (+8*2)(%rcx) + + lea (+$garray_offset)(%rsp), %rbp + mov %rcx, %rsi # pTmp + mov %rbp, %rdi # Garray[][0] +___ + + &swizzle("%rdi", "%rcx", "%rax", "%rbx"); + + # for (rax = 31; rax != 0; rax--) { + # tmp = reduce(tmp * G) + # swizzle(pg, tmp); + # pg += 2; } +$code.=<<___; + mov \$31, %rax + mov %rax, (+$i_offset)(%rsp) + mov %rbp, (+$pg_offset)(%rsp) + # rsi -> pTmp + mov %rsi, (+$red_result_addr_offset)(%rsp) + mov (+8*0)(%rsi), %r10 + mov (+8*1)(%rsi), %r11 + mov (+8*2)(%rsi), %r12 + mov (+8*3)(%rsi), %r13 + mov (+8*4)(%rsi), %r14 + mov (+8*5)(%rsi), %r15 + mov (+8*6)(%rsi), %r8 + mov (+8*7)(%rsi), %r9 +init_loop: + lea (+$GT_offset)(%rsp), %rdi + call mont_mul_a3b + lea (+$tmp_offset)(%rsp), %rsi + mov (+$pg_offset)(%rsp), %rbp + add \$2, %rbp + mov %rbp, (+$pg_offset)(%rsp) + mov %rsi, %rcx # rcx = rsi = addr of tmp +___ + + &swizzle("%rbp", "%rcx", "%rax", "%rbx"); +$code.=<<___; + mov (+$i_offset)(%rsp), %rax + sub \$1, %rax + mov %rax, (+$i_offset)(%rsp) + jne init_loop + + # + # Copy exponent onto stack + movdqa %xmm0, (+$exp_offset+16*0)(%rsp) + movdqa %xmm1, (+$exp_offset+16*1)(%rsp) + movdqa %xmm2, (+$exp_offset+16*2)(%rsp) + movdqa %xmm3, (+$exp_offset+16*3)(%rsp) + + + # + # Do exponentiation + # Initialize result to G[exp{511:507}] + mov (+$exp_offset+62)(%rsp), %eax + mov %rax, %rdx + shr \$11, %rax + and \$0x07FF, %edx + mov %edx, (+$exp_offset+62)(%rsp) + lea (+$garray_offset)(%rsp,%rax,2), %rsi + mov (+$pResult_offset)(%rsp), %rdx +___ + + &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); + + # + # Loop variables + # rcx = [loop_idx] = index: 510-5 to 0 by 5 +$code.=<<___; + movq \$505, (+$loop_idx_offset)(%rsp) + + mov (+$pResult_offset)(%rsp), %rcx + mov %rcx, (+$red_result_addr_offset)(%rsp) + mov (+8*0)(%rcx), %r10 + mov (+8*1)(%rcx), %r11 + mov (+8*2)(%rcx), %r12 + mov (+8*3)(%rcx), %r13 + mov (+8*4)(%rcx), %r14 + mov (+8*5)(%rcx), %r15 + mov (+8*6)(%rcx), %r8 + mov (+8*7)(%rcx), %r9 + jmp sqr_2 + +main_loop_a3b: + call sqr_reduce + call sqr_reduce + call sqr_reduce +sqr_2: + call sqr_reduce + call sqr_reduce + + # + # Do multiply, first look up proper value in Garray + mov (+$loop_idx_offset)(%rsp), %rcx # bit index + mov %rcx, %rax + shr \$4, %rax # rax is word pointer + mov (+$exp_offset)(%rsp,%rax,2), %edx + and \$15, %rcx + shrq %cl, %rdx + and \$0x1F, %rdx + + lea (+$garray_offset)(%rsp,%rdx,2), %rsi + lea (+$tmp_offset)(%rsp), %rdx + mov %rdx, %rdi +___ + + &unswizzle("%rdx", "%rsi", "%rbp", "%rbx", "%rax"); + # rdi = tmp = pG + + # + # Call mod_mul_a1(pDst, pSrc1, pSrc2, pM, pData) + # result result pG M Data +$code.=<<___; + mov (+$pResult_offset)(%rsp), %rsi + call mont_mul_a3b + + # + # finish loop + mov (+$loop_idx_offset)(%rsp), %rcx + sub \$5, %rcx + mov %rcx, (+$loop_idx_offset)(%rsp) + jge main_loop_a3b + + # + +end_main_loop_a3b: + # transform result out of Montgomery space + # result = reduce(result) + mov (+$pResult_offset)(%rsp), %rdx + pxor %xmm4, %xmm4 + movdqu (+16*0)(%rdx), %xmm0 + movdqu (+16*1)(%rdx), %xmm1 + movdqu (+16*2)(%rdx), %xmm2 + movdqu (+16*3)(%rdx), %xmm3 + movdqa %xmm4, (+$tmp16_offset+16*4)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*5)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*6)(%rsp) + movdqa %xmm4, (+$tmp16_offset+16*7)(%rsp) + movdqa %xmm0, (+$tmp16_offset+16*0)(%rsp) + movdqa %xmm1, (+$tmp16_offset+16*1)(%rsp) + movdqa %xmm2, (+$tmp16_offset+16*2)(%rsp) + movdqa %xmm3, (+$tmp16_offset+16*3)(%rsp) + call mont_reduce + + # If result > m, subract m + # load result into r15:r8 + mov (+$pResult_offset)(%rsp), %rax + mov (+8*0)(%rax), %r8 + mov (+8*1)(%rax), %r9 + mov (+8*2)(%rax), %r10 + mov (+8*3)(%rax), %r11 + mov (+8*4)(%rax), %r12 + mov (+8*5)(%rax), %r13 + mov (+8*6)(%rax), %r14 + mov (+8*7)(%rax), %r15 + + # subtract m + mov (+$pData_offset)(%rsp), %rbx + add \$$M, %rbx + + sub (+8*0)(%rbx), %r8 + sbb (+8*1)(%rbx), %r9 + sbb (+8*2)(%rbx), %r10 + sbb (+8*3)(%rbx), %r11 + sbb (+8*4)(%rbx), %r12 + sbb (+8*5)(%rbx), %r13 + sbb (+8*6)(%rbx), %r14 + sbb (+8*7)(%rbx), %r15 + + # if Carry is clear, replace result with difference + mov (+8*0)(%rax), %rsi + mov (+8*1)(%rax), %rdi + mov (+8*2)(%rax), %rcx + mov (+8*3)(%rax), %rdx + cmovnc %r8, %rsi + cmovnc %r9, %rdi + cmovnc %r10, %rcx + cmovnc %r11, %rdx + mov %rsi, (+8*0)(%rax) + mov %rdi, (+8*1)(%rax) + mov %rcx, (+8*2)(%rax) + mov %rdx, (+8*3)(%rax) + + mov (+8*4)(%rax), %rsi + mov (+8*5)(%rax), %rdi + mov (+8*6)(%rax), %rcx + mov (+8*7)(%rax), %rdx + cmovnc %r12, %rsi + cmovnc %r13, %rdi + cmovnc %r14, %rcx + cmovnc %r15, %rdx + mov %rsi, (+8*4)(%rax) + mov %rdi, (+8*5)(%rax) + mov %rcx, (+8*6)(%rax) + mov %rdx, (+8*7)(%rax) + + mov (+$rsp_offset)(%rsp), %rsi + mov 0(%rsi),%r15 + mov 8(%rsi),%r14 + mov 16(%rsi),%r13 + mov 24(%rsi),%r12 + mov 32(%rsi),%rbx + mov 40(%rsi),%rbp + lea 48(%rsi),%rsp +.Lepilogue: + ret +.size mod_exp_512, . - mod_exp_512 +___ + +if ($win64) { +# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, +# CONTEXT *context,DISPATCHER_CONTEXT *disp) +my $rec="%rcx"; +my $frame="%rdx"; +my $context="%r8"; +my $disp="%r9"; + +$code.=<<___; +.extern __imp_RtlVirtualUnwind +.type mod_exp_512_se_handler,\@abi-omnipotent +.align 16 +mod_exp_512_se_handler: + push %rsi + push %rdi + push %rbx + push %rbp + push %r12 + push %r13 + push %r14 + push %r15 + pushfq + sub \$64,%rsp + + mov 120($context),%rax # pull context->Rax + mov 248($context),%rbx # pull context->Rip + + lea .Lbody(%rip),%r10 + cmp %r10,%rbx # context->RipRsp + + lea .Lepilogue(%rip),%r10 + cmp %r10,%rbx # context->Rip>=epilogue label + jae .Lin_prologue + + mov $rsp_offset(%rax),%rax # pull saved Rsp + + mov 32(%rax),%rbx + mov 40(%rax),%rbp + mov 24(%rax),%r12 + mov 16(%rax),%r13 + mov 8(%rax),%r14 + mov 0(%rax),%r15 + lea 48(%rax),%rax + mov %rbx,144($context) # restore context->Rbx + mov %rbp,160($context) # restore context->Rbp + mov %r12,216($context) # restore context->R12 + mov %r13,224($context) # restore context->R13 + mov %r14,232($context) # restore context->R14 + mov %r15,240($context) # restore context->R15 + +.Lin_prologue: + mov 8(%rax),%rdi + mov 16(%rax),%rsi + mov %rax,152($context) # restore context->Rsp + mov %rsi,168($context) # restore context->Rsi + mov %rdi,176($context) # restore context->Rdi + + mov 40($disp),%rdi # disp->ContextRecord + mov $context,%rsi # context + mov \$154,%ecx # sizeof(CONTEXT) + .long 0xa548f3fc # cld; rep movsq + + mov $disp,%rsi + xor %rcx,%rcx # arg1, UNW_FLAG_NHANDLER + mov 8(%rsi),%rdx # arg2, disp->ImageBase + mov 0(%rsi),%r8 # arg3, disp->ControlPc + mov 16(%rsi),%r9 # arg4, disp->FunctionEntry + mov 40(%rsi),%r10 # disp->ContextRecord + lea 56(%rsi),%r11 # &disp->HandlerData + lea 24(%rsi),%r12 # &disp->EstablisherFrame + mov %r10,32(%rsp) # arg5 + mov %r11,40(%rsp) # arg6 + mov %r12,48(%rsp) # arg7 + mov %rcx,56(%rsp) # arg8, (NULL) + call *__imp_RtlVirtualUnwind(%rip) + + mov \$1,%eax # ExceptionContinueSearch + add \$64,%rsp + popfq + pop %r15 + pop %r14 + pop %r13 + pop %r12 + pop %rbp + pop %rbx + pop %rdi + pop %rsi + ret +.size mod_exp_512_se_handler,.-mod_exp_512_se_handler + +.section .pdata +.align 4 + .rva .LSEH_begin_mod_exp_512 + .rva .LSEH_end_mod_exp_512 + .rva .LSEH_info_mod_exp_512 + +.section .xdata +.align 8 +.LSEH_info_mod_exp_512: + .byte 9,0,0,0 + .rva mod_exp_512_se_handler +___ +} + +sub reg_part { +my ($reg,$conv)=@_; + if ($reg =~ /%r[0-9]+/) { $reg .= $conv; } + elsif ($conv eq "b") { $reg =~ s/%[er]([^x]+)x?/%$1l/; } + elsif ($conv eq "w") { $reg =~ s/%[er](.+)/%$1/; } + elsif ($conv eq "d") { $reg =~ s/%[er](.+)/%e$1/; } + return $reg; +} + +$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem; +$code =~ s/\`([^\`]*)\`/eval $1/gem; +$code =~ s/(\(\+[^)]+\))/eval $1/gem; +print $code; +close STDOUT; diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 2ee6c72..d29bdd0 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -22,13 +22,13 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \ tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \ tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \ - eng_rdrand.c + eng_rsax.c eng_rdrand.c LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \ eng_table.o eng_pkey.o eng_fat.o eng_all.o \ tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \ tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \ - eng_rdrand.o + eng_rsax.o eng_rdrand.o SRC= $(LIBSRC) @@ -265,6 +265,20 @@ eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h eng_rdrand.o: eng_rdrand.c +eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h +eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h +eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h +eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h +eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +eng_rsax.o: eng_rsax.c eng_table.o: ../../e_os.h ../../include/openssl/asn1.h eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index 195a3a9..7edf12e 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -76,6 +76,9 @@ void ENGINE_load_builtin_engines(void) #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)) ENGINE_load_cryptodev(); #endif +#ifndef OPENSSL_NO_RSAX + ENGINE_load_rsax(); +#endif #ifndef OPENSSL_NO_RDRAND ENGINE_load_rdrand(); #endif diff --git a/crypto/engine/eng_rsax.c b/crypto/engine/eng_rsax.c new file mode 100644 index 0000000..86ee9d8 --- /dev/null +++ b/crypto/engine/eng_rsax.c @@ -0,0 +1,701 @@ +/* crypto/engine/eng_rsax.c */ +/* Copyright (c) 2010-2010 Intel Corp. + * Author: Vinodh.Gopal at intel.com + * Jim Guilford + * Erdinc.Ozturk at intel.com + * Maxim.Perminov at intel.com + * Ying.Huang at intel.com + * + * More information about algorithm used can be found at: + * http://www.cse.buffalo.edu/srds2009/escs2009_submission_Gopal.pdf + */ +/* ==================================================================== + * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + */ + +#include + +#include +#include +#include +#include +#include +#ifndef OPENSSL_NO_RSA +# include +#endif +#include +#include + +/* RSAX is available **ONLY* on x86_64 CPUs */ +#undef COMPILE_RSAX + +#if (defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined (_M_X64)) && !defined(OPENSSL_NO_ASM) +# define COMPILE_RSAX +static ENGINE *ENGINE_rsax(void); +#endif + +void ENGINE_load_rsax(void) +{ +/* On non-x86 CPUs it just returns. */ +#ifdef COMPILE_RSAX + ENGINE *toadd = ENGINE_rsax(); + if (!toadd) + return; + ENGINE_add(toadd); + ENGINE_free(toadd); + ERR_clear_error(); +#endif +} + +#ifdef COMPILE_RSAX +# define E_RSAX_LIB_NAME "rsax engine" + +static int e_rsax_destroy(ENGINE *e); +static int e_rsax_init(ENGINE *e); +static int e_rsax_finish(ENGINE *e); +static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)); + +# ifndef OPENSSL_NO_RSA +/* RSA stuff */ +static int e_rsax_rsa_mod_exp(BIGNUM *r, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx); +static int e_rsax_rsa_finish(RSA *r); +# endif + +static const ENGINE_CMD_DEFN e_rsax_cmd_defns[] = { + {0, NULL, NULL, 0} +}; + +# ifndef OPENSSL_NO_RSA +/* Our internal RSA_METHOD that we provide pointers to */ +static RSA_METHOD e_rsax_rsa = { + "Intel RSA-X method", + NULL, + NULL, + NULL, + NULL, + e_rsax_rsa_mod_exp, + NULL, + NULL, + e_rsax_rsa_finish, + RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE, + NULL, + NULL, + NULL +}; +# endif + +/* Constants used when creating the ENGINE */ +static const char *engine_e_rsax_id = "rsax"; +static const char *engine_e_rsax_name = "RSAX engine support"; + +/* This internal function is used by ENGINE_rsax() */ +static int bind_helper(ENGINE *e) +{ +# ifndef OPENSSL_NO_RSA + const RSA_METHOD *meth1; +# endif + if (!ENGINE_set_id(e, engine_e_rsax_id) || + !ENGINE_set_name(e, engine_e_rsax_name) || +# ifndef OPENSSL_NO_RSA + !ENGINE_set_RSA(e, &e_rsax_rsa) || +# endif + !ENGINE_set_destroy_function(e, e_rsax_destroy) || + !ENGINE_set_init_function(e, e_rsax_init) || + !ENGINE_set_finish_function(e, e_rsax_finish) || + !ENGINE_set_ctrl_function(e, e_rsax_ctrl) || + !ENGINE_set_cmd_defns(e, e_rsax_cmd_defns)) + return 0; + +# ifndef OPENSSL_NO_RSA + meth1 = RSA_PKCS1_SSLeay(); + e_rsax_rsa.rsa_pub_enc = meth1->rsa_pub_enc; + e_rsax_rsa.rsa_pub_dec = meth1->rsa_pub_dec; + e_rsax_rsa.rsa_priv_enc = meth1->rsa_priv_enc; + e_rsax_rsa.rsa_priv_dec = meth1->rsa_priv_dec; + e_rsax_rsa.bn_mod_exp = meth1->bn_mod_exp; +# endif + return 1; +} + +static ENGINE *ENGINE_rsax(void) +{ + ENGINE *ret = ENGINE_new(); + if (!ret) + return NULL; + if (!bind_helper(ret)) { + ENGINE_free(ret); + return NULL; + } + return ret; +} + +# ifndef OPENSSL_NO_RSA +/* Used to attach our own key-data to an RSA structure */ +static int rsax_ex_data_idx = -1; +# endif + +static int e_rsax_destroy(ENGINE *e) +{ + return 1; +} + +/* (de)initialisation functions. */ +static int e_rsax_init(ENGINE *e) +{ +# ifndef OPENSSL_NO_RSA + if (rsax_ex_data_idx == -1) + rsax_ex_data_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, NULL); +# endif + if (rsax_ex_data_idx == -1) + return 0; + return 1; +} + +static int e_rsax_finish(ENGINE *e) +{ + return 1; +} + +static int e_rsax_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +{ + int to_return = 1; + + switch (cmd) { + /* The command isn't understood by this engine */ + default: + to_return = 0; + break; + } + + return to_return; +} + +# ifndef OPENSSL_NO_RSA + +# ifdef _WIN32 +typedef unsigned __int64 UINT64; +# else +typedef unsigned long long UINT64; +# endif +typedef unsigned short UINT16; + +/* + * Table t is interleaved in the following manner: The order in memory is + * t[0][0], t[0][1], ..., t[0][7], t[1][0], ... A particular 512-bit value is + * stored in t[][index] rather than the more normal t[index][]; i.e. the + * qwords of a particular entry in t are not adjacent in memory + */ + +/* Init BIGNUM b from the interleaved UINT64 array */ +static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array); + +/* + * Extract array elements from BIGNUM b To set the whole array from b, call + * with n=8 + */ +static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, + UINT64 *array); + +struct mod_ctx_512 { + UINT64 t[8][8]; + UINT64 m[8]; + UINT64 m1[8]; /* 2^278 % m */ + UINT64 m2[8]; /* 2^640 % m */ + UINT64 k1[2]; /* (- 1/m) % 2^128 */ +}; + +static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data); + +void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */ + UINT64 *g, /* 512 bits, 8 qwords */ + UINT64 *exp, /* 512 bits, 8 qwords */ + struct mod_ctx_512 *data); + +typedef struct st_e_rsax_mod_ctx { + UINT64 type; + union { + struct mod_ctx_512 b512; + } ctx; + +} E_RSAX_MOD_CTX; + +static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM *m) +{ + E_RSAX_MOD_CTX *hptr; + + if (idx < 0 || idx > 2) + return NULL; + + hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); + if (!hptr) { + hptr = OPENSSL_malloc(3 * sizeof(E_RSAX_MOD_CTX)); + if (!hptr) + return NULL; + hptr[2].type = hptr[1].type = hptr[0].type = 0; + RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr); + } + + if (hptr[idx].type == (UINT64)BN_num_bits(m)) + return hptr + idx; + + if (BN_num_bits(m) == 512) { + UINT64 _m[8]; + bn_extract_to_array_512(m, 8, _m); + memset(&hptr[idx].ctx.b512, 0, sizeof(struct mod_ctx_512)); + mod_exp_pre_compute_data_512(_m, &hptr[idx].ctx.b512); + } + + hptr[idx].type = BN_num_bits(m); + return hptr + idx; +} + +static int e_rsax_rsa_finish(RSA *rsa) +{ + E_RSAX_MOD_CTX *hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx); + if (hptr) { + OPENSSL_free(hptr); + RSA_set_ex_data(rsa, rsax_ex_data_idx, NULL); + } + if (rsa->_method_mod_n) + BN_MONT_CTX_free(rsa->_method_mod_n); + if (rsa->_method_mod_p) + BN_MONT_CTX_free(rsa->_method_mod_p); + if (rsa->_method_mod_q) + BN_MONT_CTX_free(rsa->_method_mod_q); + return 1; +} + +static int e_rsax_bn_mod_exp(BIGNUM *r, const BIGNUM *g, const BIGNUM *e, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *in_mont, + E_RSAX_MOD_CTX *rsax_mod_ctx) +{ + if (rsax_mod_ctx && BN_get_flags(e, BN_FLG_CONSTTIME) != 0) { + if (BN_num_bits(m) == 512) { + UINT64 _r[8]; + UINT64 _g[8]; + UINT64 _e[8]; + + /* Init the arrays from the BIGNUMs */ + bn_extract_to_array_512(g, 8, _g); + bn_extract_to_array_512(e, 8, _e); + + mod_exp_512(_r, _g, _e, &rsax_mod_ctx->ctx.b512); + /* Return the result in the BIGNUM */ + interleaved_array_to_bn_512(r, _r); + return 1; + } + } + + return BN_mod_exp_mont(r, g, e, m, ctx, in_mont); +} + +/* + * Declares for the Intel CIAP 512-bit / CRT / 1024 bit RSA modular + * exponentiation routine precalculations and a structure to hold the + * necessary values. These files are meant to live in crypto/rsa/ in the + * target openssl. + */ + +/* + * Local method: extracts a piece from a BIGNUM, to fit it into + * an array. Call with n=8 to extract an entire 512-bit BIGNUM + */ +static int bn_extract_to_array_512(const BIGNUM *b, unsigned int n, + UINT64 *array) +{ + int i; + UINT64 tmp; + unsigned char bn_buff[64]; + memset(bn_buff, 0, 64); + if (BN_num_bytes(b) > 64) { + printf("Can't support this byte size\n"); + return 0; + } + if (BN_num_bytes(b) != 0) { + if (!BN_bn2bin(b, bn_buff + (64 - BN_num_bytes(b)))) { + printf("Error's in bn2bin\n"); + /* We have to error, here */ + return 0; + } + } + while (n-- > 0) { + array[n] = 0; + for (i = 7; i >= 0; i--) { + tmp = bn_buff[63 - (n * 8 + i)]; + array[n] |= tmp << (8 * i); + } + } + return 1; +} + +/* Init a 512-bit BIGNUM from the UINT64*_ (8 * 64) interleaved array */ +static int interleaved_array_to_bn_512(BIGNUM *b, UINT64 *array) +{ + unsigned char tmp[64]; + int n = 8; + int i; + while (n-- > 0) { + for (i = 7; i >= 0; i--) { + tmp[63 - (n * 8 + i)] = (unsigned char)(array[n] >> (8 * i)); + }} + BN_bin2bn(tmp, 64, b); + return 0; +} + +/* The main 512bit precompute call */ +static int mod_exp_pre_compute_data_512(UINT64 *m, struct mod_ctx_512 *data) +{ + BIGNUM two_768, two_640, two_128, two_512, tmp, _m, tmp2; + + /* We need a BN_CTX for the modulo functions */ + BN_CTX *ctx; + /* Some tmps */ + UINT64 _t[8]; + int i, j, ret = 0; + + /* Init _m with m */ + BN_init(&_m); + interleaved_array_to_bn_512(&_m, m); + memset(_t, 0, 64); + + /* Inits */ + BN_init(&two_768); + BN_init(&two_640); + BN_init(&two_128); + BN_init(&two_512); + BN_init(&tmp); + BN_init(&tmp2); + + /* Create our context */ + if ((ctx = BN_CTX_new()) == NULL) { + goto err; + } + BN_CTX_start(ctx); + + /* + * For production, if you care, these only need to be set once, + * and may be made constants. + */ + BN_lshift(&two_768, BN_value_one(), 768); + BN_lshift(&two_640, BN_value_one(), 640); + BN_lshift(&two_128, BN_value_one(), 128); + BN_lshift(&two_512, BN_value_one(), 512); + + if (0 == (m[7] & 0x8000000000000000)) { + goto err; + } + if (0 == (m[0] & 0x1)) { /* Odd modulus required for Mont */ + goto err; + } + + /* Precompute m1 */ + BN_mod(&tmp, &two_768, &_m, ctx); + if (!bn_extract_to_array_512(&tmp, 8, &data->m1[0])) { + goto err; + } + + /* Precompute m2 */ + BN_mod(&tmp, &two_640, &_m, ctx); + if (!bn_extract_to_array_512(&tmp, 8, &data->m2[0])) { + goto err; + } + + /* + * Precompute k1, a 128b number = ((-1)* m-1 ) mod 2128; k1 should + * be non-negative. + */ + BN_mod_inverse(&tmp, &_m, &two_128, ctx); + if (!BN_is_zero(&tmp)) { + BN_sub(&tmp, &two_128, &tmp); + } + if (!bn_extract_to_array_512(&tmp, 2, &data->k1[0])) { + goto err; + } + + /* Precompute t */ + for (i = 0; i < 8; i++) { + BN_zero(&tmp); + if (i & 1) { + BN_add(&tmp, &two_512, &tmp); + } + if (i & 2) { + BN_add(&tmp, &two_512, &tmp); + } + if (i & 4) { + BN_add(&tmp, &two_640, &tmp); + } + + BN_nnmod(&tmp2, &tmp, &_m, ctx); + if (!bn_extract_to_array_512(&tmp2, 8, _t)) { + goto err; + } + for (j = 0; j < 8; j++) + data->t[j][i] = _t[j]; + } + + /* Precompute m */ + for (i = 0; i < 8; i++) { + data->m[i] = m[i]; + } + + ret = 1; + + err: + /* Cleanup */ + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + BN_free(&two_768); + BN_free(&two_640); + BN_free(&two_128); + BN_free(&two_512); + BN_free(&tmp); + BN_free(&tmp2); + BN_free(&_m); + + return ret; +} + +static int e_rsax_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, + BN_CTX *ctx) +{ + BIGNUM *r1, *m1, *vrfy; + BIGNUM local_dmp1, local_dmq1, local_c, local_r1; + BIGNUM *dmp1, *dmq1, *c, *pr1; + int ret = 0; + + BN_CTX_start(ctx); + r1 = BN_CTX_get(ctx); + m1 = BN_CTX_get(ctx); + vrfy = BN_CTX_get(ctx); + + { + BIGNUM local_p, local_q; + BIGNUM *p = NULL, *q = NULL; + int error = 0; + + /* + * Make sure BN_mod_inverse in Montgomery intialization uses the + * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) + */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + BN_init(&local_p); + p = &local_p; + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); + + BN_init(&local_q); + q = &local_q; + BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); + } else { + p = rsa->p; + q = rsa->q; + } + + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { + if (!BN_MONT_CTX_set_locked + (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) + error = 1; + if (!BN_MONT_CTX_set_locked + (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) + error = 1; + } + + /* clean up */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + BN_free(&local_p); + BN_free(&local_q); + } + if (error) + goto err; + } + + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked + (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; + + /* compute I mod q */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + c = &local_c; + BN_with_flags(c, I, BN_FLG_CONSTTIME); + if (!BN_mod(r1, c, rsa->q, ctx)) + goto err; + } else { + if (!BN_mod(r1, I, rsa->q, ctx)) + goto err; + } + + /* compute r1^dmq1 mod q */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + dmq1 = &local_dmq1; + BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); + } else + dmq1 = rsa->dmq1; + + if (!e_rsax_bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, + rsa->_method_mod_q, e_rsax_get_ctx(rsa, 0, + rsa->q))) + goto err; + + /* compute I mod p */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + c = &local_c; + BN_with_flags(c, I, BN_FLG_CONSTTIME); + if (!BN_mod(r1, c, rsa->p, ctx)) + goto err; + } else { + if (!BN_mod(r1, I, rsa->p, ctx)) + goto err; + } + + /* compute r1^dmp1 mod p */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + dmp1 = &local_dmp1; + BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); + } else + dmp1 = rsa->dmp1; + + if (!e_rsax_bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, + rsa->_method_mod_p, e_rsax_get_ctx(rsa, 1, + rsa->p))) + goto err; + + if (!BN_sub(r0, r0, m1)) + goto err; + /* + * This will help stop the size of r0 increasing, which does affect the + * multiply if it optimised for a power of 2 size + */ + if (BN_is_negative(r0)) + if (!BN_add(r0, r0, rsa->p)) + goto err; + + if (!BN_mul(r1, r0, rsa->iqmp, ctx)) + goto err; + + /* Turn BN_FLG_CONSTTIME flag on before division operation */ + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + pr1 = &local_r1; + BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); + } else + pr1 = r1; + if (!BN_mod(r0, pr1, rsa->p, ctx)) + goto err; + + /* + * If p < q it is occasionally possible for the correction of adding 'p' + * if r0 is negative above to leave the result still negative. This can + * break the private key operations: the following second correction + * should *always* correct this rare occurrence. This will *never* happen + * with OpenSSL generated keys because they ensure p > q [steve] + */ + if (BN_is_negative(r0)) + if (!BN_add(r0, r0, rsa->p)) + goto err; + if (!BN_mul(r1, r0, rsa->q, ctx)) + goto err; + if (!BN_add(r0, r1, m1)) + goto err; + + if (rsa->e && rsa->n) { + if (!e_rsax_bn_mod_exp + (vrfy, r0, rsa->e, rsa->n, ctx, rsa->_method_mod_n, + e_rsax_get_ctx(rsa, 2, rsa->n))) + goto err; + + /* + * If 'I' was greater than (or equal to) rsa->n, the operation will + * be equivalent to using 'I mod n'. However, the result of the + * verify will *always* be less than 'n' so we don't check for + * absolute equality, just congruency. + */ + if (!BN_sub(vrfy, vrfy, I)) + goto err; + if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) + goto err; + if (BN_is_negative(vrfy)) + if (!BN_add(vrfy, vrfy, rsa->n)) + goto err; + if (!BN_is_zero(vrfy)) { + /* + * 'I' and 'vrfy' aren't congruent mod n. Don't leak + * miscalculated CRT output, just do a raw (slower) mod_exp and + * return that instead. + */ + + BIGNUM local_d; + BIGNUM *d = NULL; + + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { + d = &local_d; + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); + } else + d = rsa->d; + if (!e_rsax_bn_mod_exp(r0, I, d, rsa->n, ctx, + rsa->_method_mod_n, e_rsax_get_ctx(rsa, 2, + rsa->n))) + goto err; + } + } + ret = 1; + + err: + BN_CTX_end(ctx); + + return ret; +} +# endif /* !OPENSSL_NO_RSA */ +#endif /* !COMPILE_RSAX */ From rsalz at openssl.org Tue Jan 27 21:44:48 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 22:44:48 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127214448.2AD2A1DF118@butler.localdomain> The branch master has been updated via 63c574f6a639cfa3f53476080054526e6bfa3bc9 (commit) from daa48704cc04c61cf8f3e74759a7a3139b6aff01 (commit) - Log ----------------------------------------------------------------- commit 63c574f6a639cfa3f53476080054526e6bfa3bc9 Author: Rich Salz Date: Tue Jan 27 16:43:53 2015 -0500 OPENSSL_NO_XXX cleanup: OPENSSL_NO_BUF_FREELISTS Remove OPENSSL_NO_BUF_FREELISTS. This was turned on by default, so the work here is removing the 'maintain our own freelist' code. Also removed a minor old Windows-multibyte/widechar conversion flag. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 3 -- doc/ssl/SSL_CTX_set_mode.pod | 6 ++-- ssl/s3_both.c | 78 +++--------------------------------------- ssl/ssl.h | 6 ---- ssl/ssl_lib.c | 42 ----------------------- ssl/ssl_locl.h | 12 ------- 6 files changed, 6 insertions(+), 141 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6597af6..ce07b84 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -365,12 +365,9 @@ void OPENSSL_showfatal(const char *fmta, ...) fmt = (const TCHAR *)L"no stack?"; break; } -# ifndef OPENSSL_NO_MULTIBYTE if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0)) -# endif for (i = 0; i < len_0; i++) fmtw[i] = (WCHAR)fmta[i]; - for (i = 0; i < len_0; i++) { if (fmtw[i] == L'%') do { diff --git a/doc/ssl/SSL_CTX_set_mode.pod b/doc/ssl/SSL_CTX_set_mode.pod index 2a5aaa5..a109f34 100644 --- a/doc/ssl/SSL_CTX_set_mode.pod +++ b/doc/ssl/SSL_CTX_set_mode.pod @@ -64,10 +64,8 @@ return after the handshake and successful completion. =item SSL_MODE_RELEASE_BUFFERS When we no longer need a read buffer or a write buffer for a given SSL, -then release the memory we were using to hold it. Released memory is -either appended to a list of unused RAM chunks on the SSL_CTX, or simply -freed if the list of unused chunks would become longer than -SSL_CTX->freelist_max_len, which defaults to 32. Using this flag can +then release the memory we were using to hold it. +Using this flag can save around 34k per idle SSL connection. This flag has no effect on SSL v2 connections, or on DTLS connections. diff --git a/ssl/s3_both.c b/ssl/s3_both.c index 50aa428..de49e64 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -566,76 +566,6 @@ int ssl_verify_alarm_type(long type) return (al); } -#ifndef OPENSSL_NO_BUF_FREELISTS -/*- - * On some platforms, malloc() performance is bad enough that you can't just - * free() and malloc() buffers all the time, so we need to use freelists from - * unused buffers. Currently, each freelist holds memory chunks of only a - * given size (list->chunklen); other sized chunks are freed and malloced. - * This doesn't help much if you're using many different SSL option settings - * with a given context. (The options affecting buffer size are - * max_send_fragment, read buffer vs write buffer, - * SSL_OP_MICROSOFT_BIG_WRITE_BUFFER, SSL_OP_NO_COMPRESSION, and - * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS.) Using a separate freelist for every - * possible size is not an option, since max_send_fragment can take on many - * different values. - * - * If you are on a platform with a slow malloc(), and you're using SSL - * connections with many different settings for these options, and you need to - * use the SSL_MOD_RELEASE_BUFFERS feature, you have a few options: - * - Link against a faster malloc implementation. - * - Use a separate SSL_CTX for each option set. - * - Improve this code. - */ -static void *freelist_extract(SSL_CTX *ctx, int for_read, int sz) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent = NULL; - void *result = NULL; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && sz == (int)list->chunklen) - ent = list->head; - if (ent != NULL) { - list->head = ent->next; - result = ent; - if (--list->len == 0) - list->chunklen = 0; - } - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (!result) - result = OPENSSL_malloc(sz); - return result; -} - -static void freelist_insert(SSL_CTX *ctx, int for_read, size_t sz, void *mem) -{ - SSL3_BUF_FREELIST *list; - SSL3_BUF_FREELIST_ENTRY *ent; - - CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); - list = for_read ? ctx->rbuf_freelist : ctx->wbuf_freelist; - if (list != NULL && - (sz == list->chunklen || list->chunklen == 0) && - list->len < ctx->freelist_max_len && sz >= sizeof(*ent)) { - list->chunklen = sz; - ent = mem; - ent->next = list->head; - list->head = ent; - ++list->len; - mem = NULL; - } - - CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); - if (mem) - OPENSSL_free(mem); -} -#else -# define freelist_extract(c,fr,sz) OPENSSL_malloc(sz) -# define freelist_insert(c,fr,sz,m) OPENSSL_free(m) -#endif - int ssl3_setup_read_buffer(SSL *s) { unsigned char *p; @@ -661,7 +591,7 @@ int ssl3_setup_read_buffer(SSL *s) if (ssl_allow_compression(s)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif - if ((p = freelist_extract(s->ctx, 1, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->rbuf.buf = p; s->s3->rbuf.len = len; @@ -699,7 +629,7 @@ int ssl3_setup_write_buffer(SSL *s) if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; - if ((p = freelist_extract(s->ctx, 0, len)) == NULL) + if ((p = OPENSSL_malloc(len)) == NULL) goto err; s->s3->wbuf.buf = p; s->s3->wbuf.len = len; @@ -724,7 +654,7 @@ int ssl3_setup_buffers(SSL *s) int ssl3_release_write_buffer(SSL *s) { if (s->s3->wbuf.buf != NULL) { - freelist_insert(s->ctx, 0, s->s3->wbuf.len, s->s3->wbuf.buf); + OPENSSL_free(s->s3->wbuf.buf); s->s3->wbuf.buf = NULL; } return 1; @@ -733,7 +663,7 @@ int ssl3_release_write_buffer(SSL *s) int ssl3_release_read_buffer(SSL *s) { if (s->s3->rbuf.buf != NULL) { - freelist_insert(s->ctx, 1, s->s3->rbuf.len, s->s3->rbuf.buf); + OPENSSL_free(s->s3->rbuf.buf); s->s3->rbuf.buf = NULL; } return 1; diff --git a/ssl/ssl.h b/ssl/ssl.h index a0025e6..6809fd6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1083,12 +1083,6 @@ struct ssl_ctx_st { unsigned int max_psk_len); # endif -# ifndef OPENSSL_NO_BUF_FREELISTS -# define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32 - unsigned int freelist_max_len; - struct ssl3_buf_freelist_st *wbuf_freelist; - struct ssl3_buf_freelist_st *rbuf_freelist; -# endif # ifndef OPENSSL_NO_SRP SRP_CTX srp_ctx; /* ctx for SRP authentication */ # endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d777935..59a871c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2008,23 +2008,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_init(ret); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT; - ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->rbuf_freelist) - goto err; - ret->rbuf_freelist->chunklen = 0; - ret->rbuf_freelist->len = 0; - ret->rbuf_freelist->head = NULL; - ret->wbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST)); - if (!ret->wbuf_freelist) { - OPENSSL_free(ret->rbuf_freelist); - goto err; - } - ret->wbuf_freelist->chunklen = 0; - ret->wbuf_freelist->len = 0; - ret->wbuf_freelist->head = NULL; -#endif #ifndef OPENSSL_NO_ENGINE ret->client_cert_engine = NULL; # ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO @@ -2059,25 +2042,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) return (NULL); } -#if 0 -static void SSL_COMP_free(SSL_COMP *comp) -{ - OPENSSL_free(comp); -} -#endif - -#ifndef OPENSSL_NO_BUF_FREELISTS -static void ssl_buf_freelist_free(SSL3_BUF_FREELIST *list) -{ - SSL3_BUF_FREELIST_ENTRY *ent, *next; - for (ent = list->head; ent; ent = next) { - next = ent->next; - OPENSSL_free(ent); - } - OPENSSL_free(list); -} -#endif - void SSL_CTX_free(SSL_CTX *a) { int i; @@ -2155,12 +2119,6 @@ void SSL_CTX_free(SSL_CTX *a) ENGINE_finish(a->client_cert_engine); #endif -#ifndef OPENSSL_NO_BUF_FREELISTS - if (a->wbuf_freelist) - ssl_buf_freelist_free(a->wbuf_freelist); - if (a->rbuf_freelist) - ssl_buf_freelist_free(a->rbuf_freelist); -#endif #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC if (a->tlsext_ecpointformatlist) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index fcf5f8d..f3ce460 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -833,18 +833,6 @@ typedef struct ssl3_comp_st { } SSL3_COMP; # endif -# ifndef OPENSSL_NO_BUF_FREELISTS -typedef struct ssl3_buf_freelist_st { - size_t chunklen; - unsigned int len; - struct ssl3_buf_freelist_entry_st *head; -} SSL3_BUF_FREELIST; - -typedef struct ssl3_buf_freelist_entry_st { - struct ssl3_buf_freelist_entry_st *next; -} SSL3_BUF_FREELIST_ENTRY; -# endif - extern SSL3_ENC_METHOD ssl3_undef_enc_method; OPENSSL_EXTERN const SSL_CIPHER ssl3_ciphers[]; From rsalz at openssl.org Tue Jan 27 22:44:41 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 27 Jan 2015 23:44:41 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150127224442.0E65A1DF118@butler.localdomain> The branch master has been updated via 1a5adcfb5edfe23908b350f8757df405b0f5f71f (commit) from 63c574f6a639cfa3f53476080054526e6bfa3bc9 (commit) - Log ----------------------------------------------------------------- commit 1a5adcfb5edfe23908b350f8757df405b0f5f71f Author: Rich Salz Date: Tue Jan 27 17:44:12 2015 -0500 "#if 0" removal: header files Remove all "#if 0" blocks from header files. