From rsalz at openssl.org Mon Mar 2 01:46:05 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Mar 2015 02:46:05 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150302014605.9B3EB1DF11A@butler.localdomain> The branch master has been updated via a258afaf7c0da143f15e1cf636279c7aaee7394f (commit) from af674d4e20a82c2a98767b837072d7093c70b1cf (commit) - Log ----------------------------------------------------------------- commit a258afaf7c0da143f15e1cf636279c7aaee7394f Author: Rich Salz Date: Fri Feb 27 15:06:41 2015 -0500 Remove experimental 56bit export ciphers These ciphers are removed: TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA TLS1_CK_DHE_DSS_WITH_RC4_128_SHA They were defined in a long-expired IETF internet-draft: draft-ietf-tls-56-bit-ciphersuites-01.txt Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 82 ---------------------------------------------------------- ssl/tls1.h | 19 -------------- 2 files changed, 101 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index ab19eeb..20ce112 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1212,88 +1212,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif /* OPENSSL_NO_CAMELLIA */ -#if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES - /* Cipher 62 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_DES, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT | SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - - /* Cipher 63 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_DES, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT | SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - - /* Cipher 64 */ - { - 1, - TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, - SSL_kRSA, - SSL_aRSA, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT | SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 128, - }, - - /* Cipher 65 */ - { - 1, - TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_EXPORT | SSL_EXP56, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 128, - }, - - /* Cipher 66 */ - { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, - TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, - SSL_kDHE, - SSL_aDSS, - SSL_RC4, - SSL_SHA1, - SSL_TLSV1, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, -#endif - /* TLS v1.2 ciphersuites */ /* Cipher 67 */ { diff --git a/ssl/tls1.h b/ssl/tls1.h index af03f13..cb14d8e 100644 --- a/ssl/tls1.h +++ b/ssl/tls1.h @@ -162,8 +162,6 @@ extern "C" { # define OPENSSL_TLS_SECURITY_LEVEL 1 # endif -# define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0 - # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 @@ -411,23 +409,6 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) # define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C # define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D -/* - * Additional TLS ciphersuites from expired Internet Draft - * draft-ietf-tls-56-bit-ciphersuites-01.txt (available if - * TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see s3_lib.c). We - * actually treat them like SSL 3.0 ciphers, which we probably shouldn't. - * Note that the first two are actually not in the IDs. - */ -# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060/* not in - * ID */ -# define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061/* not in - * ID */ -# define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 -# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 -# define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 -# define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 -# define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 - /* AES ciphersuites from RFC3268 */ # define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F From rsalz at openssl.org Mon Mar 2 01:49:02 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 2 Mar 2015 02:49:02 +0100 (CET) Subject: [openssl-commits] [openssl] master update Message-ID: <20150302014903.C39F01DF11A@butler.localdomain> The branch master has been updated via 9f7f8eced5f0c3744203dad461b7e8373f9833e3 (commit) from a258afaf7c0da143f15e1cf636279c7aaee7394f (commit) - Log ----------------------------------------------------------------- commit 9f7f8eced5f0c3744203dad461b7e8373f9833e3 Author: Rich Salz Date: Sun Mar 1 20:46:38 2015 -0500 Cleanup some doc files ACKNOWLEDGEMENTS is now spelled correctly :) README.ASN1 talked about 0.9.6, so it's deleted. I turned doc/standards.txt into a set of one-line summaries of RFCs, and also updated the pointers to original sources (to be web links) Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ACKNOWLEDGMENTS => ACKNOWLEDGEMENTS | 8 +- README.ASN1 | 187 ------------------------- doc/standards.txt | 257 ++++++++++------------------------- 3 files changed, 74 insertions(+), 378 deletions(-) rename ACKNOWLEDGMENTS => ACKNOWLEDGEMENTS (83%) delete mode 100644 README.ASN1 diff --git a/ACKNOWLEDGMENTS b/ACKNOWLEDGEMENTS similarity index 83% rename from ACKNOWLEDGMENTS rename to ACKNOWLEDGEMENTS index 59c6f01..cb9ece5 100644 --- a/ACKNOWLEDGMENTS +++ b/ACKNOWLEDGEMENTS @@ -12,16 +12,16 @@ or current significant support of the OpenSSL project: Major support: - Qualys http://www.qualys.com/ + Qualys http://www.qualys.com/ Very significant support: - OpenGear: http://www.opengear.com/ + OpenGear: http://www.opengear.com/ Significant support: - PSW Group: http://www.psw.net/ - Acano Ltd. http://acano.com/ + PSW Group: http://www.psw.net/ + Acano Ltd. http://acano.com/ Please note that we ask permission to identify sponsors and that some sponsors we consider eligible for inclusion here have requested to remain anonymous. diff --git a/README.ASN1 b/README.ASN1 deleted file mode 100644 index 11bcfaf..0000000 --- a/README.ASN1 +++ /dev/null @@ -1,187 +0,0 @@ - -OpenSSL ASN1 Revision -===================== - -This document describes some of the issues relating to the new ASN1 code. - -Previous OpenSSL ASN1 problems -============================= - -OK why did the OpenSSL ASN1 code need revising in the first place? Well -there are lots of reasons some of which are included below... - -1. The code is difficult to read and write. For every single ASN1 structure -(e.g. SEQUENCE) four functions need to be written for new, free, encode and -decode operations. This is a very painful and error prone operation. Very few -people have ever written any OpenSSL ASN1 and those that have usually wish -they hadn't. - -2. Partly because of 1. the code is bloated and takes up a disproportionate -amount of space. The SEQUENCE encoder is particularly bad: it essentially -contains two copies of the same operation, one to compute the SEQUENCE length -and the other to encode it. - -3. The code is memory based: that is it expects to be able to read the whole -structure from memory. This is fine for small structures but if you have a -(say) 1Gb PKCS#7 signedData structure it isn't such a good idea... - -4. The code for the ASN1 IMPLICIT tag is evil. It is handled by temporarily -changing the tag to the expected one, attempting to read it, then changing it -back again. This means that decode buffers have to be writable even though they -are ultimately unchanged. This gets in the way of constification. - -5. The handling of EXPLICIT isn't much better. It adds a chunk of code into -the decoder and encoder for every EXPLICIT tag. - -6. APPLICATION and PRIVATE tags aren't even supported at all. - -7. Even IMPLICIT isn't complete: there is no support for implicitly tagged -types that are not OPTIONAL. - -8. Much of the code assumes that a tag will fit in a single octet. This is -only true if the tag is 30 or less (mercifully tags over 30 are rare). - -9. The ASN1 CHOICE type has to be largely handled manually, there aren't any -macros that properly support it. - -10. Encoders have no concept of OPTIONAL and have no error checking. If the -passed structure contains a NULL in a mandatory field it will not be encoded, -resulting in an invalid structure. - -11. It is tricky to add ASN1 encoders and decoders to external applications. - -Template model -============== - -One of the major problems with revision is the sheer volume of the ASN1 code. -Attempts to change (for example) the IMPLICIT behaviour would result in a -modification of *every* single decode function. - -I decided to adopt a template based approach. I'm using the term 'template' -in a manner similar to SNACC templates: it has nothing to do with C++ -templates. - -A template is a description of an ASN1 module as several constant C structures. -It describes in a machine readable way exactly how the ASN1 structure should -behave. If this template contains enough detail then it is possible to write -versions of new, free, encode, decode (and possibly others operations) that -operate on templates. - -Instead of having to write code to handle each operation only a single -template needs to be written. If new operations are needed (such as a 'print' -operation) only a single new template based function needs to be written -which will then automatically handle all existing templates. - -Plans for revision -================== - -The revision will consist of the following steps. Other than the first two -these can be handled in any order. - -o Design and write template new, free, encode and decode operations, initially -memory based. *DONE* - -o Convert existing ASN1 code to template form. *IN PROGRESS* - -o Convert an existing ASN1 compiler (probably SNACC) to output templates -in OpenSSL form. - -o Add support for BIO based ASN1 encoders and decoders to handle large -structures, initially blocking I/O. - -o Add support for non blocking I/O: this is quite a bit harder than blocking -I/O. - -o Add new ASN1 structures, such as OCSP, CRMF, S/MIME v3 (CMS), attribute -certificates etc etc. - -Description of major changes -============================ - -The BOOLEAN type now takes three values. 