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/aes/aes.h | 7 ------- crypto/asn1/asn1.h | 3 --- crypto/bn/bn.h | 11 ----------- crypto/conf/conf.h | 11 +---------- crypto/crypto.h | 14 -------------- crypto/des/des.h | 5 ----- crypto/des/des_old.h | 18 ------------------ crypto/dso/dso.h | 7 ------- crypto/evp/evp.h | 11 ----------- crypto/symhacks.h | 27 --------------------------- crypto/x509/x509_vfy.h | 10 ---------- ssl/dtls1.h | 5 ----- ssl/ssl.h | 17 ----------------- ssl/ssl3.h | 18 ------------------ 14 files changed, 1 insertion(+), 163 deletions(-) diff --git a/crypto/aes/aes.h b/crypto/aes/aes.h index 18fd527..20e7b8e 100644 --- a/crypto/aes/aes.h +++ b/crypto/aes/aes.h @@ -114,13 +114,6 @@ void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out, void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, unsigned char *ivec, int *num); -# if 0 -void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, - size_t length, const AES_KEY *key, - unsigned char ivec[AES_BLOCK_SIZE], - unsigned char ecount_buf[AES_BLOCK_SIZE], - unsigned int *num); -# endif /* NB: the IV is _two_ blocks long */ void AES_ige_encrypt(const unsigned char *in, unsigned char *out, size_t length, const AES_KEY *key, diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index e3fea15..104056e 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -851,9 +851,6 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec); int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); -# if 0 -time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); -# endif int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index ae44e65..f137605 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -292,17 +292,6 @@ int BN_get_flags(const BIGNUM *b, int n); */ void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int n); -/* Already declared in ossl_typ.h */ -# if 0 -typedef struct bignum_st BIGNUM; -/* Used for temp variables (declaration hidden in bn_lcl.h) */ -typedef struct bignum_ctx BN_CTX; -typedef struct bn_blinding_st BN_BLINDING; -typedef struct bn_mont_ctx_st BN_MONT_CTX; -typedef struct bn_recp_ctx_st BN_RECP_CTX; -typedef struct bn_gencb_st BN_GENCB; -# endif - /* Wrapper function to make using BN_GENCB easier, */ int BN_GENCB_call(BN_GENCB *cb, int a, int b); diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 54edfdd..06c7601 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -153,10 +153,6 @@ struct conf_st { CONF *NCONF_new(CONF_METHOD *meth); CONF_METHOD *NCONF_default(void); CONF_METHOD *NCONF_WIN32(void); -# if 0 /* Just to give you an idea of what I have in - * mind */ -CONF_METHOD *NCONF_XML(void); -# endif void NCONF_free(CONF *conf); void NCONF_free_data(CONF *conf); @@ -173,12 +169,7 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, int NCONF_dump_fp(const CONF *conf, FILE *out); int NCONF_dump_bio(const CONF *conf, BIO *out); -# if 0 /* The following function has no error - * checking, and should therefore be avoided */ -long NCONF_get_number(CONF *conf, char *group, char *name); -# else -# define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) -# endif +#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) /* Module functions */ diff --git a/crypto/crypto.h b/crypto/crypto.h index 167f375..9762398 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -158,20 +158,6 @@ extern "C" { # define SSLEAY_PLATFORM 4 # define SSLEAY_DIR 5 -/* Already declared in ossl_typ.h */ -# if 0 -typedef struct crypto_ex_data_st CRYPTO_EX_DATA; -/* Called when a new object is created */ -typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when an object is free()ed */ -typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -/* Called when we need to dup an object */ -typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, - void *from_d, int idx, long argl, void *argp); -# endif - /* A generic structure to pass assorted data in a expandable way */ typedef struct openssl_item_st { int code; diff --git a/crypto/des/des.h b/crypto/des/des.h index 0accc9b..589b73b 100644 --- a/crypto/des/des.h +++ b/crypto/des/des.h @@ -194,11 +194,6 @@ void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, DES_key_schedule *ks1, DES_key_schedule *ks2, DES_key_schedule *ks3, DES_cblock *ivec, int *num); -# if 0 -void DES_xwhite_in2out(const_DES_cblock *DES_key, const_DES_cblock *in_white, - DES_cblock *out_white); -# endif - int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, DES_cblock *iv); int DES_enc_write(int fd, const void *buf, int len, DES_key_schedule *sched, diff --git a/crypto/des/des_old.h b/crypto/des/des_old.h index baa4b7d..998ac09 100644 --- a/crypto/des/des_old.h +++ b/crypto/des/des_old.h @@ -175,14 +175,6 @@ typedef struct _ossl_old_des_ks_struct { DES_enc_write((f),(b),(l),&(k),(iv)) # define des_fcrypt(b,s,r)\ DES_fcrypt((b),(s),(r)) -# if 0 -# define des_crypt(b,s)\ - DES_crypt((b),(s)) -# if !defined(PERL5) && !defined(__FreeBSD__) && !defined(__OpenBSD__) -# define crypt(b,s)\ - DES_crypt((b),(s)) -# endif -# endif # define des_ofb_encrypt(i,o,n,l,k,iv)\ DES_ofb_encrypt((i),(o),(n),(l),&(k),(iv)) # define des_pcbc_encrypt(i,o,l,k,iv,e)\ @@ -281,10 +273,6 @@ typedef struct _ossl_old_des_ks_struct { _ossl_old_des_fcrypt((b),(s),(r)) # define des_crypt(b,s)\ _ossl_old_des_crypt((b),(s)) -# if 0 -# define crypt(b,s)\ - _ossl_old_crypt((b),(s)) -# endif # define des_ofb_encrypt(i,o,n,l,k,iv)\ _ossl_old_des_ofb_encrypt((i),(o),(n),(l),(k),(iv)) # define des_pcbc_encrypt(i,o,l,k,iv,e)\ @@ -392,12 +380,6 @@ void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out, _ossl_old_des_key_schedule ks2, _ossl_old_des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num); -# if 0 -void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), - _ossl_old_des_cblock (*in_white), - _ossl_old_des_cblock (*out_white)); -# endif - int _ossl_old_des_enc_read(int fd, char *buf, int len, _ossl_old_des_key_schedule sched, _ossl_old_des_cblock *iv); diff --git a/crypto/dso/dso.h b/crypto/dso/dso.h index f6a1b67..12c16b6 100644 --- a/crypto/dso/dso.h +++ b/crypto/dso/dso.h @@ -157,13 +157,6 @@ typedef struct dso_meth_st { * libraries at all, let alone a DSO_METHOD implemented for them. */ DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname); -/* I don't think this would actually be used in any circumstances. */ -# if 0 - /* Unbinds a variable */ - int (*dso_unbind_var) (DSO *dso, char *symname, void *symptr); - /* Unbinds a function */ - int (*dso_unbind_func) (DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -# endif /* * The generic (yuck) "ctrl()" function. NB: Negative return values * (rather than zero) indicate errors. diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index ca7447f..74f6217 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -788,10 +788,6 @@ const EVP_CIPHER *EVP_des_cfb1(void); const EVP_CIPHER *EVP_des_cfb8(void); const EVP_CIPHER *EVP_des_ede_cfb64(void); # define EVP_des_ede_cfb EVP_des_ede_cfb64 -# if 0 -const EVP_CIPHER *EVP_des_ede_cfb1(void); -const EVP_CIPHER *EVP_des_ede_cfb8(void); -# endif const EVP_CIPHER *EVP_des_ede3_cfb64(void); # define EVP_des_ede3_cfb EVP_des_ede3_cfb64 const EVP_CIPHER *EVP_des_ede3_cfb1(void); @@ -809,13 +805,6 @@ const EVP_CIPHER *EVP_des_ede3_wrap(void); * are rc4 and md5 declarations made here inside a "NO_DES" precompiler * branch? */ -# if 0 -# ifdef OPENSSL_OPENBSD_DEV_CRYPTO -const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); -const EVP_CIPHER *EVP_dev_crypto_rc4(void); -const EVP_MD *EVP_dev_crypto_md5(void); -# endif -# endif # endif # ifndef OPENSSL_NO_RC4 const EVP_CIPHER *EVP_rc4(void); diff --git a/crypto/symhacks.h b/crypto/symhacks.h index 6348fb4..56922c9 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -81,33 +81,6 @@ # undef ASN1_STRING_set_default_mask_asc # define ASN1_STRING_set_default_mask_asc ASN1_STRING_set_def_mask_asc -# if 0 /* No longer needed, since safestack macro - * magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) */ -# undef i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO -# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO i2d_ASN1_SET_OF_PKCS7_SIGINF -# undef d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO -# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO d2i_ASN1_SET_OF_PKCS7_SIGINF -# endif - -# if 0 /* No longer needed, since safestack macro - * magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) */ -# undef i2d_ASN1_SET_OF_PKCS7_RECIP_INFO -# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO i2d_ASN1_SET_OF_PKCS7_RECINF -# undef d2i_ASN1_SET_OF_PKCS7_RECIP_INFO -# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO d2i_ASN1_SET_OF_PKCS7_RECINF -# endif - -# if 0 /* No longer needed, since safestack macro - * magic does the job */ -/* Hack the names created with DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) */ -# undef i2d_ASN1_SET_OF_ACCESS_DESCRIPTION -# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION i2d_ASN1_SET_OF_ACC_DESC -# undef d2i_ASN1_SET_OF_ACCESS_DESCRIPTION -# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION d2i_ASN1_SET_OF_ACC_DESC -# endif - /* Hack the names created with DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE) */ # undef PEM_read_NETSCAPE_CERT_SEQUENCE # define PEM_read_NETSCAPE_CERT_SEQUENCE PEM_read_NS_CERT_SEQ diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 959af30..03e43e5 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -77,16 +77,6 @@ extern "C" { #endif -# if 0 -/* Outer object */ -typedef struct x509_hash_dir_st { - int num_dirs; - char **dirs; - int *dirs_type; - int num_dirs_alloced; -} X509_HASH_DIR_CTX; -# endif - typedef struct x509_file_st { int num_paths; /* number of paths to files or directories */ int num_alloced; diff --git a/ssl/dtls1.h b/ssl/dtls1.h index 4af7e4a..e2be78d 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -92,11 +92,6 @@ extern "C" { /* Special value for method supporting multiple versions */ # define DTLS_ANY_VERSION 0x1FFFF -# if 0 -/* this alert description is not specified anywhere... */ -# define DTLS1_AD_MISSING_HANDSHAKE_MESSAGE 110 -# endif - /* lengths of messages */ # define DTLS1_COOKIE_LENGTH 256 diff --git a/ssl/ssl.h b/ssl/ssl.h index 6809fd6..86f2387 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1026,11 +1026,6 @@ struct ssl_ctx_st { X509_VERIFY_PARAM *param; -# if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -# endif - int quiet_shutdown; /* @@ -1464,10 +1459,6 @@ struct ssl_st { void *msg_callback_arg; int hit; /* reusing a previous session */ X509_VERIFY_PARAM *param; -# if 0 - int purpose; /* Purpose setting */ - int trust; /* Trust setting */ -# endif /* crypto */ STACK_OF(SSL_CIPHER) *cipher_list; STACK_OF(SSL_CIPHER) *cipher_list_by_id; @@ -1747,14 +1738,6 @@ size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count); # define OpenSSL_add_ssl_algorithms() SSL_library_init() # define SSLeay_add_ssl_algorithms() SSL_library_init() -/* this is for backward compatibility */ -# if 0 /* NEW_SSLEAY */ -# define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) -# define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) -# define SSL_add_session(a,b) SSL_CTX_add_session((a),(b)) -# define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) -# define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) -# endif /* More backward compatibility */ # define SSL_get_cipher(s) \ SSL_CIPHER_get_name(SSL_get_current_cipher(s)) diff --git a/ssl/ssl3.h b/ssl/ssl3.h index beaa04d..6c7c439 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -177,18 +177,6 @@ extern "C" { # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -# if 0 -# define SSL3_CK_FZA_DMS_NULL_SHA 0x0300001C -# define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D -# if 0 /* Because it clashes with KRB5, is never - * used any more, and is safe to remove - * according to David Hopwood - * of the - * ietf-tls list */ -# define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E -# endif -# endif - /* * VRS Additional Kerberos5 entries */ @@ -251,12 +239,6 @@ extern "C" { # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -# if 0 -# define SSL3_TXT_FZA_DMS_NULL_SHA "FZA-NULL-SHA" -# define SSL3_TXT_FZA_DMS_FZA_SHA "FZA-FZA-CBC-SHA" -# define SSL3_TXT_FZA_DMS_RC4_SHA "FZA-RC4-SHA" -# endif - # define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" # define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" # define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" From rsalz at openssl.org Wed Jan 28 02:01:08 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 03:01:08 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128020108.C8B551DF118@butler.localdomain> The branch master has been updated via 646e8c1d6b30a2ed080ce5b968b49d234b42644f (commit) from 1a5adcfb5edfe23908b350f8757df405b0f5f71f (commit) - Log ----------------------------------------------------------------- commit 646e8c1d6b30a2ed080ce5b968b49d234b42644f Author: Rich Salz Date: Tue Jan 27 21:00:03 2015 -0500 Dead code removal: Fortezza identifiers Not interested in helping the NSA in the slightest. And anyway, it was never implemented, #if'd out. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: doc/apps/ciphers.pod | 5 ----- ssl/s3_lib.c | 51 -------------------------------------------------- ssl/ssl.h | 5 ----- 3 files changed, 61 deletions(-) diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 5f8dac4..6d39c54 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -246,11 +246,6 @@ carry ECDH keys. cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA keys. -=item B, B, B, B - -ciphers suites using FORTEZZA key exchange, authentication, encryption or all -FORTEZZA algorithms. Not implemented. - =item B, B, B TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note: diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 508cf89..3a1377a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -601,57 +601,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -/* Fortezza ciphersuite from SSL 3.0 spec */ -#if 0 -/* Cipher 1C */ - { - 0, - SSL3_TXT_FZA_DMS_NULL_SHA, - SSL3_CK_FZA_DMS_NULL_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_eNULL, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - -/* Cipher 1D */ - { - 0, - SSL3_TXT_FZA_DMS_FZA_SHA, - SSL3_CK_FZA_DMS_FZA_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_eFZA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_STRONG_NONE, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 0, - 0, - }, - -/* Cipher 1E */ - { - 0, - SSL3_TXT_FZA_DMS_RC4_SHA, - SSL3_CK_FZA_DMS_RC4_SHA, - SSL_kFZA, - SSL_aFZA, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - #ifndef OPENSSL_NO_KRB5 /* The Kerberos ciphers*/ /* Cipher 1E */ diff --git a/ssl/ssl.h b/ssl/ssl.h index 86f2387..5622860 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -218,11 +218,6 @@ extern "C" { # define SSL_TXT_HIGH "HIGH" # define SSL_TXT_FIPS "FIPS" -# define SSL_TXT_kFZA "kFZA"/* unused! */ -# define SSL_TXT_aFZA "aFZA"/* unused! */ -# define SSL_TXT_eFZA "eFZA"/* unused! */ -# define SSL_TXT_FZA "FZA"/* unused! */ - # define SSL_TXT_aNULL "aNULL" # define SSL_TXT_eNULL "eNULL" # define SSL_TXT_NULL "NULL" From matt at openssl.org Wed Jan 28 10:43:55 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 28 Jan 2015 11:43:55 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128104355.59F391DF118@butler.localdomain> The branch master has been updated via dc0e9a35fa89c262833d6b498108acc58a70bdcb (commit) via 488ede07bd9d2a2d3f63851eb28204c9ee998cf9 (commit) via e640fa02005422c8783b7a452329e8a5059be0b5 (commit) via d57d135c33938dfdac441c98b2c40183a8cb66b0 (commit) from 646e8c1d6b30a2ed080ce5b968b49d234b42644f (commit) - Log ----------------------------------------------------------------- commit dc0e9a35fa89c262833d6b498108acc58a70bdcb Author: Matt Caswell Date: Mon Dec 8 14:19:26 2014 +0000 Fix no-ocb for Windows Reviewed-by: Tim Hudson commit 488ede07bd9d2a2d3f63851eb28204c9ee998cf9 Author: Matt Caswell Date: Tue Jan 27 14:10:16 2015 +0000 Rationalise testing of AEAD modes Reviewed-by: Tim Hudson commit e640fa02005422c8783b7a452329e8a5059be0b5 Author: Matt Caswell Date: Tue Jan 27 14:05:07 2015 +0000 Harmonise use of EVP_CTRL_GET_TAG/EVP_CTRL_SET_TAG/EVP_CTRL_SET_IVLEN Reviewed-by: Tim Hudson commit d57d135c33938dfdac441c98b2c40183a8cb66b0 Author: Matt Caswell Date: Tue Jan 27 14:00:50 2015 +0000 Replace EVP_CTRL_OCB_SET_TAGLEN with EVP_CTRL_SET_TAG for consistency with CCM Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 32 ++++++++++++------------ crypto/evp/evp.h | 20 +++++++-------- crypto/evp/evp_test.c | 53 +++++++++++----------------------------- demos/evp/aesccm.c | 12 +++++---- demos/evp/aesgcm.c | 15 +++++++----- doc/crypto/EVP_EncryptInit.pod | 27 +++++++++----------- util/libeay.num | 26 ++++++++++---------- util/mk1mf.pl | 1 + util/mkdef.pl | 8 ++++-- 9 files changed, 87 insertions(+), 107 deletions(-) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 8b31388..15b233c 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -1271,7 +1271,7 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) gctx->tls_aad_len = -1; return 1; - case EVP_CTRL_GCM_SET_IVLEN: + case EVP_CTRL_AEAD_SET_IVLEN: if (arg <= 0) return 0; /* Allocate memory for IV if needed */ @@ -1285,14 +1285,14 @@ static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) gctx->ivlen = arg; return 1; - case EVP_CTRL_GCM_SET_TAG: + case EVP_CTRL_AEAD_SET_TAG: if (arg <= 0 || arg > 16 || c->encrypt) return 0; memcpy(c->buf, ptr, arg); gctx->taglen = arg; return 1; - case EVP_CTRL_GCM_GET_TAG: + case EVP_CTRL_AEAD_GET_TAG: if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) return 0; memcpy(ptr, c->buf, arg); @@ -1870,7 +1870,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->len_set = 0; return 1; - case EVP_CTRL_CCM_SET_IVLEN: + case EVP_CTRL_AEAD_SET_IVLEN: arg = 15 - arg; case EVP_CTRL_CCM_SET_L: if (arg < 2 || arg > 8) @@ -1878,7 +1878,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->L = arg; return 1; - case EVP_CTRL_CCM_SET_TAG: + case EVP_CTRL_AEAD_SET_TAG: if ((arg & 1) || arg < 4 || arg > 16) return 0; if ((c->encrypt && ptr) || (!c->encrypt && !ptr)) @@ -1890,7 +1890,7 @@ static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) cctx->M = arg; return 1; - case EVP_CTRL_CCM_GET_TAG: + case EVP_CTRL_AEAD_GET_TAG: if (!c->encrypt || !cctx->tag_set) return 0; if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg)) @@ -2217,7 +2217,7 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) octx->aad_buf_len = 0; return 1; - case EVP_CTRL_SET_IVLEN: + case EVP_CTRL_AEAD_SET_IVLEN: /* IV len must be 1 to 15 */ if (arg <= 0 || arg > 15) return 0; @@ -2225,21 +2225,21 @@ static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) octx->ivlen = arg; return 1; - case EVP_CTRL_OCB_SET_TAGLEN: - /* Tag len must be 0 to 16 */ - if (arg < 0 || arg > 16) - return 0; - - octx->taglen = arg; - return 1; + case EVP_CTRL_AEAD_SET_TAG: + if (!ptr) { + /* Tag len must be 0 to 16 */ + if (arg < 0 || arg > 16) + return 0; - case EVP_CTRL_SET_TAG: + octx->taglen = arg; + return 1; + } if (arg != octx->taglen || c->encrypt) return 0; memcpy(octx->tag, ptr, arg); return 1; - case EVP_CTRL_GET_TAG: + case EVP_CTRL_AEAD_GET_TAG: if (arg != octx->taglen || !c->encrypt) return 0; diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 74f6217..ff6665d 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -397,14 +397,17 @@ struct evp_cipher_st { # define EVP_CTRL_RAND_KEY 0x6 # define EVP_CTRL_PBE_PRF_NID 0x7 # define EVP_CTRL_COPY 0x8 -# define EVP_CTRL_GCM_SET_IVLEN 0x9 -# define EVP_CTRL_GCM_GET_TAG 0x10 -# define EVP_CTRL_GCM_SET_TAG 0x11 +# define EVP_CTRL_AEAD_SET_IVLEN 0x9 +# define EVP_CTRL_AEAD_GET_TAG 0x10 +# define EVP_CTRL_AEAD_SET_TAG 0x11 +# define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG # define EVP_CTRL_GCM_SET_IV_FIXED 0x12 # define EVP_CTRL_GCM_IV_GEN 0x13 -# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_GCM_GET_TAG -# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_GCM_SET_TAG +# define EVP_CTRL_CCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN +# define EVP_CTRL_CCM_GET_TAG EVP_CTRL_AEAD_GET_TAG +# define EVP_CTRL_CCM_SET_TAG EVP_CTRL_AEAD_SET_TAG # define EVP_CTRL_CCM_SET_L 0x14 # define EVP_CTRL_CCM_SET_MSGLEN 0x15 /* @@ -430,11 +433,6 @@ typedef struct { unsigned int interleave; } EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM; -# define EVP_CTRL_SET_IVLEN EVP_CTRL_GCM_SET_IVLEN -# define EVP_CTRL_GET_TAG EVP_CTRL_GCM_GET_TAG -# define EVP_CTRL_SET_TAG EVP_CTRL_GCM_SET_TAG -# define EVP_CTRL_OCB_SET_TAGLEN 0x1c - /* GCM TLS constants */ /* Length of fixed part of IV derived from PRF */ # define EVP_GCM_TLS_FIXED_IV_LEN 4 diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index dde9e16..597b9fe 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -173,20 +173,20 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); if (encdec != 0) { - if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE)) { + if ((mode == EVP_CIPH_GCM_MODE) || (mode == EVP_CIPH_OCB_MODE) + || (mode == EVP_CIPH_CCM_MODE)) { if (!EVP_EncryptInit_ex(ctx, c, NULL, NULL, NULL)) { fprintf(stderr, "EncryptInit failed\n"); ERR_print_errors_fp(stderr); test1_exit(10); } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_IVLEN, in, NULL)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) { fprintf(stderr, "IV length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(11); } - if ((mode == EVP_CIPH_OCB_MODE) && - !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_OCB_SET_TAGLEN, tn, NULL)) - { + if ((mode != EVP_CIPH_GCM_MODE) && + !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tn, NULL)) { fprintf(stderr, "Tag length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(15); @@ -196,33 +196,8 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, ERR_print_errors_fp(stderr); test1_exit(12); } - if (an && !EVP_EncryptUpdate(ctx, NULL, &outl, aad, an)) { - fprintf(stderr, "AAD set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(13); - } - } else if (mode == EVP_CIPH_CCM_MODE) { - if (!EVP_EncryptInit_ex(ctx, c, NULL, NULL, NULL)) { - fprintf(stderr, "EncryptInit failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(10); - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, in, NULL)) { - fprintf(stderr, "IV length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); - } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, tn, NULL)) { - fprintf(stderr, "Tag length set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(11); - } - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) { - fprintf(stderr, "Key/IV set failed\n"); - ERR_print_errors_fp(stderr); - test1_exit(12); - } - if (!EVP_EncryptUpdate(ctx, NULL, &outl, NULL, pn)) { + if ((mode == EVP_CIPH_CCM_MODE) && + !EVP_EncryptUpdate(ctx, NULL, &outl, NULL, pn)) { fprintf(stderr, "Plaintext length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(12); @@ -274,7 +249,7 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, || (mode == EVP_CIPH_CCM_MODE)) { unsigned char rtag[16]; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_TAG, tn, rtag)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, tn, rtag)) { fprintf(stderr, "Get tag failed\n"); ERR_print_errors_fp(stderr); test1_exit(14); @@ -295,14 +270,13 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, ERR_print_errors_fp(stderr); test1_exit(10); } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_IVLEN, in, NULL)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) { fprintf(stderr, "IV length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(11); } if ((mode == EVP_CIPH_OCB_MODE) && - !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_OCB_SET_TAGLEN, tn, NULL)) - { + !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tn, NULL)) { fprintf(stderr, "Tag length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(15); @@ -312,7 +286,8 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, ERR_print_errors_fp(stderr); test1_exit(12); } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_TAG, tn, (void *)tag)) { + if (!EVP_CIPHER_CTX_ctrl + (ctx, EVP_CTRL_AEAD_SET_TAG, tn, (void *)tag)) { fprintf(stderr, "Set tag failed\n"); ERR_print_errors_fp(stderr); test1_exit(14); @@ -328,13 +303,13 @@ static void test1(const EVP_CIPHER *c, const unsigned char *key, int kn, ERR_print_errors_fp(stderr); test1_exit(10); } - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, in, NULL)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, in, NULL)) { fprintf(stderr, "IV length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(11); } if (!EVP_CIPHER_CTX_ctrl - (ctx, EVP_CTRL_CCM_SET_TAG, tn, (void *)tag)) { + (ctx, EVP_CTRL_AEAD_SET_TAG, tn, (void *)tag)) { fprintf(stderr, "Tag length set failed\n"); ERR_print_errors_fp(stderr); test1_exit(11); diff --git a/demos/evp/aesccm.c b/demos/evp/aesccm.c index 1810a51..e0240e5 100644 --- a/demos/evp/aesccm.c +++ b/demos/evp/aesccm.c @@ -50,9 +50,10 @@ void aes_ccm_encrypt(void) /* Set cipher type and mode */ EVP_EncryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL); /* Set nonce length if default 96 bits is not appropriate */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, sizeof(ccm_nonce), NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce), + NULL); /* Set tag length */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, sizeof(ccm_tag), NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), NULL); /* Initialise key and IV */ EVP_EncryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce); /* Set plaintext length: only needed if AAD is used */ @@ -67,7 +68,7 @@ void aes_ccm_encrypt(void) /* Finalise: note get no output for CCM */ EVP_EncryptFinal_ex(ctx, outbuf, &outlen); /* Get tag */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_GET_TAG, 16, outbuf); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf); /* Output tag */ printf("Tag:\n"); BIO_dump_fp(stdout, outbuf, 16); @@ -86,9 +87,10 @@ void aes_ccm_decrypt(void) /* Select cipher */ EVP_DecryptInit_ex(ctx, EVP_aes_192_ccm(), NULL, NULL, NULL); /* Set nonce length, omit for 96 bits */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, sizeof(ccm_nonce), NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(ccm_nonce), + NULL); /* Set expected tag value */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(ccm_tag), (void *)ccm_tag); /* Specify key and IV */ EVP_DecryptInit_ex(ctx, NULL, NULL, ccm_key, ccm_nonce); diff --git a/demos/evp/aesgcm.c b/demos/evp/aesgcm.c index 12d4192..9159c5c 100644 --- a/demos/evp/aesgcm.c +++ b/demos/evp/aesgcm.c @@ -50,7 +50,7 @@ void aes_gcm_encrypt(void) /* Set cipher type and mode */ EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); /* Set IV length if default 96 bits is not appropriate */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL); /* Initialise key and IV */ EVP_EncryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv); /* Zero or more calls to specify any AAD */ @@ -63,7 +63,7 @@ void aes_gcm_encrypt(void) /* Finalise: note get no output for GCM */ EVP_EncryptFinal_ex(ctx, outbuf, &outlen); /* Get tag */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, outbuf); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outbuf); /* Output tag */ printf("Tag:\n"); BIO_dump_fp(stdout, outbuf, 16); @@ -82,7 +82,7 @@ void aes_gcm_decrypt(void) /* Select cipher */ EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL); /* Set IV length, omit for 96 bits */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, sizeof(gcm_iv), NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, sizeof(gcm_iv), NULL); /* Specify key and IV */ EVP_DecryptInit_ex(ctx, NULL, NULL, gcm_key, gcm_iv); #if 0 @@ -90,7 +90,7 @@ void aes_gcm_decrypt(void) * Set expected tag value. A restriction in OpenSSL 1.0.1c and earlier * required the tag before any AAD or ciphertext */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag); #endif /* Zero or more calls to specify any AAD */ EVP_DecryptUpdate(ctx, NULL, &outlen, gcm_aad, sizeof(gcm_aad)); @@ -99,8 +99,11 @@ void aes_gcm_decrypt(void) /* Output decrypted block */ printf("Plaintext:\n"); BIO_dump_fp(stdout, outbuf, outlen); - /* Set expected tag value. Works in OpenSSL 1.0.1d and later */ - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, sizeof(gcm_tag), gcm_tag); + /* + * Set expected tag value. Works in OpenSSL 1.0.1d and later + * In versions prior to OpenSSL 1.1.0 you should use EVP_CTRL_GCM_SET_TAG + */ + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(gcm_tag), gcm_tag); /* Finalise: note get no output for GCM */ rv = EVP_DecryptFinal_ex(ctx, outbuf, &outlen); /* diff --git a/doc/crypto/EVP_EncryptInit.pod b/doc/crypto/EVP_EncryptInit.pod index 6940de6..6d897da 100644 --- a/doc/crypto/EVP_EncryptInit.pod +++ b/doc/crypto/EVP_EncryptInit.pod @@ -399,41 +399,38 @@ indicates if the operation was successful. If it does not indicate success the authentication operation has failed and any output data B be used as it is corrupted. -The following ctrl is supported in OCB mode only: - - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_OCB_SET_TAGLEN, taglen, NULL); - -Sets the tag length: this call can only be made before specifying an IV. If -not called a default tag length is used. For OCB AES the default is 16 (i.e. 128 -bits). This is also the maximum tag length. - The following ctrls are supported in both GCM and OCB modes: - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_IVLEN, ivlen, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL); Sets the IV length: this call can only be made before specifying an IV. If not called a default IV length is used. For GCM AES and OCB AES the default is 12 (i.e. 96 bits). For OCB mode the maximum is 15. - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_TAG, taglen, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag); Writes B bytes of the tag value to the buffer indicated by B. This call can only be made when encrypting data and B all data has been processed (e.g. after an EVP_EncryptFinal() call). For OCB mode the taglen must either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN. - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_TAG, taglen, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); Sets the expected tag to B bytes from B. This call is only legal when decrypting data and must be made B any data is processed (e.g. before any EVP_DecryptUpdate() call). For OCB mode the taglen must -either be 16 or the value previously set via EVP_CTRL_OCB_SET_TAGLEN. +either be 16 or the value previously set via EVP_CTRL_AEAD_SET_TAG. + +In OCB mode calling this with B set to NULL sets the tag length. The tag +length can only be set before specifying an IV. If not called a default tag +length is used. For OCB AES the default is 16 (i.e. 128 bits). This is also the +maximum tag length for OCB. See L below for an example of the use of GCM mode. =head1 CCM Mode -The behaviour of CCM mode ciphers is similar to CCM mode but with a few +The behaviour of CCM mode ciphers is similar to GCM mode but with a few additional requirements and different ctrl values. Like GCM and OCB modes any additional authenticated data (AAD) is passed by calling @@ -445,7 +442,7 @@ set to B and the length passed in the B parameter. The following ctrls are supported in CCM mode: - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_TAG, taglen, tag); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen, tag); This call is made to set the expected B tag value when decrypting or the length of the tag (with the B parameter set to NULL) when encrypting. @@ -456,7 +453,7 @@ used (12 for AES). Sets the CCM B value. If not set a default is used (8 for AES). - EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_CCM_SET_IVLEN, ivlen, NULL); + EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL); Sets the CCM nonce (IV) length: this call can only be made before specifying an nonce value. The nonce length is given by B<15 - L> so it is 7 by default diff --git a/util/libeay.num b/util/libeay.num index 6859081..03f0d39 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4515,21 +4515,21 @@ i2s_ASN1_IA5STRING 4874 EXIST::FUNCTION: s2i_ASN1_IA5STRING 4875 EXIST::FUNCTION: FIPS_dsa_sign_ctx 4876 NOEXIST::FUNCTION: CRYPTO_ocb128_release 4878 NOEXIST::FUNCTION: -CRYPTO_ocb128_new 4879 EXIST::FUNCTION: -CRYPTO_ocb128_finish 4880 EXIST::FUNCTION: -EVP_aes_256_ocb 4881 EXIST::FUNCTION:AES -CRYPTO_ocb128_setiv 4882 EXIST::FUNCTION: -CRYPTO_ocb128_aad 4883 EXIST::FUNCTION: -CRYPTO_ocb128_decrypt 4884 EXIST::FUNCTION: -CRYPTO_ocb128_tag 4885 EXIST::FUNCTION: -EVP_aes_192_ocb 4886 EXIST::FUNCTION:AES -EVP_aes_128_ocb 4887 EXIST::FUNCTION:AES -CRYPTO_ocb128_init 4888 EXIST::FUNCTION: -CRYPTO_ocb128_encrypt 4889 EXIST::FUNCTION: -CRYPTO_ocb128_copy_ctx 4890 EXIST::FUNCTION: +CRYPTO_ocb128_new 4879 EXIST::FUNCTION:OCB +CRYPTO_ocb128_finish 4880 EXIST::FUNCTION:OCB +EVP_aes_256_ocb 4881 EXIST::FUNCTION:AES,OCB +CRYPTO_ocb128_setiv 4882 EXIST::FUNCTION:OCB +CRYPTO_ocb128_aad 4883 EXIST::FUNCTION:OCB +CRYPTO_ocb128_decrypt 4884 EXIST::FUNCTION:OCB +CRYPTO_ocb128_tag 4885 EXIST::FUNCTION:OCB +EVP_aes_192_ocb 4886 EXIST::FUNCTION:AES,OCB +EVP_aes_128_ocb 4887 EXIST::FUNCTION:AES,OCB +CRYPTO_ocb128_init 4888 EXIST::FUNCTION:OCB +CRYPTO_ocb128_encrypt 4889 EXIST::FUNCTION:OCB +CRYPTO_ocb128_copy_ctx 4890 EXIST::FUNCTION:OCB BN_is_word 4891 EXIST::FUNCTION: BN_GENCB_set 4892 EXIST::FUNCTION: -CRYPTO_ocb128_cleanup 4893 EXIST::FUNCTION: +CRYPTO_ocb128_cleanup 4893 EXIST::FUNCTION:OCB BN_GENCB_set_old 4894 EXIST::FUNCTION: BN_is_zero 4895 EXIST::FUNCTION: BN_with_flags 4896 EXIST::FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 5424ed5..01329b7 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -1457,6 +1457,7 @@ sub read_options "no-ssl-trace" => 0, "no-unit-test" => 0, "no-deprecated" => 0, + "no-ocb" => 0, "fips" => \$fips, "fipscanisterbuild" => [\$fips, \$fipscanisterbuild], "fipscanisteronly" => [\$fips, \$fipscanisterbuild, \$fipscanisteronly], diff --git a/util/mkdef.pl b/util/mkdef.pl index 1dbd555..b67d14b 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -120,7 +120,9 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # SSL TRACE "SSL_TRACE", # Unit testing - "UNIT_TEST"); + "UNIT_TEST", + # OCB mode + "OCB"); my $options=""; open(IN," The branch master has been updated via 55467a16c2baf798ebcb627835654524cf8598a1 (commit) from dc0e9a35fa89c262833d6b498108acc58a70bdcb (commit) - Log ----------------------------------------------------------------- commit 55467a16c2baf798ebcb627835654524cf8598a1 Author: Matt Caswell Date: Tue Jan 27 16:39:13 2015 +0000 Fix warning on some compilers where variable index shadows a global declaration Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/modes/ocb128.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index a322410..cbcb7f6 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -151,10 +151,10 @@ static void ocb_block_xor(const unsigned char *in1, * Lookup L_index in our lookup table. If we haven't already got it we need to * calculate it */ -static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t index) +static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx) { - if (index <= ctx->l_index) { - return ctx->l + index; + if (idx <= ctx->l_index) { + return ctx->l + idx; } /* We don't have it - so calculate it */ @@ -166,9 +166,9 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t index) if (!ctx->l) return NULL; } - ocb_double(ctx->l + (index - 1), ctx->l + index); + ocb_double(ctx->l + (idx - 1), ctx->l + idx); - return ctx->l + index; + return ctx->l + idx; } /* From rsalz at openssl.org Wed Jan 28 17:22:29 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 18:22:29 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128172229.A780D1DF118@butler.localdomain> The branch master has been updated via 625a9baf11c1dd94f17e5876b6ee8d6271b3921d (commit) from 55467a16c2baf798ebcb627835654524cf8598a1 (commit) - Log ----------------------------------------------------------------- commit 625a9baf11c1dd94f17e5876b6ee8d6271b3921d Author: Rich Salz Date: Wed Jan 28 12:21:55 2015 -0500 Finish removal of DSS Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/evp/Makefile | 14 +----- crypto/evp/m_dss.c | 102 ----------------------------------------- doc/crypto/EVP_DigestInit.pod | 11 ++--- 3 files changed, 7 insertions(+), 120 deletions(-) delete mode 100644 crypto/evp/m_dss.c diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index f882096..51730c1 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -23,7 +23,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ e_rc4.c e_aes.c names.c e_seed.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ m_null.c m_md2.c m_md4.c m_md5.c m_sha1.c m_wp.c \ - m_dss.c m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ + m_dss1.c m_mdc2.c m_ripemd.c m_ecdsa.c\ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ @@ -36,7 +36,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_rc4.o e_aes.o names.o e_seed.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ m_null.o m_md2.o m_md4.o m_md5.o m_sha1.o m_wp.o \ - m_dss.o m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ + m_dss1.o m_mdc2.o m_ripemd.o m_ecdsa.o\ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ @@ -464,16 +464,6 @@ evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c -m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h -m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h -m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss.o: ../cryptlib.h m_dss.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h diff --git a/crypto/evp/m_dss.c b/crypto/evp/m_dss.c deleted file mode 100644 index 7fa1ca3..0000000 --- a/crypto/evp/m_dss.c +++ /dev/null @@ -1,102 +0,0 @@ -/* crypto/evp/m_dss.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#ifndef OPENSSL_NO_DSA -# include -#endif - - -static int init(EVP_MD_CTX *ctx) -{ - return SHA1_Init(ctx->md_data); -} - -static int update(EVP_MD_CTX *ctx, const void *data, size_t count) -{ - return SHA1_Update(ctx->md_data, data, count); -} - -static int final(EVP_MD_CTX *ctx, unsigned char *md) -{ - return SHA1_Final(md, ctx->md_data); -} - -static const EVP_MD dsa_md = { - NID_dsaWithSHA, - NID_dsaWithSHA, - SHA_DIGEST_LENGTH, - EVP_MD_FLAG_PKEY_METHOD_SIGNATURE | EVP_MD_FLAG_PKEY_DIGEST, - init, - update, - final, - NULL, - NULL, - EVP_PKEY_NULL_method, - SHA_CBLOCK, - sizeof(EVP_MD *) + sizeof(SHA_CTX), -}; - -const EVP_MD *EVP_dss(void) -{ - return (&dsa_md); -} diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 6605507..3fb9b4c 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -7,7 +7,7 @@ EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex, EVP_DigestInit, EVP_DigestFinal, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null, EVP_md2, EVP_md5, EVP_sha1, -EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2, +EVP_sha224, EVP_sha256, EVP_sha384, EVP_sha512, EVP_dss1, EVP_mdc2, EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - EVP digest routines @@ -50,7 +50,6 @@ EVP digest routines const EVP_MD *EVP_md2(void); const EVP_MD *EVP_md5(void); const EVP_MD *EVP_sha1(void); - const EVP_MD *EVP_dss(void); const EVP_MD *EVP_dss1(void); const EVP_MD *EVP_mdc2(void); const EVP_MD *EVP_ripemd160(void); @@ -138,8 +137,8 @@ EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B structures for the MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2 and RIPEMD160 digest algorithms respectively. -EVP_dss() and EVP_dss1() return B structures for SHA and SHA1 digest -algorithms but using DSS (DSA) for the signature algorithm. Note: there is +EVP_dss1() returns B an structure the SHA1 digest +algorithm but using DSS (DSA) for the signature algorithm. Note: there is no need to use these pseudo-digests in OpenSSL 1.0.0 and later, they are however retained for compatibility. @@ -164,7 +163,7 @@ corresponding OBJECT IDENTIFIER or NID_undef if none exists. EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size() and EVP_MD_CTX_block_size() return the digest or block size in bytes. -EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss(), +EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the corresponding EVP_MD structures. @@ -269,7 +268,7 @@ EVP_MD_CTX_cleanup(), EVP_MD_CTX_destroy(), EVP_DigestInit_ex() and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7. EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha1(), -EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were +EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were changed to return truly const EVP_MD * in OpenSSL 0.9.7. The link between digests and signing algorithms was fixed in OpenSSL 1.0 and From rsalz at openssl.org Wed Jan 28 17:23:28 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 18:23:28 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128172329.0E6081DF118@butler.localdomain> The branch master has been updated via 49b05c7d503b26fea4aaa5dda9c30b181c8e46cf (commit) from 625a9baf11c1dd94f17e5876b6ee8d6271b3921d (commit) - Log ----------------------------------------------------------------- commit 49b05c7d503b26fea4aaa5dda9c30b181c8e46cf Author: Rich Salz Date: Wed Jan 28 12:23:01 2015 -0500 Rename index to idx to avoid symbol conflicts. Picky compilers with old index() string functions. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistz256.c | 110 +++++++++++++++++++++++----------------------- 1 file changed, 55 insertions(+), 55 deletions(-) diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 54a36c7..c50b845 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -116,13 +116,13 @@ void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS], const BN_ULONG in[P256_LIMBS]); /* Functions that perform constant time access to the precomputed tables */ void ecp_nistz256_scatter_w5(P256_POINT *val, - const P256_POINT *in_t, int index); + const P256_POINT *in_t, int idx); void ecp_nistz256_gather_w5(P256_POINT *val, - const P256_POINT *in_t, int index); + const P256_POINT *in_t, int idx); void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val, - const P256_POINT_AFFINE *in_t, int index); + const P256_POINT_AFFINE *in_t, int idx); void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val, - const P256_POINT_AFFINE *in_t, int index); + const P256_POINT_AFFINE *in_t, int idx); /* One converted into the Montgomery domain */ static const BN_ULONG ONE[P256_LIMBS] = { @@ -563,7 +563,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, int num, BN_CTX *ctx) { int i, j; - unsigned int index; + unsigned int idx; unsigned char (*p_str)[33] = NULL; const unsigned int window_size = 5; const unsigned int mask = (1 << (window_size + 1)) - 1; @@ -666,10 +666,10 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, ecp_nistz256_scatter_w5 (row, &temp[1], 16); } - index = 255; + idx = 255; - wvalue = p_str[0][(index - 1) / 8]; - wvalue = (wvalue >> ((index - 1) % 8)) & mask; + wvalue = p_str[0][(idx - 1) / 8]; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; /* * We gather to temp[0], because we know it's position relative @@ -678,12 +678,12 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1); memcpy(r, &temp[0], sizeof(temp[0])); - while (index >= 5) { - for (i = (index == 255 ? 1 : 0); i < num; i++) { - unsigned int off = (index - 1) / 8; + while (idx >= 5) { + for (i = (idx == 255 ? 1 : 0); i < num; i++) { + unsigned int off = (idx - 1) / 8; wvalue = p_str[i][off] | p_str[i][off + 1] << 8; - wvalue = (wvalue >> ((index - 1) % 8)) & mask; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; wvalue = _booth_recode_w5(wvalue); @@ -695,7 +695,7 @@ static void ecp_nistz256_windowed_mul(const EC_GROUP *group, ecp_nistz256_point_add(r, r, &temp[0]); } - index -= window_size; + idx -= window_size; ecp_nistz256_point_double(r, r); ecp_nistz256_point_double(r, r); @@ -943,7 +943,7 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, unsigned char sign1, digit1; unsigned char sign2, digit2; unsigned char sign3, digit3; - unsigned int index = 0; + unsigned int idx = 0; BN_ULONG tmp[P256_LIMBS]; int i; @@ -955,19 +955,19 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, /* Initial four windows */ wvalue = *((u16 *) & p_str[0]); wvalue = (wvalue << 1) & mask; - index += window_size; + idx += window_size; booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign3, &digit3, wvalue); ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[0], @@ -987,21 +987,21 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, ecp_nistz256_avx2_to_mont(&aX4[4 * 9], &aX4[4 * 9]); ecp_nistz256_avx2_set1(&aX4[4 * 9 * 2]); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign3, &digit3, wvalue); ecp_nistz256_avx2_multi_gather_w7(point_arr, preComputedTable[4 * 1], @@ -1023,21 +1023,21 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, ecp_nistz256_avx2_point_add_affines_x4(aX4, aX4, bX4); for (i = 2; i < 9; i++) { - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign0, &digit0, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign1, &digit1, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign2, &digit2, wvalue); - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; booth_recode_w7(&sign3, &digit3, wvalue); ecp_nistz256_avx2_multi_gather_w7(point_arr, @@ -1066,8 +1066,8 @@ static void ecp_nistz256_avx2_mul_g(P256_POINT *r, ecp_nistz256_avx2_convert_transpose_back(res_point_arr, aX4); /* Last window is performed serially */ - wvalue = *((u16 *) & p_str[(index - 1) / 8]); - wvalue = (wvalue >> ((index - 1) % 8)) & mask; + wvalue = *((u16 *) & p_str[(idx - 1) / 8]); + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; booth_recode_w7(&sign0, &digit0, wvalue); ecp_nistz256_gather_w7((P256_POINT_AFFINE *)r, preComputedTable[36], digit0); @@ -1129,7 +1129,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, const PRECOMP256_ROW *preComputedTable = NULL; const EC_PRE_COMP *pre_comp = NULL; const EC_POINT *generator = NULL; - unsigned int index = 0; + unsigned int idx = 0; const unsigned int window_size = 7; const unsigned int mask = (1 << (window_size + 1)) - 1; unsigned int wvalue; @@ -1249,7 +1249,7 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, { /* First window */ wvalue = (p_str[0] << 1) & mask; - index += window_size; + idx += window_size; wvalue = _booth_recode_w7(wvalue); @@ -1262,10 +1262,10 @@ static int ecp_nistz256_points_mul(const EC_GROUP *group, memcpy(p.p.Z, ONE, sizeof(ONE)); for (i = 1; i < 37; i++) { - unsigned int off = (index - 1) / 8; + unsigned int off = (idx - 1) / 8; wvalue = p_str[off] | p_str[off + 1] << 8; - wvalue = (wvalue >> ((index - 1) % 8)) & mask; - index += window_size; + wvalue = (wvalue >> ((idx - 1) % 8)) & mask; + idx += window_size; wvalue = _booth_recode_w7(wvalue); From rsalz at openssl.org Wed Jan 28 17:28:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 18:28:33 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128172833.DA8491DF118@butler.localdomain> The branch master has been updated via 31b446e212e2209d62e66a608e540716716430e4 (commit) from 49b05c7d503b26fea4aaa5dda9c30b181c8e46cf (commit) - Log ----------------------------------------------------------------- commit 31b446e212e2209d62e66a608e540716716430e4 Author: Rich Salz Date: Wed Jan 28 12:27:23 2015 -0500 Add missing declaration for lh_node_usage_stats Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/lhash/lhash.h | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/lhash/lhash.h b/crypto/lhash/lhash.h index cb01854..fb92317 100644 --- a/crypto/lhash/lhash.h +++ b/crypto/lhash/lhash.h @@ -181,6 +181,7 @@ unsigned long lh_num_items(const _LHASH *lh); # ifndef OPENSSL_NO_STDIO void lh_stats(const _LHASH *lh, FILE *fp); void lh_node_stats(const _LHASH *lh, FILE *fp); +void lh_node_usage_stats(const _LHASH *lh, FILE *fp); # endif void lh_stats_bio(const _LHASH *lh, BIO *out); void lh_node_stats_bio(const _LHASH *lh, BIO *out); From rsalz at openssl.org Wed Jan 28 19:56:25 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 20:56:25 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128195625.F3FE71DF118@butler.localdomain> The branch master has been updated via bff6986d9cf373cba053f5d4f5e80c6775536932 (commit) from 31b446e212e2209d62e66a608e540716716430e4 (commit) - Log ----------------------------------------------------------------- commit bff6986d9cf373cba053f5d4f5e80c6775536932 Author: Rich Salz Date: Wed Jan 28 14:53:04 2015 -0500 Remove support for opaque-prf An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Remove this vestige of the NSA playing ekr for a fool. :( Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 5 -- apps/s_client.c | 6 -- apps/s_server.c | 5 -- ssl/s3_lib.c | 53 ------------- ssl/ssl.h | 17 +--- ssl/ssl3.h | 9 --- ssl/ssl_lib.c | 2 - ssl/ssltest.c | 33 -------- ssl/t1_enc.c | 16 ---- ssl/t1_ext.c | 3 - ssl/t1_lib.c | 233 ------------------------------------------------------- ssl/t1_trce.c | 3 - ssl/tls1.h | 17 ---- 13 files changed, 3 insertions(+), 399 deletions(-) diff --git a/apps/s_cb.c b/apps/s_cb.c index 7227b19..eb89949 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -907,11 +907,6 @@ void tlsext_cb(SSL *s, int client_server, int type, extname = "renegotiation info"; break; -#ifdef TLSEXT_TYPE_opaque_prf_input - case TLSEXT_TYPE_opaque_prf_input: - extname = "opaque PRF input"; - break; -#endif #ifdef TLSEXT_TYPE_next_proto_neg case TLSEXT_TYPE_next_proto_neg: extname = "next protocol"; diff --git a/apps/s_client.c b/apps/s_client.c index 512c258..0fb4771 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1409,12 +1409,6 @@ int MAIN(int argc, char **argv) kssl_ctx_setstring(kctx, KSSL_SERVER, host); } #endif /* OPENSSL_NO_KRB5 */ -/* SSL_set_cipher_list(con,"RC4-MD5"); */ -#if 0 -# ifdef TLSEXT_TYPE_opaque_prf_input - SSL_set_tlsext_opaque_prf_input(con, "Test client", 11); -# endif -#endif re_start: #ifdef NO_SYS_UN_H diff --git a/apps/s_server.c b/apps/s_server.c index 48ac6b3..e6ea350 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2183,11 +2183,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_session_id_context(con, context, strlen((char *)context)); } SSL_clear(con); -#if 0 -# ifdef TLSEXT_TYPE_opaque_prf_input - SSL_set_tlsext_opaque_prf_input(con, "Test server", 11); -# endif -#endif if (stype == SOCK_DGRAM) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3a1377a..b85d9bf 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3244,13 +3244,6 @@ void ssl3_free(SSL *s) if (s == NULL) return; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); -#endif - ssl3_cleanup_key_block(s); if (s->s3->rbuf.buf != NULL) ssl3_release_read_buffer(s); @@ -3293,15 +3286,6 @@ void ssl3_clear(SSL *s) size_t rlen, wlen; int init_extra; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) - OPENSSL_free(s->s3->client_opaque_prf_input); - s->s3->client_opaque_prf_input = NULL; - if (s->s3->server_opaque_prf_input != NULL) - OPENSSL_free(s->s3->server_opaque_prf_input); - s->s3->server_opaque_prf_input = NULL; -#endif - ssl3_cleanup_key_block(s); if (s->s3->tmp.ca_names != NULL) sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); @@ -3554,30 +3538,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT: - if (larg > 12288) { /* actual internal limit is 2^16 for the - * complete hello message * (including the - * cert chain and everything) */ - SSLerr(SSL_F_SSL3_CTRL, SSL_R_OPAQUE_PRF_INPUT_TOO_LONG); - break; - } - if (s->tlsext_opaque_prf_input != NULL) - OPENSSL_free(s->tlsext_opaque_prf_input); - if ((size_t)larg == 0) - s->tlsext_opaque_prf_input = OPENSSL_malloc(1); /* dummy byte - * just to get - * non-NULL */ - else - s->tlsext_opaque_prf_input = BUF_memdup(parg, (size_t)larg); - if (s->tlsext_opaque_prf_input != NULL) { - s->tlsext_opaque_prf_input_len = (size_t)larg; - ret = 1; - } else - s->tlsext_opaque_prf_input_len = 0; - break; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE: s->tlsext_status_type = larg; ret = 1; @@ -4071,12 +4031,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return 1; } -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG: - ctx->tlsext_opaque_prf_input_callback_arg = parg; - return 1; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg = parg; return 1; @@ -4241,13 +4195,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; -# ifdef TLSEXT_TYPE_opaque_prf_input - case SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB: - ctx->tlsext_opaque_prf_input_callback = - (int (*)(SSL *, void *, size_t, void *))fp; - break; -# endif - case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB: ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp; break; diff --git a/ssl/ssl.h b/ssl/ssl.h index 5622860..0a6f4da 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1054,11 +1054,6 @@ struct ssl_ctx_st { /* Callback for status request */ int (*tlsext_status_cb) (SSL *ssl, void *arg); void *tlsext_status_arg; - - /* draft-rescorla-tls-opaque-prf-input-00.txt information */ - int (*tlsext_opaque_prf_input_callback) (SSL *, void *peerinput, - size_t len, void *arg); - void *tlsext_opaque_prf_input_callback_arg; # endif # ifndef OPENSSL_NO_PSK @@ -1573,12 +1568,6 @@ struct ssl_st { /* our list */ unsigned char *tlsext_ellipticcurvelist; # endif /* OPENSSL_NO_EC */ - /* - * draft-rescorla-tls-opaque-prf-input-00.txt information to be used for - * handshakes - */ - void *tlsext_opaque_prf_input; - size_t tlsext_opaque_prf_input_len; /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; /* TLS Session Ticket extension callback */ @@ -1861,9 +1850,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 # define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 # define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 -# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 # define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 6c7c439..23eb156 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -530,15 +530,6 @@ typedef struct ssl3_state_st { int total_renegotiations; int num_renegotiations; int in_read_app_data; - /* - * Opaque PRF input as used for the current handshake. These fields are - * used only if TLSEXT_TYPE_opaque_prf_input is defined (otherwise, they - * are merely present to improve binary compatibility) - */ - void *client_opaque_prf_input; - size_t client_opaque_prf_input_len; - void *server_opaque_prf_input; - size_t server_opaque_prf_input_len; struct { /* actually only needs to be 16+20 */ unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 59a871c..2a84ff2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -610,8 +610,6 @@ void SSL_free(SSL *s) if (s->tlsext_ellipticcurvelist) OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ - if (s->tlsext_opaque_prf_input) - OPENSSL_free(s->tlsext_opaque_prf_input); if (s->tlsext_ocsp_exts) sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 0b4df3e..b90f6fb 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -956,30 +956,6 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line) } } -#ifdef TLSEXT_TYPE_opaque_prf_input -struct cb_info_st { - void *input; - size_t len; - int ret; -}; -struct cb_info_st co1 = { "C", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st co2 = { "C", 1, 2 }; /* insist on oqaque PRF input */ -struct cb_info_st so1 = { "S", 1, 1 }; /* try to negotiate oqaque PRF input */ -struct cb_info_st so2 = { "S", 1, 2 }; /* insist on oqaque PRF input */ - -int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_) -{ - struct cb_info_st *arg = arg_; - - if (arg == NULL) - return 1; - - if (!SSL_set_tlsext_opaque_prf_input(ssl, arg->input, arg->len)) - return 0; - return arg->ret; -} -#endif - int main(int argc, char *argv[]) { char *CApath = NULL, *CAfile = NULL; @@ -1534,15 +1510,6 @@ int main(int argc, char *argv[]) SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); #endif -#ifdef TLSEXT_TYPE_opaque_prf_input - SSL_CTX_set_tlsext_opaque_prf_input_callback(c_ctx, opaque_prf_input_cb); - SSL_CTX_set_tlsext_opaque_prf_input_callback(s_ctx, opaque_prf_input_cb); - /* or &co2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(c_ctx, &co1); - /* or &so2 or NULL */ - SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(s_ctx, &so1); -#endif - if (!SSL_CTX_use_certificate_file(s_ctx, server_cert, SSL_FILETYPE_PEM)) { ERR_print_errors(bio_err); } else if (!SSL_CTX_use_PrivateKey_file(s_ctx, diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 693a1b0..3f4973e 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -1099,22 +1099,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, len); #endif /* KSSL_DEBUG */ -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL - && s->s3->server_opaque_prf_input != NULL - && s->s3->client_opaque_prf_input_len > 0 - && s->s3->client_opaque_prf_input_len == - s->s3->server_opaque_prf_input_len) { - co = s->s3->client_opaque_prf_input; - col = s->s3->server_opaque_prf_input_len; - so = s->s3->server_opaque_prf_input; - /* - * must be same as col (see - * draft-resc-00.txts-opaque-prf-input-00.txt, section 3.1) - */ - sol = s->s3->client_opaque_prf_input_len; - } -#endif tls1_PRF(ssl_get_algorithm2(s), TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE, diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 724ddf7..ce54f4f 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -284,9 +284,6 @@ int SSL_extension_supported(unsigned int ext_type) case TLSEXT_TYPE_srp: case TLSEXT_TYPE_status_request: case TLSEXT_TYPE_use_srtp: -# ifdef TLSEXT_TYPE_opaque_prf_input - case TLSEXT_TYPE_opaque_prf_input: -# endif # ifdef TLSEXT_TYPE_encrypt_then_mac case TLSEXT_TYPE_encrypt_then_mac: # endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6a1ed6a..9be7347 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1335,22 +1335,6 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, s2n(salglen, etmp); ret += salglen; } -# ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->client_opaque_prf_input != NULL) { - size_t col = s->s3->client_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - col) < 0) - return NULL; - if (col > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(col + 2, ret); - s2n(col, ret); - memcpy(ret, s->s3->client_opaque_prf_input, col); - ret += col; - } -# endif if (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp) { int i; @@ -1601,22 +1585,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_status_request, ret); s2n(0, ret); } -# ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input != NULL) { - size_t sol = s->s3->server_opaque_prf_input_len; - - if ((long)(limit - ret - 6 - sol) < 0) - return NULL; - if (sol > 0xFFFD) /* can't happen */ - return NULL; - - s2n(TLSEXT_TYPE_opaque_prf_input, ret); - s2n(sol + 2, ret); - s2n(sol, ret); - memcpy(ret, s->s3->server_opaque_prf_input, sol); - ret += sol; - } -# endif # ifndef OPENSSL_NO_SRTP if (SSL_IS_DTLS(s) && s->srtp_profile) { @@ -2154,37 +2122,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # endif } # endif /* OPENSSL_NO_EC */ -# ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input) { - unsigned char *sdata = data; - - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input_len != size - 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->client_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - } - - /* dummy byte just to get non-NULL */ - if (s->s3->client_opaque_prf_input_len == 0) - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); - else - s->s3->client_opaque_prf_input = - BUF_memdup(sdata, s->s3->client_opaque_prf_input_len); - if (s->s3->client_opaque_prf_input == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -# endif else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && !s->tls_session_ticket_ext_cb(s, data, size, @@ -2540,38 +2477,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, } s->tlsext_ticket_expected = 1; } -# ifdef TLSEXT_TYPE_opaque_prf_input - else if (type == TLSEXT_TYPE_opaque_prf_input) { - unsigned char *sdata = data; - - if (size < 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - n2s(sdata, s->s3->server_opaque_prf_input_len); - if (s->s3->server_opaque_prf_input_len != size - 2) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - - if (s->s3->server_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - } - if (s->s3->server_opaque_prf_input_len == 0) { - /* dummy byte just to get non-NULL */ - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); - } else { - s->s3->server_opaque_prf_input = - BUF_memdup(sdata, s->s3->server_opaque_prf_input_len); - } - - if (s->s3->server_opaque_prf_input == NULL) { - *al = TLS1_AD_INTERNAL_ERROR; - return 0; - } - } -# endif else if (type == TLSEXT_TYPE_status_request) { /* * MUST be empty and only sent if we've requested a status @@ -2745,51 +2650,6 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, int ssl_prepare_clienthello_tlsext(SSL *s) { -# ifdef TLSEXT_TYPE_opaque_prf_input - { - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, - s-> - ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) - return -1; - } - - if (s->tlsext_opaque_prf_input != NULL) { - if (s->s3->client_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->client_opaque_prf_input); - } - - if (s->tlsext_opaque_prf_input_len == 0) { - /* dummy byte just to get non-NULL */ - s->s3->client_opaque_prf_input = OPENSSL_malloc(1); - } else { - s->s3->client_opaque_prf_input = - BUF_memdup(s->tlsext_opaque_prf_input, - s->tlsext_opaque_prf_input_len); - } - if (s->s3->client_opaque_prf_input == NULL) { - SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT, - ERR_R_MALLOC_FAILURE); - return -1; - } - s->s3->client_opaque_prf_input_len = - s->tlsext_opaque_prf_input_len; - } - - if (r == 2) - /* - * at callback's request, insist on receiving an appropriate - * server opaque PRF input - */ - s->s3->server_opaque_prf_input_len = - s->tlsext_opaque_prf_input_len; - } -# endif - return 1; } @@ -2825,73 +2685,6 @@ static int ssl_check_clienthello_tlsext_early(SSL *s) s-> initial_ctx->tlsext_servername_arg); -# ifdef TLSEXT_TYPE_opaque_prf_input - { - /* - * This sort of belongs into ssl_prepare_serverhello_tlsext(), but we - * might be sending an alert in response to the client hello, so this - * has to happen here in ssl_check_clienthello_tlsext_early(). - */ - - int r = 1; - - if (s->ctx->tlsext_opaque_prf_input_callback != 0) { - r = s->ctx->tlsext_opaque_prf_input_callback(s, NULL, 0, - s-> - ctx->tlsext_opaque_prf_input_callback_arg); - if (!r) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - } - - if (s->s3->server_opaque_prf_input != NULL) { - /* shouldn't really happen */ - OPENSSL_free(s->s3->server_opaque_prf_input); - } - s->s3->server_opaque_prf_input = NULL; - - if (s->tlsext_opaque_prf_input != NULL) { - if (s->s3->client_opaque_prf_input != NULL && - s->s3->client_opaque_prf_input_len == - s->tlsext_opaque_prf_input_len) { - /* - * can only use this extension if we have a server opaque PRF - * input of the same length as the client opaque PRF input! - */ - - if (s->tlsext_opaque_prf_input_len == 0) { - /* dummy byte just to get non-NULL */ - s->s3->server_opaque_prf_input = OPENSSL_malloc(1); - } else { - s->s3->server_opaque_prf_input = - BUF_memdup(s->tlsext_opaque_prf_input, - s->tlsext_opaque_prf_input_len); - } - if (s->s3->server_opaque_prf_input == NULL) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_INTERNAL_ERROR; - goto err; - } - s->s3->server_opaque_prf_input_len = - s->tlsext_opaque_prf_input_len; - } - } - - if (r == 2 && s->s3->server_opaque_prf_input == NULL) { - /* - * The callback wants to enforce use of the extension, but we - * can't do that with the client opaque PRF input; abort the - * handshake. - */ - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - } - - err: -# endif switch (ret) { case SSL_TLSEXT_ERR_ALERT_FATAL: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -3057,32 +2850,6 @@ int ssl_check_serverhello_tlsext(SSL *s) s-> initial_ctx->tlsext_servername_arg); -# ifdef TLSEXT_TYPE_opaque_prf_input - if (s->s3->server_opaque_prf_input_len > 0) { - /* - * This case may indicate that we, as a client, want to insist on - * using opaque PRF inputs. So first verify that we really have a - * value from the server too. - */ - - if (s->s3->server_opaque_prf_input == NULL) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_HANDSHAKE_FAILURE; - } - - /* - * Anytime the server *has* sent an opaque PRF input, we need to - * check that we have a client opaque PRF input of the same size. - */ - if (s->s3->client_opaque_prf_input == NULL || - s->s3->client_opaque_prf_input_len != - s->s3->server_opaque_prf_input_len) { - ret = SSL_TLSEXT_ERR_ALERT_FATAL; - al = SSL_AD_ILLEGAL_PARAMETER; - } - } -# endif - /* * If we've requested certificate status and we wont get one tell the * callback diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 49b767f..26160ed 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -361,9 +361,6 @@ static ssl_trace_tbl ssl_exts_tbl[] = { {TLSEXT_TYPE_use_srtp, "use_srtp"}, {TLSEXT_TYPE_heartbeat, "heartbeat"}, {TLSEXT_TYPE_session_ticket, "session_ticket"}, -# ifdef TLSEXT_TYPE_opaque_prf_input - {TLSEXT_TYPE_opaque_prf_input, "opaque_prf_input"}, -# endif {TLSEXT_TYPE_renegotiate, "renegotiate"}, {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"}, {TLSEXT_TYPE_padding, "padding"} diff --git a/ssl/tls1.h b/ssl/tls1.h index 91c2cce..1f756a4 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -254,16 +254,6 @@ extern "C" { /* ExtensionType value from RFC4507 */ # define TLSEXT_TYPE_session_ticket 35 -/* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */ -# if 0 -/* - * will have to be provided externally for now , - * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183 - * using whatever extension number you'd like to try - */ -# define TLSEXT_TYPE_opaque_prf_input ?? -# endif - /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 @@ -394,13 +384,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) # define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) -# define SSL_set_tlsext_opaque_prf_input(s, src, len) \ -SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT, len, src) -# define SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb) \ -SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB, (void (*)(void))cb) -# define SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg) \ -SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg) - # define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) From rsalz at openssl.org Wed Jan 28 20:37:24 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 21:37:24 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128203724.956E21DF118@butler.localdomain> The branch master has been updated discards bff6986d9cf373cba053f5d4f5e80c6775536932 (commit) via 68fd6dce73e07cb9a5944e8667455f2f9a80d52e (commit) This update added new revisions after undoing existing revisions. That is to say, the old revision is not a strict subset of the new revision. This situation occurs when you --force push a change and generate a repository containing something like this: * -- * -- B -- O -- O -- O (bff6986d9cf373cba053f5d4f5e80c6775536932) \ N -- N -- N (68fd6dce73e07cb9a5944e8667455f2f9a80d52e) When this happens we assume that you've already had alert emails for all of the O revisions, and so we here report only the revisions in the N branch from the common base, B. - Log ----------------------------------------------------------------- commit 68fd6dce73e07cb9a5944e8667455f2f9a80d52e Author: Rich Salz Date: Wed Jan 28 14:53:04 2015 -0500 Remove support for opaque-prf An expired IETF Internet-Draft (seven years old) that nobody implements, and probably just as good as NSA DRBG work. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: From rsalz at openssl.org Wed Jan 28 20:41:51 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 28 Jan 2015 21:41:51 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128204151.4FF5D1DF118@butler.localdomain> The branch master has been updated via 537bf4381b0db3436e8ef8daff65e39e8593eecf (commit) from 68fd6dce73e07cb9a5944e8667455f2f9a80d52e (commit) - Log ----------------------------------------------------------------- commit 537bf4381b0db3436e8ef8daff65e39e8593eecf Author: Rich Salz Date: Wed Jan 28 15:41:14 2015 -0500 Fix int/unsigned compiler complaint Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 1635421..fecf765 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -527,7 +527,7 @@ static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr, { IPAddressFamily *f; unsigned char key[3]; - unsigned keylen; + int keylen; int i; key[0] = (afi >> 8) & 0xFF; From matt at openssl.org Wed Jan 28 22:55:42 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 28 Jan 2015 23:55:42 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150128225542.308431DF118@butler.localdomain> The branch master has been updated via 7317192c645f24dfdb0c8340b871bc045454f8f4 (commit) from 537bf4381b0db3436e8ef8daff65e39e8593eecf (commit) - Log ----------------------------------------------------------------- commit 7317192c645f24dfdb0c8340b871bc045454f8f4 Author: Matt Caswell Date: Wed Jan 28 13:01:44 2015 +0000 Fix various windows compilation issues Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/sha/Makefile | 2 +- ms/test.bat | 4 ---- ms/testce.bat | 4 ---- util/mkdef.pl | 2 +- 4 files changed, 2 insertions(+), 10 deletions(-) diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index c72bba6..17dcbc8 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -18,7 +18,7 @@ ASFLAGS= $(INCLUDES) $(ASFLAG) AFLAGS= $(ASFLAGS) GENERAL=Makefile -TEST=shatest.c sha1test.c sha256t.c sha512t.c +TEST=sha1test.c sha256t.c sha512t.c APPS= LIB=$(TOP)/libcrypto.a diff --git a/ms/test.bat b/ms/test.bat index d0b6060..e8b7ae2 100755 --- a/ms/test.bat +++ b/ms/test.bat @@ -23,10 +23,6 @@ echo bftest bftest if errorlevel 1 goto done -echo shatest -shatest -if errorlevel 1 goto done - echo sha1test sha1test if errorlevel 1 goto done diff --git a/ms/testce.bat b/ms/testce.bat index 8de94a4..9b309e4 100644 --- a/ms/testce.bat +++ b/ms/testce.bat @@ -32,10 +32,6 @@ echo bftest call %test%\testce2 bftest if errorlevel 1 goto done -echo shatest -call %test%\testce2 shatest -if errorlevel 1 goto done - echo sha1test call %test%\testce2 sha1test if errorlevel 1 goto done diff --git a/util/mkdef.pl b/util/mkdef.pl index b67d14b..faed402 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -140,7 +140,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ocb; From levitte at openssl.org Thu Jan 29 04:34:58 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 29 Jan 2015 05:34:58 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150129043458.874541DF118@butler.localdomain> The branch master has been updated via c6ef15c494e49ecc505156c8063474b20e29ef6a (commit) from 7317192c645f24dfdb0c8340b871bc045454f8f4 (commit) - Log ----------------------------------------------------------------- commit c6ef15c494e49ecc505156c8063474b20e29ef6a Author: Richard Levitte Date: Thu Jan 29 01:54:09 2015 +0100 clang on Linux x86_64 complains about unreachable code. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/pkcs12.c | 1 - crypto/asn1/asn1_gen.c | 2 -- crypto/asn1/asn_mime.c | 1 - crypto/asn1/bio_asn1.c | 1 - crypto/asn1/tasn_dec.c | 1 - crypto/asn1/tasn_enc.c | 3 --- crypto/bf/bftest.c | 1 - crypto/bio/bss_dgram.c | 1 - crypto/bn/bntest.c | 1 - crypto/bn/exptest.c | 1 - crypto/cast/casttest.c | 1 - crypto/cms/cms_env.c | 2 -- crypto/dh/dhtest.c | 1 - crypto/dsa/dsatest.c | 1 - crypto/ecdh/ecdhtest.c | 1 - crypto/evp/evp_enc.c | 1 - crypto/evp/evp_pkey.c | 2 -- crypto/evp/evp_test.c | 1 - crypto/hmac/hmactest.c | 1 - crypto/idea/ideatest.c | 1 - crypto/md4/md4test.c | 1 - crypto/md5/md5test.c | 1 - crypto/mdc2/mdc2test.c | 1 - crypto/ocsp/ocsp_ht.c | 2 -- crypto/pkcs12/p12_kiss.c | 2 -- crypto/rand/randtest.c | 1 - crypto/rc2/rc2test.c | 1 - crypto/rc4/rc4test.c | 1 - crypto/ripemd/rmdtest.c | 1 - crypto/x509v3/pcy_tree.c | 2 +- engines/ccgost/gost_ameth.c | 2 -- engines/ccgost/gost_pmeth.c | 6 ------ ssl/s3_lib.c | 7 ------- ssl/ssl_rsa.c | 2 +- ssl/ssltest.c | 1 - 35 files changed, 2 insertions(+), 54 deletions(-) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0de46f0..3c06930 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -892,7 +892,6 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, i2a_ASN1_OBJECT(bio_err, bag->type); BIO_printf(bio_err, "\n"); return 1; - break; } return 1; } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 87066e8..9735cb5 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -419,7 +419,6 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); ERR_add_error_data(2, "Char=", erch); return 0; - break; } } else @@ -769,7 +768,6 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) default: ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); goto bad_str; - break; } atmp->type = utype; diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 7aae022..97e5b34 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -246,7 +246,6 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) case NID_id_GostR3411_94: BIO_puts(out, "gostr3411-94"); goto err; - break; default: if (have_unknown) diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index 60189b3..0b4fd1d 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -422,7 +422,6 @@ static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2) BIO_clear_retry_flags(b); return 0; } - break; default: if (!b->next_bio) diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 4595664..abdeba4 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -206,7 +206,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); - break; case ASN1_ITYPE_MSTRING: p = *in; diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index f04a689..bc9429c 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -147,7 +147,6 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, return asn1_template_ex_i2d(pval, out, it->templates, tag, aclass); return asn1_i2d_ex_primitive(pval, out, it, tag, aclass); - break; case ASN1_ITYPE_MSTRING: return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); @@ -608,7 +607,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, case V_ASN1_BIT_STRING: return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, cout ? &cout : NULL); - break; case V_ASN1_INTEGER: case V_ASN1_NEG_INTEGER: @@ -618,7 +616,6 @@ int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, * These are all have the same content format as ASN1_INTEGER */ return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); - break; case V_ASN1_OCTET_STRING: case V_ASN1_NUMERICSTRING: diff --git a/crypto/bf/bftest.c b/crypto/bf/bftest.c index 0b008f0..e581bf5 100644 --- a/crypto/bf/bftest.c +++ b/crypto/bf/bftest.c @@ -294,7 +294,6 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", ret); # endif EXIT(ret); - return (0); } static int print_test_data(void) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 885b969..7373597 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -686,7 +686,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_DGRAM_GET_MTU: return data->mtu; - break; case BIO_CTRL_DGRAM_SET_MTU: data->mtu = num; ret = num; diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index e03c808..4d109d8 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -353,7 +353,6 @@ int main(int argc, char *argv[]) ERR_load_crypto_strings(); ERR_print_errors_fp(stderr); EXIT(1); - return (1); } int test_add(BIO *bp) diff --git a/crypto/bn/exptest.c b/crypto/bn/exptest.c index bf96c5b..2da8dc2 100644 --- a/crypto/bn/exptest.c +++ b/crypto/bn/exptest.c @@ -254,5 +254,4 @@ int main(int argc, char *argv[]) printf("ERROR\n"); #endif EXIT(1); - return (1); } diff --git a/crypto/cast/casttest.c b/crypto/cast/casttest.c index dc31bc6..9c6614b 100644 --- a/crypto/cast/casttest.c +++ b/crypto/cast/casttest.c @@ -236,6 +236,5 @@ int main(int argc, char *argv[]) # endif EXIT(err); - return (err); } #endif diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 93c06cb..624c3f2 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -832,11 +832,9 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) case CMS_RECIPINFO_KEK: return cms_RecipientInfo_kekri_encrypt(cms, ri); - break; case CMS_RECIPINFO_PASS: return cms_RecipientInfo_pwri_crypt(cms, ri, 1); - break; default: CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT, diff --git a/crypto/dh/dhtest.c b/crypto/dh/dhtest.c index 988322a..9bb9a00 100644 --- a/crypto/dh/dhtest.c +++ b/crypto/dh/dhtest.c @@ -211,7 +211,6 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", ret); # endif EXIT(ret); - return (ret); } static int cb(int p, int n, BN_GENCB *arg) diff --git a/crypto/dsa/dsatest.c b/crypto/dsa/dsatest.c index ed3b24a..9b13089 100644 --- a/crypto/dsa/dsatest.c +++ b/crypto/dsa/dsatest.c @@ -228,7 +228,6 @@ int main(int argc, char **argv) printf("ERROR\n"); # endif EXIT(!ret); - return (0); } static int dsa_cb(int p, int n, BN_GENCB *arg) diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 04b0cf3..5aed2b1 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -543,7 +543,6 @@ int main(int argc, char *argv[]) ERR_remove_thread_state(NULL); CRYPTO_mem_leaks_fp(stderr); EXIT(ret); - return (ret); } # if 0 diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 1113518..3d40b04 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -227,7 +227,6 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, default: return 0; - break; } } diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 6a45629..52c9a86 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -152,13 +152,11 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) case PKCS8_OK: p8->broken = PKCS8_OK; return p8; - break; case PKCS8_NO_OCTET: p8->broken = PKCS8_NO_OCTET; p8->pkey->type = V_ASN1_SEQUENCE; return p8; - break; default: EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index 597b9fe..b356131 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -126,7 +126,6 @@ static unsigned char *ustrsep(char **p, const char *sep) static int test1_exit(int ec) { EXIT(ec); - return (0); /* To keep some compilers quiet */ } /* Test copying of contexts */ diff --git a/crypto/hmac/hmactest.c b/crypto/hmac/hmactest.c index 3d130a0..492f5c5 100644 --- a/crypto/hmac/hmactest.c +++ b/crypto/hmac/hmactest.c @@ -150,7 +150,6 @@ int main(int argc, char *argv[]) } # endif /* OPENSSL_NO_MD5 */ EXIT(err); - return (0); } # ifndef OPENSSL_NO_MD5 diff --git a/crypto/idea/ideatest.c b/crypto/idea/ideatest.c index a967dd5..dd5d9ff 100644 --- a/crypto/idea/ideatest.c +++ b/crypto/idea/ideatest.c @@ -173,7 +173,6 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", err); # endif EXIT(err); - return (err); } static int cfb64_test(unsigned char *cfb_cipher) diff --git a/crypto/md4/md4test.c b/crypto/md4/md4test.c index 59f23bb..9c82eb0 100644 --- a/crypto/md4/md4test.c +++ b/crypto/md4/md4test.c @@ -118,7 +118,6 @@ int main(int argc, char *argv[]) P++; } EXIT(err); - return (0); } static char *pt(unsigned char *md) diff --git a/crypto/md5/md5test.c b/crypto/md5/md5test.c index 0d0ab2d..3016ee3 100644 --- a/crypto/md5/md5test.c +++ b/crypto/md5/md5test.c @@ -123,7 +123,6 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", err); # endif EXIT(err); - return (0); } static char *pt(unsigned char *md) diff --git a/crypto/mdc2/mdc2test.c b/crypto/mdc2/mdc2test.c index 8416252..a0d77a3 100644 --- a/crypto/mdc2/mdc2test.c +++ b/crypto/mdc2/mdc2test.c @@ -141,6 +141,5 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", ret); # endif EXIT(ret); - return (ret); } #endif diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 446882d..aca0d48 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -508,8 +508,6 @@ int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) rctx->state = OHS_DONE; return 1; - break; - case OHS_DONE: return 1; diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index ee476c3..4fd8b8c 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -287,11 +287,9 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, case NID_safeContentsBag: return parse_bags(bag->value.safes, pass, passlen, pkey, ocerts); - break; default: return 1; - break; } return 1; } diff --git a/crypto/rand/randtest.c b/crypto/rand/randtest.c index 3c2628c..267752e 100644 --- a/crypto/rand/randtest.c +++ b/crypto/rand/randtest.c @@ -195,5 +195,4 @@ int main(int argc, char **argv) printf("ERROR: %d\n", err); #endif EXIT(err); - return (err); } diff --git a/crypto/rc2/rc2test.c b/crypto/rc2/rc2test.c index f7eae13..ae57e56 100644 --- a/crypto/rc2/rc2test.c +++ b/crypto/rc2/rc2test.c @@ -147,7 +147,6 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", err); # endif EXIT(err); - return (err); } #endif diff --git a/crypto/rc4/rc4test.c b/crypto/rc4/rc4test.c index e2bfbfa..a1f96e4 100644 --- a/crypto/rc4/rc4test.c +++ b/crypto/rc4/rc4test.c @@ -230,6 +230,5 @@ int main(int argc, char *argv[]) printf("ERROR: %d\n", err); # endif EXIT(err); - return (0); } #endif diff --git a/crypto/ripemd/rmdtest.c b/crypto/ripemd/rmdtest.c index 86054c7..b0ebb12 100644 --- a/crypto/ripemd/rmdtest.c +++ b/crypto/ripemd/rmdtest.c @@ -128,7 +128,6 @@ int main(int argc, char *argv[]) P++; } EXIT(err); - return (0); } static char *pt(unsigned char *md) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 8d02092..d4b550e 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -530,7 +530,7 @@ static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr) } } - return 1; + /* Unreachable */ } diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index fc4d2e2..ad8480d 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -189,7 +189,6 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) if (!dsa->priv_key) return NULL; return dsa->priv_key; - break; } case NID_id_GostR3410_2001: { @@ -201,7 +200,6 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) if (!(priv = EC_KEY_get0_private_key(ec))) return NULL; return (BIGNUM *)priv; - break; } } return NULL; diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index eb63d42..f1220e8 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -86,7 +86,6 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) pctx->md = (EVP_MD *)p2; return 1; } - break; case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = pctx->md; @@ -150,7 +149,6 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx, break; default: return 0; - break; } } else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X')) { @@ -166,7 +164,6 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx, break; default: return 0; - break; } } else { R3410_params *p = R3410_paramset; @@ -214,7 +211,6 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx, break; default: return 0; - break; } } else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X')) { @@ -227,7 +223,6 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx, break; default: return 0; - break; } } else { R3410_2001_params *p = R3410_2001_paramset; @@ -454,7 +449,6 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) data->md = (EVP_MD *)p2; return 1; } - break; case EVP_PKEY_CTRL_GET_MD: *(const EVP_MD **)p2 = data->md; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b85d9bf..7a07a24 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3434,7 +3434,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } - break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: @@ -3471,7 +3470,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } - break; case SSL_CTRL_SET_DH_AUTO: s->cert->dh_tmp_auto = larg; return 1; @@ -3508,7 +3506,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } - break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: @@ -3927,7 +3924,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } - break; #endif #ifndef OPENSSL_NO_DH case SSL_CTRL_SET_TMP_DH: @@ -3964,7 +3960,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } - break; case SSL_CTRL_SET_DH_AUTO: ctx->cert->dh_tmp_auto = larg; return 1; @@ -4003,7 +3998,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } - break; #endif /* !OPENSSL_NO_ECDH */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: @@ -4034,7 +4028,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG: ctx->tlsext_status_arg = parg; return 1; - break; # ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index d046020..723da6e 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -798,7 +798,7 @@ static int serverinfo_find_extension(const unsigned char *serverinfo, serverinfo += len; serverinfo_length -= len; } - return 0; /* Error */ + /* Unreachable */ } static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type, diff --git a/ssl/ssltest.c b/ssl/ssltest.c index b90f6fb..fb78aea 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1771,7 +1771,6 @@ int main(int argc, char *argv[]) if (bio_err != NULL) BIO_free(bio_err); EXIT(ret); - return ret; } int doit_biopair(SSL *s_ssl, SSL *c_ssl, long count, From rsalz at openssl.org Thu Jan 29 17:10:10 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 29 Jan 2015 18:10:10 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150129171010.30EE51DF118@butler.localdomain> The branch master has been updated via 33fc38ff8e2cb8723f7b116de3f8923c4f4eb9d5 (commit) from c6ef15c494e49ecc505156c8063474b20e29ef6a (commit) - Log ----------------------------------------------------------------- commit 33fc38ff8e2cb8723f7b116de3f8923c4f4eb9d5 Author: Rich Salz Date: Thu Jan 29 12:09:14 2015 -0500 Make output consistency: remove blank line When you use "-s" in the make flag, you see that engines outputs a blank line because EDIRS isn't set. This is a debug echo that isn't needed. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: engines/Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/engines/Makefile b/engines/Makefile index ffd36f0..a2882e3 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -83,7 +83,6 @@ e_padlock-x86_64.s: asm/e_padlock-x86_64.pl $(PERL) asm/e_padlock-x86_64.pl $(PERLASM_SCHEME) > $@ subdirs: - echo $(EDIRS) @target=all; $(RECURSIVE_MAKE) files: From rsalz at openssl.org Fri Jan 30 03:10:27 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 30 Jan 2015 04:10:27 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130031027.BDE131DF118@butler.localdomain> The branch master has been updated via 4d428cd2504c7ef03bc9672ecf2862eaedb3d87e (commit) from 33fc38ff8e2cb8723f7b116de3f8923c4f4eb9d5 (commit) - Log ----------------------------------------------------------------- commit 4d428cd2504c7ef03bc9672ecf2862eaedb3d87e Author: Rich Salz Date: Thu Jan 29 21:38:57 2015 -0500 Dead code removal: #if 0 bio, comp, rand The start of removing dead code. A remaining #if 0 in bss_conn.c needs more thought. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bio/b_sock.c | 220 +----------------------------------------------- crypto/bio/bf_buff.c | 4 - crypto/bio/bf_lbuf.c | 21 ----- crypto/bio/bss_dgram.c | 42 +++------ crypto/bio/bss_sock.c | 6 -- crypto/comp/c_zlib.c | 113 ------------------------- crypto/rand/rand_win.c | 10 --- 7 files changed, 12 insertions(+), 404 deletions(-) diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 7f7a68c..ca485d9 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -94,23 +94,7 @@ static int wsa_init_done = 0; # define WSAAPI # endif -# if 0 -static unsigned long BIO_ghbn_hits = 0L; -static unsigned long BIO_ghbn_miss = 0L; - -# define GHBN_NUM 4 -static struct ghbn_cache_st { - char name[129]; - struct hostent *ent; - unsigned long order; -} ghbn_cache[GHBN_NUM]; -# endif - static int get_ip(const char *str, unsigned char *ip); -# if 0 -static void ghbn_free(struct hostent *a); -static struct hostent *ghbn_dup(struct hostent *a); -# endif int BIO_get_host_ip(const char *str, unsigned char *ip) { int i; @@ -207,10 +191,6 @@ int BIO_get_port(const char *str, unsigned short *port_ptr) *port_ptr = 21; else if (strcmp(str, "gopher") == 0) *port_ptr = 70; -# if 0 - else if (strcmp(str, "wais") == 0) - *port_ptr = 21; -# endif else { SYSerr(SYS_F_GETSERVBYNAME, get_last_socket_error()); ERR_add_error_data(3, "service='", str, "'"); @@ -244,208 +224,16 @@ int BIO_sock_error(int sock) return (j); } -# if 0 -long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) -{ - int i; - char **p; - - switch (cmd) { - case BIO_GHBN_CTRL_HITS: - return (BIO_ghbn_hits); - /* break; */ - case BIO_GHBN_CTRL_MISSES: - return (BIO_ghbn_miss); - /* break; */ - case BIO_GHBN_CTRL_CACHE_SIZE: - return (GHBN_NUM); - /* break; */ - case BIO_GHBN_CTRL_GET_ENTRY: - if ((iarg >= 0) && (iarg < GHBN_NUM) && (ghbn_cache[iarg].order > 0)) { - p = (char **)parg; - if (p == NULL) - return (0); - *p = ghbn_cache[iarg].name; - ghbn_cache[iarg].name[128] = '\0'; - return (1); - } - return (0); - /* break; */ - case BIO_GHBN_CTRL_FLUSH: - for (i = 0; i < GHBN_NUM; i++) - ghbn_cache[i].order = 0; - break; - default: - return (0); - } - return (1); -} -# endif - -# if 0 -static struct hostent *ghbn_dup(struct hostent *a) -{ - struct hostent *ret; - int i, j; - - MemCheck_off(); - ret = (struct hostent *)OPENSSL_malloc(sizeof(struct hostent)); - if (ret == NULL) - return (NULL); - memset(ret, 0, sizeof(struct hostent)); - - for (i = 0; a->h_aliases[i] != NULL; i++) ; - i++; - ret->h_aliases = (char **)OPENSSL_malloc(i * sizeof(char *)); - if (ret->h_aliases == NULL) - goto err; - memset(ret->h_aliases, 0, i * sizeof(char *)); - - for (i = 0; a->h_addr_list[i] != NULL; i++) ; - i++; - ret->h_addr_list = (char **)OPENSSL_malloc(i * sizeof(char *)); - if (ret->h_addr_list == NULL) - goto err; - memset(ret->h_addr_list, 0, i * sizeof(char *)); - - j = strlen(a->h_name) + 1; - if ((ret->h_name = OPENSSL_malloc(j)) == NULL) - goto err; - memcpy((char *)ret->h_name, a->h_name, j); - for (i = 0; a->h_aliases[i] != NULL; i++) { - j = strlen(a->h_aliases[i]) + 1; - if ((ret->h_aliases[i] = OPENSSL_malloc(j)) == NULL) - goto err; - memcpy(ret->h_aliases[i], a->h_aliases[i], j); - } - ret->h_length = a->h_length; - ret->h_addrtype = a->h_addrtype; - for (i = 0; a->h_addr_list[i] != NULL; i++) { - if ((ret->h_addr_list[i] = OPENSSL_malloc(a->h_length)) == NULL) - goto err; - memcpy(ret->h_addr_list[i], a->h_addr_list[i], a->h_length); - } - if (0) { - err: - if (ret != NULL) - ghbn_free(ret); - ret = NULL; - } - MemCheck_on(); - return (ret); -} - -static void ghbn_free(struct hostent *a) -{ - int i; - - if (a == NULL) - return; - - if (a->h_aliases != NULL) { - for (i = 0; a->h_aliases[i] != NULL; i++) - OPENSSL_free(a->h_aliases[i]); - OPENSSL_free(a->h_aliases); - } - if (a->h_addr_list != NULL) { - for (i = 0; a->h_addr_list[i] != NULL; i++) - OPENSSL_free(a->h_addr_list[i]); - OPENSSL_free(a->h_addr_list); - } - if (a->h_name != NULL) - OPENSSL_free(a->h_name); - OPENSSL_free(a); -} - -# endif - struct hostent *BIO_gethostbyname(const char *name) { -# if 1 /* * Caching gethostbyname() results forever is wrong, so we have to let * the true gethostbyname() worry about this */ -# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) +# if (defined(NETWARE_BSDSOCK) && !defined(__NOVELL_LIBC__)) return gethostbyname((char *)name); -# else - return gethostbyname(name); -# endif # else - struct hostent *ret; - int i, lowi = 0, j; - unsigned long low = (unsigned long)-1; - -# if 0 - /* - * It doesn't make sense to use locking here: The function interface is - * not thread-safe, because threads can never be sure when some other - * thread destroys the data they were given a pointer to. - */ - CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); -# endif - j = strlen(name); - if (j < 128) { - for (i = 0; i < GHBN_NUM; i++) { - if (low > ghbn_cache[i].order) { - low = ghbn_cache[i].order; - lowi = i; - } - if (ghbn_cache[i].order > 0) { - if (strncmp(name, ghbn_cache[i].name, 128) == 0) - break; - } - } - } else - i = GHBN_NUM; - - if (i == GHBN_NUM) { /* no hit */ - BIO_ghbn_miss++; - /* - * Note: under VMS with SOCKETSHR, it seems like the first parameter - * is 'char *', instead of 'const char *' - */ -# ifndef CONST_STRICT - ret = gethostbyname((char *)name); -# else - ret = gethostbyname(name); -# endif - - if (ret == NULL) - goto end; - if (j > 128) { /* too big to cache */ -# if 0 - /* - * If we were trying to make this function thread-safe (which is - * bound to fail), we'd have to give up in this case (or allocate - * more memory). - */ - ret = NULL; -# endif - goto end; - } - - /* else add to cache */ - if (ghbn_cache[lowi].ent != NULL) - ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ - ghbn_cache[lowi].name[0] = '\0'; - - if ((ret = ghbn_cache[lowi].ent = ghbn_dup(ret)) == NULL) { - BIOerr(BIO_F_BIO_GETHOSTBYNAME, ERR_R_MALLOC_FAILURE); - goto end; - } - strncpy(ghbn_cache[lowi].name, name, 128); - ghbn_cache[lowi].order = BIO_ghbn_miss + BIO_ghbn_hits; - } else { - BIO_ghbn_hits++; - ret = ghbn_cache[i].ent; - ghbn_cache[i].order = BIO_ghbn_miss + BIO_ghbn_hits; - } - end: -# if 0 - CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); -# endif - return (ret); + return gethostbyname(name); # endif } @@ -505,10 +293,6 @@ void BIO_sock_cleanup(void) # ifdef OPENSSL_SYS_WINDOWS if (wsa_init_done) { wsa_init_done = 0; -# if 0 /* this call is claimed to be non-present in - * Winsock2 */ - WSACancelBlockingCall(); -# endif WSACleanup(); } # elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK) diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 478fa16..0e998d6 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -414,10 +414,6 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) if (ctx->obuf_len > 0) { r = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len); -#if 0 - fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off, - ctx->obuf_len, r); -#endif BIO_copy_next_retry(b); if (r <= 0) return ((long)r); diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index 46d0d5a..3b75b7e 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -198,25 +198,16 @@ static int linebuffer_write(BIO *b, const char *in, int inl) num += i; } } -#if 0 - BIO_write(b->next_bio, "<*<", 3); -#endif i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); if (i <= 0) { ctx->obuf_len = orig_olen; BIO_copy_next_retry(b); -#if 0 - BIO_write(b->next_bio, ">*>", 3); -#endif if (i < 0) return ((num > 0) ? num : i); if (i == 0) return (num); } -#if 0 - BIO_write(b->next_bio, ">*>", 3); -#endif if (i < ctx->obuf_len) memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); ctx->obuf_len -= i; @@ -227,23 +218,14 @@ static int linebuffer_write(BIO *b, const char *in, int inl) * if a NL was found and there is anything to write. */ if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) { -#if 0 - BIO_write(b->next_bio, "<*<", 3); -#endif i = BIO_write(b->next_bio, in, p - in); if (i <= 0) { BIO_copy_next_retry(b); -#if 0 - BIO_write(b->next_bio, ">*>", 3); -#endif if (i < 0) return ((num > 0) ? num : i); if (i == 0) return (num); } -#if 0 - BIO_write(b->next_bio, ">*>", 3); -#endif num += i; in += i; inl -= i; @@ -330,9 +312,6 @@ static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_clear_retry_flags(b); if (ctx->obuf_len > 0) { r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); -#if 0 - fprintf(stderr, "FLUSH %3d -> %3d\n", ctx->obuf_len, r); -#endif BIO_copy_next_retry(b); if (r <= 0) return ((long)r); diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 7373597..0767809 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -449,13 +449,6 @@ static int dgram_write(BIO *b, const char *in, int inl) if (BIO_dgram_should_retry(ret)) { BIO_set_retry_write(b); data->_errno = get_last_socket_error(); - -# if 0 /* higher layers are responsible for querying - * MTU, if necessary */ - if (data->_errno == EMSGSIZE) - /* retrieve the new MTU */ - BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL); -# endif } } return (ret); @@ -559,28 +552,19 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) break; case BIO_CTRL_DGRAM_CONNECT: to = (struct sockaddr *)ptr; -# if 0 - if (connect(b->num, to, sizeof(struct sockaddr)) < 0) { - perror("connect"); - ret = 0; - } else { -# endif - switch (to->sa_family) { - case AF_INET: - memcpy(&data->peer, to, sizeof(data->peer.sa_in)); - break; + switch (to->sa_family) { + case AF_INET: + memcpy(&data->peer, to, sizeof(data->peer.sa_in)); + break; # if OPENSSL_USE_IPV6 - case AF_INET6: - memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); - break; + case AF_INET6: + memcpy(&data->peer, to, sizeof(data->peer.sa_in6)); + break; # endif - default: - memcpy(&data->peer, to, sizeof(data->peer.sa)); - break; - } -# if 0 + default: + memcpy(&data->peer, to, sizeof(data->peer.sa)); + break; } -# endif break; /* (Linux)kernel sets DF bit on outgoing IP packets */ case BIO_CTRL_DGRAM_MTU_DISCOVER: @@ -1992,12 +1976,6 @@ int BIO_dgram_non_fatal_error(int err) # if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: # endif - -# if 0 /* This appears to always be an error */ -# if defined(WSAENOTCONN) - case WSAENOTCONN: -# endif -# endif # endif # ifdef EWOULDBLOCK diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 6194d2c..5a73e81 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -233,12 +233,6 @@ int BIO_sock_non_fatal_error(int err) # if defined(WSAEWOULDBLOCK) case WSAEWOULDBLOCK: # endif - -# if 0 /* This appears to always be an error */ -# if defined(WSAENOTCONN) - case WSAENOTCONN: -# endif -# endif # endif # ifdef EWOULDBLOCK diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 6731af8..c3b064c 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -49,28 +49,6 @@ static void zlib_zfree(void *opaque, void *address) OPENSSL_free(address); } -# if 0 -static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); -static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); - -static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, - uLong sourceLen); - -static COMP_METHOD zlib_stateless_method = { - NID_zlib_compression, - LN_zlib_compression, - NULL, - NULL, - zlib_compress_block, - zlib_expand_block, - NULL, - NULL, -}; -# endif static COMP_METHOD zlib_stateful_method = { NID_zlib_compression, @@ -247,97 +225,6 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out, return olen - state->istream.avail_out; } -# if 0 -static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) -{ - unsigned long l; - int i; - int clear = 1; - - if (ilen > 128) { - out[0] = 1; - l = olen - 1; - i = compress(&(out[1]), &l, in, (unsigned long)ilen); - if (i != Z_OK) - return (-1); - if (ilen > l) { - clear = 0; - l++; - } - } - if (clear) { - out[0] = 0; - memcpy(&(out[1]), in, ilen); - l = ilen + 1; - } -# ifdef DEBUG_ZLIB - fprintf(stderr, "compress(%4d)->%4d %s\n", - ilen, (int)l, (clear) ? "clear" : "zlib"); -# endif - return ((int)l); -} - -static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) -{ - unsigned long l; - int i; - - if (in[0]) { - l = olen; - i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1); - if (i != Z_OK) - return (-1); - } else { - memcpy(out, &(in[1]), ilen - 1); - l = ilen - 1; - } -# ifdef DEBUG_ZLIB - fprintf(stderr, "expand (%4d)->%4d %s\n", - ilen, (int)l, in[0] ? "zlib" : "clear"); -# endif - return ((int)l); -} - -static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source, - uLong sourceLen) -{ - z_stream stream; - int err; - - stream.next_in = (Bytef *)source; - stream.avail_in = (uInt) sourceLen; - /* Check for source > 64K on 16-bit machine: */ - if ((uLong) stream.avail_in != sourceLen) - return Z_BUF_ERROR; - - stream.next_out = dest; - stream.avail_out = (uInt) * destLen; - if ((uLong) stream.avail_out != *destLen) - return Z_BUF_ERROR; - - stream.zalloc = (alloc_func) 0; - stream.zfree = (free_func) 0; - - err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream)); - if (err != Z_OK) - return err; - - err = inflate(&stream, Z_FINISH); - if (err != Z_STREAM_END) { - inflateEnd(&stream); - return err; - } - *destLen = stream.total_out; - - err = inflateEnd(&stream); - return err; -} -# endif - #endif COMP_METHOD *COMP_zlib(void) diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 06670ae..eeb5e9c 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -303,9 +303,6 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), 0); good = 1; -# if 0 - printf("randomness from PROV_RSA_FULL\n"); -# endif } release(hProvider, 0); } @@ -315,9 +312,6 @@ int RAND_poll(void) if (gen(hProvider, sizeof(buf), buf) != 0) { RAND_add(buf, sizeof(buf), sizeof(buf)); good = 1; -# if 0 - printf("randomness from PROV_INTEL_SEC\n"); -# endif } release(hProvider, 0); } @@ -573,10 +567,6 @@ int RAND_poll(void) w = GetCurrentProcessId(); RAND_add(&w, sizeof(w), 1); -# if 0 - printf("Exiting RAND_poll\n"); -# endif - return (1); } From levitte at openssl.org Fri Jan 30 03:57:44 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 30 Jan 2015 04:57:44 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130035744.E8A011DF118@butler.localdomain> The branch master has been updated via be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6 (commit) from 4d428cd2504c7ef03bc9672ecf2862eaedb3d87e (commit) - Log ----------------------------------------------------------------- commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6 Author: Richard Levitte Date: Fri Jan 30 04:44:17 2015 +0100 dso_vms needs to add the .EXE extension if there is none already Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso_vms.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 14d885d..8793f7e 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -172,6 +172,7 @@ static int vms_load(DSO *dso) # endif /* __INITIAL_POINTER_SIZE == 64 */ const char *sp1, *sp2; /* Search result */ + const char *ext = NULL; /* possible extension to add */ if (filename == NULL) { DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); @@ -214,11 +215,19 @@ static int vms_load(DSO *dso) /* Now, let's see if there's a type, and save the position in sp2 */ sp2 = strchr(sp1, '.'); /* + * If there is a period and the next character is a semi-colon, + * we need to add an extension + */ + if (sp2 != NULL && sp2[1] == ';') + ext = ".EXE"; + /* * If we found it, that's where we'll cut. Otherwise, look for a version * number and save the position in sp2 */ - if (sp2 == NULL) + if (sp2 == NULL) { sp2 = strchr(sp1, ';'); + ext = ".EXE"; + } /* * If there was still nothing to find, set sp2 to point at the end of the * string @@ -244,6 +253,11 @@ static int vms_load(DSO *dso) strncpy(p->imagename, filename, sp1 - filename); p->imagename[sp1 - filename] = '\0'; + if (ext) { + strcat(p->imagename, ext); + if (*sp2 == '.') + sp2++; + } strcat(p->imagename, sp2); p->filename_dsc.dsc$w_length = strlen(p->filename); From levitte at openssl.org Fri Jan 30 04:03:46 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 30 Jan 2015 05:03:46 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150130040346.2D76D1DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via bc1544d8c550bccd34fa1efb6c7132e5bafd5939 (commit) from 6ca1dc97372ca07c1a223c15de98323f5b25c329 (commit) - Log ----------------------------------------------------------------- commit bc1544d8c550bccd34fa1efb6c7132e5bafd5939 Author: Richard Levitte Date: Fri Jan 30 04:44:17 2015 +0100 dso_vms needs to add the .EXE extension if there is none already Reviewed-by: Rich Salz (cherry picked from commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6) ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso_vms.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 14d885d..8793f7e 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -172,6 +172,7 @@ static int vms_load(DSO *dso) # endif /* __INITIAL_POINTER_SIZE == 64 */ const char *sp1, *sp2; /* Search result */ + const char *ext = NULL; /* possible extension to add */ if (filename == NULL) { DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); @@ -214,11 +215,19 @@ static int vms_load(DSO *dso) /* Now, let's see if there's a type, and save the position in sp2 */ sp2 = strchr(sp1, '.'); /* + * If there is a period and the next character is a semi-colon, + * we need to add an extension + */ + if (sp2 != NULL && sp2[1] == ';') + ext = ".EXE"; + /* * If we found it, that's where we'll cut. Otherwise, look for a version * number and save the position in sp2 */ - if (sp2 == NULL) + if (sp2 == NULL) { sp2 = strchr(sp1, ';'); + ext = ".EXE"; + } /* * If there was still nothing to find, set sp2 to point at the end of the * string @@ -244,6 +253,11 @@ static int vms_load(DSO *dso) strncpy(p->imagename, filename, sp1 - filename); p->imagename[sp1 - filename] = '\0'; + if (ext) { + strcat(p->imagename, ext); + if (*sp2 == '.') + sp2++; + } strcat(p->imagename, sp2); p->filename_dsc.dsc$w_length = strlen(p->filename); From levitte at openssl.org Fri Jan 30 04:04:02 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 30 Jan 2015 05:04:02 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <20150130040402.C83D11DF118@butler.localdomain> The branch OpenSSL_1_0_1-stable has been updated via 81ce20e6ac1d3298bfff8bd059007968f05115e0 (commit) from 324a9774928c362083ab581cbc9052ac0b787283 (commit) - Log ----------------------------------------------------------------- commit 81ce20e6ac1d3298bfff8bd059007968f05115e0 Author: Richard Levitte Date: Fri Jan 30 04:44:17 2015 +0100 dso_vms needs to add the .EXE extension if there is none already Reviewed-by: Rich Salz (cherry picked from commit be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6) ----------------------------------------------------------------------- Summary of changes: crypto/dso/dso_vms.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 14d885d..8793f7e 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -172,6 +172,7 @@ static int vms_load(DSO *dso) # endif /* __INITIAL_POINTER_SIZE == 64 */ const char *sp1, *sp2; /* Search result */ + const char *ext = NULL; /* possible extension to add */ if (filename == NULL) { DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME); @@ -214,11 +215,19 @@ static int vms_load(DSO *dso) /* Now, let's see if there's a type, and save the position in sp2 */ sp2 = strchr(sp1, '.'); /* + * If there is a period and the next character is a semi-colon, + * we need to add an extension + */ + if (sp2 != NULL && sp2[1] == ';') + ext = ".EXE"; + /* * If we found it, that's where we'll cut. Otherwise, look for a version * number and save the position in sp2 */ - if (sp2 == NULL) + if (sp2 == NULL) { sp2 = strchr(sp1, ';'); + ext = ".EXE"; + } /* * If there was still nothing to find, set sp2 to point at the end of the * string @@ -244,6 +253,11 @@ static int vms_load(DSO *dso) strncpy(p->imagename, filename, sp1 - filename); p->imagename[sp1 - filename] = '\0'; + if (ext) { + strcat(p->imagename, ext); + if (*sp2 == '.') + sp2++; + } strcat(p->imagename, sp2); p->filename_dsc.dsc$w_length = strlen(p->filename); From levitte at openssl.org Fri Jan 30 13:46:22 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 30 Jan 2015 14:46:22 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130134622.A8EC81DF118@butler.localdomain> The branch master has been updated via 4fdde1aa0c2146342a279dc11757e4e566248d6b (commit) via e00ab250c878f7a7f0ae908a6305cebf6883a244 (commit) via 09ebad72dffe74933a5d5976bfb191d9dd041a89 (commit) via 36ed7adfbc2230dbc5db926c3e667a1ff491e8c1 (commit) via 36759bb75152cece52bcf3b514e4336036deb6d3 (commit) via 132536f96e1baba466baa7323c0d74bd7948dd5b (commit) via c168a027cfe1459e946dade4179938f34894fe1d (commit) from be7b1097e28ff6d49f0d4b7ab8b036d6da87ebc6 (commit) - Log ----------------------------------------------------------------- commit 4fdde1aa0c2146342a279dc11757e4e566248d6b Author: Richard Levitte Date: Fri Jan 30 14:30:25 2015 +0100 Update on the use of logical names for OpenSSL configuration Reviewed-by: Andy Polyakov commit e00ab250c878f7a7f0ae908a6305cebf6883a244 Author: Richard Levitte Date: Fri Jan 30 12:36:13 2015 +0100 VMS exit codes weren't handled well enough and were unclear Making a specific variable $failure_code and a bit of commenting in the VMS section should help clear things up. Reviewed-by: Andy Polyakov commit 09ebad72dffe74933a5d5976bfb191d9dd041a89 Author: Richard Levitte Date: Thu Jan 29 14:36:27 2015 +0100 VMS adjustments: Add missing crypto modules and files to copy to crypto/install-crypto.com Reviewed-by: Andy Polyakov commit 36ed7adfbc2230dbc5db926c3e667a1ff491e8c1 Author: Richard Levitte Date: Thu Jan 29 14:35:46 2015 +0100 VMS adjustments: test/cms-test.pl adjusted to handle NL: instead of /dev/null on VMS Reviewed-by: Andy Polyakov commit 36759bb75152cece52bcf3b514e4336036deb6d3 Author: Richard Levitte Date: Thu Jan 29 14:27:21 2015 +0100 VMS build changes crypto/crypto-lib.com: Remove all APPS building, as they are gone. Depend on the variable SDIRS that's defined by makevms.com. Remake the whole partial module list mechanism to check for variables with a counter. Define the logical name INTERNAL to allow for '#include "internal/foo.h"'. makevms.com: Define SDIRS, to allow for removal of crypto modules and pass that information to crypto/crypto-lib.com. Allow for experimental modules. Update the allowed things to disable. Update the things disabled by default to match Configure. Update headers to be copied. Reviewed-by: Andy Polyakov commit 132536f96e1baba466baa7323c0d74bd7948dd5b Author: Richard Levitte Date: Thu Jan 29 13:13:28 2015 +0100 VMS adjustments: catch up with the Unix build. A number of new tests, among others test/tocsp.com Define INTERNAL in ssl/ssl-lib.com to allow for '#include "internal/foo.h"' Reviewed-by: Andy Polyakov commit c168a027cfe1459e946dade4179938f34894fe1d Author: Richard Levitte Date: Thu Jan 29 13:07:53 2015 +0100 VMS adjustments: Add new symbols that are longer than 31 chars to symhacks. VMS doesn't have , reflect that in e_os.h. MS_CALLBACK has been removed, ssl_task.c needs adjustment. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: INSTALL.VMS | 26 ++-- crypto/crypto-lib.com | 287 ++++++++++++++++----------------------------- crypto/install-crypto.com | 10 +- crypto/symhacks.h | 24 ++++ e_os.h | 1 + engines/makeengines.com | 24 ++-- makevms.com | 162 ++++++++++++++++++------- ssl/ssl-lib.com | 17 ++- ssl/ssl_task.c | 4 +- test/cms-test.pl | 25 +++- test/maketests.com | 86 ++++++++------ test/tests.com | 103 ++++++++++------ test/tocsp.com | 165 ++++++++++++++++++++++++++ 13 files changed, 586 insertions(+), 348 deletions(-) create mode 100644 test/tocsp.com diff --git a/INSTALL.VMS b/INSTALL.VMS index 6a50e6f..7c530a1 100644 --- a/INSTALL.VMS +++ b/INSTALL.VMS @@ -130,15 +130,23 @@ Currently, the logical names supported are: OPENSSL_NO_ASM with value YES, the assembler parts of OpenSSL will not be used. Instead, plain C implementations are used. This is good to try if something doesn't work. - OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm - will not be implemented. Supported algorithms to - do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD, - SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC, - SSL3. So, for example, having the logical name - OPENSSL_NO_RSA with the value YES means that the - LIBCRYPTO.OLB library will not contain an RSA - implementation. - + OPENSSL_NO_'alg' with value YES, the corresponding crypto algorithm, + protocol or other routine will not be implemented if + disabling it is supported. Supported algorithms to + do this with are: AES, BF, CAMELLIA, CAST, CMS, COMP, + DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE, + ERR, GOST, HEARTBEATS, HMAC, IDEA, KRB5, MD2, MD4, + MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP, + SEED, SOCK, SRP, SRTP, TLSEXT, WHIRLPOOL. So, for + example, having the logical name OPENSSL_NO_RSA with + the value YES means that the LIBCRYPTO.OLB library + will not contain an RSA implementation. + OPENSSL_EXPERIMENTAL_'alg' + with value YES, the corresponding experimental + algorithm is enabled. Note that is also requires + the application using this to define the C macro + OPENSSL_EXPERIMENTAL_'alg'. Supported algorithms + to do this with are: JPAKE, STORE. Test: ===== diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 4db5063..84ca96e 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -19,7 +19,6 @@ $! Specify the following as P1 to build just that part or ALL to just $! build everything. $! $! LIBRARY To just compile the [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library. -$! APPS To just compile the [.xxx.EXE.CRYPTO]*.EXE $! ALL To do both LIBRARY and APPS $! $! Specify DEBUG or NODEBUG as P2 to compile with or without debugger @@ -102,22 +101,35 @@ $ LIB32 = "32" $ OPT_FILE = "" $ POINTER_SIZE = "" $! -$! Define The Different Encryption Types. -$! NOTE: Some might think this list ugly. However, it's made this way to -$! reflect the SDIRS variable in [-]Makefile.org as closely as possible, -$! thereby making it fairly easy to verify that the lists are the same. -$! -$ ET_WHIRLPOOL = "WHRLPOOL" -$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = "" -$ ENCRYPT_TYPES = "Basic,"+ - - "OBJECTS,"+ - - "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ - - "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - - "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ - - "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - - "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC" +$! Check if there's a SDIRS variable defined +$! +$ IF "''SDIRS'" .NES. "" +$ THEN +$! +$! If SDIRS was defined, define ENCRYPT_TYPES from it +$! +$ ENCRYPT_TYPES = "Basic,''SDIRS'" +$! +$! Otherwise +$! +$ ELSE +$! +$! Define The Different Encryption Types. +$! NOTE: Some might think this list ugly. However, it's made this way to +$! reflect the SDIRS variable in [-]Makefile.org as closely as possible, +$! thereby making it fairly easy to verify that the lists are the same. +$! +$ ET_WHIRLPOOL = "WHRLPOOL" +$ IF ARCH .EQS. "VAX" THEN ET_WHIRLPOOL = "" +$ ENCRYPT_TYPES = "Basic,"+ - + "OBJECTS,"+ - + "MD2,MD4,MD5,SHA,MDC2,HMAC,RIPEMD,"+ET_WHIRLPOOL+","+ - + "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - + "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - + "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - + "EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - + "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC" +$ ENDIF $! $! Check To Make Sure We Have Valid Command Line Parameters. $! @@ -204,16 +216,14 @@ $ GOSUB CHECK_OPT_FILE $! $! Define The Different Encryption "library" Strings. $! -$ APPS_DES = "DES/DES,CBC3_ENC" -$ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE" -$ $ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ - "ebcdic,uid,o_time,o_str,o_dir,thr_id,lock,fips_ers,"+ - "o_init,o_fips" +$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" $ LIB_MD2 = "md2_dgst,md2_one" $ LIB_MD4 = "md4_dgst,md4_one" $ LIB_MD5 = "md5_dgst,md5_one" -$ LIB_SHA = "sha_dgst,sha1dgst,sha_one,sha1_one,sha256,sha512" +$ LIB_SHA = "sha1dgst,sha1_one,sha256,sha512" $ LIB_MDC2 = "mdc2dgst,mdc2_one" $ LIB_HMAC = "hmac,hm_ameth,hm_pmeth" $ LIB_RIPEMD = "rmd_dgst,rmd_one" @@ -224,18 +234,19 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ - "ofb_enc,str2key,pcbc_enc,qud_cksm,rand_key,"+ - "des_enc,fcrypt_b,"+ - "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ - - "ede_cbcm_enc,des_old,des_old2,read2pwd" + "des_old,des_old2,read2pwd" +$ LIB_AES = "aes_misc,aes_ecb,aes_cfb,aes_ofb,aes_ige,aes_wrap,"+ - + "aes_core,aes_cbc" $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64" -$ LIB_RC4 = "rc4_skey,rc4_enc" +$ LIB_RC4 = "rc4_enc,rc4_skey" $ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64" $ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey" $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64" $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64" -$ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ - - "cmll_cfb,cmll_ctr" +$ LIB_CAMELLIA = "cmll_ecb,cmll_ofb,cmll_cfb,cmll_ctr,camellia,cmll_misc,cmll_cbc" $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb" $ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ - - "ccm128,xts128" + "ccm128,xts128,wrap128,ocb128" $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper" $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN - LIB_BN_ASM = "bn_asm" @@ -243,7 +254,7 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ - "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ - "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ - "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ - - "bn_depr,bn_const,bn_x931p" + "bn_depr,bn_const,bn_x931p,bn_intern,bn_dh,bn_srp" $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ - "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ - "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ - @@ -257,45 +268,42 @@ $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ - "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn" $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err" $ LIB_DH = "dh_asn1,dh_gen,dh_key,dh_lib,dh_check,dh_err,dh_depr,"+ - - "dh_ameth,dh_pmeth,dh_prn,dh_rfc5114" -$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err" + "dh_ameth,dh_pmeth,dh_prn,dh_rfc5114,dh_kdf" +$ LIB_ECDH = "ech_lib,ech_ossl,ech_key,ech_err,ech_kdf" $ LIB_DSO = "dso_dl,dso_dlfcn,dso_err,dso_lib,dso_null,"+ - - "dso_openssl,dso_win32,dso_vms,dso_beos" + "dso_openssl,dso_win32,dso_vms" $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ - "eng_table,eng_pkey,eng_fat,eng_all,"+ - "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ - "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ - - "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ - - "eng_rsax,eng_rdrand" -$ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,"+ - - "aes_ige,aes_wrap" + "eng_openssl,eng_cnf,eng_dyn,eng_cryptodev,"+ - + "eng_rdrand" $ LIB_BUFFER = "buffer,buf_str,buf_err" $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ - "bss_mem,bss_null,bss_fd,"+ - "bss_file,bss_sock,bss_conn,"+ - "bf_null,bf_buff,b_print,b_dump,"+ - - "b_sock,bss_acpt,bf_nbio,bss_rtcp,bss_bio,bss_log,"+ - + "b_sock,bss_acpt,bf_nbio,bss_log,bss_bio,"+ - "bss_dgram,"+ - - "bf_lbuf" + "bf_lbuf,bss_rtcp" ! The last two are VMS specific $ LIB_STACK = "stack" $ LIB_LHASH = "lhash,lh_stats" $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ - - "rand_vms" + "rand_win,rand_unix,rand_vms,rand_os2,rand_nw" $ LIB_ERR = "err,err_all,err_prn" -$ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref" -$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ - +$ LIB_EVP_1 = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ - "e_des,e_bf,e_idea,e_des3,e_camellia,"+ - "e_rc4,e_aes,names,e_seed,"+ - "e_xcbc_d,e_rc2,e_cast,e_rc5" -$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + - - "m_dss,m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - +$ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha1,m_wp," + - + "m_dss1,m_mdc2,m_ripemd,m_ecdsa,"+ - "p_open,p_seal,p_sign,p_verify,p_lib,p_enc,p_dec,"+ - "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ - "c_all,c_allc,c_alld,evp_lib,bio_ok,"+- "evp_pkey,evp_pbe,p5_crpt,p5_crpt2" $ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,"+ - - "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5" -$ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - + "e_aes_cbc_hmac_sha1,e_aes_cbc_hmac_sha256,e_rc4_hmac_md5" +$ LIB_ASN1_1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ - "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ - "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ - "x_algor,x_val,x_pubkey,x_sig,x_req,x_attrib,x_bignum,"+ - @@ -307,7 +315,8 @@ $ LIB_ASN1_2 = "t_req,t_x509,t_x509a,t_crl,t_pkey,t_spki,t_bitst,"+ - "f_int,f_string,n_pkey,"+ - "f_enum,x_pkey,a_bool,x_exten,bio_asn1,bio_ndef,asn_mime,"+ - "asn1_gen,asn1_par,asn1_lib,asn1_err,a_bytes,a_strnid,"+ - - "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid" + "evp_asn1,asn_pack,p5_pbe,p5_pbev2,p8_pkey,asn_moid,"+ - + "asn_mstbl" $ LIB_PEM = "pem_sign,pem_seal,pem_info,pem_lib,pem_all,pem_err,"+ - "pem_x509,pem_xaux,pem_oth,pem_pk8,pem_pkey,pvkfmt" $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - @@ -338,7 +347,7 @@ $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT $ LIB_KRB5 = "krb5_asn" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ - - "cms_pwri" + "cms_pwri,cms_kari" $ LIB_PQUEUE = "pqueue" $ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ - "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ - @@ -383,8 +392,6 @@ $! $! Extract The Module Name From The Encryption List. $! $ MODULE_NAME = F$ELEMENT(MODULE_COUNTER,",",ENCRYPT_TYPES) -$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = "" -$ MODULE_NAME1 = MODULE_NAME $! $! Check To See If We Are At The End Of The Module List. $! @@ -402,121 +409,71 @@ $! $! Increment The Moudle Counter. $! $ MODULE_COUNTER = MODULE_COUNTER + 1 +$ +$ IF MODULE_NAME.EQS."" THEN GOTO MODULE_NEXT +$ MODULE_NAME1 = MODULE_NAME +$ IF MODULE_NAME.EQS."Basic" THEN MODULE_NAME = "" $! -$! Create The Library and Apps Module Names. +$! Check if the library module name actually is defined $! -$ LIB_MODULE = "LIB_" + MODULE_NAME -$ APPS_MODULE = "APPS_" + MODULE_NAME -$ IF (F$EXTRACT(0,5,MODULE_NAME).EQS."ASN1_") -$ THEN -$ MODULE_NAME = "ASN1" -$ ENDIF -$ IF (F$EXTRACT(0,4,MODULE_NAME).EQS."EVP_") +$ PART_COUNTER = -1 +$ IF F$TYPE(LIB_'MODULE_NAME'_1) .NES. "" $ THEN -$ MODULE_NAME = "EVP" +$ PART_COUNTER = 1 +$ ELSE +$ IF F$TYPE(LIB_'MODULE_NAME') .EQS. "" +$ THEN +$ WRITE SYS$ERROR "" +$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..." +$ WRITE SYS$ERROR "" +$ GOTO MODULE_NEXT +$ ENDIF $ ENDIF $! -$! Set state (can be LIB and APPS) +$! Tell The User What Module We Are Building. $! -$ STATE = "LIB" -$ IF BUILDALL .EQS. "APPS" THEN STATE = "APPS" +$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,")" $! -$! Check if the library module name actually is defined +$! Create The Library Module Names. $! -$ IF F$TYPE('LIB_MODULE') .EQS. "" +$ PART_NEXT: +$ IF PART_COUNTER .EQ. 0 THEN GOTO MODULE_NEXT +$ +$ IF PART_COUNTER .LT. 0 $ THEN -$ WRITE SYS$ERROR "" -$ WRITE SYS$ERROR "The module ",MODULE_NAME1," does not exist. Continuing..." -$ WRITE SYS$ERROR "" -$ GOTO MODULE_NEXT +$ LIB_MODULE = "LIB_" + MODULE_NAME +$ ELSE +$ LIB_MODULE = "LIB_" + MODULE_NAME + "_''PART_COUNTER'" $ ENDIF $! -$! Top Of The Module Loop. +$! If there are no more parts, go to the next module $! -$ MODULE_AGAIN: +$ IF F$TYPE('LIB_MODULE') .EQS. "" THEN GOTO MODULE_NEXT $! -$! Tell The User What Module We Are Building. +$! Increment The Counter. $! -$ IF (MODULE_NAME1.NES."") -$ THEN -$ IF STATE .EQS. "LIB" -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Library Files. (",BUILDALL,",",STATE,")" -$ ELSE IF F$TYPE('APPS_MODULE') .NES. "" -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",MODULE_NAME1," Applications. (",BUILDALL,",",STATE,")" -$ ENDIF -$ ENDIF -$ ENDIF +$ PART_COUNTER = PART_COUNTER + 1 $! $! Define A File Counter And Set It To "0". $! $ FILE_COUNTER = 0 -$ APPLICATION = "" -$ APPLICATION_COUNTER = 0 $! $! Top Of The File Loop. $! $ NEXT_FILE: $! -$! Look in the LIB_MODULE is we're in state LIB -$! -$ IF STATE .EQS. "LIB" -$ THEN -$! -$! O.K, Extract The File Name From The File List. -$! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE') +$! Extract The File Name From The File List. $! -$! else -$! -$ ELSE -$ FILE_NAME = "," -$! -$ IF F$TYPE('APPS_MODULE') .NES. "" -$ THEN -$! -$! Extract The File Name From The File List. -$! This part is a bit more complicated. -$! -$ IF APPLICATION .EQS. "" -$ THEN -$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE') -$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1 -$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION) -$ APPLICATION = F$ELEMENT(0,"/",APPLICATION) -$ FILE_COUNTER = 0 -$ ENDIF -$ -$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*" -$! SHOW SYMBOL APPLICATION* -$! -$ IF APPLICATION .NES. ";" -$ THEN -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",APPLICATION_OBJECTS) -$ IF FILE_NAME .EQS. "," -$ THEN -$ APPLICATION = "" -$ GOTO NEXT_FILE -$ ENDIF -$ ENDIF -$ ENDIF -$ ENDIF +$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",'LIB_MODULE') $! $! Check To See If We Are At The End Of The File List. $! $ IF (FILE_NAME.EQS.",") $ THEN $! -$! We Are At The End Of The File List, Change State Or Goto FILE_DONE. +$! We Are At The End Of The File List, Goto FILE_DONE. $! -$ IF STATE .EQS. "LIB" .AND. BUILDALL .NES. "LIBRARY" -$ THEN -$ STATE = "APPS" -$ GOTO MODULE_AGAIN -$ ELSE -$ GOTO FILE_DONE -$ ENDIF +$ GOTO FILE_DONE $! $! End The File List Check. $! @@ -566,14 +523,7 @@ $ ENDIF $! $! Tell The User We Are Compiling The File. $! -$ IF (MODULE_NAME.EQS."") -$ THEN -$ WRITE SYS$OUTPUT "Compiling The ",FILE_NAME," File. (",BUILDALL,",",STATE,")" -$ ENDIF -$ IF (MODULE_NAME.NES."") -$ THEN -$ WRITE SYS$OUTPUT " ",FILE_NAME,"" -$ ENDIF +$ WRITE SYS$OUTPUT " ",FILE_NAME,"" $! $! Compile The File. $! @@ -634,17 +584,14 @@ $ ENDIF $ ENDIF $ ENDIF $ ENDIF -$ IF STATE .EQS. "LIB" -$ THEN $! -$! Add It To The Library. +$! Add It To The Library. $! -$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE' +$ LIBRARY/REPLACE 'LIB_NAME' 'OBJECT_FILE' $! -$! Time To Clean Up The Object File. +$! Time To Clean Up The Object File. $! -$ DELETE 'OBJECT_FILE';* -$ ENDIF +$ DELETE 'OBJECT_FILE';* $! $! Go Back And Do It Again. $! @@ -654,47 +601,9 @@ $! All Done With This Library Part. $! $ FILE_DONE: $! -$! Time To Build Some Applications -$! -$ IF F$TYPE('APPS_MODULE') .NES. "" .AND. BUILDALL .NES. "LIBRARY" -$ THEN -$ APPLICATION_COUNTER = 0 -$ NEXT_APPLICATION: -$ APPLICATION = F$ELEMENT(APPLICATION_COUNTER,";",'APPS_MODULE') -$ IF APPLICATION .EQS. ";" THEN GOTO APPLICATION_DONE -$ -$ APPLICATION_COUNTER = APPLICATION_COUNTER + 1 -$ APPLICATION_OBJECTS = F$ELEMENT(1,"/",APPLICATION) -$ APPLICATION = F$ELEMENT(0,"/",APPLICATION) -$ -$! WRITE SYS$OUTPUT "DEBUG: SHOW SYMBOL APPLICATION*" -$! SHOW SYMBOL APPLICATION* -$! -$! Tell the user what happens -$! -$ WRITE SYS$OUTPUT " ",APPLICATION,".exe" -$! -$! Link The Program. -$! -$ ON ERROR THEN GOTO NEXT_APPLICATION -$! -$! Link With A TCP/IP Library. -$! -$ LINK /'DEBUGGER' /'LINKMAP' /'TRACEBACK' - - /EXE='EXE_DIR''APPLICATION'.EXE - - 'OBJ_DIR''APPLICATION_OBJECTS', - - 'CRYPTO_LIB'/LIBRARY - - 'TCPIP_LIB' - - 'ZLIB_LIB' - - ,'OPT_FILE' /OPTIONS -$! -$ GOTO NEXT_APPLICATION -$ APPLICATION_DONE: -$ ENDIF -$! -$! Go Back And Get The Next Module. +$! Go Back And Get The Next Part. $! -$ GOTO MODULE_NEXT +$ GOTO PART_NEXT $! $! All Done With This Module. $! @@ -851,7 +760,7 @@ $ ELSE $! $! Else, Check To See If P1 Has A Valid Argument. $! -$ IF (P1.EQS."LIBRARY").OR.