0xff is TRUE, 0 is FALSE and -1 is -absent. The meaning of absent depends on the context. If for example the -boolean type is DEFAULT FALSE (as in the case of the critical flag for -certificate extensions) then -1 is FALSE, if DEFAULT TRUE then -1 is TRUE. -Usually the value will only ever be read via an API which will hide this from -an application. - -There is an evil bug in the old ASN1 code that mishandles OPTIONAL with -SEQUENCE OF or SET OF. These are both implemented as a STACK structure. The -old code would omit the structure if the STACK was NULL (which is fine) or if -it had zero elements (which is NOT OK). This causes problems because an empty -SEQUENCE OF or SET OF will result in an empty STACK when it is decoded but when -it is encoded it will be omitted resulting in different encodings. The new code -only omits the encoding if the STACK is NULL, if it contains zero elements it -is encoded and empty. There is an additional problem though: because an empty -STACK was omitted, sometimes the corresponding *_new() function would -initialize the STACK to empty so an application could immediately use it, if -this is done with the new code (i.e. a NULL) it wont work. Therefore a new -STACK should be allocated first. One instance of this is the X509_CRL list of -revoked certificates: a helper function X509_CRL_add0_revoked() has been added -for this purpose. - -The X509_ATTRIBUTE structure used to have an element called 'set' which took -the value 1 if the attribute value was a SET OF or 0 if it was a single. Due -to the behaviour of CHOICE in the new code this has been changed to a field -called 'single' which is 0 for a SET OF and 1 for single. The old field has -been deleted to deliberately break source compatibility. Since this structure -is normally accessed via higher level functions this shouldn't break too much. - -The X509_REQ_INFO certificate request info structure no longer has a field -called 'req_kludge'. This used to be set to 1 if the attributes field was -(incorrectly) omitted. You can check to see if the field is omitted now by -checking if the attributes field is NULL. Similarly if you need to omit -the field then free attributes and set it to NULL. - -The top level 'detached' field in the PKCS7 structure is no longer set when -a PKCS#7 structure is read in. PKCS7_is_detached() should be called instead. -The behaviour of PKCS7_get_detached() is unaffected. - -The values of 'type' in the GENERAL_NAME structure have changed. This is -because the old code use the ASN1 initial octet as the selector. The new -code uses the index in the ASN1_CHOICE template. - -The DIST_POINT_NAME structure has changed to be a true CHOICE type. - -typedef struct DIST_POINT_NAME_st { -int type; -union { - STACK_OF(GENERAL_NAME) *fullname; - STACK_OF(X509_NAME_ENTRY) *relativename; -} name; -} DIST_POINT_NAME; - -This means that name.fullname or name.relativename should be set -and type reflects the option. That is if name.fullname is set then -type is 0 and if name.relativename is set type is 1. - -With the old code using the i2d functions would typically involve: - -unsigned char *buf, *p; -int len; -/* Find length of encoding */ -len = i2d_SOMETHING(x, NULL); -/* Allocate buffer */ -buf = OPENSSL_malloc(len); -if(buf == NULL) { - /* Malloc error */ -} -/* Use temp variable because &p gets updated to point to end of - * encoding. - */ -p = buf; -i2d_SOMETHING(x, &p); - - -Using the new i2d you can also do: - -unsigned char *buf = NULL; -int len; -len = i2d_SOMETHING(x, &buf); -if(len < 0) { - /* Malloc error */ -} - -and it will automatically allocate and populate a buffer with the -encoding. After this call 'buf' will point to the start of the -encoding which is len bytes long. diff --git a/doc/standards.txt b/doc/standards.txt index 7bada8d..146525e 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -1,285 +1,168 @@ Standards related to OpenSSL ============================ -[Please, this is currently a draft. I made a first try at finding - documents that describe parts of what OpenSSL implements. There are - big gaps, and I've most certainly done something wrong. Please - correct whatever is... Also, this note should be removed when this - file is reaching a somewhat correct state. -- Richard Levitte] +This is a work in progress. These are documents that describe things that +are implemented (in whole or at least great parts) in OpenSSL. +To search for RFCs, you can start at http://www.ietf.org/rfc.html -All pointers in here will be either URL's or blobs of text borrowed -from miscellaneous indexes, like rfc-index.txt (index of RFCs), -1id-index.txt (index of Internet drafts) and the like. +To search for internet-drafts, you can start at http://www.ietf.org/id-info/ -To find the latest possible RFCs, it's recommended to either browse -ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and -use the search mechanism found there. -To find the latest possible Internet drafts, it's recommended to -browse ftp://ftp.isi.edu/internet-drafts/. -To find the latest possible PKCS, it's recommended to browse -http://www.rsasecurity.com/rsalabs/pkcs/. +Many PKCS standards are now RFC's; PKCS#11 is now at Oasis and can be +found at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11 -Implemented: ------------- +Implemented +----------- -These are documents that describe things that are implemented (in -whole or at least great parts) in OpenSSL. +PKCS#8: Private-Key Information Syntax Standard -1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. - (Format: TXT=25661 bytes) (Status: INFORMATIONAL) +PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. -1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format: - TXT=32407 bytes) (Status: INFORMATIONAL) +1319 The MD2 Message-Digest Algorithm -1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format: - TXT=35222 bytes) (Status: INFORMATIONAL) +1320 The MD4 Message-Digest Algorithm -2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999. - (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD) +1321 The MD5 Message-Digest Algorithm -2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest. - January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL) +2246 The TLS Protocol Version 1 -2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski. - March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL) +2268 A Description of the RC2(r) Encryption Algorithm -PKCS#8: Private-Key Information Syntax Standard - -PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. +2315 PKCS 7: Cryptographic Message Syntax Version 1.5 2560 X.509 Internet Public Key Infrastructure Online Certificate - Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, - C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED - STANDARD) + Status Protocol - OCSP 2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) - (Status: PROPOSED STANDARD) - -2898 PKCS #5: Password-Based Cryptography Specification Version 2.0. - B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status: - INFORMATIONAL) + (TLS) -2986 PKCS #10: Certification Request Syntax Specification Version 1.7. - M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes) - (Obsoletes RFC2314) (Status: INFORMATIONAL) +2898 PKCS #5: Password-Based Cryptography Specification Version 2.0 -3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones. - September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL) +2986 PKCS #10: Certification Request Syntax Specification Version 1.7 3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP) - C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001 - (Status: PROPOSED STANDARD) + +3174 US Secure Hash Algorithm 1 (SHA1) 3268 Advanced Encryption Standard (AES) Ciphersuites for Transport - Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes) - (Status: PROPOSED STANDARD) + Layer Security (TLS) 3279 Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) - Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format: - TXT=53833 bytes) (Status: PROPOSED STANDARD) + Profile 3280 Internet X.509 Public Key Infrastructure Certificate and - Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W. - Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes - RFC2459) (Status: PROPOSED STANDARD) + Certificate Revocation List (CRL) Profile 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography - Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003. - (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status: - INFORMATIONAL) + Specifications Version 2.1 -3713 A Description of the Camellia Encryption Algorithm. M. Matsui, - J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes) - (Status: INFORMATIONAL) +3713 A Description of the Camellia Encryption Algorithm 3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate - Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson. - June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD) + Profile 4132 Addition of Camellia Cipher Suites to Transport Layer Security - (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590 - bytes) (Status: PROPOSED STANDARD) + (TLS) -4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS). - H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes) - (Status: PROPOSED STANDARD) +4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS) -4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon, - D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes) - (Obsoletes RFC4009) (Status: INFORMATIONAL) +4269 The SEED Encryption Algorithm -Related: --------- +Related +------- These are documents that are close to OpenSSL, for example the STARTTLS documents. 1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message - Encryption and Authentication Procedures. J. Linn. February 1993. - (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED - STANDARD) + Encryption and Authentication Procedures 1422 Privacy Enhancement for Internet Electronic Mail: Part II: - Certificate-Based Key Management. S. Kent. February 1993. (Format: - TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD) + Certificate-Based Key Management 1423 Privacy Enhancement for Internet Electronic Mail: Part III: - Algorithms, Modes, and Identifiers. D. Balenson. February 1993. - (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED - STANDARD) + Algorithms, Modes, and Identifiers 1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key - Certification and Related Services. B. Kaliski. February 1993. - (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) + Certification and Related Services -2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October - 1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD) +2025 The Simple Public-Key GSS-API Mechanism (SPKM) 2510 Internet X.509 Public Key Infrastructure Certificate Management - Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178 - bytes) (Status: PROPOSED STANDARD) + Protocols -2511 Internet X.509 Certificate Request Message Format. M. Myers, C. - Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes) - (Status: PROPOSED STANDARD) +2511 Internet X.509 Certificate Request Message Format 2527 Internet X.509 Public Key Infrastructure Certificate Policy and - Certification Practices Framework. S. Chokhani, W. Ford. March 1999. - (Format: TXT=91860 bytes) (Status: INFORMATIONAL) + Certification Practices Framework -2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake - 3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status: - PROPOSED STANDARD) +2538 Storing Certificates in the Domain Name System (DNS) -2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS). - D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status: - PROPOSED STANDARD) +2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS) 2559 Internet X.509 Public Key Infrastructure Operational Protocols - - LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format: - TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD) + LDAPv2 2585 Internet X.509 Public Key Infrastructure Operational Protocols: - FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813 - bytes) (Status: PROPOSED STANDARD) + FTP and HTTP -2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S. - Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes) - (Status: PROPOSED STANDARD) +2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema -2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999. - (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD) +2595 Using TLS with IMAP, POP3 and ACAP -2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999. - (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD) +2631 Diffie-Hellman Key Agreement Method -2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June - 1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD) +2632 S/MIME Version 3 Certificate Handling -2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October - 1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL) +2716 PPP EAP TLS Authentication Protocol -2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace. - February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status: - EXPERIMENTAL) +2797 Certificate Management Messages over CMS -2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J. - Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status: - PROPOSED STANDARD) +2817 Upgrading to TLS Within HTTP/1.1 -2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May - 2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED - STANDARD) +2818 HTTP Over TLS -2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes) - (Status: INFORMATIONAL) +2984 Use of the CAST-128 Encryption Algorithm in CMS -2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July - 2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL) - -2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams. - October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD) - -2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0. - M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes) - (Status: INFORMATIONAL) +2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0 3029 Internet X.509 Public Key Infrastructure Data Validation and - Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev, - R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status: - EXPERIMENTAL) + Certification Server Protocols 3039 Internet X.509 Public Key Infrastructure Qualified Certificates - Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001. - (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD) + Profile -3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P. - Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes) - (Status: INFORMATIONAL) +3058 Use of the IDEA Encryption Algorithm in CMS 3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol - (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001. - (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD) + (TSP) -3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner. - October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD) +3185 Reuse of CMS Content Encryption Keys 3207 SMTP Service Extension for Secure SMTP over Transport Layer - Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes) - (Obsoletes RFC2487) (Status: PROPOSED STANDARD) + Security -3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001. - (Format: TXT=19855 bytes) (Status: INFORMATIONAL) +3217 Triple-DES and RC2 Key Wrapping 3274 Compressed Data Content Type for Cryptographic Message Syntax - (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status: - PROPOSED STANDARD) + (CMS) 3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in - Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P. - Lambert. April 2002. (Format: TXT=33779 bytes) (Status: - INFORMATIONAL) + Cryptographic Message Syntax (CMS) -3281 An Internet Attribute Certificate Profile for Authorization. S. - Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status: - PROPOSED STANDARD) +3281 An Internet Attribute Certificate Profile for Authorization -3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002. - (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status: - PROPOSED STANDARD) +3369 Cryptographic Message Syntax (CMS) -3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August - 2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status: - PROPOSED STANDARD) +3370 Cryptographic Message Syntax (CMS) Algorithms -3377 Lightweight Directory Access Protocol (v3): Technical - Specification. J. Hodges, R. Morgan. September 2002. (Format: - TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255, - RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD) - -3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad, - R. Housley. September 2002. (Format: TXT=73072 