(P1.EQS."APPS") +$ IF (P1.EQS."LIBRARY") $ THEN $! $! A Valid Argument. @@ -869,7 +778,6 @@ $ WRITE SYS$OUTPUT "The Option ",P1," Is Invalid. The Valid Options Are:" $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " ALL : Just Build Everything." $ WRITE SYS$OUTPUT " LIBRARY : To Compile Just The [.xxx.EXE.CRYPTO]LIBCRYPTO.OLB Library." -$ WRITE SYS$OUTPUT " APPS : To Compile Just The [.xxx.EXE.CRYPTO]*.EXE Programs." $ WRITE SYS$OUTPUT "" $ WRITE SYS$OUTPUT " Where 'xxx' Stands For:" $ WRITE SYS$OUTPUT "" @@ -1493,10 +1401,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A $ __HERE = F$EDIT(__HERE,"UPCASE") $ __TOP = __HERE - "CRYPTO]" $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" +$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]" $! $! Set up the logical name OPENSSL to point at the include directory $! $ DEFINE OPENSSL/NOLOG '__INCLUDE' +$ DEFINE INTERNAL/NOLOG '__INTERNAL' $! $! Done $! @@ -1509,6 +1419,7 @@ $! $ IF __SAVE_OPENSSL .EQS. "" $ THEN $ DEASSIGN OPENSSL +$ DEASSIGN INTERNAL $ ELSE $ DEFINE/NOLOG OPENSSL '__SAVE_OPENSSL' $ ENDIF diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com index 85b3d58..e57b2ee 100755 --- a/crypto/install-crypto.com +++ b/crypto/install-crypto.com @@ -76,12 +76,12 @@ $ sdirs := , - 'archd', - objects, - md2, md4, md5, sha, mdc2, hmac, ripemd, whrlpool, - - des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, - + des, aes, rc2, rc4, rc5, idea, bf, cast, camellia, seed, modes, - bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, - buffer, bio, stack, lhash, rand, err, - evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, - ui, krb5, - - store, cms, pqueue, ts, jpake + cms, pqueue, ts, jpake, srp, store, cmac $! $ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h $ exheader_'archd' := opensslconf.h @@ -133,12 +133,14 @@ $ exheader_comp := comp.h $ exheader_ocsp := ocsp.h $ exheader_ui := ui.h, ui_compat.h $ exheader_krb5 := krb5_asn.h -$! exheader_store := store.h, str_compat.h -$ exheader_store := store.h $ exheader_cms := cms.h $ exheader_pqueue := pqueue.h $ exheader_ts := ts.h $ exheader_jpake := jpake.h +$ exheader_srp := srp.h +$! exheader_store := store.h, str_compat.h +$ exheader_store := store.h +$ exheader_cmac := cmac.h $ libs := ssl_libcrypto $! $ exe_dir := [-.'archd'.exe.crypto] diff --git a/crypto/symhacks.h b/crypto/symhacks.h index 56922c9..03cdb1a 100644 --- a/crypto/symhacks.h +++ b/crypto/symhacks.h @@ -189,6 +189,14 @@ SSL_CTX_set_not_resumbl_sess_cb # undef SSL_set_not_resumable_session_callback # define SSL_set_not_resumable_session_callback SSL_set_not_resumbl_sess_cb +# undef ssl_check_clienthello_tlsext_late +# define ssl_check_clienthello_tlsext_late ssl_chk_clienthello_tlsext_late +# undef ssl3_cbc_record_digest_supported +# define ssl3_cbc_record_digest_supported ssl3_cbc_rcd_digest_supported +# undef SSL_COMP_set0_compression_methods +# define SSL_COMP_set0_compression_methods SSL_COMP_set0_compr_methods +# undef SSL_COMP_free_compression_methods +# define SSL_COMP_free_compression_methods SSL_COMP_free_compr_methods /* Hack some long ENGINE names */ # undef ENGINE_get_default_BN_mod_exp_crt @@ -399,6 +407,18 @@ # define CMS_OriginatorIdentifierOrKey_it CMS_OriginatorIdOrKey_it # undef cms_SignerIdentifier_get0_signer_id # define cms_SignerIdentifier_get0_signer_id cms_SignerId_get0_signer_id +# undef CMS_RecipientInfo_kari_get0_orig_id +# define CMS_RecipientInfo_kari_get0_orig_id CMS_RecipInfo_kari_get0_orig_id +# undef CMS_RecipientInfo_kari_get0_reks +# define CMS_RecipientInfo_kari_get0_reks CMS_RecipInfo_kari_get0_reks +# undef CMS_RecipientInfo_kari_set0_pkey +# define CMS_RecipientInfo_kari_set0_pkey CMS_RecipInfo_kari_set0_pkey +# undef CMS_RecipientInfo_kari_orig_id_cmp +# define CMS_RecipientInfo_kari_orig_id_cmp CMS_RecipInfo_kari_orig_id_cmp +# undef CMS_RecipientEncryptedKey_cert_cmp +# define CMS_RecipientEncryptedKey_cert_cmp CMS_RecipEncryptedKey_cert_cmp +# undef CMS_RecipientEncryptedKey_get0_id +# define CMS_RecipientEncryptedKey_get0_id CMS_RecipEncryptedKey_get0_id /* Hack some long DTLS1 names */ # undef dtls1_retransmit_buffered_messages @@ -416,6 +436,10 @@ # undef UI_method_set_prompt_constructor # define UI_method_set_prompt_constructor UI_method_set_prompt_constructr +/* Hack some long RSA names */ +# undef RSA_padding_check_PKCS1_OAEP_mgf1 +# define RSA_padding_check_PKCS1_OAEP_mgf1 RSA_padding_chk_PKCS1_OAEP_mgf1 + # endif /* defined OPENSSL_SYS_VMS */ /* Case insensitive linking causes problems.... */ diff --git a/e_os.h b/e_os.h index 0fbc33c..f4a427a 100644 --- a/e_os.h +++ b/e_os.h @@ -385,6 +385,7 @@ extern FILE *_imp___iob; __VMS_EXIT |= 0x10000000; \ exit(__VMS_EXIT); } while(0) # define NO_SYS_PARAM_H +# define NO_SYS_UN_H # elif defined(OPENSSL_SYS_NETWARE) # include diff --git a/engines/makeengines.com b/engines/makeengines.com index 6329fbb..a0bd168 100644 --- a/engines/makeengines.com +++ b/engines/makeengines.com @@ -94,12 +94,12 @@ $! library that isn't necessarely ported to VMS. $! $ ENGINES = "," + P6 $ IF ENGINES .EQS. "," THEN - - ENGINES = ",4758cca,aep,atalla,cswift,chil,nuron,sureware,ubsec,padlock," + ENGINES = ",4758cca,padlock,capi," $! $! GOST requires a 64-bit integer type, unavailable on VAX. $! $ IF (ARCH .NES. "VAX") THEN - - ENGINES = ENGINES+ ",ccgost" + ENGINES = ENGINES+ ",gost" $! $! Check options. $! @@ -156,20 +156,14 @@ $ TV_OBJ_NAME = OBJ_DIR + F$PARSE(ENGINE_,,,"NAME","SYNTAX_ONLY") + ".OBJ" $ TV_OBJ = ",''TV_OBJ_NAME'" $ ENDIF $ ENGINE_4758CCA = "e_4758cca" -$ ENGINE_aep = "e_aep" -$ ENGINE_atalla = "e_atalla" -$ ENGINE_cswift = "e_cswift" -$ ENGINE_chil = "e_chil" -$ ENGINE_nuron = "e_nuron" -$ ENGINE_sureware = "e_sureware" -$ ENGINE_ubsec = "e_ubsec" $ ENGINE_padlock = "e_padlock" -$ -$ ENGINE_ccgost_SUBDIR = "ccgost" -$ ENGINE_ccgost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - - "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ - - "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ - - "gost_sign" +$ ENGINE_capi = "e_capi" +$ +$ ENGINE_gost_SUBDIR = "ccgost" +$ ENGINE_gost = "e_gost_err,gost2001_keyx,gost2001,gost89,gost94_keyx,"+ - + "gost_ameth,gost_asn1,gost_crypt,gost_ctl,gost_eng,"+ - + "gosthash,gost_keywrap,gost_md,gost_params,gost_pmeth,"+ - + "gost_sign" $! $! Define which programs need to be linked with a TCP/IP library $! diff --git a/makevms.com b/makevms.com index 331b1be..cf759e4 100755 --- a/makevms.com +++ b/makevms.com @@ -243,9 +243,23 @@ $ WRITE H_FILE "#ifndef OPENSSL_SYS_VMS" $ WRITE H_FILE "# define OPENSSL_SYS_VMS" $ WRITE H_FILE "#endif" $ +$! +$! Defined the full SDIRS here. It will be pruned depending on configuration. +$! This is an exact copy of what's found in Makefile.org, with spaces replaced +$! with commas. +$! +$ SDIRS := - + objects,- + md2,md4,md5,sha,mdc2,hmac,ripemd,whrlpool,- + des,aes,rc2,rc4,rc5,idea,bf,cast,camellia,seed,modes,- + bn,ec,rsa,dsa,ecdsa,dh,ecdh,dso,engine,- + buffer,bio,stack,lhash,rand,err,- + evp,asn1,pem,x509,x509v3,conf,txt_db,pkcs7,pkcs12,comp,ocsp,ui,krb5,- + cms,pqueue,ts,jpake,srp,store,cmac +$ $! One of the best way to figure out what the list should be is to do $! the following on a Unix system: -$! grep OPENSSL_NO_ crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq +$! grep OPENSSL_NO_ crypto/include/internal/*.h crypto/*/*.h ssl/*.h engines/*.h engines/*/*.h|grep ':# *if'|sed -e 's/^.*def //'|sort|uniq $! For that reason, the list will also always end up in alphabetical order $ CONFIG_LOGICALS := AES,- ASM,INLINE_ASM,- @@ -266,46 +280,42 @@ $ CONFIG_LOGICALS := AES,- EC_NISTP_64_GCC_128,- ENGINE,- ERR,- - EVP,- - FP_API,- GMP,- GOST,- - HASH_COMP,- + HEARTBEATS,- HMAC,- IDEA,- JPAKE,- KRB5,- - LHASH,- MD2,- MD4,- MD5,- MDC2,- NEXTPROTONEG,- + OCB,- OCSP,- PSK,- RC2,- RC4,- RC5,- - RIPEMD,- + RMD160,- RSA,- + SCTP,- SEED,- - SHA,- - SHA0,- - SHA1,- - SHA256,- - SHA512,- SOCK,- SRP,- + SRTP,- + SSL3_METHOD,- SSL_INTERN,- - STACK,- + SSL_TRACE,- STATIC_ENGINE,- STDIO,- STORE,- TLSEXT,- + UNIT_TEST,- WHIRLPOOL -$! Add a few that we know about -$ CONFIG_LOGICALS := 'CONFIG_LOGICALS',- - THREADS +$ CONFIG_EXPERIMENTAL := JPAKE,- + STORE $! The following rules, which dictate how some algorithm choices affect $! others, are picked from Configure. $! Quick syntax: @@ -322,18 +332,29 @@ $! affect all following rules that depend on that algorithm being disabled. $! To force something to be enabled or disabled, have no algorithms in the $! algos part. $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- + RMD160/RIPEMD;- DES/MDC2;- EC/ECDSA,ECDH;- MD5/SSL3,TLS1;- SHA/SSL3,TLS1;- + RSA,DSA/SSL3,TLS1;- DH/SSL3,TLS1;- TLS1/TLSEXT;- EC/GOST;- DSA/GOST;- DH/GOST;- + TLSEXT/SRP,HEARTBEAT;- /STATIC_ENGINE;- /KRB5;- - /EC_NISTP_64_GCC_128 + /DEPRECATED;- + /EC_NISTP_64_GCC_128;- + /GMP;- + /MD2;- + /RC5;- + /RFC3779;- + /SCTP;- + /SSL_TRACE;- + /UNIT_TEST $ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;- /THREADS $ @@ -346,25 +367,59 @@ $ CONFIG_DISABLE_RULES = CONFIG_DISABLE_RULES + - ";/WHIRLPOOL" $ ENDIF $ +$! Keep track of things to remove from SDIRS, have the items surrounded +$! with commas +$ SKIP_SDIRS = "," +$ $ CONFIG_LOG_I = 0 -$ CONFIG_LOG_LOOP1: +$ CONFIG_LOG_LOOP11: $ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM") $ CONFIG_LOG_I = CONFIG_LOG_I + 1 -$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP1 -$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP1_END +$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP11 +$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP11_END $ IF F$TRNLNM("OPENSSL_NO_"+CONFIG_LOG_E) $ THEN $ CONFIG_DISABLED_'CONFIG_LOG_E' := YES $ CONFIG_ENABLED_'CONFIG_LOG_E' := NO $ CONFIG_CHANGED_'CONFIG_LOG_E' := YES +$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .EQS. SKIP_SDIRS THEN - + SKIP_SDIRS = SKIP_SDIRS + CONFIG_LOG_E + "," $ ELSE $ CONFIG_DISABLED_'CONFIG_LOG_E' := NO $ CONFIG_ENABLED_'CONFIG_LOG_E' := YES -$ ! Because all algorithms are assumed enabled by default +$ ! Because all non-experimental algorithms are assumed +$ ! enabled by default $ CONFIG_CHANGED_'CONFIG_LOG_E' := NO +$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .NES. SKIP_SDIRS THEN - + SKIP_SDIRS = SKIP_SDIRS - (CONFIG_LOG_E + ",") $ ENDIF -$ GOTO CONFIG_LOG_LOOP1 -$ CONFIG_LOG_LOOP1_END: +$ GOTO CONFIG_LOG_LOOP11 +$ CONFIG_LOG_LOOP11_END: +$ +$ CONFIG_LOG_I = 0 +$ CONFIG_LOG_LOOP12: +$ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_EXPERIMENTAL),"TRIM") +$ CONFIG_LOG_I = CONFIG_LOG_I + 1 +$ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP12 +$ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP12_END +$ IF F$TRNLNM("OPENSSL_EXPERIMENTAL_"+CONFIG_LOG_E) +$ THEN +$ CONFIG_DISABLED_'CONFIG_LOG_E' := NO +$ CONFIG_ENABLED_'CONFIG_LOG_E' := YES +$ CONFIG_CHANGED_'CONFIG_LOG_E' := YES +$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .NES. SKIP_SDIRS THEN - + SKIP_SDIRS = SKIP_SDIRS - (CONFIG_LOG_E + ",") +$ ELSE +$ CONFIG_DISABLED_'CONFIG_LOG_E' := YES +$ CONFIG_ENABLED_'CONFIG_LOG_E' := NO +$ ! Because all experimental algorithms are assumed +$ ! disabled by default +$ CONFIG_CHANGED_'CONFIG_LOG_E' := NO +$ IF (SKIP_SDIRS - (","+CONFIG_LOG_E+",")) .EQS. SKIP_SDIRS THEN - + SKIP_SDIRS = SKIP_SDIRS + CONFIG_LOG_E + "," +$ ENDIF +$ GOTO CONFIG_LOG_LOOP12 +$ CONFIG_LOG_LOOP12_END: $ $! Apply cascading disable rules $ CONFIG_DISABLE_I = 0 @@ -407,6 +462,8 @@ $ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := YES $ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := NO $ ! Better not to assume defaults at this point... $ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES +$ IF (SKIP_SDIRS - (","+CONFIG_DEPENDENT_E+",")) .EQS. SKIP_SDIRS THEN - + SKIP_SDIRS = SKIP_SDIRS + CONFIG_DEPENDENT_E + "," $ WRITE SYS$ERROR - "''CONFIG_DEPENDENT_E' disabled by rule ''CONFIG_DISABLE_E'" $ GOTO CONFIG_DISABLE_LOOP2 @@ -456,6 +513,8 @@ $ CONFIG_DISABLED_'CONFIG_DEPENDENT_E' := NO $ CONFIG_ENABLED_'CONFIG_DEPENDENT_E' := YES $ ! Better not to assume defaults at this point... $ CONFIG_CHANGED_'CONFIG_DEPENDENT_E' := YES +$ IF (SKIP_SDIRS - (","+CONFIG_DEPENDENT_E+",")) .NES. SKIP_SDIRS THEN - + SKIP_SDIRS = SKIP_SDIRS - (CONFIG_DEPENDENT_E + ",") $ WRITE SYS$ERROR - "''CONFIG_DEPENDENT_E' enabled by rule ''CONFIG_ENABLE_E'" $ GOTO CONFIG_ENABLE_LOOP2 @@ -464,6 +523,19 @@ $ ENDIF $ GOTO CONFIG_ENABLE_LOOP0 $ CONFIG_ENABLE_LOOP0_END: $ +$! Fix SDIRS +$ SDIRS = ","+F$EDIT(SDIRS,"COLLAPSE")+"," +$ CONFIG_SKIP_I = 0 +$ CONFIG_SDIRS_LOOP1: +$ CONFIG_SKIP_E = F$EDIT(F$ELEMENT(CONFIG_SKIP_I,",",SKIP_SDIRS),"TRIM") +$ CONFIG_SKIP_I = CONFIG_SKIP_I + 1 +$ IF CONFIG_SKIP_E .EQS. "" THEN GOTO CONFIG_SDIRS_LOOP1 +$ IF CONFIG_SKIP_E .EQS. "," THEN GOTO CONFIG_SDIRS_LOOP1_END +$ IF (SDIRS - (","+CONFIG_SKIP_E+",")) .NES. SDIRS THEN - + SDIRS = SDIRS - (CONFIG_SKIP_E+",") +$ GOTO CONFIG_SDIRS_LOOP1 +$ CONFIG_SDIRS_LOOP1_END: +$ $! Write to the configuration $ CONFIG_LOG_I = 0 $ CONFIG_LOG_LOOP2: @@ -471,21 +543,32 @@ $ CONFIG_LOG_E = F$EDIT(F$ELEMENT(CONFIG_LOG_I,",",CONFIG_LOGICALS),"TRIM") $ CONFIG_LOG_I = CONFIG_LOG_I + 1 $ IF CONFIG_LOG_E .EQS. "" THEN GOTO CONFIG_LOG_LOOP2 $ IF CONFIG_LOG_E .EQS. "," THEN GOTO CONFIG_LOG_LOOP2_END -$ IF CONFIG_CHANGED_'CONFIG_LOG_E' +$ IF CONFIG_DISABLED_'CONFIG_LOG_E' $ THEN -$ IF CONFIG_DISABLED_'CONFIG_LOG_E' +$ WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E +$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E +$ WRITE H_FILE "#endif" +$ ELSE +$ IF CONFIG_CHANGED_'CONFIG_LOG_E' $ THEN -$ WRITE H_FILE "#ifndef OPENSSL_NO_",CONFIG_LOG_E -$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E -$ WRITE H_FILE "#endif" -$ ELSE -$ WRITE H_FILE "#ifndef OPENSSL_",CONFIG_LOG_E -$ WRITE H_FILE "# define OPENSSL_",CONFIG_LOG_E +$ WRITE H_FILE "#ifndef OPENSSL_EXPERIMENTAL_",CONFIG_LOG_E +$ WRITE H_FILE "# ifndef OPENSSL_NO_",CONFIG_LOG_E +$ WRITE H_FILE "# define OPENSSL_NO_",CONFIG_LOG_E +$ WRITE H_FILE "# endif" $ WRITE H_FILE "#endif" +$ +$ IF F$TYPE(USER_CCDEFS) .NES. "" +$ THEN +$ USER_CCDEFS = USER_CCDEFS + ",OPENSSL_EXPERIMENTAL_" + CONFIG_LOG_E +$ ELSE +$ USER_CCDEFS = "OPENSSL_EXPERIMENTAL_" + CONFIG_LOG_E +$ ENDIF $ ENDIF $ ENDIF $ GOTO CONFIG_LOG_LOOP2 $ CONFIG_LOG_LOOP2_END: +$ +$ WRITE/SYMBOL SYS$ERROR "SDIRS = """,SDIRS,"""" $! $ WRITE H_FILE "" $ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 " @@ -689,7 +772,7 @@ $ copy 'exheader' sys$disk:[.include.openssl] $! $! Copy All The ".H" Files From The [.CRYPTO] Directory Tree. $! -$ SDIRS := , - +$ HEADER_SDIRS := , - 'ARCHD', - OBJECTS, - MD2, MD4, MD5, SHA, MDC2, HMAC, RIPEMD, WHRLPOOL, - @@ -760,20 +843,20 @@ $ EXHEADER_STORE := store.h $ EXHEADER_CMAC := cmac.h $! $ i = 0 -$ loop_sdirs: -$ sdir = f$edit( f$element( i, ",", sdirs), "trim") +$ loop_header_sdirs: +$ sdir = f$edit( f$element( i, ",", header_sdirs), "trim") $ i = i + 1 -$ if (sdir .eqs. ",") then goto loop_sdirs_end +$ if (sdir .eqs. ",") then goto loop_header_sdirs_end $ hdr_list = exheader_'sdir' $ if (sdir .nes. "") then sdir = "."+ sdir $ copy [.crypto'sdir']'hdr_list' sys$disk:[.include.openssl] -$ goto loop_sdirs -$ loop_sdirs_end: +$ goto loop_header_sdirs +$ loop_header_sdirs_end: $! $! Copy All The ".H" Files From The [.SSL] Directory. $! $! (keep these in the same order as ssl/Makefile) -$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h +$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h $ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl] $! $! Purge the [.include.openssl] header files. @@ -803,11 +886,6 @@ $! $ @CRYPTO-LIB LIBRARY 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'" $! -$! Build The [.xxx.EXE.CRYPTO]*.EXE Test Applications. -$! -$ @CRYPTO-LIB APPS 'DEBUGGER' "''COMPILER'" "''TCPIP_TYPE'" - - "''ISSEVEN'" "''BUILDPART'" "''POINTER_SIZE'" "''ZLIB'" -$! $! Go Back To The Main Directory. $! $ SET DEFAULT [-] diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 51e2b12..b160a0a 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -213,16 +213,15 @@ $ ENDIF $! $! Define The Different SSL "library" Files. $! -$ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ - - "s3_meth,s3_srvr,s3_clnt,s3_lib,s3_enc,s3_pkt,s3_both,"+ - - "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ - - "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ - - "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ - - "d1_both,d1_enc,d1_srtp,"+ - +$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ - + "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ - + "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ - + "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ - + "d1_both,d1_srtp,"+ - "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - "ssl_ciph,ssl_stat,ssl_rsa,"+ - - "ssl_asn1,ssl_txt,ssl_algs,"+ - - "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce" + "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ - + "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst" $! $ COMPILEWITH_CC5 = "" $! @@ -240,7 +239,7 @@ $ NEXT_FILE: $! $! O.K, Extract The File Name From The File List. $! -$ FILE_NAME = F$ELEMENT(FILE_COUNTER,",",LIB_SSL) +$ FILE_NAME = F$EDIT(F$ELEMENT(FILE_COUNTER,",",LIB_SSL),"TRIM") $! $! Check To See If We Are At The End Of The File List. $! diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index f0ed4e4..dad20c6 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -131,8 +131,8 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); #include #include -int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth, - int error); +int verify_callback(int ok, X509 *xs, X509 *xi, int depth, + int error); BIO *bio_err = NULL; BIO *bio_stdout = NULL; BIO_METHOD *BIO_s_rtcp(); diff --git a/test/cms-test.pl b/test/cms-test.pl index 7d4ca29..1c3f00d 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -58,19 +58,32 @@ my $redir = " 2> cms.err > cms.out"; # Make VMS work if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { $ossl_path = "pipe mcr OSSLX:openssl"; + $null_path = "NL:"; + # On VMS, the lowest 3 bits of the exit code indicates severity + # 1 is success (perl translates it to 0 for $?), 2 is error + # (perl doesn't translate it) + $failure_code = 512; # 2 << 8 = 512 } # Make MSYS work elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { $ossl_path = "cmd /c ..\\apps\\openssl"; + $null_path = "/dev/null"; + $failure_code = 256; } elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; + $null_path = "/dev/null"; + $failure_code = 256; } elsif ( -f "..\\out32dll\\openssl.exe" ) { $ossl_path = "..\\out32dll\\openssl.exe"; + $null_path = "/dev/null"; + $failure_code = 256; } elsif ( -f "..\\out32\\openssl.exe" ) { $ossl_path = "..\\out32\\openssl.exe"; + $null_path = "/dev/null"; + $failure_code = 256; } else { die "Can't find OpenSSL executable"; @@ -87,12 +100,12 @@ my $no_ec2m; my $no_ecdh; my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/; -system ("$ossl_path no-ec >/dev/null"); +system ("$ossl_path no-ec > $null_path"); if ($? == 0) { $no_ec = 1; } -elsif ($? == 256) +elsif ($? == $failure_code) { $no_ec = 0; } @@ -101,12 +114,12 @@ else die "Error checking for EC support\n"; } -system ("$ossl_path no-ec2m >/dev/null"); +system ("$ossl_path no-ec2m > $null_path"); if ($? == 0) { $no_ec2m = 1; } -elsif ($? == 256) +elsif ($? == $failure_code) { $no_ec2m = 0; } @@ -115,12 +128,12 @@ else die "Error checking for EC2M support\n"; } -system ("$ossl_path no-ecdh >/dev/null"); +system ("$ossl_path no-ecdh > $null_path"); if ($? == 0) { $no_ecdh = 1; } -elsif ($? == 256) +elsif ($? == $failure_code) { $no_ecdh = 0; } diff --git a/test/maketests.com b/test/maketests.com index e7a6860..5919374 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -142,47 +142,56 @@ $! $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "MD2TEST,MD4TEST,MD5TEST,HMACTEST,WP_TEST,"+ - "RC2TEST,RC4TEST,RC5TEST,"+ - - "DESTEST,SHATEST,SHA1TEST,SHA256T,SHA512T,"+ - + "DESTEST,SHA1TEST,SHA256T,SHA512T,"+ - "MDC2TEST,RMDTEST,"+ - "RANDTEST,DHTEST,ENGINETEST,"+ - - "BFTEST,CASTTEST,SSLTEST,EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,IGETEST,JPAKETEST,SRPTEST" + "GOST2814789TEST,"+ - + "BFTEST,CASTTEST,SSLTEST,"+ - + "EXPTEST,DSATEST,RSA_TEST,"+ - + "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - + "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ - + "CONSTANT_TIME_TEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? $! $! Additional directory information. -$ T_D_BNTEST := [-.crypto.bn] -$ T_D_ECTEST := [-.crypto.ec] -$ T_D_ECDSATEST := [-.crypto.ecdsa] -$ T_D_ECDHTEST := [-.crypto.ecdh] -$ T_D_IDEATEST := [-.crypto.idea] -$ T_D_MD2TEST := [-.crypto.md2] -$ T_D_MD4TEST := [-.crypto.md4] -$ T_D_MD5TEST := [-.crypto.md5] -$ T_D_HMACTEST := [-.crypto.hmac] -$ T_D_WP_TEST := [-.crypto.whrlpool] -$ T_D_RC2TEST := [-.crypto.rc2] -$ T_D_RC4TEST := [-.crypto.rc4] -$ T_D_RC5TEST := [-.crypto.rc5] -$ T_D_DESTEST := [-.crypto.des] -$ T_D_SHATEST := [-.crypto.sha] -$ T_D_SHA1TEST := [-.crypto.sha] -$ T_D_SHA256T := [-.crypto.sha] -$ T_D_SHA512T := [-.crypto.sha] -$ T_D_MDC2TEST := [-.crypto.mdc2] -$ T_D_RMDTEST := [-.crypto.ripemd] -$ T_D_RANDTEST := [-.crypto.rand] -$ T_D_DHTEST := [-.crypto.dh] -$ T_D_ENGINETEST := [-.crypto.engine] -$ T_D_BFTEST := [-.crypto.bf] -$ T_D_CASTTEST := [-.crypto.cast] -$ T_D_SSLTEST := [-.ssl] -$ T_D_EXPTEST := [-.crypto.bn] -$ T_D_DSATEST := [-.crypto.dsa] -$ T_D_RSA_TEST := [-.crypto.rsa] -$ T_D_EVP_TEST := [-.crypto.evp] -$ T_D_IGETEST := [-.test] -$ T_D_JPAKETEST := [-.crypto.jpake] -$ T_D_SRPTEST := [-.crypto.srp] +$ T_D_BNTEST := [-.crypto.bn] +$ T_D_ECTEST := [-.crypto.ec] +$ T_D_ECDSATEST := [-.crypto.ecdsa] +$ T_D_ECDHTEST := [-.crypto.ecdh] +$ T_D_IDEATEST := [-.crypto.idea] +$ T_D_MD2TEST := [-.crypto.md2] +$ T_D_MD4TEST := [-.crypto.md4] +$ T_D_MD5TEST := [-.crypto.md5] +$ T_D_HMACTEST := [-.crypto.hmac] +$ T_D_WP_TEST := [-.crypto.whrlpool] +$ T_D_RC2TEST := [-.crypto.rc2] +$ T_D_RC4TEST := [-.crypto.rc4] +$ T_D_RC5TEST := [-.crypto.rc5] +$ T_D_DESTEST := [-.crypto.des] +$ T_D_SHATEST := [-.crypto.sha] +$ T_D_SHA1TEST := [-.crypto.sha] +$ T_D_SHA256T := [-.crypto.sha] +$ T_D_SHA512T := [-.crypto.sha] +$ T_D_MDC2TEST := [-.crypto.mdc2] +$ T_D_RMDTEST := [-.crypto.ripemd] +$ T_D_RANDTEST := [-.crypto.rand] +$ T_D_DHTEST := [-.crypto.dh] +$ T_D_ENGINETEST := [-.crypto.engine] +$ T_D_GOST2814789TEST := [-.engines.ccgost] +$ T_D_BFTEST := [-.crypto.bf] +$ T_D_CASTTEST := [-.crypto.cast] +$ T_D_SSLTEST := [-.ssl] +$ T_D_EXPTEST := [-.crypto.bn] +$ T_D_DSATEST := [-.crypto.dsa] +$ T_D_RSA_TEST := [-.crypto.rsa] +$ T_D_EVP_TEST := [-.crypto.evp] +$ T_D_IGETEST := [-.test] +$ T_D_JPAKETEST := [-.crypto.jpake] +$ T_D_SRPTEST := [-.crypto.srp] +$ T_D_V3NAMETEST := [-.crypto.x509v3] +$ T_D_HEARTBEAT_TEST := [-.ssl] +$ T_D_P5_CRPT2_TEST := [-.crypto.evp] +$ T_D_CONSTANT_TIME_TEST := [-.crypto] $! $ TCPIP_PROGRAMS = ",," $ IF COMPILER .EQS. "VAXC" THEN - @@ -468,7 +477,7 @@ $ CHECK_OPTIONS: $! $! Set basic C compiler /INCLUDE directories. $! -$ CC_INCLUDES = "SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" +$ CC_INCLUDES = "SYS$DISK:[],SYS$DISK:[-],SYS$DISK:[-.CRYPTO]" $! $! Check To See If P1 Is Blank. $! @@ -1060,10 +1069,12 @@ $ __HERE = F$PARSE(F$PARSE("A.;",F$ENVIRONMENT("PROCEDURE"))-"A.;","[]A.;") - "A $ __HERE = F$EDIT(__HERE,"UPCASE") $ __TOP = __HERE - "TEST]" $ __INCLUDE = __TOP + "INCLUDE.OPENSSL]" +$ __INTERNAL = __TOP + "CRYPTO.INCLUDE.INTERNAL]" $! $! Set up the logical name OPENSSL to point at the include directory $! $ DEFINE OPENSSL /NOLOG '__INCLUDE' +$ DEFINE INTERNAL /NOLOG '__INTERNAL' $! $! Done $! @@ -1076,6 +1087,7 @@ $! $ IF __SAVE_OPENSSL .EQS. "" $ THEN $ DEASSIGN OPENSSL +$ DEASSIGN INTERNAL $ ELSE $ DEFINE /NOLOG OPENSSL '__SAVE_OPENSSL' $ ENDIF diff --git a/test/tests.com b/test/tests.com index 62be1e7..ba947be 100644 --- a/test/tests.com +++ b/test/tests.com @@ -27,6 +27,7 @@ $ endif $! $ texe_dir := sys$disk:[-.'__archd'.exe.test] $ exe_dir := sys$disk:[-.'__archd'.exe.apps] +$ engines_dir := sys$disk:[-.'__archd'.exe.engines] $ $ set default '__here' $ @@ -51,47 +52,55 @@ $! if there's a difference that needs to be taken care of. $ tests := - test_des,test_idea,test_sha,test_md4,test_md5,test_hmac,- test_md2,test_mdc2,test_wp,- - test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,test_aes,- + test_rmd,test_rc2,test_rc4,test_rc5,test_bf,test_cast,- test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,- - test_jpake,test_srp,test_cms + test_jpake,test_srp,test_cms,test_v3name,test_ocsp,- + test_gost2814789,test_heartbeat,test_p5_crpt2,- + test_constant_time $ endif $ tests = f$edit(tests,"COLLAPSE") $ -$ BNTEST := bntest -$ ECTEST := ectest -$ ECDSATEST := ecdsatest -$ ECDHTEST := ecdhtest -$ EXPTEST := exptest -$ IDEATEST := ideatest -$ SHATEST := shatest -$ SHA1TEST := sha1test -$ MDC2TEST := mdc2test -$ RMDTEST := rmdtest -$ MD2TEST := md2test -$ MD4TEST := md4test -$ MD5TEST := md5test -$ HMACTEST := hmactest -$ WPTEST := wp_test -$ RC2TEST := rc2test -$ RC4TEST := rc4test -$ RC5TEST := rc5test -$ BFTEST := bftest -$ CASTTEST := casttest -$ DESTEST := destest -$ RANDTEST := randtest -$ DHTEST := dhtest -$ DSATEST := dsatest -$ METHTEST := methtest -$ SSLTEST := ssltest -$ RSATEST := rsa_test -$ ENGINETEST := enginetest -$ EVPTEST := evp_test -$ IGETEST := igetest -$ JPAKETEST := jpaketest -$ SRPTEST := srptest +$ BNTEST := bntest +$ ECTEST := ectest +$ ECDSATEST := ecdsatest +$ ECDHTEST := ecdhtest +$ EXPTEST := exptest +$ IDEATEST := ideatest +$ SHA1TEST := sha1test +$ SHA256TEST := sha256t +$ SHA512TEST := sha512t +$ MDC2TEST := mdc2test +$ RMDTEST := rmdtest +$ MD2TEST := md2test +$ MD4TEST := md4test +$ MD5TEST := md5test +$ HMACTEST := hmactest +$ WPTEST := wp_test +$ RC2TEST := rc2test +$ RC4TEST := rc4test +$ RC5TEST := rc5test +$ BFTEST := bftest +$ CASTTEST := casttest +$ DESTEST := destest +$ RANDTEST := randtest +$ DHTEST := dhtest +$ DSATEST := dsatest +$ METHTEST := methtest +$ SSLTEST := ssltest +$ RSATEST := rsa_test +$ ENGINETEST := enginetest +$ GOST2814789TEST := gost2814789test +$ EVPTEST := evp_test +$ P5_CRPT2_TEST := p5_crpt2_test +$ IGETEST := igetest +$ JPAKETEST := jpaketest +$ SRPTEST := srptest +$ V3NAMETEST := v3nametest +$ HEARTBEATTEST := heartbeat_test +$ CONSTTIMETEST := constant_time_test $! $ tests_i = 0 $ loop_tests: @@ -105,6 +114,9 @@ $ $ test_evp: $ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt $ return +$ test_p5_crpt2: +$ mcr 'texe_dir''p5_crpt2_test' +$ return $ test_des: $ mcr 'texe_dir''destest' $ return @@ -112,8 +124,9 @@ $ test_idea: $ mcr 'texe_dir''ideatest' $ return $ test_sha: -$ mcr 'texe_dir''shatest' $ mcr 'texe_dir''sha1test' +$ mcr 'texe_dir''sha256test' +$ mcr 'texe_dir''sha512test' $ return $ test_mdc2: $ mcr 'texe_dir''mdc2test' @@ -154,6 +167,10 @@ $ return $ test_rand: $ mcr 'texe_dir''randtest' $ return +$ test_gost2814789: +$ define/user OPENSSL_ENGINES 'engines_dir' +$ mcr 'texe_dir''gost2814789test' +$ return $ test_enc: $ @testenc.com 'pointer_size' $ return @@ -361,7 +378,21 @@ $ test_srp: $ write sys$output "Test SRP" $ mcr 'texe_dir''srptest' $ return -$ +$ test_v3name: +$ write sys$output "Test X509v3_check_*" +$ mcr 'texe_dir''v3nametest' +$ return +$ test_ocsp: +$ write sys$output "Test OCSP" +$ @tocsp.com +$ return +$ test_heartbeat: +$ mcr 'texe_dir''heartbeattest' +$ return +$ test_constant_time: +$ write sys$output "Test constant time utilites" +$ mcr 'texe_dir''consttimetest' +$ return $ $ exit: $ mcr 'exe_dir'openssl version -a diff --git a/test/tocsp.com b/test/tocsp.com new file mode 100644 index 0000000..97253fe --- /dev/null +++ b/test/tocsp.com @@ -0,0 +1,165 @@ +$! TOCSP.COM -- Test ocsp +$ +$ __arch = "VAX" +$ if f$getsyi("cpu") .ge. 128 then - + __arch = f$edit( f$getsyi( "ARCH_NAME"), "UPCASE") +$ if __arch .eqs. "" then __arch = "UNK" +$! +$ if (p2 .eqs. "64") then __arch = __arch+ "_64" +$! +$ exe_dir = "sys$disk:[-.''__arch'.exe.apps]" +$ +$ cmd = "mcr ''f$parse(exe_dir+"openssl.exe")'" +$ ocspdir = "ocsp-tests" +$ +$! 17 December 2012 so we don't get certificate expiry errors. +$ check_time="-attime 1355875200" +$ +$ test_ocsp: +$ subroutine +$ 'cmd' base64 -d -in [.'ocspdir']'p1' -out ocsp-test.test-bin +$ 'cmd' ocsp -respin ocsp-test.test-bin -partial_chain 'check_time' - + "-CAfile" [.'ocspdir']'p2' -verify_other [.'ocspdir']'p2' "-CApath" NLA0: +$ if $severity .ne. p3+1 +$ then +$ write sys$error "OCSP test failed!" +$ exit 3 +$ endif +$ endsubroutine +$ +$ set noon +$ +$ write sys$output "=== VALID OCSP RESPONSES ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "ND1_Issuer_ICA.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "ND2_Issuer_Root.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "ND3_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "D1_Issuer_ICA.pem" 0 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "D2_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "D3_Issuer_Root.pem" 0 +$ +$ write sys$output "=== INVALID SIGNATURE on the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISOP_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISOP_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ISOP_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISOP_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISOP_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "ISOP_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG RESPONDERID in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WRID_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WRID_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WRID_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WRID_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WRID_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WRID_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG ISSUERNAMEHASH in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WINH_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WINH_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WINH_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WINH_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WINH_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WINH_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG ISSUERKEYHASH in the OCSP RESPONSE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WIKH_ND1.ors" "ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WIKH_ND2.ors" "ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "WIKH_ND3.ors" "ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WIKH_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WIKH_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WIKH_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG KEY in the DELEGATED OCSP SIGNING CERTIFICATE ===" +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "WKDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "WKDOSC_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "WKDOSC_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== INVALID SIGNATURE on the DELEGATED OCSP SIGNING CERTIFICATE ===" +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ISDOSC_D1.ors" "D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ISDOSC_D2.ors" "D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "ISDOSC_D3.ors" "D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG SUBJECT NAME in the ISSUER CERTIFICATE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "WSNIC_ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "WSNIC_ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "WSNIC_ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "WSNIC_D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "WSNIC_D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "WSNIC_D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== WRONG KEY in the ISSUER CERTIFICATE ===" +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "WKIC_ND1_Issuer_ICA.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "WKIC_ND2_Issuer_Root.pem" 1 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "WKIC_ND3_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "WKIC_D1_Issuer_ICA.pem" 1 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "WKIC_D2_Issuer_Root.pem" 1 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "WKIC_D3_Issuer_Root.pem" 1 +$ +$ write sys$output "=== INVALID SIGNATURE on the ISSUER CERTIFICATE ===" +$! Expect success, because we're explicitly trusting the issuer certificate. +$ write sys$output "NON-DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "ND1.ors" "ISIC_ND1_Issuer_ICA.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "ND2.ors" "ISIC_ND2_Issuer_Root.pem" 0 +$ write sys$output "NON-DELEGATED; Root CA -> EE" +$ call test_ocsp "ND3.ors" "ISIC_ND3_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Intermediate CA -> EE" +$ call test_ocsp "D1.ors" "ISIC_D1_Issuer_ICA.pem" 0 +$ write sys$output "DELEGATED; Root CA -> Intermediate CA" +$ call test_ocsp "D2.ors" "ISIC_D2_Issuer_Root.pem" 0 +$ write sys$output "DELEGATED; Root CA -> EE" +$ call test_ocsp "D3.ors" "ISIC_D3_Issuer_Root.pem" 0 +$ +$ write sys$output "ALL OCSP TESTS SUCCESSFUL" +$ +$ set on +$ +$ exit From levitte at openssl.org Fri Jan 30 13:51:21 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 30 Jan 2015 14:51:21 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150130135121.2A1881DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 1d5668c25806d4ed631c19c81081c93fc0571d82 (commit) from bc1544d8c550bccd34fa1efb6c7132e5bafd5939 (commit) - Log ----------------------------------------------------------------- commit 1d5668c25806d4ed631c19c81081c93fc0571d82 Author: Richard Levitte Date: Fri Jan 30 12:36:13 2015 +0100 VMS exit codes weren't handled well enough and were unclear Making a specific variable $failure_code and a bit of commenting in the VMS section should help clear things up. Reviewed-by: Andy Polyakov (cherry picked from commit e00ab250c878f7a7f0ae908a6305cebf6883a244) ----------------------------------------------------------------------- Summary of changes: test/cms-test.pl | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/test/cms-test.pl b/test/cms-test.pl index f55fd69..1c3f00d 100644 --- a/test/cms-test.pl +++ b/test/cms-test.pl @@ -59,23 +59,31 @@ my $redir = " 2> cms.err > cms.out"; if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) { $ossl_path = "pipe mcr OSSLX:openssl"; $null_path = "NL:"; + # On VMS, the lowest 3 bits of the exit code indicates severity + # 1 is success (perl translates it to 0 for $?), 2 is error + # (perl doesn't translate it) + $failure_code = 512; # 2 << 8 = 512 } # Make MSYS work elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) { $ossl_path = "cmd /c ..\\apps\\openssl"; $null_path = "/dev/null"; + $failure_code = 256; } elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) { $ossl_path = "../util/shlib_wrap.sh ../apps/openssl"; $null_path = "/dev/null"; + $failure_code = 256; } elsif ( -f "..\\out32dll\\openssl.exe" ) { $ossl_path = "..\\out32dll\\openssl.exe"; $null_path = "/dev/null"; + $failure_code = 256; } elsif ( -f "..\\out32\\openssl.exe" ) { $ossl_path = "..\\out32\\openssl.exe"; $null_path = "/dev/null"; + $failure_code = 256; } else { die "Can't find OpenSSL executable"; @@ -97,7 +105,7 @@ if ($? == 0) { $no_ec = 1; } -elsif ($^O eq "VMS" ? $? == 512 : $? == 256) +elsif ($? == $failure_code) { $no_ec = 0; } @@ -111,7 +119,7 @@ if ($? == 0) { $no_ec2m = 1; } -elsif ($? == 256) +elsif ($? == $failure_code) { $no_ec2m = 0; } @@ -125,7 +133,7 @@ if ($? == 0) { $no_ecdh = 1; } -elsif ($? == 256) +elsif ($? == $failure_code) { $no_ecdh = 0; } From levitte at openssl.org Fri Jan 30 14:34:10 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 30 Jan 2015 15:34:10 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130143411.0F4B81DF118@butler.localdomain> The branch master has been updated via 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc (commit) from 4fdde1aa0c2146342a279dc11757e4e566248d6b (commit) - Log ----------------------------------------------------------------- commit 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc Author: Richard Levitte Date: Fri Jan 30 15:14:48 2015 +0100 Since SHA0 was completely removed, also remove the related test Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: test/Makefile | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/test/Makefile b/test/Makefile index 176bf70..fda5d76 100644 --- a/test/Makefile +++ b/test/Makefile @@ -36,7 +36,6 @@ ECDSATEST= ecdsatest ECDHTEST= ecdhtest EXPTEST= exptest IDEATEST= ideatest -SHATEST= shatest SHA1TEST= sha1test SHA256TEST= sha256t SHA512TEST= sha512t @@ -75,7 +74,7 @@ TESTS= alltests EXE= $(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_EXT) $(ECDSATEST)$(EXE_EXT) $(ECDHTEST)$(EXE_EXT) $(IDEATEST)$(EXE_EXT) \ $(MD2TEST)$(EXE_EXT) $(MD4TEST)$(EXE_EXT) $(MD5TEST)$(EXE_EXT) $(HMACTEST)$(EXE_EXT) $(WPTEST)$(EXE_EXT) \ $(RC2TEST)$(EXE_EXT) $(RC4TEST)$(EXE_EXT) $(RC5TEST)$(EXE_EXT) \ - $(DESTEST)$(EXE_EXT) $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ + $(DESTEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) \ $(MDC2TEST)$(EXE_EXT) $(RMDTEST)$(EXE_EXT) \ $(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \ $(GOST2814789TEST)$(EXE_EXT) \ @@ -91,7 +90,7 @@ OBJ= $(BNTEST).o $(ECTEST).o $(ECDSATEST).o $(ECDHTEST).o $(IDEATEST).o \ $(MD2TEST).o $(MD4TEST).o $(MD5TEST).o \ $(HMACTEST).o $(WPTEST).o \ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ - $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \ + $(DESTEST).o $(SHA1TEST).o $(SHA256TEST).o $(SHA512TEST).o \ $(MDC2TEST).o $(RMDTEST).o \ $(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \ $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o \ @@ -103,7 +102,7 @@ SRC= $(BNTEST).c $(ECTEST).c $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \ $(MD2TEST).c $(MD4TEST).c $(MD5TEST).c \ $(HMACTEST).c $(WPTEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ - $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ + $(DESTEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(RANDTEST).c $(DHTEST).c $(ENGINETEST).c $(CASTTEST).c \ $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c \ $(EVPTEST).c $(IGETEST).c $(JPAKETEST).c $(V3NAMETEST).c \ @@ -169,8 +168,7 @@ test_des: $(DESTEST)$(EXE_EXT) test_idea: $(IDEATEST)$(EXE_EXT) ../util/shlib_wrap.sh ./$(IDEATEST) -test_sha: $(SHATEST)$(EXE_EXT) $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) - ../util/shlib_wrap.sh ./$(SHATEST) +test_sha: $(SHA1TEST)$(EXE_EXT) $(SHA256TEST)$(EXE_EXT) $(SHA512TEST)$(EXE_EXT) ../util/shlib_wrap.sh ./$(SHA1TEST) ../util/shlib_wrap.sh ./$(SHA256TEST) ../util/shlib_wrap.sh ./$(SHA512TEST) @@ -411,9 +409,6 @@ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO) $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO) @target=$(MD2TEST); $(BUILD_CMD) -$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO) - @target=$(SHATEST); $(BUILD_CMD) - $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO) @target=$(SHA1TEST); $(BUILD_CMD) @@ -796,13 +791,6 @@ sha1test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h sha1test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h sha1test.o: ../include/openssl/safestack.h ../include/openssl/sha.h sha1test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h sha1test.c -shatest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -shatest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -shatest.o: ../include/openssl/evp.h ../include/openssl/obj_mac.h -shatest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -shatest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -shatest.o: ../include/openssl/safestack.h ../include/openssl/sha.h -shatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h shatest.c ssltest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssltest.o: ../include/openssl/bn.h ../include/openssl/buffer.h ssltest.o: ../include/openssl/comp.h ../include/openssl/conf.h From appro at openssl.org Fri Jan 30 15:38:54 2015 From: appro at openssl.org (Andy Polyakov) Date: Fri, 30 Jan 2015 16:38:54 +0100 (CET) Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <20150130153854.1A2931DF118@butler.localdomain> The branch OpenSSL_1_0_2-stable has been updated via 8d5d455988d66048ec5b84756581bc3f6f2e55dd (commit) from 1d5668c25806d4ed631c19c81081c93fc0571d82 (commit) - Log ----------------------------------------------------------------- commit 8d5d455988d66048ec5b84756581bc3f6f2e55dd Author: Andy Polyakov Date: Sun Jan 25 14:51:43 2015 +0100 modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure on affected platforms (PowerPC and AArch64). For reference, minimalistic #ifdef GHASH is sufficient, because it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash is never referred. Reviewed-by: Rich Salz (cherry picked from commit b2991c081aba5351a3386bdde2927672d53e5c99) ----------------------------------------------------------------------- Summary of changes: crypto/modes/gcm128.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 4debf53..24a84a7 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -852,7 +852,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) { gcm_init_4bit(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_4bit; +# if defined(GHASH) ctx->ghash = gcm_ghash_4bit; +# else + ctx->ghash = NULL; +# endif } # elif defined(GHASH_ASM_SPARC) if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { @@ -872,7 +876,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) } else { gcm_init_4bit(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_4bit; +# if defined(GHASH) ctx->ghash = gcm_ghash_4bit; +# else + ctx->ghash = NULL; +# endif } # else gcm_init_4bit(ctx->Htable, ctx->H.u); From appro at openssl.org Fri Jan 30 15:38:54 2015 From: appro at openssl.org (Andy Polyakov) Date: Fri, 30 Jan 2015 16:38:54 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130153854.3CF531DF125@butler.localdomain> The branch master has been updated via 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1 (commit) via b2991c081aba5351a3386bdde2927672d53e5c99 (commit) from 4938ebc4067ae74e07e88b25cd22fd8adf6b8ddc (commit) - Log ----------------------------------------------------------------- commit 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1 Author: Andy Polyakov Date: Sun Jan 25 15:48:42 2015 +0100 modes/gcm128.c: harmonize ctx->ghash assignment, shortcut *_ctr32 in OPENSSL_SMALL_FOOTPRINT build, remove undesired reformat artefact and inconsistency in pre-processor logic. Reviewed-by: Rich Salz commit b2991c081aba5351a3386bdde2927672d53e5c99 Author: Andy Polyakov Date: Sun Jan 25 14:51:43 2015 +0100 modes/gcm128.c: fix OPENSSL_SMALL_FOOTPRINT compile failure on affected platforms (PowerPC and AArch64). For reference, minimalistic #ifdef GHASH is sufficient, because it's never defined with OPENSSL_SMALL_FOOTPRINT and ctx->ghash is never referred. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/modes/gcm128.c | 190 ++++++++++++++++++++++++------------------------- 1 file changed, 92 insertions(+), 98 deletions(-) diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 75556dc..5c75c91 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -148,9 +148,7 @@ static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256]) const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; static const size_t rem_8bit[256] = { PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246), PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E), @@ -319,9 +317,7 @@ static void gcm_init_4bit(u128 Htable[16], u64 H[2]) const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; if (is_endian.little) for (j = 0; j < 16; ++j) { @@ -354,9 +350,7 @@ static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]) const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; nlo = ((const u8 *)Xi)[15]; nhi = nlo >> 4; @@ -435,9 +429,7 @@ static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; # if 1 do { @@ -627,9 +619,7 @@ static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2]) const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; V.hi = H[0]; /* H is in host byte order, no byte swapping */ V.lo = H[1]; @@ -772,9 +762,7 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; memset(ctx, 0, sizeof(*ctx)); ctx->block = block; @@ -799,6 +787,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) #if TABLE_BITS==8 gcm_init_8bit(ctx->Htable, ctx->H.u); #elif TABLE_BITS==4 +# if defined(GHASH) +# define CTX__GHASH(f) (ctx->ghash = (f)) +# else +# define CTX__GHASH(f) (ctx->ghash = NULL) +# endif # if defined(GHASH_ASM_X86_OR_64) # if !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2) if (OPENSSL_ia32cap_P[0] & (1 << 24) && /* check FXSR bit */ @@ -806,11 +799,11 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */ gcm_init_avx(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_avx; - ctx->ghash = gcm_ghash_avx; + CTX__GHASH(gcm_ghash_avx); } else { gcm_init_clmul(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_clmul; - ctx->ghash = gcm_ghash_clmul; + CTX__GHASH(gcm_ghash_clmul); } return; } @@ -823,58 +816,59 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block) if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */ # endif ctx->gmult = gcm_gmult_4bit_mmx; - ctx->ghash = gcm_ghash_4bit_mmx; + CTX__GHASH(gcm_ghash_4bit_mmx); } else { ctx->gmult = gcm_gmult_4bit_x86; - ctx->ghash = gcm_ghash_4bit_x86; + CTX__GHASH(gcm_ghash_4bit_x86); } # else ctx->gmult = gcm_gmult_4bit; - ctx->ghash = gcm_ghash_4bit; + CTX__GHASH(gcm_ghash_4bit); # endif # elif defined(GHASH_ASM_ARM) # ifdef PMULL_CAPABLE if (PMULL_CAPABLE) { gcm_init_v8(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_v8; - ctx->ghash = gcm_ghash_v8; + CTX__GHASH(gcm_ghash_v8); } else # endif # ifdef NEON_CAPABLE if (NEON_CAPABLE) { gcm_init_neon(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_neon; - ctx->ghash = gcm_ghash_neon; + CTX__GHASH(gcm_ghash_neon); } else # endif { gcm_init_4bit(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_4bit; - ctx->ghash = gcm_ghash_4bit; + CTX__GHASH(gcm_ghash_4bit); } # elif defined(GHASH_ASM_SPARC) if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) { gcm_init_vis3(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_vis3; - ctx->ghash = gcm_ghash_vis3; + CTX__GHASH(gcm_ghash_vis3); } else { gcm_init_4bit(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_4bit; - ctx->ghash = gcm_ghash_4bit; + CTX__GHASH(gcm_ghash_4bit); } # elif defined(GHASH_ASM_PPC) if (OPENSSL_ppccap_P & PPC_CRYPTO207) { gcm_init_p8(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_p8; - ctx->ghash = gcm_ghash_p8; + CTX__GHASH(gcm_ghash_p8); } else { gcm_init_4bit(ctx->Htable, ctx->H.u); ctx->gmult = gcm_gmult_4bit; - ctx->ghash = gcm_ghash_4bit; + CTX__GHASH(gcm_ghash_4bit); } # else gcm_init_4bit(ctx->Htable, ctx->H.u); # endif +# undef CTX__GHASH #endif } @@ -884,9 +878,7 @@ void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv, const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; unsigned int ctr; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; @@ -1030,9 +1022,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; unsigned int n, ctr; size_t i; u64 mlen = ctx->len.u[1]; @@ -1040,7 +1030,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, void *key = ctx->key; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH +# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len) = ctx->ghash; # endif @@ -1090,7 +1080,8 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; # endif -# if defined(GHASH) && defined(GHASH_CHUNK) +# if defined(GHASH) +# if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1101,11 +1092,11 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1117,6 +1108,7 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx, GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK); len -= GHASH_CHUNK; } +# endif if ((i = (len & (size_t)-16))) { size_t j = i; @@ -1217,9 +1209,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; unsigned int n, ctr; size_t i; u64 mlen = ctx->len.u[1]; @@ -1227,7 +1217,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, void *key = ctx->key; #ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH +# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len) = ctx->ghash; # endif @@ -1276,7 +1266,8 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, if (((size_t)in | (size_t)out) % sizeof(size_t) != 0) break; # endif -# if defined(GHASH) && defined(GHASH_CHUNK) +# if defined(GHASH) +# if defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { size_t j = GHASH_CHUNK; @@ -1288,11 +1279,11 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, (*block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; for (i = 0; i < 16 / sizeof(size_t); ++i) @@ -1303,6 +1294,7 @@ int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx, } len -= GHASH_CHUNK; } +# endif if ((i = (len & (size_t)-16))) { GHASH(ctx, in, i); while (len >= 16) { @@ -1406,23 +1398,24 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len, ctr128_f stream) { +#if defined(OPENSSL_SMALL_FOOTPRINT) + return CRYPTO_gcm128_encrypt(ctx, in, out, len); +#else const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; unsigned int n, ctr; size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; -#ifdef GCM_FUNCREF_4BIT +# ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH +# ifdef GHASH void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len) = ctx->ghash; +# endif # endif -#endif mlen += len; if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) @@ -1436,11 +1429,11 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, } if (is_endian.little) -#ifdef BSWAP4 +# ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); -#else +# else ctr = GETU32(ctx->Yi.c + 12); -#endif +# endif else ctr = ctx->Yi.d[3]; @@ -1458,16 +1451,16 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, return 0; } } -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) +# if defined(GHASH) && defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; GHASH(ctx, out, GHASH_CHUNK); @@ -1475,43 +1468,43 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, in += GHASH_CHUNK; len -= GHASH_CHUNK; } -#endif +# endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; (*stream) (in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) -#ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -#else +# else PUTU32(ctx->Yi.c + 12, ctr); -#endif +# endif else ctx->Yi.d[3] = ctr; in += i; len -= i; -#if defined(GHASH) +# if defined(GHASH) GHASH(ctx, out, i); out += i; -#else +# else while (j--) { for (i = 0; i < 16; ++i) ctx->Xi.c[i] ^= out[i]; GCM_MUL(ctx, Xi); out += 16; } -#endif +# endif } if (len) { (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (is_endian.little) -#ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -#else +# else PUTU32(ctx->Yi.c + 12, ctr); -#endif +# endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1522,29 +1515,31 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx, ctx->mres = n; return 0; +#endif } int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, const unsigned char *in, unsigned char *out, size_t len, ctr128_f stream) { +#if defined(OPENSSL_SMALL_FOOTPRINT) + return CRYPTO_gcm128_decrypt(ctx, in, out, len); +#else const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; unsigned int n, ctr; size_t i; u64 mlen = ctx->len.u[1]; void *key = ctx->key; -#ifdef GCM_FUNCREF_4BIT +# ifdef GCM_FUNCREF_4BIT void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult; -# ifdef GHASH +# ifdef GHASH void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16], const u8 *inp, size_t len) = ctx->ghash; +# endif # endif -#endif mlen += len; if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len)) @@ -1558,11 +1553,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, } if (is_endian.little) -#ifdef BSWAP4 +# ifdef BSWAP4 ctr = BSWAP4(ctx->Yi.d[3]); -#else +# else ctr = GETU32(ctx->Yi.c + 12); -#endif +# endif else ctr = ctx->Yi.d[3]; @@ -1582,30 +1577,30 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, return 0; } } -#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT) +# if defined(GHASH) && defined(GHASH_CHUNK) while (len >= GHASH_CHUNK) { GHASH(ctx, in, GHASH_CHUNK); (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c); ctr += GHASH_CHUNK / 16; if (is_endian.little) -# ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -# else +# else PUTU32(ctx->Yi.c + 12, ctr); -# endif +# endif else ctx->Yi.d[3] = ctr; out += GHASH_CHUNK; in += GHASH_CHUNK; len -= GHASH_CHUNK; } -#endif +# endif if ((i = (len & (size_t)-16))) { size_t j = i / 16; -#if defined(GHASH) +# if defined(GHASH) GHASH(ctx, in, i); -#else +# else while (j--) { size_t k; for (k = 0; k < 16; ++k) @@ -1615,15 +1610,15 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, } j = i / 16; in -= i; -#endif +# endif (*stream) (in, out, j, key, ctx->Yi.c); ctr += (unsigned int)j; if (is_endian.little) -#ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -#else +# else PUTU32(ctx->Yi.c + 12, ctr); -#endif +# endif else ctx->Yi.d[3] = ctr; out += i; @@ -1634,11 +1629,11 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key); ++ctr; if (is_endian.little) -#ifdef BSWAP4 +# ifdef BSWAP4 ctx->Yi.d[3] = BSWAP4(ctr); -#else +# else PUTU32(ctx->Yi.c + 12, ctr); -#endif +# endif else ctx->Yi.d[3] = ctr; while (len--) { @@ -1651,6 +1646,7 @@ int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx, ctx->mres = n; return 0; +#endif } int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, @@ -1659,9 +1655,7 @@ int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag, const union { long one; char little; - } is_endian = { - 1 - }; + } is_endian = { 1 }; u64 alen = ctx->len.u[0] << 3; u64 clen = ctx->len.u[1] << 3; #ifdef GCM_FUNCREF_4BIT From rsalz at openssl.org Fri Jan 30 17:47:33 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 30 Jan 2015 18:47:33 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130174733.680901DF1AB@butler.localdomain> The branch master has been updated via 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 (commit) from 2e635aa81cf1c4e3fd7cb0334c79e7d0771140f1 (commit) - Log ----------------------------------------------------------------- commit 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 Author: Rich Salz Date: Fri Jan 30 12:46:49 2015 -0500 Dead code removal: #if 0 conf, dso, pqueue, threads Mostly, but not completely, debugging print statements. Some old logic kept for internal documentation reasons, perhaps. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/conf/conf_api.c | 22 ---------------------- crypto/conf/conf_lib.c | 16 ---------------- crypto/dso/dso_dl.c | 12 ------------ crypto/dso/dso_dlfcn.c | 11 ----------- crypto/dso/dso_null.c | 5 ----- crypto/dso/dso_vms.c | 12 ------------ crypto/dso/dso_win32.c | 26 -------------------------- crypto/pqueue/pqueue.c | 7 ------- crypto/threads/th-lock.c | 23 ----------------------- 9 files changed, 134 deletions(-) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 4cf7553..ff73f38 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -157,28 +157,6 @@ char *_CONF_get_string(const CONF *conf, const char *section, return (getenv(name)); } -#if 0 /* There's no way to provide error checking - * with this function, so force implementors - * of the higher levels to get a string and - * read the number themselves. */ -long _CONF_get_number(CONF *conf, char *section, char *name) -{ - char *str; - long ret = 0; - - str = _CONF_get_string(conf, section, name); - if (str == NULL) - return (0); - for (;;) { - if (conf->meth->is_number(conf, *str)) - ret = ret * 10 + conf->meth->to_int(conf, *str); - else - return (ret); - str++; - } -} -#endif - static unsigned long conf_value_hash(const CONF_VALUE *v) { return (lh_strhash(v->section) << 2) ^ lh_strhash(v->name); diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 2aadb37..29e77c7 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -373,19 +373,3 @@ int NCONF_dump_bio(const CONF *conf, BIO *out) return conf->meth->dump(conf, out); } - -/* This function should be avoided */ -#if 0 -long NCONF_get_number(CONF *conf, char *group, char *name) -{ - int status; - long ret = 0; - - status = NCONF_get_number_e(conf, group, name, &ret); - if (status == 0) { - /* This function does not believe in errors... */ - ERR_get_error(); - } - return ret; -} -#endif diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 1f4d198..989d4d9 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -77,13 +77,6 @@ static int dl_load(DSO *dso); static int dl_unload(DSO *dso); static void *dl_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname); -# if 0 -static int dl_unbind_var(DSO *dso, char *symname, void *symptr); -static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -static int dl_init(DSO *dso); -static int dl_finish(DSO *dso); -static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg); -# endif static char *dl_name_converter(DSO *dso, const char *filename); static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2); @@ -96,11 +89,6 @@ static DSO_METHOD dso_meth_dl = { dl_unload, dl_bind_var, dl_bind_func, -/* For now, "unbind" doesn't exist */ -# if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -# endif NULL, /* ctrl */ dl_name_converter, dl_merger, diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index ec87f47..c9a9a8b 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -99,12 +99,6 @@ static int dlfcn_load(DSO *dso); static int dlfcn_unload(DSO *dso); static void *dlfcn_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); -# if 0 -static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); -static int dlfcn_init(DSO *dso); -static int dlfcn_finish(DSO *dso); -static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); -# endif static char *dlfcn_name_converter(DSO *dso, const char *filename); static char *dlfcn_merger(DSO *dso, const char *filespec1, const char *filespec2); @@ -117,11 +111,6 @@ static DSO_METHOD dso_meth_dlfcn = { dlfcn_unload, dlfcn_bind_var, dlfcn_bind_func, -/* For now, "unbind" doesn't exist */ -# if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -# endif NULL, /* ctrl */ dlfcn_name_converter, dlfcn_merger, diff --git a/crypto/dso/dso_null.c b/crypto/dso/dso_null.c index 20122d1..ab2125c 100644 --- a/crypto/dso/dso_null.c +++ b/crypto/dso/dso_null.c @@ -72,11 +72,6 @@ static DSO_METHOD dso_meth_null = { NULL, /* unload */ NULL, /* bind_var */ NULL, /* bind_func */ -/* For now, "unbind" doesn't exist */ -#if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -#endif NULL, /* ctrl */ NULL, /* dso_name_converter */ NULL, /* dso_merger */ diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 8793f7e..6498184 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -95,13 +95,6 @@ static int vms_load(DSO *dso); static int vms_unload(DSO *dso); static void *vms_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname); -# if 0 -static int vms_unbind_var(DSO *dso, char *symname, void *symptr); -static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -static int vms_init(DSO *dso); -static int vms_finish(DSO *dso); -static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg); -# endif static char *vms_name_converter(DSO *dso, const char *filename); static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2); @@ -112,11 +105,6 @@ static DSO_METHOD dso_meth_vms = { NULL, /* unload */ vms_bind_var, vms_bind_func, -/* For now, "unbind" doesn't exist */ -# if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -# endif NULL, /* ctrl */ vms_name_converter, vms_merger, diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index c65234e..e671672 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -119,13 +119,6 @@ static int win32_load(DSO *dso); static int win32_unload(DSO *dso); static void *win32_bind_var(DSO *dso, const char *symname); static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname); -# if 0 -static int win32_unbind_var(DSO *dso, char *symname, void *symptr); -static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr); -static int win32_init(DSO *dso); -static int win32_finish(DSO *dso); -static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg); -# endif static char *win32_name_converter(DSO *dso, const char *filename); static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2); @@ -140,11 +133,6 @@ static DSO_METHOD dso_meth_win32 = { win32_unload, win32_bind_var, win32_bind_func, -/* For now, "unbind" doesn't exist */ -# if 0 - NULL, /* unbind_var */ - NULL, /* unbind_func */ -# endif NULL, /* ctrl */ win32_name_converter, win32_merger, @@ -476,13 +464,6 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) offset++; start = end + 1; } -# if 0 /* Not needed, since the directory converter - * above already appeneded a backslash */ - if (file_split->predir && (file_split->dir || file_split->file)) { - result[offset] = '\\'; - offset++; - } -# endif start = file_split->dir; while (file_split->dirlen > (start - file_split->dir)) { const char *end = openssl_strnchr(start, '/', @@ -496,13 +477,6 @@ static char *win32_joiner(DSO *dso, const struct file_st *file_split) offset++; start = end + 1; } -# if 0 /* Not needed, since the directory converter - * above already appeneded a backslash */ - if (file_split->dir && file_split->file) { - result[offset] = '\\'; - offset++; - } -# endif strncpy(&result[offset], file_split->file, file_split->filelen); offset += file_split->filelen; result[offset] = '\0'; diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index 06a1b8d..675ac60 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -179,13 +179,6 @@ pitem *pqueue_find(pqueue_s *pq, unsigned char *prio64be) if (!found) return NULL; -#if 0 /* find works in peek mode */ - if (prev == NULL) - pq->items = next->next; - else - prev->next = next->next; -#endif - return found; } diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 1b57659..9a8e909 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -200,18 +200,6 @@ void CRYPTO_thread_cleanup(void) void solaris_locking_callback(int mode, int type, char *file, int line) { -# if 0 - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); -# endif - -# if 0 - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), mode, file, line); -# endif if (mode & CRYPTO_LOCK) { # ifdef USE_MUTEX mutex_lock(&(lock_cs[type])); @@ -338,17 +326,6 @@ void thread_cleanup(void) void pthreads_locking_callback(int mode, int type, char *file, int line) { -# if 0 - fprintf(stderr, "thread=%4d mode=%s lock=%s %s:%d\n", - CRYPTO_thread_id(), - (mode & CRYPTO_LOCK) ? "l" : "u", - (type & CRYPTO_READ) ? "r" : "w", file, line); -# endif -# if 0 - if (CRYPTO_LOCK_SSL_CERT == type) - fprintf(stderr, "(t,m,f,l) %ld %d %s %d\n", - CRYPTO_thread_id(), mode, file, line); -# endif if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&(lock_cs[type])); lock_count[type]++; From rsalz at openssl.org Fri Jan 30 18:25:06 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 30 Jan 2015 19:25:06 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130182506.E7FCF1DF1AB@butler.localdomain> The branch master has been updated via d6fbb194095312f4722c81c9362dbd0de66cb656 (commit) from 6f1a93ad111c7dfe36a09a976c4c009079b19ea1 (commit) - Log ----------------------------------------------------------------- commit d6fbb194095312f4722c81c9362dbd0de66cb656 Author: Rich Salz Date: Fri Jan 30 13:24:35 2015 -0500 Dead code removal #if 0 engines Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: engines/ccgost/gost2814789test.c | 85 -------------------------------------- engines/e_cswift.c | 8 ---- engines/e_gmp.c | 10 ----- engines/e_sureware.c | 21 ---------- 4 files changed, 124 deletions(-) diff --git a/engines/ccgost/gost2814789test.c b/engines/ccgost/gost2814789test.c index ecbfa80..8384d66 100644 --- a/engines/ccgost/gost2814789test.c +++ b/engines/ccgost/gost2814789test.c @@ -1251,91 +1251,6 @@ int main(int argc, char *argv[]) } /* - * Internal function test on GostR3411_94_TestParamSet - */ -# if 0 && defined(OPENSSL_NO_DYNAMIC_ENGINE) - { - gost_ctx ctx; - - for (t = 0; t < sizeof(tcs) / sizeof(tcs[0]); t++) { - const gost_subst_block *pSubst = NULL; - - if (1024 < tcs[t].ullLen) { - /* Key meshing check by engine tests */ - continue; - } - memset(bTest, 0xc3, sizeof(bTest)); - if (0 == strcmp(tcs[t].szParamSet, - "id-GostR3410-94-TestParamSet")) { - pSubst = &GostR3411_94_TestParamSet; - } else if (0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-A-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetA; - } else if (0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-B-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetB; - } else if (0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-C-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetC; - } else if (0 == strcmp(tcs[t].szParamSet, - "id-Gost28147-89-CryptoPro-D-ParamSet")) { - pSubst = &Gost28147_CryptoProParamSetD; - } - gost_init(&ctx, pSubst); - gost_key(&ctx, tcs[t].bRawKey); - switch (tcs[t].gMode) { - case G89_ECB: - gost_enc(&ctx, tcs[t].bIn, bTest, - (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1) / - G89_BLOCK_LEN)); - l = (size_t)tcs[t].ullLen; - break; - case G89_CFB: - gost_enc_cfb(&ctx, tcs[t].bIV, tcs[t].bIn, - bTest, - (int)((tcs[t].ullLen + G89_BLOCK_LEN - 1) / - G89_BLOCK_LEN)); - l = (size_t)tcs[t].ullLen; - break; - case G89_CNT: - /* - * GOST 28147-89 cipher CNT mode check by engine tests - */ - continue; - case G89_IMIT: - gost_mac(&ctx, 32, tcs[t].bIn, - (unsigned int)tcs[t].ullLen, bTest); - gost_mac_iv(&ctx, 32, tcs[t].bIV, tcs[t].bIn, - (unsigned int)tcs[t].ullLen, bTest1); - if (0 != memcmp(bTest, bTest1, 4)) { - fflush(NULL); - fprintf(stderr, "\nInternal test t=%d len=" FMT64 - " failed (gost_mac_iv).\n", t, tcs[t].ullLen); - if (!ignore) { - return 2; - } - } - l = 4; - break; - } - gost_destroy(&ctx); - - if (0 != memcmp(tcs[t].bOut, bTest, l)) { - fflush(NULL); - fprintf(stderr, "\nInternal test t=%d len=" FMT64 - " failed.\n", t, tcs[t].ullLen); - if (!ignore) { - return 3; - } - } else { - printf(","); - fflush(NULL); - } - } - } -# endif - - /* * ccgost engine test on GostR3411_94_CryptoProParamSet */ ERR_load_crypto_strings(); diff --git a/engines/e_cswift.c b/engines/e_cswift.c index c429802..db94bf2 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -748,11 +748,7 @@ static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, # ifdef RSA_NULL def_rsa_method = RSA_null_method(); # else -# if 0 - def_rsa_method = RSA_PKCS1_RSAref(); -# else def_rsa_method = RSA_PKCS1_SSLeay(); -# endif # endif if (def_rsa_method) return def_rsa_method->rsa_mod_exp(r0, I, rsa, ctx); @@ -777,11 +773,7 @@ static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, # ifdef RSA_NULL def_rsa_method = RSA_null_method(); # else -# if 0 - def_rsa_method = RSA_PKCS1_RSAref(); -# else def_rsa_method = RSA_PKCS1_SSLeay(); -# endif # endif if (def_rsa_method) return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx); diff --git a/engines/e_gmp.c b/engines/e_gmp.c index de5f9c0..cf01016 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -117,12 +117,6 @@ static int e_gmp_rsa_finish(RSA *r); /* The definitions for control commands specific to this engine */ /* #define E_GMP_CMD_SO_PATH ENGINE_CMD_BASE */ static const ENGINE_CMD_DEFN e_gmp_cmd_defns[] = { -# if 0 - {E_GMP_CMD_SO_PATH, - "SO_PATH", - "Specifies the path to the 'e_gmp' shared library", - ENGINE_CMD_FLAG_STRING}, -# endif {0, NULL, NULL, 0} }; @@ -247,10 +241,6 @@ static int e_gmp_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) int to_return = 1; switch (cmd) { -# if 0 - case E_GMP_CMD_SO_PATH: - /* ... */ -# endif /* The command isn't understood by this engine */ default: GMPerr(GMP_F_E_GMP_CTRL, GMP_R_CTRL_COMMAND_NOT_IMPLEMENTED); diff --git a/engines/e_sureware.c b/engines/e_sureware.c index aae568a..36f6f43 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -111,10 +111,6 @@ static EVP_PKEY *surewarehk_load_pubkey(ENGINE *e, const char *key_id, void *callback_data); static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp); -# if 0 -static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp); -# endif # ifndef OPENSSL_NO_RSA /* This function is aliased to mod_exp (with the mont stuff dropped). */ @@ -881,23 +877,6 @@ static void surewarehk_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, p_surewarehk_Free((char *)item, 0); } -# if 0 -/* not currently used (bug?) */ -/* - * This cleans up an DH KM key (destroys the key into hardware), called when - * ex_data is freed - */ -static void surewarehk_dh_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, - int idx, long argl, void *argp) -{ - if (!p_surewarehk_Free) { - SUREWAREerr(SUREWARE_F_SUREWAREHK_DH_EX_FREE, - ENGINE_R_NOT_INITIALISED); - } else - p_surewarehk_Free((char *)item, 1); -} -# endif - /* * return number of decrypted bytes */ From rsalz at openssl.org Fri Jan 30 19:53:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 30 Jan 2015 20:53:23 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130195323.290DD1DF1AB@butler.localdomain> The branch master has been updated via 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 (commit) from d6fbb194095312f4722c81c9362dbd0de66cb656 (commit) - Log ----------------------------------------------------------------- commit 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 Author: Rich Salz Date: Fri Jan 30 14:52:57 2015 -0500 Dead code clean: #if 0 removal in apps Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 12 ------------ apps/engine.c | 3 --- apps/openssl.c | 7 +------ apps/s_cb.c | 4 ---- apps/s_client.c | 25 ------------------------- apps/s_server.c | 49 ------------------------------------------------- apps/s_time.c | 16 ---------------- apps/smime.c | 5 ----- apps/speed.c | 16 ---------------- 9 files changed, 1 insertion(+), 136 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index a917112..bcb3f50 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2171,18 +2171,6 @@ static void write_new_certificate(BIO *bp, X509 *x, int output_der, (void)i2d_X509_bio(bp, x); return; } -#if 0 - /* ??? Not needed since X509_print prints all this stuff anyway */ - f = X509_NAME_oneline(X509_get_issuer_name(x), buf, 256); - BIO_printf(bp, "issuer :%s\n", f); - - f = X509_NAME_oneline(X509_get_subject_name(x), buf, 256); - BIO_printf(bp, "subject:%s\n", f); - - BIO_puts(bp, "serial :"); - i2a_ASN1_INTEGER(bp, x->cert_info->serialNumber); - BIO_puts(bp, "\n\n"); -#endif if (!notext) X509_print(bp, x); PEM_write_bio_X509(bp, x); diff --git a/apps/engine.c b/apps/engine.c index 275d599..8a1e746 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -196,9 +196,6 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) || ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE, 0, NULL, NULL)) <= 0)) { -# if 0 - BIO_printf(bio_out, "%s\n", indent); -# endif return 1; } diff --git a/apps/openssl.c b/apps/openssl.c index b196285..50c8275 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -301,12 +301,7 @@ int main(int Argc, char *ARGV[]) } CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); -#if 0 - if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) -#endif - { - CRYPTO_set_locking_callback(lock_dbg_cb); - } + CRYPTO_set_locking_callback(lock_dbg_cb); if (getenv("OPENSSL_FIPS")) { #ifdef OPENSSL_FIPS diff --git a/apps/s_cb.c b/apps/s_cb.c index eb89949..eef86cb 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -812,10 +812,6 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, BIO_printf(bio, " "); num = len; -#if 0 - if (num > 16) - num = 16; -#endif for (i = 0; i < num; i++) { if (i % 16 == 0 && i > 0) BIO_printf(bio, "\n "); diff --git a/apps/s_client.c b/apps/s_client.c index 0fb4771..325dbf1 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1326,10 +1326,6 @@ int MAIN(int argc, char **argv) if (state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); -#if 0 - else - SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER")); -#endif SSL_CTX_set_verify(ctx, verify, verify_callback); @@ -1508,17 +1504,6 @@ int MAIN(int argc, char **argv) SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp); SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); -# if 0 - { - STACK_OF(OCSP_RESPID) *ids = sk_OCSP_RESPID_new_null(); - OCSP_RESPID *id = OCSP_RESPID_new(); - id->value.byKey = ASN1_OCTET_STRING_new(); - id->type = V_OCSP_RESPID_KEY; - ASN1_STRING_set(id->value.byKey, "Hello World", -1); - sk_OCSP_RESPID_push(ids, id); - SSL_set_tlsext_status_ids(con, ids); - } -# endif } #endif #ifndef OPENSSL_NO_JPAKE @@ -1667,16 +1652,6 @@ int MAIN(int argc, char **argv) tty_on = 1; if (in_init) { in_init = 0; -#if 0 /* This test doesn't really work as intended - * (needs to be fixed) */ -# ifndef OPENSSL_NO_TLSEXT - if (servername != NULL && !SSL_session_reused(con)) { - BIO_printf(bio_c_out, - "Server did %sacknowledge servername extension.\n", - tlsextcbp.ack ? "" : "not "); - } -# endif -#endif if (sess_out) { BIO *stmp = BIO_new_file(sess_out, "w"); if (stmp) { diff --git a/apps/s_server.c b/apps/s_server.c index e6ea350..5537fde 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -838,12 +838,6 @@ static int cert_status_cb(SSL *s, void *arg) STACK_OF(X509_EXTENSION) *exts; int ret = SSL_TLSEXT_ERR_NOACK; int i; -# if 0 - STACK_OF(OCSP_RESPID) *ids; - SSL_get_tlsext_status_ids(s, &ids); - BIO_printf(err, "cert_status: received %d ids\n", - sk_OCSP_RESPID_num(ids)); -# endif if (srctx->verbose) BIO_puts(err, "cert_status: callback called\n"); /* Build up OCSP query from server certificate */ @@ -1735,19 +1729,6 @@ int MAIN(int argc, char *argv[]) SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles); #endif -#if 0 - if (cipher == NULL) - cipher = getenv("SSL_CIPHER"); -#endif - -#if 0 - if (s_cert_file == NULL) { - BIO_printf(bio_err, - "You must specify a certificate file for the server to use\n"); - goto end; - } -#endif - if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) || (!SSL_CTX_set_default_verify_paths(ctx))) { /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ @@ -2691,27 +2672,6 @@ static DH *load_dh_param(const char *dhfile) } #endif -#if 0 -static int load_CA(SSL_CTX *ctx, char *file) -{ - FILE *in; - X509 *x = NULL; - - if ((in = fopen(file, "r")) == NULL) - return (0); - - for (;;) { - if (PEM_read_X509(in, &x, NULL) == NULL) - break; - SSL_CTX_add_client_CA(ctx, x); - } - if (x != NULL) - X509_free(x); - fclose(in); - return (1); -} -#endif - static int www_body(char *hostname, int s, int stype, unsigned char *context) { char *buf = NULL; @@ -3010,21 +2970,12 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) BIO_printf(io, "'%s' is an invalid path\r\n", p); break; } -#if 0 - /* append if a directory lookup */ - if (e[-1] == '/') - strcat(p, "index.html"); -#endif /* if a directory, do the index thang */ if (app_isdir(p) > 0) { -#if 0 /* must check buffer size */ - strcat(p, "/index.html"); -#else BIO_puts(io, text); BIO_printf(io, "'%s' is a directory\r\n", p); break; -#endif } if ((file = BIO_new_file(p, "r")) == NULL) { diff --git a/apps/s_time.c b/apps/s_time.c index 972dccf..102ee72 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -217,17 +217,6 @@ static int parseArgs(int argc, char **argv) goto bad; host = *(++argv); } -#if 0 - else if (strcmp(*argv, "-host") == 0) { - if (--argc < 1) - goto bad; - host = *(++argv); - } else if (strcmp(*argv, "-port") == 0) { - if (--argc < 1) - goto bad; - port = *(++argv); - } -#endif else if (strcmp(*argv, "-reuse") == 0) perform = 2; else if (strcmp(*argv, "-new") == 0) @@ -582,11 +571,6 @@ static SSL *doConnection(SSL *scon) SSL_set_bio(serverCon, conn, conn); -#if 0 - if (scon != NULL) - SSL_set_session(serverCon, SSL_get_session(scon)); -#endif - /* ok, lets connect */ for (;;) { i = SSL_connect(serverCon); diff --git a/apps/smime.c b/apps/smime.c index 05321a9..5efe51f 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -511,11 +511,6 @@ int MAIN(int argc, char **argv) while (*args) { if (!(cert = load_cert(bio_err, *args, FORMAT_PEM, NULL, e, "recipient certificate file"))) { -#if 0 /* An appropriate message is already printed */ - BIO_printf(bio_err, - "Can't read recipient certificate file %s\n", - *args); -#endif goto end; } sk_X509_push(encerts, cert); diff --git a/apps/speed.c b/apps/speed.c index 419dced..8dc9de9 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -874,12 +874,6 @@ int MAIN(int argc, char **argv) else #endif #ifndef OPENSSL_NO_RSA -# if 0 /* was: #ifdef RSAref */ - if (strcmp(*argv, "rsaref") == 0) { - RSA_set_default_openssl_method(RSA_PKCS1_RSAref()); - j--; - } else -# endif # ifndef RSA_NULL if (strcmp(*argv, "openssl") == 0) { RSA_set_default_method(RSA_PKCS1_SSLeay()); @@ -1273,16 +1267,6 @@ int MAIN(int argc, char **argv) i); goto end; } -# if 0 - else { - BIO_printf(bio_err, - mr ? "+RK:%d:" - : "Loaded RSA key, %d bit modulus and e= 0x", - BN_num_bits(rsa_key[i]->n)); - BN_print(bio_err, rsa_key[i]->e); - BIO_printf(bio_err, "\n"); - } -# endif } #endif From rsalz at openssl.org Fri Jan 30 20:36:37 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 30 Jan 2015 21:36:37 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130203637.B06611DF1AB@butler.localdomain> The branch master has been updated via 02a938c953b3e1ced71d9a832de1618f907eb96d (commit) from 75d0ebef2aef7a2c77b27575b8da898e22f3ccd5 (commit) - Log ----------------------------------------------------------------- commit 02a938c953b3e1ced71d9a832de1618f907eb96d Author: Rich Salz Date: Fri Jan 30 15:35:49 2015 -0500 Dead code removal: #if 0 asn1, pkcs7 Keep one #if 0 but rename the symbol to be more descriptive of what it's doing (you can disable support for old broken Netscape software). Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_gentm.c | 51 --------------------------- crypto/asn1/a_strex.c | 12 ------- crypto/asn1/a_time.c | 27 -------------- crypto/asn1/a_utctm.c | 87 ---------------------------------------------- crypto/asn1/asn1_lib.c | 6 ---- crypto/asn1/asn1_par.c | 4 --- crypto/asn1/t_x509.c | 8 ----- crypto/asn1/tasn_prn.c | 9 ----- crypto/pkcs7/pk7_doit.c | 35 ------------------- crypto/pkcs7/pk7_smime.c | 9 ++--- 10 files changed, 5 insertions(+), 243 deletions(-) diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index db4510f..97011f8 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -66,57 +66,6 @@ #include #include "asn1_locl.h" -#if 0 - -int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp) -{ -# ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING tmpstr = *(ASN1_STRING *)a; - - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - - a = (ASN1_GENERALIZEDTIME *)&tmpstr; -# endif - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, - V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL)); -} - -ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, - unsigned char **pp, - long length) -{ - ASN1_GENERALIZEDTIME *ret = NULL; - - ret = - (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, - V_ASN1_GENERALIZEDTIME, - V_ASN1_UNIVERSAL); - if (ret == NULL) { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR); - return (NULL); - } -# ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -# endif - if (!ASN1_GENERALIZEDTIME_check(ret)) { - ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return (ret); - err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_GENERALIZEDTIME_free(ret); - return (NULL); -} - -#endif - int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) { static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 765698f..1744853 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -83,18 +83,6 @@ * Three IO functions for sending data to memory, a BIO and and a FILE * pointer. */ -#if 0 /* never used */ -static int send_mem_chars(void *arg, const void *buf, int len) -{ - unsigned char **out = arg; - if (!out) - return 1; - memcpy(*out, buf, len); - *out += len; - return 1; -} -#endif - static int send_bio_chars(void *arg, const void *buf, int len) { if (!arg) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 20e7c6d..7ff3de3 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -71,33 +71,6 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) -#if 0 -int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) -{ -# ifdef CHARSET_EBCDIC - /* KLUDGE! We convert to ascii before writing DER */ - char tmp[24]; - ASN1_STRING tmpstr; - - if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) { - int len; - - tmpstr = *(ASN1_STRING *)a; - len = tmpstr.length; - ebcdic2ascii(tmp, tmpstr.data, - (len >= sizeof tmp) ? sizeof tmp : len); - tmpstr.data = tmp; - a = (ASN1_GENERALIZEDTIME *)&tmpstr; - } -# endif - if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, - a->type, V_ASN1_UNIVERSAL)); - ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME); - return -1; -} -#endif - ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) { return ASN1_TIME_adj(s, t, 0, 0); diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index e84e595..9b55284 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -62,53 +62,6 @@ #include #include "asn1_locl.h" -#if 0 -int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp) -{ -# ifndef CHARSET_EBCDIC - return (i2d_ASN1_bytes((ASN1_STRING *)a, pp, - V_ASN1_UTCTIME, V_ASN1_UNIVERSAL)); -# else - /* KLUDGE! We convert to ascii before writing DER */ - int len; - char tmp[24]; - ASN1_STRING x = *(ASN1_STRING *)a; - - len = x.length; - ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len); - x.data = tmp; - return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); -# endif -} - -ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp, - long length) -{ - ASN1_UTCTIME *ret = NULL; - - ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length, - V_ASN1_UTCTIME, V_ASN1_UNIVERSAL); - if (ret == NULL) { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR); - return (NULL); - } -# ifdef CHARSET_EBCDIC - ascii2ebcdic(ret->data, ret->data, ret->length); -# endif - if (!ASN1_UTCTIME_check(ret)) { - ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT); - goto err; - } - - return (ret); - err: - if ((ret != NULL) && ((a == NULL) || (*a != ret))) - M_ASN1_UTCTIME_free(ret); - return (NULL); -} - -#endif - int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) { static const int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 }; @@ -309,43 +262,3 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) return -1; return 0; } - -#if 0 -time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s) -{ - struct tm tm; - int offset; - - memset(&tm, '\0', sizeof tm); - -# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0') - tm.tm_year = g2(s->data); - if (tm.tm_year < 50) - tm.tm_year += 100; - tm.tm_mon = g2(s->data + 2) - 1; - tm.tm_mday = g2(s->data + 4); - tm.tm_hour = g2(s->data + 6); - tm.tm_min = g2(s->data + 8); - tm.tm_sec = g2(s->data + 10); - if (s->data[12] == 'Z') - offset = 0; - else { - offset = g2(s->data + 13) * 60 + g2(s->data + 15); - if (s->data[12] == '-') - offset = -offset; - } -# undef g2 - - /* - * FIXME: mktime assumes the current timezone - * instead of UTC, and unless we rewrite OpenSSL - * in Lisp we cannot locally change the timezone - * without possibly interfering with other parts - * of the program. timegm, which uses UTC, is - * non-standard. - * Also time_t is inappropriate for general - * UTC times because it may a 32 bit type. - */ - return mktime(&tm) - offset * 60; -} -#endif diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index aaf5d85..bf84526 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -137,12 +137,6 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, if (inf && !(ret & V_ASN1_CONSTRUCTED)) goto err; -#if 0 - fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", - (int)p, *plength, omax, (int)*pp, (int)(p + *plength), - (int)(omax + *pp)); - -#endif if (*plength > (omax - (p - *pp))) { ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); /* diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 98cf249..58d65ac 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -123,11 +123,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, /* ASN1_BMPSTRING *bmp=NULL; */ int dump_indent; -#if 0 - dump_indent = indent; -#else dump_indent = 6; /* Because we know BIO_dump_indent() */ -#endif p = *pp; tot = p + length; op = p - 1; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 0bdc2c2..667db26 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -166,14 +166,6 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, if (!(cflag & X509_FLAG_NO_SIGNAME)) { if (X509_signature_print(bp, ci->signature, NULL) <= 0) goto err; -#if 0 - if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0) - goto err; - if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) - goto err; - if (BIO_puts(bp, "\n") <= 0) - goto err; -#endif } if (!(cflag & X509_FLAG_NO_ISSUER)) { diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index d956030..94e220b 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -245,10 +245,6 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, break; case ASN1_ITYPE_CHOICE: -#if 0 - if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx)) - return 0; -#endif /* CHOICE type, get selector */ i = asn1_get_choice_selector(fld, it); /* This should never happen... */ @@ -376,11 +372,6 @@ static int asn1_print_fsname(BIO *out, int indent, static const char spaces[] = " "; static const int nspaces = sizeof(spaces) - 1; -#if 0 - if (!sname && !fname) - return 1; -#endif - while (indent > nspaces) { if (BIO_write(out, spaces, nspaces) != nspaces) return 0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index b4886f7..54b7b07 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -479,15 +479,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } if (evp_cipher != NULL) { -#if 0 - unsigned char key[EVP_MAX_KEY_LENGTH]; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char *p; - int keylen, ivlen; - int max; - X509_OBJECT ret; -#endif - if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB); goto err; @@ -593,22 +584,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) BIO_push(out, etmp); etmp = NULL; } -#if 1 if (PKCS7_is_detached(p7) || (in_bio != NULL)) { bio = in_bio; } else { -# if 0 - bio = BIO_new(BIO_s_mem()); - /* - * We need to set this so that when we have read all the data, the - * encrypt BIO, if present, will read EOF and encode the last few - * bytes - */ - BIO_set_mem_eof_return(bio, 0); - - if (data_body->length > 0) - BIO_write(bio, (char *)data_body->data, data_body->length); -# else if (data_body->length > 0) bio = BIO_new_mem_buf(data_body->data, data_body->length); else { @@ -617,11 +595,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) } if (bio == NULL) goto err; -# endif } BIO_push(out, bio); bio = NULL; -#endif if (0) { err: if (ek) { @@ -1017,17 +993,6 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, } if ((message_digest->length != (int)md_len) || (memcmp(message_digest->data, md_dat, md_len))) { -#if 0 - { - int ii; - for (ii = 0; ii < message_digest->length; ii++) - printf("%02X", message_digest->data[ii]); - printf(" sent\n"); - for (ii = 0; ii < md_len; ii++) - printf("%02X", md_dat[ii]); - printf(" calc\n"); - } -#endif PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE); ret = -1; goto err; diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index dbd4100..e659af8 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -274,12 +274,13 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT); return 0; } -#if 0 + /* - * NB: this test commented out because some versions of Netscape - * illegally include zero length content when signing data. + * Very old Netscape illegally included empty content with + * a detached signature. To not support that, enable the + * following flag. */ - +#ifdef OPENSSL_DONT_SUPPORT_OLD_NETSCAPE /* Check for data and content: two sets of data */ if (!PKCS7_get_detached(p7) && indata) { PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT); From ben at openssl.org Fri Jan 30 22:23:35 2015 From: ben at openssl.org (Ben Laurie) Date: Fri, 30 Jan 2015 23:23:35 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150130222335.A66651DF1AB@butler.localdomain> The branch master has been updated via 4de8385796541c8c2973813f5da5fad173ba1ca2 (commit) from 02a938c953b3e1ced71d9a832de1618f907eb96d (commit) - Log ----------------------------------------------------------------- commit 4de8385796541c8c2973813f5da5fad173ba1ca2 Author: Ben Laurie Date: Fri Jan 30 18:59:32 2015 +0000 Build correctly for me on FreeBSD 10. Reviewed-by: Rich Salz Don't debug. ----------------------------------------------------------------------- Summary of changes: Configure | 2 +- crypto/engine/eng_cryptodev.c | 1 + engines/Makefile | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure index ca48b52..d56c3d9 100755 --- a/Configure +++ b/Configure @@ -177,7 +177,7 @@ my %table=( "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::", "debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -fsanitize=undefined -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index 6b5cc19..65efc81 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -30,6 +30,7 @@ #include #include #include +#include "../bn/bn_lcl.h" #if (defined(__unix__) || defined(unix)) && !defined(USG) && \ (defined(OpenBSD) || defined(__FreeBSD__)) diff --git a/engines/Makefile b/engines/Makefile index a2882e3..da4ae77 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -26,6 +26,7 @@ EX_LIBS= CFLAGS= $(INCLUDES) $(CFLAG) ASFLAGS= $(INCLUDES) $(ASFLAG) +AFLAGS= $(ASFLAGS) GENERAL=Makefile engines.com install.com engine_vector.mar TEST= From matt at openssl.org Sat Jan 31 18:11:04 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 31 Jan 2015 19:11:04 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150131181105.228F61DF1AB@butler.localdomain> The branch master has been updated via 1d4d68570b8d3f214da0df57c5a629ced9668161 (commit) via 78cc1f03e8ef3a370f900ecda53c1c7e9ca22c78 (commit) via 0c2837564c878b06f87575361aa7d3b7562ae861 (commit) via b6ba401497001c2f042feff693ed292b21c8369c (commit) from 4de8385796541c8c2973813f5da5fad173ba1ca2 (commit) - Log ----------------------------------------------------------------- commit 1d4d68570b8d3f214da0df57c5a629ced9668161 Author: Richard Levitte Date: Fri Jan 30 23:06:06 2015 +0000 Make the libssl opaque changes compile on VMS Reviewed-by: Matt Caswell commit 78cc1f03e8ef3a370f900ecda53c1c7e9ca22c78 Author: Matt Caswell Date: Wed Jan 28 11:44:34 2015 +0000 Add changes entry for opaquifying of libssl structures Reviewed-by: Richard Levitte commit 0c2837564c878b06f87575361aa7d3b7562ae861 Author: Matt Caswell Date: Wed Jan 28 11:40:54 2015 +0000 Remove OPENSSL_NO_SSL_INTERN as it is now redundant - all internals previously protected by this have been moved into non-public headers Reviewed-by: Richard Levitte commit b6ba401497001c2f042feff693ed292b21c8369c Author: Matt Caswell Date: Tue Jan 27 20:11:24 2015 +0000 Make libssl opaque. Move all structures that were previously protected by OPENSSL_NO_SSL_INTERN into internal header files. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 + apps/apps.h | 2 - makevms.com | 1 - ssl/bio_ssl.c | 2 +- ssl/dtls1.h | 143 -------- ssl/ssl.h | 702 -------------------------------------- ssl/ssl3.h | 204 ----------- ssl/ssl_locl.h | 1036 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ssl/ssl_task.c | 2 +- ssl/ssltest.c | 2 + util/mkdef.pl | 2 - 11 files changed, 1045 insertions(+), 1056 deletions(-) diff --git a/CHANGES b/CHANGES index 26ea797..4b78387 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) All libssl internal structures have been removed from the public header + files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is + now redundant). Users should not attempt to access internal structures + directly. Instead they should use the provided API functions. + [Matt Caswell] *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used. Access to deprecated functions can be re-enabled by running config with diff --git a/apps/apps.h b/apps/apps.h index 3f53bc1..2e346f9 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -383,6 +383,4 @@ int raw_write_stdout(const void *, int); # define TM_STOP 1 double app_tminterval(int stop, int usertime); -# define OPENSSL_NO_SSL_INTERN - #endif diff --git a/makevms.com b/makevms.com index cf759e4..ac1ccc9 100755 --- a/makevms.com +++ b/makevms.com @@ -306,7 +306,6 @@ $ CONFIG_LOGICALS := AES,- SRP,- SRTP,- SSL3_METHOD,- - SSL_INTERN,- SSL_TRACE,- STATIC_ENGINE,- STDIO,- diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index a0c583e..458e071 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -63,7 +63,7 @@ #include #include #include -#include +#include "ssl_locl.h" static int ssl_write(BIO *h, const char *buf, int num); static int ssl_read(BIO *h, char *buf, int size); diff --git a/ssl/dtls1.h b/ssl/dtls1.h index e2be78d..ff406d8 100644 --- a/ssl/dtls1.h +++ b/ssl/dtls1.h @@ -110,149 +110,6 @@ extern "C" { # define DTLS1_AL_HEADER_LENGTH 2 # endif -# ifndef OPENSSL_NO_SSL_INTERN - -# ifndef OPENSSL_NO_SCTP -# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" -# endif - -/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ -# define DTLS1_MAX_MTU_OVERHEAD 48 - -typedef struct dtls1_bitmap_st { - unsigned long map; /* track 32 packets on 32-bit systems and 64 - * - on 64-bit systems */ - unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit - * value in big-endian encoding */ -} DTLS1_BITMAP; - -struct dtls1_retransmit_state { - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif - SSL_SESSION *session; - unsigned short epoch; -}; - -struct hm_header_st { - unsigned char type; - unsigned long msg_len; - unsigned short seq; - unsigned long frag_off; - unsigned long frag_len; - unsigned int is_ccs; - struct dtls1_retransmit_state saved_retransmit_state; -}; - -struct ccs_header_st { - unsigned char type; - unsigned short seq; -}; - -struct dtls1_timeout_st { - /* Number of read timeouts so far */ - unsigned int read_timeouts; - /* Number of write timeouts so far */ - unsigned int write_timeouts; - /* Number of alerts received so far */ - unsigned int num_alerts; -}; - -typedef struct record_pqueue_st { - unsigned short epoch; - pqueue q; -} record_pqueue; - -typedef struct hm_fragment_st { - struct hm_header_st msg_header; - unsigned char *fragment; - unsigned char *reassembly; -} hm_fragment; - -typedef struct dtls1_state_st { - unsigned int send_cookie; - unsigned char cookie[DTLS1_COOKIE_LENGTH]; - unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; - unsigned int cookie_len; - /* - * The current data and handshake epoch. This is initially - * undefined, and starts at zero once the initial handshake is - * completed - */ - unsigned short r_epoch; - unsigned short w_epoch; - /* records being received in the current epoch */ - DTLS1_BITMAP bitmap; - /* renegotiation starts a new set of sequence numbers */ - DTLS1_BITMAP next_bitmap; - /* handshake message numbers */ - unsigned short handshake_write_seq; - unsigned short next_handshake_write_seq; - unsigned short handshake_read_seq; - /* save last sequence number for retransmissions */ - unsigned char last_write_sequence[8]; - /* Received handshake records (processed and unprocessed) */ - record_pqueue unprocessed_rcds; - record_pqueue processed_rcds; - /* Buffered handshake messages */ - pqueue buffered_messages; - /* Buffered (sent) handshake records */ - pqueue sent_messages; - /* - * Buffered application records. Only for records between CCS and - * Finished to prevent either protocol violation or unnecessary message - * loss. - */ - record_pqueue buffered_app_data; - /* Is set when listening for new connections with dtls1_listen() */ - unsigned int listen; - unsigned int link_mtu; /* max on-the-wire DTLS packet size */ - unsigned int mtu; /* max DTLS packet size */ - struct hm_header_st w_msg_hdr; - struct hm_header_st r_msg_hdr; - struct dtls1_timeout_st timeout; - /* - * Indicates when the last handshake msg or heartbeat sent will timeout - */ - struct timeval next_timeout; - /* Timeout duration */ - unsigned short timeout_duration; - /* - * storage for Alert/Handshake protocol data received but not yet - * processed by ssl3_read_bytes: - */ - unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; - unsigned int handshake_fragment_len; - unsigned int retransmitting; - /* - * Set when the handshake is ready to process peer's ChangeCipherSpec message. - * Cleared after the message has been processed. - */ - unsigned int change_cipher_spec_ok; -# ifndef OPENSSL_NO_SCTP - /* used when SSL_ST_XX_FLUSH is entered */ - int next_state; - int shutdown_received; -# endif -} DTLS1_STATE; - -typedef struct dtls1_record_data_st { - unsigned char *packet; - unsigned int packet_length; - SSL3_BUFFER rbuf; - SSL3_RECORD rrec; -# ifndef OPENSSL_NO_SCTP - struct bio_dgram_sctp_rcvinfo recordinfo; -# endif -} DTLS1_RECORD_DATA; - -# endif /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */ # define DTLS1_TMO_READ_COUNT 2 diff --git a/ssl/ssl.h b/ssl/ssl.h index 0a6f4da..df91c18 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -388,166 +388,6 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # endif -# ifndef OPENSSL_NO_SSL_INTERN - -/* used to hold info on the particular ciphers used */ -struct ssl_cipher_st { - int valid; - const char *name; /* text name */ - unsigned long id; /* id, 4 bytes, first is version */ - /* - * changed in 0.9.9: these four used to be portions of a single value - * 'algorithms' - */ - unsigned long algorithm_mkey; /* key exchange algorithm */ - unsigned long algorithm_auth; /* server authentication */ - unsigned long algorithm_enc; /* symmetric encryption */ - unsigned long algorithm_mac; /* symmetric authentication */ - unsigned long algorithm_ssl; /* (major) protocol version */ - unsigned long algo_strength; /* strength and export flags */ - unsigned long algorithm2; /* Extra flags */ - int strength_bits; /* Number of bits really used */ - int alg_bits; /* Number of bits for algorithm */ -}; - -/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ -struct ssl_method_st { - int version; - int (*ssl_new) (SSL *s); - void (*ssl_clear) (SSL *s); - void (*ssl_free) (SSL *s); - int (*ssl_accept) (SSL *s); - int (*ssl_connect) (SSL *s); - int (*ssl_read) (SSL *s, void *buf, int len); - int (*ssl_peek) (SSL *s, void *buf, int len); - int (*ssl_write) (SSL *s, const void *buf, int len); - int (*ssl_shutdown) (SSL *s); - int (*ssl_renegotiate) (SSL *s); - int (*ssl_renegotiate_check) (SSL *s); - long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long - max, int *ok); - int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, - int peek); - int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); - int (*ssl_dispatch_alert) (SSL *s); - long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); - long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); - const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); - int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); - int (*ssl_pending) (const SSL *s); - int (*num_ciphers) (void); - const SSL_CIPHER *(*get_cipher) (unsigned ncipher); - const struct ssl_method_st *(*get_ssl_method) (int version); - long (*get_timeout) (void); - const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ - int (*ssl_version) (void); - long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); - long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); -}; - -/*- - * Lets make this into an ASN.1 type structure as follows - * SSL_SESSION_ID ::= SEQUENCE { - * version INTEGER, -- structure version number - * SSLversion INTEGER, -- SSL version number - * Cipher OCTET STRING, -- the 3 byte cipher ID - * Session_ID OCTET STRING, -- the Session ID - * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal - * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument - * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time - * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds - * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate - * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context - * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' - * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension - * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint - * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity - * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket - * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) - * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method - * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username - * } - * Look in ssl/ssl_asn1.c for more details - * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). - */ -struct ssl_session_st { - int ssl_version; /* what ssl version session info is being - * kept in here? */ - int master_key_length; - unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; - /* session_id - valid? */ - unsigned int session_id_length; - unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; - /* - * this is used to determine whether the session is being reused in the - * appropriate context. It is up to the application to set this, via - * SSL_new - */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_KRB5 - unsigned int krb5_client_princ_len; - unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -# endif /* OPENSSL_NO_KRB5 */ -# ifndef OPENSSL_NO_PSK - char *psk_identity_hint; - char *psk_identity; -# endif - /* - * Used to indicate that session resumption is not allowed. Applications - * can also set this bit for a new session via not_resumable_session_cb - * to disable session caching and tickets. - */ - int not_resumable; - /* The cert is the certificate used to establish this connection */ - struct sess_cert_st /* SESS_CERT */ *sess_cert; - /* - * This is the cert for the other end. On clients, it will be the same as - * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is - * not retained in the external representation of sessions, see - * ssl_asn1.c). - */ - X509 *peer; - /* - * when app_verify_callback accepts a session where the peer's - * certificate is not ok, we must remember the error for session reuse: - */ - long verify_result; /* only for servers */ - int references; - long timeout; - long time; - unsigned int compress_meth; /* Need to lookup the method */ - const SSL_CIPHER *cipher; - unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used - * to load the 'cipher' structure */ - STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ - CRYPTO_EX_DATA ex_data; /* application specific data */ - /* - * These are used to make removal of session-ids more efficient and to - * implement a maximum cache size. - */ - struct ssl_session_st *prev, *next; -# ifndef OPENSSL_NO_TLSEXT - char *tlsext_hostname; -# ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; /* peer's list */ - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; /* peer's list */ -# endif /* OPENSSL_NO_EC */ - /* RFC4507 info */ - unsigned char *tlsext_tick; /* Session ticket */ - size_t tlsext_ticklen; /* Session ticket length */ - long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -# endif -# ifndef OPENSSL_NO_SRP - char *srp_username; -# endif -}; - -# endif - /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L # define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x00000008L @@ -818,27 +658,6 @@ void SSL_set_msg_callback(SSL *ssl, # ifndef OPENSSL_NO_SRP -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct srp_ctx_st { - /* param for all the callbacks */ - void *SRP_cb_arg; - /* set client Hello login callback */ - int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); - /* set SRP N/g param callback for verification */ - int (*SRP_verify_param_callback) (SSL *, void *); - /* set SRP client passwd callback */ - char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); - char *login; - BIGNUM *N, *g, *s, *B, *A; - BIGNUM *a, *b, *v; - char *info; - int strength; - unsigned long srp_Mask; -} SRP_CTX; - -# endif - /* see tls_srp.c */ int SSL_SRP_CTX_init(SSL *s); int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx); @@ -878,271 +697,6 @@ typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, typedef struct ssl_comp_st SSL_COMP; -# ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_comp_st { - int id; - const char *name; -# ifndef OPENSSL_NO_COMP - COMP_METHOD *method; -# else - char *method; -# endif -}; - -DECLARE_STACK_OF(SSL_COMP) -DECLARE_LHASH_OF(SSL_SESSION); - -struct ssl_ctx_st { - const SSL_METHOD *method; - STACK_OF(SSL_CIPHER) *cipher_list; - /* same as above but sorted for lookup */ - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - struct x509_store_st /* X509_STORE */ *cert_store; - LHASH_OF(SSL_SESSION) *sessions; - /* - * Most session-ids that will be cached, default is - * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. - */ - unsigned long session_cache_size; - struct ssl_session_st *session_cache_head; - struct ssl_session_st *session_cache_tail; - /* - * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, - * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which - * means only SSL_accept which cache SSL_SESSIONS. - */ - int session_cache_mode; - /* - * If timeout is not 0, it is the default timeout value set when - * SSL_new() is called. This has been put in to make life easier to set - * things up - */ - long session_timeout; - /* - * If this callback is not null, it will be called each time a session id - * is added to the cache. If this function returns 1, it means that the - * callback will do a SSL_SESSION_free() when it has finished using it. - * Otherwise, on 0, it means the callback has finished with it. If - * remove_session_cb is not null, it will be called when a session-id is - * removed from the cache. After the call, OpenSSL will - * SSL_SESSION_free() it. - */ - int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); - void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); - SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, - unsigned char *data, int len, int *copy); - struct { - int sess_connect; /* SSL new conn - started */ - int sess_connect_renegotiate; /* SSL reneg - requested */ - int sess_connect_good; /* SSL new conne/reneg - finished */ - int sess_accept; /* SSL new accept - started */ - int sess_accept_renegotiate; /* SSL reneg - requested */ - int sess_accept_good; /* SSL accept/reneg - finished */ - int sess_miss; /* session lookup misses */ - int sess_timeout; /* reuse attempt on timeouted session */ - int sess_cache_full; /* session removed due to full cache */ - int sess_hit; /* session reuse actually done */ - int sess_cb_hit; /* session-id that was not in the cache was - * passed back via the callback. This - * indicates that the application is - * supplying session-id's from other - * processes - spooky :-) */ - } stats; - - int references; - - /* if defined, these override the X509_verify_cert() calls */ - int (*app_verify_callback) (X509_STORE_CTX *, void *); - void *app_verify_arg; - /* - * before OpenSSL 0.9.7, 'app_verify_arg' was ignored - * ('app_verify_callback' was called with just one argument) - */ - - /* Default password callback. */ - pem_password_cb *default_passwd_callback; - - /* Default password callback user data. */ - void *default_passwd_callback_userdata; - - /* get client cert callback */ - int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); - - /* cookie generate callback */ - int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len); - - /* verify cookie callback */ - int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, - unsigned int cookie_len); - - CRYPTO_EX_DATA ex_data; - - const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ - const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ - - STACK_OF(X509) *extra_certs; - STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ - - /* Default values used when no per-SSL value is defined follow */ - - /* used if SSL's info_callback is NULL */ - void (*info_callback) (const SSL *ssl, int type, int val); - - /* what we put in client cert requests */ - STACK_OF(X509_NAME) *client_CA; - - /* - * Default values to use in SSL structures follow (these are copied by - * SSL_new) - */ - - unsigned long options; - unsigned long mode; - long max_cert_list; - - struct cert_st /* CERT */ *cert; - int read_ahead; - - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - - int verify_mode; - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - /* called 'verify_callback' in the SSL */ - int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); - - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - - X509_VERIFY_PARAM *param; - - int quiet_shutdown; - - /* - * Maximum amount of data to send in one fragment. actual record size can - * be more than this due to padding and MAC overheads. - */ - unsigned int max_send_fragment; - -# ifndef OPENSSL_NO_ENGINE - /* - * Engine to pass requests for client certs to - */ - ENGINE *client_cert_engine; -# endif - -# ifndef OPENSSL_NO_TLSEXT - /* TLS extensions servername callback */ - int (*tlsext_servername_callback) (SSL *, int *, void *); - void *tlsext_servername_arg; - /* RFC 4507 session ticket keys */ - unsigned char tlsext_tick_key_name[16]; - unsigned char tlsext_tick_hmac_key[16]; - unsigned char tlsext_tick_aes_key[16]; - /* Callback to support customisation of ticket key setting */ - int (*tlsext_ticket_key_cb) (SSL *ssl, - unsigned char *name, unsigned char *iv, - EVP_CIPHER_CTX *ectx, - HMAC_CTX *hctx, int enc); - - /* certificate status request info */ - /* Callback for status request */ - int (*tlsext_status_cb) (SSL *ssl, void *arg); - void *tlsext_status_arg; -# endif - -# ifndef OPENSSL_NO_PSK - char *psk_identity_hint; - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); -# endif - -# ifndef OPENSSL_NO_SRP - SRP_CTX srp_ctx; /* ctx for SRP authentication */ -# endif - -# ifndef OPENSSL_NO_TLSEXT - -# ifndef OPENSSL_NO_NEXTPROTONEG - /* Next protocol negotiation information */ - /* (for experimental NPN extension). */ - - /* - * For a server, this contains a callback function by which the set of - * advertised protocols can be provided. - */ - int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, - unsigned int *len, void *arg); - void *next_protos_advertised_cb_arg; - /* - * For a client, this contains a callback function that selects the next - * protocol from the list provided by the server. - */ - int (*next_proto_select_cb) (SSL *s, unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *next_proto_select_cb_arg; -# endif - - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ - - /*- - * For a server, this contains a callback function that allows the - * server to select the protocol for the connection. - * out: on successful return, this must point to the raw protocol - * name (without the length prefix). - * outlen: on successful return, this contains the length of |*out|. - * in: points to the client's list of supported protocols in - * wire-format. - * inlen: the length of |in|. - */ - int (*alpn_select_cb) (SSL *s, - const unsigned char **out, - unsigned char *outlen, - const unsigned char *in, - unsigned int inlen, void *arg); - void *alpn_select_cb_arg; - - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; - - /* SRTP profiles we are willing to do from RFC 5764 */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; -# endif - /* - * Callback for disabling session caching and ticket support on a session - * basis, depending on the chosen cipher. - */ - int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); -# ifndef OPENSSL_NO_EC - /* EC extension values inherited by SSL structure */ - size_t tlsext_ecpointformatlist_length; - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ -}; - -# endif # define SSL_SESS_CACHE_OFF 0x0000 # define SSL_SESS_CACHE_CLIENT 0x0001 @@ -1376,262 +930,6 @@ int SSL_extension_supported(unsigned int ext_type); # define SSL_MAC_FLAG_READ_MAC_STREAM 1 # define SSL_MAC_FLAG_WRITE_MAC_STREAM 2 -# ifndef OPENSSL_NO_SSL_INTERN - -struct ssl_st { - /* - * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, - * DTLS1_VERSION) - */ - int version; - /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ - int type; - /* SSLv3 */ - const SSL_METHOD *method; - /* - * There are 2 BIO's even though they are normally both the same. This - * is so data can be read and written to different handlers - */ - /* used by SSL_read */ - BIO *rbio; - /* used by SSL_write */ - BIO *wbio; - /* used during session-id reuse to concatenate messages */ - BIO *bbio; - /* - * This holds a variable that indicates what we were doing when a 0 or -1 - * is returned. This is needed for non-blocking IO so we know what - * request needs re-doing when in SSL_accept or SSL_connect - */ - int rwstate; - /* true when we are actually in SSL_accept() or SSL_connect() */ - int in_handshake; - int (*handshake_func) (SSL *); - /* - * Imagine that here's a boolean member "init" that is switched as soon - * as SSL_set_{accept/connect}_state is called for the first time, so - * that "state" and "handshake_func" are properly initialized. But as - * handshake_func is == 0 until then, we use this test instead of an - * "init" member. - */ - /* are we the server side? - mostly used by SSL_clear */ - int server; - /* - * Generate a new session or reuse an old one. - * NB: For servers, the 'new' session may actually be a previously - * cached session or even the previous session unless - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set - */ - int new_session; - /* don't send shutdown packets */ - int quiet_shutdown; - /* we have shut things down, 0x01 sent, 0x02 for received */ - int shutdown; - /* where we are */ - int state; - /* where we are when reading */ - int rstate; - BUF_MEM *init_buf; /* buffer used during init */ - void *init_msg; /* pointer to handshake message body, set by - * ssl3_get_message() */ - int init_num; /* amount read/written */ - int init_off; /* amount read/written */ - /* used internally to point at a raw packet */ - unsigned char *packet; - unsigned int packet_length; - struct ssl3_state_st *s3; /* SSLv3 variables */ - struct dtls1_state_st *d1; /* DTLSv1 variables */ - int read_ahead; /* Read as many input bytes as possible (for - * non-blocking reads) */ - /* callback that allows applications to peek at protocol messages */ - void (*msg_callback) (int write_p, int version, int content_type, - const void *buf, size_t len, SSL *ssl, void *arg); - void *msg_callback_arg; - int hit; /* reusing a previous session */ - X509_VERIFY_PARAM *param; - /* crypto */ - STACK_OF(SSL_CIPHER) *cipher_list; - STACK_OF(SSL_CIPHER) *cipher_list_by_id; - /* - * These are the ones being used, the ones in SSL_SESSION are the ones to - * be 'copied' into these ones - */ - int mac_flags; - EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ - EVP_MD_CTX *read_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *expand; /* uncompress */ -# else - char *expand; -# endif - EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ - EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif - /* session info */ - /* client cert? */ - /* This is used to hold the server certificate used */ - struct cert_st /* CERT */ *cert; - /* - * the session_id_context is used to ensure sessions are only reused in - * the appropriate context - */ - unsigned int sid_ctx_length; - unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; - /* This can also be in the session once a session is established */ - SSL_SESSION *session; - /* Default generate session ID callback. */ - GEN_SESSION_CB generate_session_id; - /* Used in SSL3 */ - /* - * 0 don't care about verify failure. - * 1 fail if verify fails - */ - int verify_mode; - /* fail if callback returns 0 */ - int (*verify_callback) (int ok, X509_STORE_CTX *ctx); - /* optional informational callback */ - void (*info_callback) (const SSL *ssl, int type, int val); - /* error bytes to be written */ - int error; - /* actual code */ - int error_code; -# ifndef OPENSSL_NO_KRB5 - /* Kerberos 5 context */ - KSSL_CTX *kssl_ctx; -# endif /* OPENSSL_NO_KRB5 */ -# ifndef OPENSSL_NO_PSK - unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, - char *identity, - unsigned int max_identity_len, - unsigned char *psk, - unsigned int max_psk_len); - unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, - unsigned char *psk, - unsigned int max_psk_len); -# endif - SSL_CTX *ctx; - /* - * set this flag to 1 and a sleep(1) is put into all SSL_read() and - * SSL_write() calls, good for nbio debuging :-) - */ - int debug; - /* extra application data */ - long verify_result; - CRYPTO_EX_DATA ex_data; - /* for server side, keep the list of CA_dn we can use */ - STACK_OF(X509_NAME) *client_CA; - int references; - /* protocol behaviour */ - unsigned long options; - /* API behaviour */ - unsigned long mode; - long max_cert_list; - int first_packet; - /* what was passed, used for SSLv3/TLS rollback check */ - int client_version; - unsigned int max_send_fragment; -# ifndef OPENSSL_NO_TLSEXT - /* TLS extension debug callback */ - void (*tlsext_debug_cb) (SSL *s, int client_server, int type, - unsigned char *data, int len, void *arg); - void *tlsext_debug_arg; - char *tlsext_hostname; - /*- - * no further mod of servername - * 0 : call the servername extension callback. - * 1 : prepare 2, allow last ack just after in server callback. - * 2 : don't call servername callback, no ack in server hello - */ - int servername_done; - /* certificate status request info */ - /* Status type or -1 if no status type */ - int tlsext_status_type; - /* Expect OCSP CertificateStatus message */ - int tlsext_status_expected; - /* OCSP status request only */ - STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; - X509_EXTENSIONS *tlsext_ocsp_exts; - /* OCSP response received or to be sent */ - unsigned char *tlsext_ocsp_resp; - int tlsext_ocsp_resplen; - /* RFC4507 session ticket expected to be received or sent */ - int tlsext_ticket_expected; -# ifndef OPENSSL_NO_EC - size_t tlsext_ecpointformatlist_length; - /* our list */ - unsigned char *tlsext_ecpointformatlist; - size_t tlsext_ellipticcurvelist_length; - /* our list */ - unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ - /* TLS Session Ticket extension override */ - TLS_SESSION_TICKET_EXT *tlsext_session_ticket; - /* TLS Session Ticket extension callback */ - tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; - void *tls_session_ticket_ext_cb_arg; - /* TLS pre-shared secret session resumption */ - tls_session_secret_cb_fn tls_session_secret_cb; - void *tls_session_secret_cb_arg; - SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ -# ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Next protocol negotiation. For the client, this is the protocol that - * we sent in NextProtocol and is set when handling ServerHello - * extensions. For a server, this is the client's selected_protocol from - * NextProtocol and is set when handling the NextProtocol message, before - * the Finished message. - */ - unsigned char *next_proto_negotiated; - unsigned char next_proto_negotiated_len; -# endif -# define session_ctx initial_ctx - /* What we'll do */ - STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; - /* What's been chosen */ - SRTP_PROTECTION_PROFILE *srtp_profile; - /*- - * Is use of the Heartbeat extension negotiated? - * 0: disabled - * 1: enabled - * 2: enabled, but not allowed to send Requests - */ - unsigned int tlsext_heartbeat; - /* Indicates if a HeartbeatRequest is in flight */ - unsigned int tlsext_hb_pending; - /* HeartbeatRequest sequence number */ - unsigned int tlsext_hb_seq; - /* - * For a client, this contains the list of supported protocols in wire - * format. - */ - unsigned char *alpn_client_proto_list; - unsigned alpn_client_proto_list_len; -# else -# define session_ctx ctx -# endif /* OPENSSL_NO_TLSEXT */ - /*- - * 1 if we are renegotiating. - * 2 if we are a server and are inside a handshake - * (i.e. not just sending a