bytes) (Status: - INFORMATIONAL) +3394 Advanced Encryption Standard (AES) Key Wrap Algorithm 3436 Transport Layer Security over Stream Control Transmission - Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002. - (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD) + Protocol 3657 Use of the Camellia Encryption Algorithm in Cryptographic - Message Syntax (CMS). S. Moriai, A. Kato. January 2004. - (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD) - -"Securing FTP with TLS", 01/27/2000, - - -To be implemented: ------------------- - -These are documents that describe things that are planed to be -implemented in the hopefully short future. - + Message Syntax (CMS) From steve at openssl.org Mon Mar 2 13:42:54 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 13:42:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425303774.618625.31400.nullmailer@dev.openssl.org> The branch master has been updated via 437b14b533fe7f7408e3ebca6d5569f1d3347b1a (commit) from 9f7f8eced5f0c3744203dad461b7e8373f9833e3 (commit) - Log ----------------------------------------------------------------- commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a Author: Dr. Stephen Henson Date: Mon Mar 2 13:26:29 2015 +0000 Fix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 69 ++++++++++++--------- crypto/asn1/x_long.c | 149 ++++++++++++++++++++++++--------------------- util/openssl-format-source | 2 +- 3 files changed, 121 insertions(+), 99 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 1f10364..a5a403c 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)BN_new(); - if(*pval) return 1; - else return 0; + *pval = (ASN1_VALUE *)BN_new(); + if (*pval) + return 1; + else + return 0; } static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(!*pval) return; - if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); - else BN_free((BIGNUM *)*pval); - *pval = NULL; + if (!*pval) + return; + if (it->size & BN_SENSITIVE) + BN_clear_free((BIGNUM *)*pval); + else + BN_free((BIGNUM *)*pval); + *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - BIGNUM *bn; - int pad; - if(!*pval) return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if(BN_num_bits(bn) & 0x7) pad = 0; - else pad = 1; - if(cont) { - if(pad) *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); + BIGNUM *bn; + int pad; + if (!*pval) + return -1; + bn = (BIGNUM *)*pval; + /* If MSB set in an octet we need a padding byte */ + if (BN_num_bits(bn) & 0x7) + pad = 0; + else + pad = 1; + if (cont) { + if (pad) + *cont++ = 0; + BN_bn2bin(bn, cont); + } + return pad + BN_num_bytes(bn); } static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - BIGNUM *bn; - if(!*pval) bn_new(pval, it); - bn = (BIGNUM *)*pval; - if(!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; + BIGNUM *bn; + if (!*pval) + bn_new(pval, it); + bn = (BIGNUM *)*pval; + if (!BN_bin2bn(cont, len, bn)) { + bn_free(pval, it); + return 0; + } + return 1; } - - diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index f393619..3aed44a 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -97,87 +97,100 @@ ASN1_ITEM_end(ZLONG) static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; - return 1; + *(long *)pval = it->size; + return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + *(long *)pval = it->size; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - long ltmp; - unsigned long utmp; - int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; - - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); - - if(ltmp == it->size) return -1; - /* Convert the long to positive: we subtract one if negative so - * we can cleanly handle the padding if only the MSB of the leading - * octet is set. - */ - if(ltmp < 0) utmp = -ltmp - 1; - else utmp = ltmp; - clen = BN_num_bits_word(utmp); - /* If MSB of leading octet set we need to pad */ - if(!(clen & 0x7)) pad = 1; - else pad = 0; - - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; - - if(cont) { - if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; - for(i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp & 0xff); - if(ltmp < 0) cont[i] ^= 0xff; - utmp >>= 8; - } + long ltmp; + unsigned long utmp; + int clen, pad, i; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; + + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); + + if (ltmp == it->size) + return -1; + /* + * Convert the long to positive: we subtract one if negative so we can + * cleanly handle the padding if only the MSB of the leading octet is + * set. + */ + if (ltmp < 0) + utmp = -ltmp - 1; + else + utmp = ltmp; + clen = BN_num_bits_word(utmp); + /* If MSB of leading octet set we need to pad */ + if (!(clen & 0x7)) + pad = 1; + else + pad = 0; + + /* Convert number of bits to number of octets */ + clen = (clen + 7) >> 3; + + if (cont) { + if (pad) + *cont++ = (ltmp < 0) ? 0xff : 0; + for (i = clen - 1; i >= 0; i--) { + cont[i] = (unsigned char)(utmp & 0xff); + if (ltmp < 0) + cont[i] ^= 0xff; + utmp >>= 8; } - return clen + pad; + } + return clen + pad; } static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; - long ltmp; - unsigned long utmp = 0; - char *cp = (char *)pval; - if(len > (int)sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - /* Is it negative? */ - if(len && (cont[0] & 0x80)) neg = 1; - else neg = 0; - utmp = 0; - for(i = 0; i < len; i++) { - utmp <<= 8; - if(neg) utmp |= cont[i] ^ 0xff; - else utmp |= cont[i]; - } - ltmp = (long)utmp; - if(neg) { - ltmp++; - ltmp = -ltmp; - } - if(ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - memcpy(cp, <mp, sizeof(long)); - return 1; + int neg, i; + long ltmp; + unsigned long utmp = 0; + char *cp = (char *)pval; + if (len > (int)sizeof(long)) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + utmp = 0; + for (i = 0; i < len; i++) { + utmp <<= 8; + if (neg) + utmp |= cont[i] ^ 0xff; + else + utmp |= cont[i]; + } + ltmp = (long)utmp; + if (neg) { + ltmp++; + ltmp = -ltmp; + } + if (ltmp == it->size) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + memcpy(cp, <mp, sizeof(long)); + return 1; } static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) - { - return BIO_printf(out, "%ld\n", *(long *)pval); - } + int indent, const ASN1_PCTX *pctx) +{ + return BIO_printf(out, "%ld\n", *(long *)pval); +} diff --git a/util/openssl-format-source b/util/openssl-format-source index 6380a10..4ea2f1b 100755 --- a/util/openssl-format-source +++ b/util/openssl-format-source @@ -116,7 +116,7 @@ do -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)$.*$[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^(ASN1_ADB_TEMPLATE$.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ - -e 's/^((ASN1|ADB)_.*_END\(.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ + -e 's/^((ASN1|ADB)_.*_(end|END)$.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \ -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \ | \ From steve at openssl.org Mon Mar 2 13:52:08 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 13:52:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1425304328.909271.781.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 8a8ba0716796af963947586dca063ca95460010e (commit) from 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a (commit) - Log ----------------------------------------------------------------- commit 8a8ba0716796af963947586dca063ca95460010e Author: Dr. Stephen Henson Date: Mon Mar 2 13:26:29 2015 +0000 Fix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a) Conflicts: crypto/asn1/x_long.c ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 69 +++++++++++++---------- crypto/asn1/x_long.c | 133 +++++++++++++++++++++++++-------------------- util/openssl-format-source | 2 +- 3 files changed, 113 insertions(+), 91 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 1f10364..a5a403c 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)BN_new(); - if(*pval) return 1; - else return 0; + *pval = (ASN1_VALUE *)BN_new(); + if (*pval) + return 1; + else + return 0; } static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(!*pval) return; - if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); - else BN_free((BIGNUM *)*pval); - *pval = NULL; + if (!*pval) + return; + if (it->size & BN_SENSITIVE) + BN_clear_free((BIGNUM *)*pval); + else + BN_free((BIGNUM *)*pval); + *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - BIGNUM *bn; - int pad; - if(!*pval) return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if(BN_num_bits(bn) & 0x7) pad = 0; - else pad = 1; - if(cont) { - if(pad) *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); + BIGNUM *bn; + int pad; + if (!*pval) + return -1; + bn = (BIGNUM *)*pval; + /* If MSB set in an octet we need a padding byte */ + if (BN_num_bits(bn) & 0x7) + pad = 0; + else + pad = 1; + if (cont) { + if (pad) + *cont++ = 0; + BN_bn2bin(bn, cont); + } + return pad + BN_num_bytes(bn); } static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - BIGNUM *bn; - if(!