HelloRequest) - */ - int renegotiate; -# ifndef OPENSSL_NO_SRP - /* ctx for SRP authentication */ - SRP_CTX srp_ctx; -# endif - /* - * Callback for disabling session caching and ticket support on a session - * basis, depending on the chosen cipher. - */ - int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); -}; - -# endif - #ifdef __cplusplus } #endif diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 23eb156..7d16d70 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -380,62 +380,6 @@ extern "C" { # define TLS1_HB_REQUEST 1 # define TLS1_HB_RESPONSE 2 -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl3_record_st { - /* type of record */ - /* - * r - */ int type; - /* How many bytes available */ - /* - * rw - */ unsigned int length; - /* - * How many bytes were available before padding was removed? This is used - * to implement the MAC check in constant time for CBC records. - */ - /* - * rw - */ unsigned int orig_len; - /* read/write offset into 'buf' */ - /* - * r - */ unsigned int off; - /* pointer to the record data */ - /* - * rw - */ unsigned char *data; - /* where the decode bytes are */ - /* - * rw - */ unsigned char *input; - /* only used with decompression - malloc()ed */ - /* - * r - */ unsigned char *comp; - /* epoch number, needed by DTLS1 */ - /* - * r - */ unsigned long epoch; - /* sequence number, needed by DTLS1 */ - /* - * r - */ unsigned char seq_num[8]; -} SSL3_RECORD; - -typedef struct ssl3_buffer_st { - /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ - unsigned char *buf; - /* buffer size */ - size_t len; - /* where to 'copy from' */ - int offset; - /* how many bytes left */ - int left; -} SSL3_BUFFER; - -# endif # define SSL3_CT_RSA_SIGN 1 # define SSL3_CT_DSS_SIGN 2 @@ -465,154 +409,6 @@ typedef struct ssl3_buffer_st { /* Set if we encrypt then mac instead of usual mac then encrypt */ # define TLS1_FLAGS_ENCRYPT_THEN_MAC 0x0100 -# ifndef OPENSSL_NO_SSL_INTERN - -typedef struct ssl3_state_st { - long flags; - int delay_buf_pop_ret; - unsigned char read_sequence[8]; - int read_mac_secret_size; - unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char write_sequence[8]; - int write_mac_secret_size; - unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; - unsigned char server_random[SSL3_RANDOM_SIZE]; - unsigned char client_random[SSL3_RANDOM_SIZE]; - /* flags for countermeasure against known-IV weakness */ - int need_empty_fragments; - int empty_fragment_done; - /* The value of 'extra' when the buffers were initialized */ - int init_extra; - SSL3_BUFFER rbuf; /* read IO goes into here */ - SSL3_BUFFER wbuf; /* write IO goes into here */ - SSL3_RECORD rrec; /* each decoded record goes in here */ - SSL3_RECORD wrec; /* goes out from here */ - /* - * storage for Alert/Handshake protocol data received but not yet - * processed by ssl3_read_bytes: - */ - unsigned char alert_fragment[2]; - unsigned int alert_fragment_len; - unsigned char handshake_fragment[4]; - unsigned int handshake_fragment_len; - /* partial write - check the numbers match */ - unsigned int wnum; /* number of bytes sent so far */ - int wpend_tot; /* number bytes written */ - int wpend_type; - int wpend_ret; /* number of bytes submitted */ - const unsigned char *wpend_buf; - /* used during startup, digest all incoming/outgoing packets */ - BIO *handshake_buffer; - /* - * When set of handshake digests is determined, buffer is hashed and - * freed and MD_CTX-es for all required digests are stored in this array - */ - EVP_MD_CTX **handshake_dgst; - /* - * Set whenever an expected ChangeCipherSpec message is processed. - * Unset when the peer's Finished message is received. - * Unexpected ChangeCipherSpec messages trigger a fatal alert. - */ - int change_cipher_spec; - int warn_alert; - int fatal_alert; - /* - * we allow one fatal and one warning alert to be outstanding, send close - * alert via the warning alert - */ - int alert_dispatch; - unsigned char send_alert[2]; - /* - * This flag is set when we should renegotiate ASAP, basically when there - * is no more data in the read or write buffers - */ - int renegotiate; - int total_renegotiations; - int num_renegotiations; - int in_read_app_data; - struct { - /* actually only needs to be 16+20 */ - unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; - int finish_md_len; - unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; - int peer_finish_md_len; - unsigned long message_size; - int message_type; - /* used to hold the new cipher we are going to use */ - const SSL_CIPHER *new_cipher; -# ifndef OPENSSL_NO_DH - DH *dh; -# endif -# ifndef OPENSSL_NO_ECDH - EC_KEY *ecdh; /* holds short lived ECDH key */ -# endif - /* used when SSL_ST_FLUSH_DATA is entered */ - int next_state; - int reuse_message; - /* used for certificate requests */ - int cert_req; - int ctype_num; - char ctype[SSL3_CT_NUMBER]; - STACK_OF(X509_NAME) *ca_names; - int use_rsa_tmp; - int key_block_length; - unsigned char *key_block; - const EVP_CIPHER *new_sym_enc; - const EVP_MD *new_hash; - int new_mac_pkey_type; - int new_mac_secret_size; -# ifndef OPENSSL_NO_COMP - const SSL_COMP *new_compression; -# else - char *new_compression; -# endif - int cert_request; - } tmp; - - /* Connection binding to prevent renegotiation attacks */ - unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_client_finished_len; - unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; - unsigned char previous_server_finished_len; - int send_connection_binding; /* TODOEKR */ - -# ifndef OPENSSL_NO_NEXTPROTONEG - /* - * Set if we saw the Next Protocol Negotiation extension from our peer. - */ - int next_proto_neg_seen; -# endif - -# ifndef OPENSSL_NO_TLSEXT - - /* - * ALPN information (we are in the process of transitioning from NPN to - * ALPN.) - */ - - /* - * In a server these point to the selected ALPN protocol after the - * ClientHello has been processed. In a client these contain the protocol - * that the server selected once the ServerHello has been processed. - */ - unsigned char *alpn_selected; - unsigned alpn_selected_len; - -# ifndef OPENSSL_NO_EC - /* - * This is set to true if we believe that this is a version of Safari - * running on OS X 10.6 or newer. We wish to know this because Safari on - * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. - */ - char is_probably_safari; -# endif /* !OPENSSL_NO_EC */ - -# endif /* !OPENSSL_NO_TLSEXT */ -} SSL3_STATE; - -# endif /* SSLv3 */ /* diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f3ce460..56d6108 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -520,6 +520,1042 @@ #define CERT_PRIVATE_KEY 2 */ +/* used to hold info on the particular ciphers used */ +struct ssl_cipher_st { + int valid; + const char *name; /* text name */ + unsigned long id; /* id, 4 bytes, first is version */ + /* + * changed in 0.9.9: these four used to be portions of a single value + * 'algorithms' + */ + unsigned long algorithm_mkey; /* key exchange algorithm */ + unsigned long algorithm_auth; /* server authentication */ + unsigned long algorithm_enc; /* symmetric encryption */ + unsigned long algorithm_mac; /* symmetric authentication */ + unsigned long algorithm_ssl; /* (major) protocol version */ + unsigned long algo_strength; /* strength and export flags */ + unsigned long algorithm2; /* Extra flags */ + int strength_bits; /* Number of bits really used */ + int alg_bits; /* Number of bits for algorithm */ +}; + +/* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ +struct ssl_method_st { + int version; + int (*ssl_new) (SSL *s); + void (*ssl_clear) (SSL *s); + void (*ssl_free) (SSL *s); + int (*ssl_accept) (SSL *s); + int (*ssl_connect) (SSL *s); + int (*ssl_read) (SSL *s, void *buf, int len); + int (*ssl_peek) (SSL *s, void *buf, int len); + int (*ssl_write) (SSL *s, const void *buf, int len); + int (*ssl_shutdown) (SSL *s); + int (*ssl_renegotiate) (SSL *s); + int (*ssl_renegotiate_check) (SSL *s); + long (*ssl_get_message) (SSL *s, int st1, int stn, int mt, long + max, int *ok); + int (*ssl_read_bytes) (SSL *s, int type, unsigned char *buf, int len, + int peek); + int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, int len); + int (*ssl_dispatch_alert) (SSL *s); + long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg); + long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg); + const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr); + int (*put_cipher_by_char) (const SSL_CIPHER *cipher, unsigned char *ptr); + int (*ssl_pending) (const SSL *s); + int (*num_ciphers) (void); + const SSL_CIPHER *(*get_cipher) (unsigned ncipher); + const struct ssl_method_st *(*get_ssl_method) (int version); + long (*get_timeout) (void); + const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ + int (*ssl_version) (void); + long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void)); + long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void)); +}; + +/*- + * Lets make this into an ASN.1 type structure as follows + * SSL_SESSION_ID ::= SEQUENCE { + * version INTEGER, -- structure version number + * SSLversion INTEGER, -- SSL version number + * Cipher OCTET STRING, -- the 3 byte cipher ID + * Session_ID OCTET STRING, -- the Session ID + * Master_key OCTET STRING, -- the master key + * KRB5_principal OCTET STRING -- optional Kerberos principal + * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument + * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time + * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds + * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate + * Session_ID_context [ 4 ] EXPLICIT OCTET STRING, -- the Session ID context + * Verify_result [ 5 ] EXPLICIT INTEGER, -- X509_V_... code for `Peer' + * HostName [ 6 ] EXPLICIT OCTET STRING, -- optional HostName from servername TLS extension + * PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint + * PSK_identity [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity + * Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket + * Ticket [10] EXPLICIT OCTET STRING, -- session ticket (clients only) + * Compression_meth [11] EXPLICIT OCTET STRING, -- optional compression method + * SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username + * } + * Look in ssl/ssl_asn1.c for more details + * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). + */ +struct ssl_session_st { + int ssl_version; /* what ssl version session info is being + * kept in here? */ + int master_key_length; + unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH]; + /* session_id - valid? */ + unsigned int session_id_length; + unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; + /* + * this is used to determine whether the session is being reused in the + * appropriate context. It is up to the application to set this, via + * SSL_new + */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; +# ifndef OPENSSL_NO_KRB5 + unsigned int krb5_client_princ_len; + unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; +# endif /* OPENSSL_NO_KRB5 */ +# ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + char *psk_identity; +# endif + /* + * Used to indicate that session resumption is not allowed. Applications + * can also set this bit for a new session via not_resumable_session_cb + * to disable session caching and tickets. + */ + int not_resumable; + /* The cert is the certificate used to establish this connection */ + struct sess_cert_st /* SESS_CERT */ *sess_cert; + /* + * This is the cert for the other end. On clients, it will be the same as + * sess_cert->peer_key->x509 (the latter is not enough as sess_cert is + * not retained in the external representation of sessions, see + * ssl_asn1.c). + */ + X509 *peer; + /* + * when app_verify_callback accepts a session where the peer's + * certificate is not ok, we must remember the error for session reuse: + */ + long verify_result; /* only for servers */ + int references; + long timeout; + long time; + unsigned int compress_meth; /* Need to lookup the method */ + const SSL_CIPHER *cipher; + unsigned long cipher_id; /* when ASN.1 loaded, this needs to be used + * to load the 'cipher' structure */ + STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ + CRYPTO_EX_DATA ex_data; /* application specific data */ + /* + * These are used to make removal of session-ids more efficient and to + * implement a maximum cache size. + */ + struct ssl_session_st *prev, *next; +# ifndef OPENSSL_NO_TLSEXT + char *tlsext_hostname; +# ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; /* peer's list */ + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; /* peer's list */ +# endif /* OPENSSL_NO_EC */ + /* RFC4507 info */ + unsigned char *tlsext_tick; /* Session ticket */ + size_t tlsext_ticklen; /* Session ticket length */ + long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ +# endif +# ifndef OPENSSL_NO_SRP + char *srp_username; +# endif +}; + + +# ifndef OPENSSL_NO_SRP + +typedef struct srp_ctx_st { + /* param for all the callbacks */ + void *SRP_cb_arg; + /* set client Hello login callback */ + int (*TLS_ext_srp_username_callback) (SSL *, int *, void *); + /* set SRP N/g param callback for verification */ + int (*SRP_verify_param_callback) (SSL *, void *); + /* set SRP client passwd callback */ + char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *); + char *login; + BIGNUM *N, *g, *s, *B, *A; + BIGNUM *a, *b, *v; + char *info; + int strength; + unsigned long srp_Mask; +} SRP_CTX; + +# endif + + +struct ssl_comp_st { + int id; + const char *name; +# ifndef OPENSSL_NO_COMP + COMP_METHOD *method; +# else + char *method; +# endif +}; + +DECLARE_STACK_OF(SSL_COMP) +DECLARE_LHASH_OF(SSL_SESSION); + +struct ssl_ctx_st { + const SSL_METHOD *method; + STACK_OF(SSL_CIPHER) *cipher_list; + /* same as above but sorted for lookup */ + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + struct x509_store_st /* X509_STORE */ *cert_store; + LHASH_OF(SSL_SESSION) *sessions; + /* + * Most session-ids that will be cached, default is + * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. + */ + unsigned long session_cache_size; + struct ssl_session_st *session_cache_head; + struct ssl_session_st *session_cache_tail; + /* + * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT, + * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which + * means only SSL_accept which cache SSL_SESSIONS. + */ + int session_cache_mode; + /* + * If timeout is not 0, it is the default timeout value set when + * SSL_new() is called. This has been put in to make life easier to set + * things up + */ + long session_timeout; + /* + * If this callback is not null, it will be called each time a session id + * is added to the cache. If this function returns 1, it means that the + * callback will do a SSL_SESSION_free() when it has finished using it. + * Otherwise, on 0, it means the callback has finished with it. If + * remove_session_cb is not null, it will be called when a session-id is + * removed from the cache. After the call, OpenSSL will + * SSL_SESSION_free() it. + */ + int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess); + void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess); + SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl, + unsigned char *data, int len, int *copy); + struct { + int sess_connect; /* SSL new conn - started */ + int sess_connect_renegotiate; /* SSL reneg - requested */ + int sess_connect_good; /* SSL new conne/reneg - finished */ + int sess_accept; /* SSL new accept - started */ + int sess_accept_renegotiate; /* SSL reneg - requested */ + int sess_accept_good; /* SSL accept/reneg - finished */ + int sess_miss; /* session lookup misses */ + int sess_timeout; /* reuse attempt on timeouted session */ + int sess_cache_full; /* session removed due to full cache */ + int sess_hit; /* session reuse actually done */ + int sess_cb_hit; /* session-id that was not in the cache was + * passed back via the callback. This + * indicates that the application is + * supplying session-id's from other + * processes - spooky :-) */ + } stats; + + int references; + + /* if defined, these override the X509_verify_cert() calls */ + int (*app_verify_callback) (X509_STORE_CTX *, void *); + void *app_verify_arg; + /* + * before OpenSSL 0.9.7, 'app_verify_arg' was ignored + * ('app_verify_callback' was called with just one argument) + */ + + /* Default password callback. */ + pem_password_cb *default_passwd_callback; + + /* Default password callback user data. */ + void *default_passwd_callback_userdata; + + /* get client cert callback */ + int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey); + + /* cookie generate callback */ + int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len); + + /* verify cookie callback */ + int (*app_verify_cookie_cb) (SSL *ssl, unsigned char *cookie, + unsigned int cookie_len); + + CRYPTO_EX_DATA ex_data; + + const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ + const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ + + STACK_OF(X509) *extra_certs; + STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ + + /* Default values used when no per-SSL value is defined follow */ + + /* used if SSL's info_callback is NULL */ + void (*info_callback) (const SSL *ssl, int type, int val); + + /* what we put in client cert requests */ + STACK_OF(X509_NAME) *client_CA; + + /* + * Default values to use in SSL structures follow (these are copied by + * SSL_new) + */ + + unsigned long options; + unsigned long mode; + long max_cert_list; + + struct cert_st /* CERT */ *cert; + int read_ahead; + + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback) (int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + + int verify_mode; + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + /* called 'verify_callback' in the SSL */ + int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx); + + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + + X509_VERIFY_PARAM *param; + + int quiet_shutdown; + + /* + * Maximum amount of data to send in one fragment. actual record size can + * be more than this due to padding and MAC overheads. + */ + unsigned int max_send_fragment; + +# ifndef OPENSSL_NO_ENGINE + /* + * Engine to pass requests for client certs to + */ + ENGINE *client_cert_engine; +# endif + +# ifndef OPENSSL_NO_TLSEXT + /* TLS extensions servername callback */ + int (*tlsext_servername_callback) (SSL *, int *, void *); + void *tlsext_servername_arg; + /* RFC 4507 session ticket keys */ + unsigned char tlsext_tick_key_name[16]; + unsigned char tlsext_tick_hmac_key[16]; + unsigned char tlsext_tick_aes_key[16]; + /* Callback to support customisation of ticket key setting */ + int (*tlsext_ticket_key_cb) (SSL *ssl, + unsigned char *name, unsigned char *iv, + EVP_CIPHER_CTX *ectx, + HMAC_CTX *hctx, int enc); + + /* certificate status request info */ + /* Callback for status request */ + int (*tlsext_status_cb) (SSL *ssl, void *arg); + void *tlsext_status_arg; +# endif + +# ifndef OPENSSL_NO_PSK + char *psk_identity_hint; + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif + +# ifndef OPENSSL_NO_SRP + SRP_CTX srp_ctx; /* ctx for SRP authentication */ +# endif + +# ifndef OPENSSL_NO_TLSEXT + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* Next protocol negotiation information */ + /* (for experimental NPN extension). */ + + /* + * For a server, this contains a callback function by which the set of + * advertised protocols can be provided. + */ + int (*next_protos_advertised_cb) (SSL *s, const unsigned char **buf, + unsigned int *len, void *arg); + void *next_protos_advertised_cb_arg; + /* + * For a client, this contains a callback function that selects the next + * protocol from the list provided by the server. + */ + int (*next_proto_select_cb) (SSL *s, unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *next_proto_select_cb_arg; +# endif + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /*- + * For a server, this contains a callback function that allows the + * server to select the protocol for the connection. + * out: on successful return, this must point to the raw protocol + * name (without the length prefix). + * outlen: on successful return, this contains the length of |*out|. + * in: points to the client's list of supported protocols in + * wire-format. + * inlen: the length of |in|. + */ + int (*alpn_select_cb) (SSL *s, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, void *arg); + void *alpn_select_cb_arg; + + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn_client_proto_list; + unsigned alpn_client_proto_list_len; + + /* SRTP profiles we are willing to do from RFC 5764 */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; +# endif + /* + * Callback for disabling session caching and ticket support on a session + * basis, depending on the chosen cipher. + */ + int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); +# ifndef OPENSSL_NO_EC + /* EC extension values inherited by SSL structure */ + size_t tlsext_ecpointformatlist_length; + unsigned char *tlsext_ecpointformatlist; + size_t tlsext_ellipticcurvelist_length; + unsigned char *tlsext_ellipticcurvelist; +# endif /* OPENSSL_NO_EC */ +}; + + +struct ssl_st { + /* + * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, + * DTLS1_VERSION) + */ + int version; + /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ + int type; + /* SSLv3 */ + const SSL_METHOD *method; + /* + * There are 2 BIO's even though they are normally both the same. This + * is so data can be read and written to different handlers + */ + /* used by SSL_read */ + BIO *rbio; + /* used by SSL_write */ + BIO *wbio; + /* used during session-id reuse to concatenate messages */ + BIO *bbio; + /* + * This holds a variable that indicates what we were doing when a 0 or -1 + * is returned. This is needed for non-blocking IO so we know what + * request needs re-doing when in SSL_accept or SSL_connect + */ + int rwstate; + /* true when we are actually in SSL_accept() or SSL_connect() */ + int in_handshake; + int (*handshake_func) (SSL *); + /* + * Imagine that here's a boolean member "init" that is switched as soon + * as SSL_set_{accept/connect}_state is called for the first time, so + * that "state" and "handshake_func" are properly initialized. But as + * handshake_func is == 0 until then, we use this test instead of an + * "init" member. + */ + /* are we the server side? - mostly used by SSL_clear */ + int server; + /* + * Generate a new session or reuse an old one. + * NB: For servers, the 'new' session may actually be a previously + * cached session or even the previous session unless + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set + */ + int new_session; + /* don't send shutdown packets */ + int quiet_shutdown; + /* we have shut things down, 0x01 sent, 0x02 for received */ + int shutdown; + /* where we are */ + int state; + /* where we are when reading */ + int rstate; + BUF_MEM *init_buf; /* buffer used during init */ + void *init_msg; /* pointer to handshake message body, set by + * ssl3_get_message() */ + int init_num; /* amount read/written */ + int init_off; /* amount read/written */ + /* used internally to point at a raw packet */ + unsigned char *packet; + unsigned int packet_length; + struct ssl3_state_st *s3; /* SSLv3 variables */ + struct dtls1_state_st *d1; /* DTLSv1 variables */ + int read_ahead; /* Read as many input bytes as possible (for + * non-blocking reads) */ + /* callback that allows applications to peek at protocol messages */ + void (*msg_callback) (int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg); + void *msg_callback_arg; + int hit; /* reusing a previous session */ + X509_VERIFY_PARAM *param; + /* crypto */ + STACK_OF(SSL_CIPHER) *cipher_list; + STACK_OF(SSL_CIPHER) *cipher_list_by_id; + /* + * These are the ones being used, the ones in SSL_SESSION are the ones to + * be 'copied' into these ones + */ + int mac_flags; + EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ + EVP_MD_CTX *read_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP + COMP_CTX *expand; /* uncompress */ +# else + char *expand; +# endif + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +# else + char *compress; +# endif + /* session info */ + /* client cert? */ + /* This is used to hold the server certificate used */ + struct cert_st /* CERT */ *cert; + /* + * the session_id_context is used to ensure sessions are only reused in + * the appropriate context + */ + unsigned int sid_ctx_length; + unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; + /* This can also be in the session once a session is established */ + SSL_SESSION *session; + /* Default generate session ID callback. */ + GEN_SESSION_CB generate_session_id; + /* Used in SSL3 */ + /* + * 0 don't care about verify failure. + * 1 fail if verify fails + */ + int verify_mode; + /* fail if callback returns 0 */ + int (*verify_callback) (int ok, X509_STORE_CTX *ctx); + /* optional informational callback */ + void (*info_callback) (const SSL *ssl, int type, int val); + /* error bytes to be written */ + int error; + /* actual code */ + int error_code; +# ifndef OPENSSL_NO_KRB5 + /* Kerberos 5 context */ + KSSL_CTX *kssl_ctx; +# endif /* OPENSSL_NO_KRB5 */ +# ifndef OPENSSL_NO_PSK + unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, + char *identity, + unsigned int max_identity_len, + unsigned char *psk, + unsigned int max_psk_len); + unsigned int (*psk_server_callback) (SSL *ssl, const char *identity, + unsigned char *psk, + unsigned int max_psk_len); +# endif + SSL_CTX *ctx; + /* + * set this flag to 1 and a sleep(1) is put into all SSL_read() and + * SSL_write() calls, good for nbio debuging :-) + */ + int debug; + /* extra application data */ + long verify_result; + CRYPTO_EX_DATA ex_data; + /* for server side, keep the list of CA_dn we can use */ + STACK_OF(X509_NAME) *client_CA; + int references; + /* protocol behaviour */ + unsigned long options; + /* API behaviour */ + unsigned long mode; + long max_cert_list; + int first_packet; + /* what was passed, used for SSLv3/TLS rollback check */ + int client_version; + unsigned int max_send_fragment; +# ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ + void (*tlsext_debug_cb) (SSL *s, int client_server, int type, + unsigned char *data, int len, void *arg); + void *tlsext_debug_arg; + char *tlsext_hostname; + /*- + * no further mod of servername + * 0 : call the servername extension callback. + * 1 : prepare 2, allow last ack just after in server callback. + * 2 : don't call servername callback, no ack in server hello + */ + int servername_done; + /* certificate status request info */ + /* Status type or -1 if no status type */ + int tlsext_status_type; + /* Expect OCSP CertificateStatus message */ + int tlsext_status_expected; + /* OCSP status request only */ + STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids; + X509_EXTENSIONS *tlsext_ocsp_exts; + /* OCSP response received or to be sent */ + unsigned char *tlsext_ocsp_resp; + int tlsext_ocsp_resplen; + /* RFC4507 session ticket expected to be received or sent */ + int tlsext_ticket_expected; +# ifndef OPENSSL_NO_EC + size_t tlsext_ecpointformatlist_length; + /* our list */ + unsigned char *tlsext_ecpointformatlist; + size_t tlsext_ellipticcurvelist_length; + /* our list */ + unsigned char *tlsext_ellipticcurvelist; +# endif /* OPENSSL_NO_EC */ + /* TLS Session Ticket extension override */ + TLS_SESSION_TICKET_EXT *tlsext_session_ticket; + /* TLS Session Ticket extension callback */ + tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb; + void *tls_session_ticket_ext_cb_arg; + /* TLS pre-shared secret session resumption */ + tls_session_secret_cb_fn tls_session_secret_cb; + void *tls_session_secret_cb_arg; + SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Next protocol negotiation. For the client, this is the protocol that + * we sent in NextProtocol and is set when handling ServerHello + * extensions. For a server, this is the client's selected_protocol from + * NextProtocol and is set when handling the NextProtocol message, before + * the Finished message. + */ + unsigned char *next_proto_negotiated; + unsigned char next_proto_negotiated_len; +# endif +# define session_ctx initial_ctx + /* What we'll do */ + STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; + /* What's been chosen */ + SRTP_PROTECTION_PROFILE *srtp_profile; + /*- + * Is use of the Heartbeat extension negotiated? + * 0: disabled + * 1: enabled + * 2: enabled, but not allowed to send Requests + */ + unsigned int tlsext_heartbeat; + /* Indicates if a HeartbeatRequest is in flight */ + unsigned int tlsext_hb_pending; + /* HeartbeatRequest sequence number */ + unsigned int tlsext_hb_seq; + /* + * For a client, this contains the list of supported protocols in wire + * format. + */ + unsigned char *alpn_client_proto_list; + unsigned alpn_client_proto_list_len; +# else +# define session_ctx ctx +# endif /* OPENSSL_NO_TLSEXT */ + /*- + * 1 if we are renegotiating. + * 2 if we are a server and are inside a handshake + * (i.e. not just sending a HelloRequest) + */ + int renegotiate; +# ifndef OPENSSL_NO_SRP + /* ctx for SRP authentication */ + SRP_CTX srp_ctx; +# endif + /* + * Callback for disabling session caching and ticket support on a session + * basis, depending on the chosen cipher. + */ + int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure); +}; + +typedef struct ssl3_record_st { + /* type of record */ + /* + * r + */ int type; + /* How many bytes available */ + /* + * rw + */ unsigned int length; + /* + * How many bytes were available before padding was removed? This is used + * to implement the MAC check in constant time for CBC records. + */ + /* + * rw + */ unsigned int orig_len; + /* read/write offset into 'buf' */ + /* + * r + */ unsigned int off; + /* pointer to the record data */ + /* + * rw + */ unsigned char *data; + /* where the decode bytes are */ + /* + * rw + */ unsigned char *input; + /* only used with decompression - malloc()ed */ + /* + * r + */ unsigned char *comp; + /* epoch number, needed by DTLS1 */ + /* + * r + */ unsigned long epoch; + /* sequence number, needed by DTLS1 */ + /* + * r + */ unsigned char seq_num[8]; +} SSL3_RECORD; + +typedef struct ssl3_buffer_st { + /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */ + unsigned char *buf; + /* buffer size */ + size_t len; + /* where to 'copy from' */ + int offset; + /* how many bytes left */ + int left; +} SSL3_BUFFER; + +typedef struct ssl3_state_st { + long flags; + int delay_buf_pop_ret; + unsigned char read_sequence[8]; + int read_mac_secret_size; + unsigned char read_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char write_sequence[8]; + int write_mac_secret_size; + unsigned char write_mac_secret[EVP_MAX_MD_SIZE]; + unsigned char server_random[SSL3_RANDOM_SIZE]; + unsigned char client_random[SSL3_RANDOM_SIZE]; + /* flags for countermeasure against known-IV weakness */ + int need_empty_fragments; + int empty_fragment_done; + /* The value of 'extra' when the buffers were initialized */ + int init_extra; + SSL3_BUFFER rbuf; /* read IO goes into here */ + SSL3_BUFFER wbuf; /* write IO goes into here */ + SSL3_RECORD rrec; /* each decoded record goes in here */ + SSL3_RECORD wrec; /* goes out from here */ + /* + * storage for Alert/Handshake protocol data received but not yet + * processed by ssl3_read_bytes: + */ + unsigned char alert_fragment[2]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[4]; + unsigned int handshake_fragment_len; + /* partial write - check the numbers match */ + unsigned int wnum; /* number of bytes sent so far */ + int wpend_tot; /* number bytes written */ + int wpend_type; + int wpend_ret; /* number of bytes submitted */ + const unsigned char *wpend_buf; + /* used during startup, digest all incoming/outgoing packets */ + BIO *handshake_buffer; + /* + * When set of handshake digests is determined, buffer is hashed and + * freed and MD_CTX-es for all required digests are stored in this array + */ + EVP_MD_CTX **handshake_dgst; + /* + * Set whenever an expected ChangeCipherSpec message is processed. + * Unset when the peer's Finished message is received. + * Unexpected ChangeCipherSpec messages trigger a fatal alert. + */ + int change_cipher_spec; + int warn_alert; + int fatal_alert; + /* + * we allow one fatal and one warning alert to be outstanding, send close + * alert via the warning alert + */ + int alert_dispatch; + unsigned char send_alert[2]; + /* + * This flag is set when we should renegotiate ASAP, basically when there + * is no more data in the read or write buffers + */ + int renegotiate; + int total_renegotiations; + int num_renegotiations; + int in_read_app_data; + struct { + /* actually only needs to be 16+20 */ + unsigned char cert_verify_md[EVP_MAX_MD_SIZE * 2]; + /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ + unsigned char finish_md[EVP_MAX_MD_SIZE * 2]; + int finish_md_len; + unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2]; + int peer_finish_md_len; + unsigned long message_size; + int message_type; + /* used to hold the new cipher we are going to use */ + const SSL_CIPHER *new_cipher; +# ifndef OPENSSL_NO_DH + DH *dh; +# endif +# ifndef OPENSSL_NO_ECDH + EC_KEY *ecdh; /* holds short lived ECDH key */ +# endif + /* used when SSL_ST_FLUSH_DATA is entered */ + int next_state; + int reuse_message; + /* used for certificate requests */ + int cert_req; + int ctype_num; + char ctype[SSL3_CT_NUMBER]; + STACK_OF(X509_NAME) *ca_names; + int use_rsa_tmp; + int key_block_length; + unsigned char *key_block; + const EVP_CIPHER *new_sym_enc; + const EVP_MD *new_hash; + int new_mac_pkey_type; + int new_mac_secret_size; +# ifndef OPENSSL_NO_COMP + const SSL_COMP *new_compression; +# else + char *new_compression; +# endif + int cert_request; + } tmp; + + /* Connection binding to prevent renegotiation attacks */ + unsigned char previous_client_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_client_finished_len; + unsigned char previous_server_finished[EVP_MAX_MD_SIZE]; + unsigned char previous_server_finished_len; + int send_connection_binding; /* TODOEKR */ + +# ifndef OPENSSL_NO_NEXTPROTONEG + /* + * Set if we saw the Next Protocol Negotiation extension from our peer. + */ + int next_proto_neg_seen; +# endif + +# ifndef OPENSSL_NO_TLSEXT + + /* + * ALPN information (we are in the process of transitioning from NPN to + * ALPN.) + */ + + /* + * In a server these point to the selected ALPN protocol after the + * ClientHello has been processed. In a client these contain the protocol + * that the server selected once the ServerHello has been processed. + */ + unsigned char *alpn_selected; + unsigned alpn_selected_len; + +# ifndef OPENSSL_NO_EC + /* + * This is set to true if we believe that this is a version of Safari + * running on OS X 10.6 or newer. We wish to know this because Safari on + * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. + */ + char is_probably_safari; +# endif /* !OPENSSL_NO_EC */ + +# endif /* !OPENSSL_NO_TLSEXT */ +} SSL3_STATE; + + +/* DTLS structures */ + +# ifndef OPENSSL_NO_SCTP +# define DTLS1_SCTP_AUTH_LABEL "EXPORTER_DTLS_OVER_SCTP" +# endif + +/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */ +# define DTLS1_MAX_MTU_OVERHEAD 48 + +typedef struct dtls1_bitmap_st { + unsigned long map; /* track 32 packets on 32-bit systems and 64 + * - on 64-bit systems */ + unsigned char max_seq_num[8]; /* max record number seen so far, 64-bit + * value in big-endian encoding */ +} DTLS1_BITMAP; + +struct dtls1_retransmit_state { + EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ + EVP_MD_CTX *write_hash; /* used for mac generation */ +# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ +# else + char *compress; +# endif + SSL_SESSION *session; + unsigned short epoch; +}; + +struct hm_header_st { + unsigned char type; + unsigned long msg_len; + unsigned short seq; + unsigned long frag_off; + unsigned long frag_len; + unsigned int is_ccs; + struct dtls1_retransmit_state saved_retransmit_state; +}; + +struct ccs_header_st { + unsigned char type; + unsigned short seq; +}; + +struct dtls1_timeout_st { + /* Number of read timeouts so far */ + unsigned int read_timeouts; + /* Number of write timeouts so far */ + unsigned int write_timeouts; + /* Number of alerts received so far */ + unsigned int num_alerts; +}; + +typedef struct record_pqueue_st { + unsigned short epoch; + pqueue q; +} record_pqueue; + +typedef struct hm_fragment_st { + struct hm_header_st msg_header; + unsigned char *fragment; + unsigned char *reassembly; +} hm_fragment; + +typedef struct dtls1_state_st { + unsigned int send_cookie; + unsigned char cookie[DTLS1_COOKIE_LENGTH]; + unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH]; + unsigned int cookie_len; + /* + * The current data and handshake epoch. This is initially + * undefined, and starts at zero once the initial handshake is + * completed + */ + unsigned short r_epoch; + unsigned short w_epoch; + /* records being received in the current epoch */ + DTLS1_BITMAP bitmap; + /* renegotiation starts a new set of sequence numbers */ + DTLS1_BITMAP next_bitmap; + /* handshake message numbers */ + unsigned short handshake_write_seq; + unsigned short next_handshake_write_seq; + unsigned short handshake_read_seq; + /* save last sequence number for retransmissions */ + unsigned char last_write_sequence[8]; + /* Received handshake records (processed and unprocessed) */ + record_pqueue unprocessed_rcds; + record_pqueue processed_rcds; + /* Buffered handshake messages */ + pqueue buffered_messages; + /* Buffered (sent) handshake records */ + pqueue sent_messages; + /* + * Buffered application records. Only for records between CCS and + * Finished to prevent either protocol violation or unnecessary message + * loss. + */ + record_pqueue buffered_app_data; + /* Is set when listening for new connections with dtls1_listen() */ + unsigned int listen; + unsigned int link_mtu; /* max on-the-wire DTLS packet size */ + unsigned int mtu; /* max DTLS packet size */ + struct hm_header_st w_msg_hdr; + struct hm_header_st r_msg_hdr; + struct dtls1_timeout_st timeout; + /* + * Indicates when the last handshake msg or heartbeat sent will timeout + */ + struct timeval next_timeout; + /* Timeout duration */ + unsigned short timeout_duration; + /* + * storage for Alert/Handshake protocol data received but not yet + * processed by ssl3_read_bytes: + */ + unsigned char alert_fragment[DTLS1_AL_HEADER_LENGTH]; + unsigned int alert_fragment_len; + unsigned char handshake_fragment[DTLS1_HM_HEADER_LENGTH]; + unsigned int handshake_fragment_len; + unsigned int retransmitting; + /* + * Set when the handshake is ready to process peer's ChangeCipherSpec message. + * Cleared after the message has been processed. + */ + unsigned int change_cipher_spec_ok; +# ifndef OPENSSL_NO_SCTP + /* used when SSL_ST_XX_FLUSH is entered */ + int next_state; + int shutdown_received; +# endif +} DTLS1_STATE; + +typedef struct dtls1_record_data_st { + unsigned char *packet; + unsigned int packet_length; + SSL3_BUFFER rbuf; + SSL3_RECORD rrec; +# ifndef OPENSSL_NO_SCTP + struct bio_dgram_sctp_rcvinfo recordinfo; +# endif +} DTLS1_RECORD_DATA; + + # ifndef OPENSSL_NO_EC /* * From ECC-TLS draft, used in encoding the curve type in ECParameters diff --git a/ssl/ssl_task.c b/ssl/ssl_task.c index dad20c6..ab37cc6 100644 --- a/ssl/ssl_task.c +++ b/ssl/ssl_task.c @@ -128,8 +128,8 @@ int LIB$INIT_TIMER(), LIB$SHOW_TIMER(); #include #include -#include #include +#include "ssl_locl.h" int verify_callback(int ok, X509 *xs, X509 *xi, int depth, int error); diff --git a/ssl/ssltest.c b/ssl/ssltest.c index fb78aea..7bf7e55 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -188,6 +188,8 @@ #endif #include +#include "../ssl/ssl_locl.h" + /* * Or gethostname won't be declared properly * on Compaq platforms (at least with DEC C). diff --git a/util/mkdef.pl b/util/mkdef.pl index faed402..03fbf20 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -111,8 +111,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "NEXTPROTONEG", # Deprecated functions "DEPRECATED", - # Hide SSL internals - "SSL_INTERN", # SCTP "SCTP", # SRTP