*pval) bn_new(pval, it); - bn = (BIGNUM *)*pval; - if(!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; + BIGNUM *bn; + if (!*pval) + bn_new(pval, it); + bn = (BIGNUM *)*pval; + if (!BN_bin2bn(cont, len, bn)) { + bn_free(pval, it); + return 0; + } + return 1; } - - diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 2e2fbdf..e0dab2b 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -94,81 +94,94 @@ ASN1_ITEM_end(ZLONG) static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; - return 1; + *(long *)pval = it->size; + return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + *(long *)pval = it->size; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - long ltmp; - unsigned long utmp; - int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; + long ltmp; + unsigned long utmp; + int clen, pad, i; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); - if(ltmp == it->size) return -1; - /* Convert the long to positive: we subtract one if negative so - * we can cleanly handle the padding if only the MSB of the leading - * octet is set. - */ - if(ltmp < 0) utmp = -ltmp - 1; - else utmp = ltmp; - clen = BN_num_bits_word(utmp); - /* If MSB of leading octet set we need to pad */ - if(!(clen & 0x7)) pad = 1; - else pad = 0; + if (ltmp == it->size) + return -1; + /* + * Convert the long to positive: we subtract one if negative so we can + * cleanly handle the padding if only the MSB of the leading octet is + * set. + */ + if (ltmp < 0) + utmp = -ltmp - 1; + else + utmp = ltmp; + clen = BN_num_bits_word(utmp); + /* If MSB of leading octet set we need to pad */ + if (!(clen & 0x7)) + pad = 1; + else + pad = 0; - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; + /* Convert number of bits to number of octets */ + clen = (clen + 7) >> 3; - if(cont) { - if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; - for(i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp & 0xff); - if(ltmp < 0) cont[i] ^= 0xff; - utmp >>= 8; - } + if (cont) { + if (pad) + *cont++ = (ltmp < 0) ? 0xff : 0; + for (i = clen - 1; i >= 0; i--) { + cont[i] = (unsigned char)(utmp & 0xff); + if (ltmp < 0) + cont[i] ^= 0xff; + utmp >>= 8; } - return clen + pad; + } + return clen + pad; } static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; - long ltmp; - unsigned long utmp = 0; - char *cp = (char *)pval; - if(len > (int)sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - /* Is it negative? */ - if(len && (cont[0] & 0x80)) neg = 1; - else neg = 0; - utmp = 0; - for(i = 0; i < len; i++) { - utmp <<= 8; - if(neg) utmp |= cont[i] ^ 0xff; - else utmp |= cont[i]; - } - ltmp = (long)utmp; - if(neg) { - ltmp++; - ltmp = -ltmp; - } - if(ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - memcpy(cp, <mp, sizeof(long)); - return 1; + int neg, i; + long ltmp; + unsigned long utmp = 0; + char *cp = (char *)pval; + if (len > (int)sizeof(long)) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + utmp = 0; + for (i = 0; i < len; i++) { + utmp <<= 8; + if (neg) + utmp |= cont[i] ^ 0xff; + else + utmp |= cont[i]; + } + ltmp = (long)utmp; + if (neg) { + ltmp++; + ltmp = -ltmp; + } + if (ltmp == it->size) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + memcpy(cp, <mp, sizeof(long)); + return 1; } diff --git a/util/openssl-format-source b/util/openssl-format-source index 4e90147..8c3a7c0 100755 --- a/util/openssl-format-source +++ b/util/openssl-format-source @@ -119,7 +119,7 @@ do -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)$.*$[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^(ASN1_ADB_TEMPLATE$.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ - -e 's/^((ASN1|ADB)_.*_END\(.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ + -e 's/^((ASN1|ADB)_.*_(end|END)$.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \ -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \ | \ From steve at openssl.org Mon Mar 2 13:52:08 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 13:52:08 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425304328.968220.804.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 42ad0100f12841e35f8dacef5b010de450ea5fe3 (commit) from dac693c957dc40dbf839f0add91b824deba26dc3 (commit) - Log ----------------------------------------------------------------- commit 42ad0100f12841e35f8dacef5b010de450ea5fe3 Author: Dr. Stephen Henson Date: Mon Mar 2 13:26:29 2015 +0000 Fix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 69 ++++++++++++--------- crypto/asn1/x_long.c | 149 ++++++++++++++++++++++++--------------------- util/openssl-format-source | 2 +- 3 files changed, 121 insertions(+), 99 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 1f10364..a5a403c 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)BN_new(); - if(*pval) return 1; - else return 0; + *pval = (ASN1_VALUE *)BN_new(); + if (*pval) + return 1; + else + return 0; } static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(!*pval) return; - if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); - else BN_free((BIGNUM *)*pval); - *pval = NULL; + if (!*pval) + return; + if (it->size & BN_SENSITIVE) + BN_clear_free((BIGNUM *)*pval); + else + BN_free((BIGNUM *)*pval); + *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - BIGNUM *bn; - int pad; - if(!*pval) return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if(BN_num_bits(bn) & 0x7) pad = 0; - else pad = 1; - if(cont) { - if(pad) *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); + BIGNUM *bn; + int pad; + if (!*pval) + return -1; + bn = (BIGNUM *)*pval; + /* If MSB set in an octet we need a padding byte */ + if (BN_num_bits(bn) & 0x7) + pad = 0; + else + pad = 1; + if (cont) { + if (pad) + *cont++ = 0; + BN_bn2bin(bn, cont); + } + return pad + BN_num_bytes(bn); } static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - BIGNUM *bn; - if(!*pval) bn_new(pval, it); - bn = (BIGNUM *)*pval; - if(!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; + BIGNUM *bn; + if (!*pval) + bn_new(pval, it); + bn = (BIGNUM *)*pval; + if (!BN_bin2bn(cont, len, bn)) { + bn_free(pval, it); + return 0; + } + return 1; } - - diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index f393619..3aed44a 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -97,87 +97,100 @@ ASN1_ITEM_end(ZLONG) static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; - return 1; + *(long *)pval = it->size; + return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + *(long *)pval = it->size; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - long ltmp; - unsigned long utmp; - int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; - - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); - - if(ltmp == it->size) return -1; - /* Convert the long to positive: we subtract one if negative so - * we can cleanly handle the padding if only the MSB of the leading - * octet is set. - */ - if(ltmp < 0) utmp = -ltmp - 1; - else utmp = ltmp; - clen = BN_num_bits_word(utmp); - /* If MSB of leading octet set we need to pad */ - if(!(clen & 0x7)) pad = 1; - else pad = 0; - - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; - - if(cont) { - if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; - for(i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp & 0xff); - if(ltmp < 0) cont[i] ^= 0xff; - utmp >>= 8; - } + long ltmp; + unsigned long utmp; + int clen, pad, i; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; + + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); + + if (ltmp == it->size) + return -1; + /* + * Convert the long to positive: we subtract one if negative so we can + * cleanly handle the padding if only the MSB of the leading octet is + * set. + */ + if (ltmp < 0) + utmp = -ltmp - 1; + else + utmp = ltmp; + clen = BN_num_bits_word(utmp); + /* If MSB of leading octet set we need to pad */ + if (!(clen & 0x7)) + pad = 1; + else + pad = 0; + + /* Convert number of bits to number of octets */ + clen = (clen + 7) >> 3; + + if (cont) { + if (pad) + *cont++ = (ltmp < 0) ? 0xff : 0; + for (i = clen - 1; i >= 0; i--) { + cont[i] = (unsigned char)(utmp & 0xff); + if (ltmp < 0) + cont[i] ^= 0xff; + utmp >>= 8; } - return clen + pad; + } + return clen + pad; } static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; - long ltmp; - unsigned long utmp = 0; - char *cp = (char *)pval; - if(len > (int)sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - /* Is it negative? */ - if(len && (cont[0] & 0x80)) neg = 1; - else neg = 0; - utmp = 0; - for(i = 0; i < len; i++) { - utmp <<= 8; - if(neg) utmp |= cont[i] ^ 0xff; - else utmp |= cont[i]; - } - ltmp = (long)utmp; - if(neg) { - ltmp++; - ltmp = -ltmp; - } - if(ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - memcpy(cp, <mp, sizeof(long)); - return 1; + int neg, i; + long ltmp; + unsigned long utmp = 0; + char *cp = (char *)pval; + if (len > (int)sizeof(long)) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + utmp = 0; + for (i = 0; i < len; i++) { + utmp <<= 8; + if (neg) + utmp |= cont[i] ^ 0xff; + else + utmp |= cont[i]; + } + ltmp = (long)utmp; + if (neg) { + ltmp++; + ltmp = -ltmp; + } + if (ltmp == it->size) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + memcpy(cp, <mp, sizeof(long)); + return 1; } static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) - { - return BIO_printf(out, "%ld\n", *(long *)pval); - } + int indent, const ASN1_PCTX *pctx) +{ + return BIO_printf(out, "%ld\n", *(long *)pval); +} diff --git a/util/openssl-format-source b/util/openssl-format-source index 4e90147..8c3a7c0 100755 --- a/util/openssl-format-source +++ b/util/openssl-format-source @@ -119,7 +119,7 @@ do -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)$.*$[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^(ASN1_ADB_TEMPLATE$.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ - -e 's/^((ASN1|ADB)_.*_END\(.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ + -e 's/^((ASN1|ADB)_.*_(end|END)$.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \ -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \ | \ From steve at openssl.org Mon Mar 2 13:52:09 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 13:52:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425304329.028883.834.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1810b0472838495129fdc4b652daba5dfb4ee90c (commit) from 5c921f14cb08044e40f03440c39c70d9fb321e92 (commit) - Log ----------------------------------------------------------------- commit 1810b0472838495129fdc4b652daba5dfb4ee90c Author: Dr. Stephen Henson Date: Mon Mar 2 13:26:29 2015 +0000 Fix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 69 ++++++++++++--------- crypto/asn1/x_long.c | 149 ++++++++++++++++++++++++--------------------- util/openssl-format-source | 2 +- 3 files changed, 121 insertions(+), 99 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 1f10364..a5a403c 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)BN_new(); - if(*pval) return 1; - else return 0; + *pval = (ASN1_VALUE *)BN_new(); + if (*pval) + return 1; + else + return 0; } static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(!*pval) return; - if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); - else BN_free((BIGNUM *)*pval); - *pval = NULL; + if (!*pval) + return; + if (it->size & BN_SENSITIVE) + BN_clear_free((BIGNUM *)*pval); + else + BN_free((BIGNUM *)*pval); + *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - BIGNUM *bn; - int pad; - if(!*pval) return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if(BN_num_bits(bn) & 0x7) pad = 0; - else pad = 1; - if(cont) { - if(pad) *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); + BIGNUM *bn; + int pad; + if (!*pval) + return -1; + bn = (BIGNUM *)*pval; + /* If MSB set in an octet we need a padding byte */ + if (BN_num_bits(bn) & 0x7) + pad = 0; + else + pad = 1; + if (cont) { + if (pad) + *cont++ = 0; + BN_bn2bin(bn, cont); + } + return pad + BN_num_bytes(bn); } static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - BIGNUM *bn; - if(!*pval) bn_new(pval, it); - bn = (BIGNUM *)*pval; - if(!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; + BIGNUM *bn; + if (!*pval) + bn_new(pval, it); + bn = (BIGNUM *)*pval; + if (!BN_bin2bn(cont, len, bn)) { + bn_free(pval, it); + return 0; + } + return 1; } - - diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index f393619..3aed44a 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -97,87 +97,100 @@ ASN1_ITEM_end(ZLONG) static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; - return 1; + *(long *)pval = it->size; + return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + *(long *)pval = it->size; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - long ltmp; - unsigned long utmp; - int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; - - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); - - if(ltmp == it->size) return -1; - /* Convert the long to positive: we subtract one if negative so - * we can cleanly handle the padding if only the MSB of the leading - * octet is set. - */ - if(ltmp < 0) utmp = -ltmp - 1; - else utmp = ltmp; - clen = BN_num_bits_word(utmp); - /* If MSB of leading octet set we need to pad */ - if(!(clen & 0x7)) pad = 1; - else pad = 0; - - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; - - if(cont) { - if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; - for(i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp & 0xff); - if(ltmp < 0) cont[i] ^= 0xff; - utmp >>= 8; - } + long ltmp; + unsigned long utmp; + int clen, pad, i; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; + + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); + + if (ltmp == it->size) + return -1; + /* + * Convert the long to positive: we subtract one if negative so we can + * cleanly handle the padding if only the MSB of the leading octet is + * set. + */ + if (ltmp < 0) + utmp = -ltmp - 1; + else + utmp = ltmp; + clen = BN_num_bits_word(utmp); + /* If MSB of leading octet set we need to pad */ + if (!(clen & 0x7)) + pad = 1; + else + pad = 0; + + /* Convert number of bits to number of octets */ + clen = (clen + 7) >> 3; + + if (cont) { + if (pad) + *cont++ = (ltmp < 0) ? 0xff : 0; + for (i = clen - 1; i >= 0; i--) { + cont[i] = (unsigned char)(utmp & 0xff); + if (ltmp < 0) + cont[i] ^= 0xff; + utmp >>= 8; } - return clen + pad; + } + return clen + pad; } static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; - long ltmp; - unsigned long utmp = 0; - char *cp = (char *)pval; - if(len > (int)sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - /* Is it negative? */ - if(len && (cont[0] & 0x80)) neg = 1; - else neg = 0; - utmp = 0; - for(i = 0; i < len; i++) { - utmp <<= 8; - if(neg) utmp |= cont[i] ^ 0xff; - else utmp |= cont[i]; - } - ltmp = (long)utmp; - if(neg) { - ltmp++; - ltmp = -ltmp; - } - if(ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - memcpy(cp, <mp, sizeof(long)); - return 1; + int neg, i; + long ltmp; + unsigned long utmp = 0; + char *cp = (char *)pval; + if (len > (int)sizeof(long)) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + utmp = 0; + for (i = 0; i < len; i++) { + utmp <<= 8; + if (neg) + utmp |= cont[i] ^ 0xff; + else + utmp |= cont[i]; + } + ltmp = (long)utmp; + if (neg) { + ltmp++; + ltmp = -ltmp; + } + if (ltmp == it->size) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + memcpy(cp, <mp, sizeof(long)); + return 1; } static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) - { - return BIO_printf(out, "%ld\n", *(long *)pval); - } + int indent, const ASN1_PCTX *pctx) +{ + return BIO_printf(out, "%ld\n", *(long *)pval); +} diff --git a/util/openssl-format-source b/util/openssl-format-source index 4e90147..8c3a7c0 100755 --- a/util/openssl-format-source +++ b/util/openssl-format-source @@ -119,7 +119,7 @@ do -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)$.*$[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^(ASN1_ADB_TEMPLATE$.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ - -e 's/^((ASN1|ADB)_.*_END\(.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ + -e 's/^((ASN1|ADB)_.*_(end|END)$.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \ -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \ | \ From steve at openssl.org Mon Mar 2 13:52:09 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 13:52:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425304329.092489.867.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 6fff54b0ced16781ff97592f6d6e1e532f9964bf (commit) from 6e20f556465f082dd4fdbd096a488e37528ddebf (commit) - Log ----------------------------------------------------------------- commit 6fff54b0ced16781ff97592f6d6e1e532f9964bf Author: Dr. Stephen Henson Date: Mon Mar 2 13:26:29 2015 +0000 Fix format script. The format script didn't correctly recognise some ASN.1 macros and didn't reformat some files as a result. Fix script and reformat affected files. Reviewed-by: Tim Hudson (cherry picked from commit 437b14b533fe7f7408e3ebca6d5569f1d3347b1a) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/x_bignum.c | 69 ++++++++++++--------- crypto/asn1/x_long.c | 149 ++++++++++++++++++++++++--------------------- util/openssl-format-source | 2 +- 3 files changed, 121 insertions(+), 99 deletions(-) diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index 1f10364..a5a403c 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -98,46 +98,55 @@ ASN1_ITEM_end(CBIGNUM) static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *pval = (ASN1_VALUE *)BN_new(); - if(*pval) return 1; - else return 0; + *pval = (ASN1_VALUE *)BN_new(); + if (*pval) + return 1; + else + return 0; } static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - if(!*pval) return; - if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval); - else BN_free((BIGNUM *)*pval); - *pval = NULL; + if (!*pval) + return; + if (it->size & BN_SENSITIVE) + BN_clear_free((BIGNUM *)*pval); + else + BN_free((BIGNUM *)*pval); + *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - BIGNUM *bn; - int pad; - if(!*pval) return -1; - bn = (BIGNUM *)*pval; - /* If MSB set in an octet we need a padding byte */ - if(BN_num_bits(bn) & 0x7) pad = 0; - else pad = 1; - if(cont) { - if(pad) *cont++ = 0; - BN_bn2bin(bn, cont); - } - return pad + BN_num_bytes(bn); + BIGNUM *bn; + int pad; + if (!*pval) + return -1; + bn = (BIGNUM *)*pval; + /* If MSB set in an octet we need a padding byte */ + if (BN_num_bits(bn) & 0x7) + pad = 0; + else + pad = 1; + if (cont) { + if (pad) + *cont++ = 0; + BN_bn2bin(bn, cont); + } + return pad + BN_num_bytes(bn); } static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - BIGNUM *bn; - if(!*pval) bn_new(pval, it); - bn = (BIGNUM *)*pval; - if(!BN_bin2bn(cont, len, bn)) { - bn_free(pval, it); - return 0; - } - return 1; + BIGNUM *bn; + if (!*pval) + bn_new(pval, it); + bn = (BIGNUM *)*pval; + if (!BN_bin2bn(cont, len, bn)) { + bn_free(pval, it); + return 0; + } + return 1; } - - diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index f393619..3aed44a 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -97,87 +97,100 @@ ASN1_ITEM_end(ZLONG) static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; - return 1; + *(long *)pval = it->size; + return 1; } static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - *(long *)pval = it->size; + *(long *)pval = it->size; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) +static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { - long ltmp; - unsigned long utmp; - int clen, pad, i; - /* this exists to bypass broken gcc optimization */ - char *cp = (char *)pval; - - /* use memcpy, because we may not be long aligned */ - memcpy(<mp, cp, sizeof(long)); - - if(ltmp == it->size) return -1; - /* Convert the long to positive: we subtract one if negative so - * we can cleanly handle the padding if only the MSB of the leading - * octet is set. - */ - if(ltmp < 0) utmp = -ltmp - 1; - else utmp = ltmp; - clen = BN_num_bits_word(utmp); - /* If MSB of leading octet set we need to pad */ - if(!(clen & 0x7)) pad = 1; - else pad = 0; - - /* Convert number of bits to number of octets */ - clen = (clen + 7) >> 3; - - if(cont) { - if(pad) *cont++ = (ltmp < 0) ? 0xff : 0; - for(i = clen - 1; i >= 0; i--) { - cont[i] = (unsigned char)(utmp & 0xff); - if(ltmp < 0) cont[i] ^= 0xff; - utmp >>= 8; - } + long ltmp; + unsigned long utmp; + int clen, pad, i; + /* this exists to bypass broken gcc optimization */ + char *cp = (char *)pval; + + /* use memcpy, because we may not be long aligned */ + memcpy(<mp, cp, sizeof(long)); + + if (ltmp == it->size) + return -1; + /* + * Convert the long to positive: we subtract one if negative so we can + * cleanly handle the padding if only the MSB of the leading octet is + * set. + */ + if (ltmp < 0) + utmp = -ltmp - 1; + else + utmp = ltmp; + clen = BN_num_bits_word(utmp); + /* If MSB of leading octet set we need to pad */ + if (!(clen & 0x7)) + pad = 1; + else + pad = 0; + + /* Convert number of bits to number of octets */ + clen = (clen + 7) >> 3; + + if (cont) { + if (pad) + *cont++ = (ltmp < 0) ? 0xff : 0; + for (i = clen - 1; i >= 0; i--) { + cont[i] = (unsigned char)(utmp & 0xff); + if (ltmp < 0) + cont[i] ^= 0xff; + utmp >>= 8; } - return clen + pad; + } + return clen + pad; } static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it) { - int neg, i; - long ltmp; - unsigned long utmp = 0; - char *cp = (char *)pval; - if(len > (int)sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - /* Is it negative? */ - if(len && (cont[0] & 0x80)) neg = 1; - else neg = 0; - utmp = 0; - for(i = 0; i < len; i++) { - utmp <<= 8; - if(neg) utmp |= cont[i] ^ 0xff; - else utmp |= cont[i]; - } - ltmp = (long)utmp; - if(neg) { - ltmp++; - ltmp = -ltmp; - } - if(ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); - return 0; - } - memcpy(cp, <mp, sizeof(long)); - return 1; + int neg, i; + long ltmp; + unsigned long utmp = 0; + char *cp = (char *)pval; + if (len > (int)sizeof(long)) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + /* Is it negative? */ + if (len && (cont[0] & 0x80)) + neg = 1; + else + neg = 0; + utmp = 0; + for (i = 0; i < len; i++) { + utmp <<= 8; + if (neg) + utmp |= cont[i] ^ 0xff; + else + utmp |= cont[i]; + } + ltmp = (long)utmp; + if (neg) { + ltmp++; + ltmp = -ltmp; + } + if (ltmp == it->size) { + ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + return 0; + } + memcpy(cp, <mp, sizeof(long)); + return 1; } static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, - int indent, const ASN1_PCTX *pctx) - { - return BIO_printf(out, "%ld\n", *(long *)pval); - } + int indent, const ASN1_PCTX *pctx) +{ + return BIO_printf(out, "%ld\n", *(long *)pval); +} diff --git a/util/openssl-format-source b/util/openssl-format-source index 4e90147..8c3a7c0 100755 --- a/util/openssl-format-source +++ b/util/openssl-format-source @@ -119,7 +119,7 @@ do -e 's/^((DECLARE|IMPLEMENT)_(EXTERN_ASN1|ASN1|ADB|STACK_OF|PKCS12_STACK_OF).*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^([ \t]*(make_dh|make_dh_bn|make_rfc5114_td)$.*$[ \t,]*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ -e 's/^(ASN1_ADB_TEMPLATE$.*)$/\/**INDENT-OFF**\/\n$1\n\/**INDENT-ON**\//;' \ - -e 's/^((ASN1|ADB)_.*_END\(.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ + -e 's/^((ASN1|ADB)_.*_(end|END)$.*[${=,;]+[ \t]*)$/$1\n\/**INDENT-ON**\//;' \ -e '/ASN1_(ITEM_ref|ITEM_ptr|ITEM_rptr|PCTX)/ || s/^((ASN1|ADB)_[^\*]*[){=,]+[ \t]*)$/\/**INDENT-OFF**\/\n$1/;' \ -e 's/^(} (ASN1|ADB)_[^\*]*[\){=,;]+)$/$1\n\/**INDENT-ON**\//;' \ | \ From steve at openssl.org Mon Mar 2 15:26:35 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 15:26:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425309995.465846.14045.nullmailer@dev.openssl.org> The branch master has been updated via 28a00bcd8e318da18031b2ac8778c64147cd54f9 (commit) from 437b14b533fe7f7408e3ebca6d5569f1d3347b1a (commit) - Log ----------------------------------------------------------------- commit 28a00bcd8e318da18031b2ac8778c64147cd54f9 Author: Dr. Stephen Henson Date: Wed Feb 18 00:34:59 2015 +0000 Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index bc6e566..01795f4 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); if (!i) From steve at openssl.org Mon Mar 2 15:27:27 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 15:27:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1425310047.565256.14983.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 241cff623e2b0f7c435a3a80ae783c29d994f061 (commit) from 8a8ba0716796af963947586dca063ca95460010e (commit) - Log ----------------------------------------------------------------- commit 241cff623e2b0f7c435a3a80ae783c29d994f061 Author: Dr. Stephen Henson Date: Wed Feb 18 00:34:59 2015 +0000 Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index c1a2608..31e59c4 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -91,6 +91,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); if (!i) From steve at openssl.org Mon Mar 2 15:27:27 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 15:27:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425310047.691671.15036.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 51527f1e3564f210e984fe5b654c45d34e4f03d7 (commit) from 1810b0472838495129fdc4b652daba5dfb4ee90c (commit) - Log ----------------------------------------------------------------- commit 51527f1e3564f210e984fe5b654c45d34e4f03d7 Author: Dr. Stephen Henson Date: Wed Feb 18 00:34:59 2015 +0000 Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index bc6e566..01795f4 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); if (!i) From steve at openssl.org Mon Mar 2 15:27:27 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 15:27:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425310047.746362.15057.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9fdbaf3a322689a58381c724e4f3497320a69581 (commit) from 6fff54b0ced16781ff97592f6d6e1e532f9964bf (commit) - Log ----------------------------------------------------------------- commit 9fdbaf3a322689a58381c724e4f3497320a69581 Author: Dr. Stephen Henson Date: Wed Feb 18 00:34:59 2015 +0000 Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index bc6e566..01795f4 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); if (!i) From steve at openssl.org Mon Mar 2 15:27:27 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 02 Mar 2015 15:27:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425310047.627386.15006.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 4bf7b291692c59270ddca0e62de1f11611591cfc (commit) from 42ad0100f12841e35f8dacef5b010de450ea5fe3 (commit) - Log ----------------------------------------------------------------- commit 4bf7b291692c59270ddca0e62de1f11611591cfc Author: Dr. Stephen Henson Date: Wed Feb 18 00:34:59 2015 +0000 Check public key is not NULL. CVE-2015-0288 PR#3708 Reviewed-by: Matt Caswell (cherry picked from commit 28a00bcd8e318da18031b2ac8778c64147cd54f9) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_req.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index bc6e566..01795f4 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) goto err; pktmp = X509_get_pubkey(x); + if (pktmp == NULL) + goto err; i = X509_REQ_set_pubkey(ret, pktmp); EVP_PKEY_free(pktmp); if (!i) From rsalz at openssl.org Mon Mar 2 18:52:57 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 02 Mar 2015 18:52:57 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1425322377.334131.4454.nullmailer@dev.openssl.org> The branch master has been updated via d997f7b7f32706c45422964688cfb31793664dc8 (commit) from cb80695ce90a46785e07baab0cb7b04d468cd6a4 (commit) - Log ----------------------------------------------------------------- commit d997f7b7f32706c45422964688cfb31793664dc8 Author: Rich Salz Date: Mon Mar 2 13:52:45 2015 -0500 warning about download links broken. ----------------------------------------------------------------------- Summary of changes: source/index.wml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source/index.wml b/source/index.wml index 59c571a..9161fd1 100644 --- a/source/index.wml +++ b/source/index.wml @@ -3,6 +3,9 @@ Source, Tarballs +Links are currently broken, will be fixed shortly. Sorry for the +inconvenience. +

Tarballs

From rsalz at openssl.org Mon Mar 2 18:57:37 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 02 Mar 2015 18:57:37 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1425322657.152049.5249.nullmailer@dev.openssl.org> The branch master has been updated via a378f9a9540bd060df13eb3e6c544ce0ae22d39c (commit) from d997f7b7f32706c45422964688cfb31793664dc8 (commit) - Log ----------------------------------------------------------------- commit a378f9a9540bd060df13eb3e6c544ce0ae22d39c Author: Rich Salz Date: Mon Mar 2 13:57:24 2015 -0500 Revert "warning about download links broken." This reverts commit d997f7b7f32706c45422964688cfb31793664dc8. ----------------------------------------------------------------------- Summary of changes: source/index.wml | 3 --- 1 file changed, 3 deletions(-) diff --git a/source/index.wml b/source/index.wml index 9161fd1..59c571a 100644 --- a/source/index.wml +++ b/source/index.wml @@ -3,9 +3,6 @@ Source, Tarballs -Links are currently broken, will be fixed shortly. Sorry for the -inconvenience. -

Tarballs

From rsalz at openssl.org Tue Mar 3 19:34:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 03 Mar 2015 19:34:50 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1425411290.729597.30317.nullmailer@dev.openssl.org> The branch master has been updated via d48d043b3068069836cf76238ca279de59e69ed1 (commit) from a378f9a9540bd060df13eb3e6c544ce0ae22d39c (commit) - Log ----------------------------------------------------------------- commit d48d043b3068069836cf76238ca279de59e69ed1 Author: Rich Salz Date: Tue Mar 3 14:33:49 2015 -0500 Update openssl-cookbook notes. ----------------------------------------------------------------------- Summary of changes: docs/index.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.wml b/docs/index.wml index 316a9dc..bda3dc9 100644 --- a/docs/index.wml +++ b/docs/index.wml @@ -42,7 +42,7 @@ features which are not present in other releases. Other standards and documentation:

The branch master has been updated via 618be04e407a7800a7198ac87fa5e8cee7c6e10b (commit) from 28a00bcd8e318da18031b2ac8778c64147cd54f9 (commit) - Log ----------------------------------------------------------------- commit 618be04e407a7800a7198ac87fa5e8cee7c6e10b Author: Dr. Stephen Henson Date: Sun Mar 1 15:38:56 2015 +0000 add RIPEMD160 whirlpool tests Add RIPEMD160 and whirlpool test data. Add Count keyword to repeatedly call EVP_DigestUpate. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_test.c | 17 +++++++++++++-- crypto/evp/evptests.txt | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+), 2 deletions(-) diff --git a/crypto/evp/evp_test.c b/crypto/evp/evp_test.c index cc7036a..1b17f64 100644 --- a/crypto/evp/evp_test.c +++ b/crypto/evp/evp_test.c @@ -534,6 +534,8 @@ struct digest_data { /* Input to digest */ unsigned char *input; size_t input_len; + /* Repeat count for input */ + size_t nrpt; /* Expected output */ unsigned char *output; size_t output_len; @@ -556,6 +558,7 @@ static int digest_test_init(struct evp_test *t, const char *alg) mdat->digest = digest; mdat->input = NULL; mdat->output = NULL; + mdat->nrpt = 1; t->data = mdat; return 1; } @@ -575,12 +578,20 @@ static int digest_test_parse(struct evp_test *t, return test_bin(value, &mdata->input, &mdata->input_len); if (!strcmp(keyword, "Output")) return test_bin(value, &mdata->output, &mdata->output_len); + if (!strcmp(keyword, "Count")) { + long nrpt = atoi(value); + if (nrpt <= 0) + return 0; + mdata->nrpt = (size_t)nrpt; + return 1; + } return 0; } static int digest_test_run(struct evp_test *t) { struct digest_data *mdata = t->data; + size_t i; const char *err = "INTERNAL_ERROR"; EVP_MD_CTX *mctx; unsigned char md[EVP_MAX_MD_SIZE]; @@ -592,8 +603,10 @@ static int digest_test_run(struct evp_test *t) if (!EVP_DigestInit_ex(mctx, mdata->digest, NULL)) goto err; err = "DIGESTUPDATE_ERROR"; - if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len)) - goto err; + for (i = 0; i < mdata->nrpt; i++) { + if (!EVP_DigestUpdate(mctx, mdata->input, mdata->input_len)) + goto err; + } err = "DIGESTFINAL_ERROR"; if (!EVP_DigestFinal(mctx, md, &md_len)) goto err; diff --git a/crypto/evp/evptests.txt b/crypto/evp/evptests.txt index 91fb7dc..8bf90d0 100644 --- a/crypto/evp/evptests.txt +++ b/crypto/evp/evptests.txt @@ -60,6 +60,62 @@ Digest = MD4 Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = e33b4ddc9c38f2199c3e7b164fcc0536 +# RIPEMD160 tests from rmdtest.c +Digest = RIPEMD160 +Input = "" +Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 +Digest = RIPEMD160 +Input = "a" +Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe +Digest = RIPEMD160 +Input = "abc" +Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc +Digest = RIPEMD160 +Input = "message digest" +Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 +Digest = RIPEMD160 +Input = "abcdefghijklmnopqrstuvwxyz" +Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc +Digest = RIPEMD160 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b +Digest = RIPEMD160 +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = b0e20b6e3116640286ed3a87a5713079b21f5189 +Digest = RIPEMD160 +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb + +# whirlpool tests from wp_test.c +Digest = whirlpool +Input = "" +Output = 19FA61D75522A4669B44E39C1D2E1726C530232130D407F89AFEE0964997F7A73E83BE698B288FEBCF88E3E03C4F0757EA8964E59B63D93708B138CC42A66EB3 +Digest = whirlpool +Input = "a" +Output = 8ACA2602792AEC6F11A67206531FB7D7F0DFF59413145E6973C45001D0087B42D11BC645413AEFF63A42391A39145A591A92200D560195E53B478584FDAE231A +Digest = whirlpool +Input = "abc" +Output = 4E2448A4C6F486BB16B6562C73B4020BF3043E3A731BCE721AE1B303D97E6D4C7181EEBDB6C57E277D0E34957114CBD6C797FC9D95D8B582D225292076D4EEF5 +Digest = whirlpool +Input = "message digest" +Output = 378C84A4126E2DC6E56DCC7458377AAC838D00032230F53CE1F5700C0FFB4D3B8421557659EF55C106B4B52AC5A4AAA692ED920052838F3362E86DBD37A8903E +Digest = whirlpool +Input = "abcdefghijklmnopqrstuvwxyz" +Output = F1D754662636FFE92C82EBB9212A484A8D38631EAD4238F5442EE13B8054E41B08BF2A9251C30B6A0B8AAE86177AB4A6F68F673E7207865D5D9819A3DBA4EB3B +Digest = whirlpool +Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" +Output = DC37E008CF9EE69BF11F00ED9ABA26901DD7C28CDEC066CC6AF42E40F82F3A1E08EBA26629129D8FB7CB57211B9281A65517CC879D7B962142C65F5A7AF01467 +Digest = whirlpool +Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" +Output = 466EF18BABB0154D25B9D38A6414F5C08784372BCCB204D6549C4AFADB6014294D5BD8DF2A6C44E538CD047B2681A51A2C60481E88C5A20B2C2A80CF3A9A083B +Digest = whirlpool +Input = "abcdbcdecdefdefgefghfghighijhijk" +Output = 2A987EA40F917061F5D6F0A0E4644F488A7A5A52DEEE656207C562F988E95C6916BDC8031BC5BE1B7B947639FE050B56939BAAA0ADFF9AE6745B7B181C3BE3FD +Digest = whirlpool +Input = "aaaaaaaaaa" +Count = 100000 +Output = 0C99005BEB57EFF50A7CF005560DDF5D29057FD86B20BFD62DECA0F1CCEA4AF51FC15490EDDC47AF32BB2B66C34FF9AD8C6008AD677F77126953B226E4ED8B01 + # AES 128 ECB tests (from FIPS-197 test vectors, encrypt) Cipher = AES-128-ECB From matt at openssl.org Thu Mar 5 09:23:55 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Mar 2015 09:23:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425547435.291257.7847.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 9f114219508d64a5b9522006eab1ed2db918dd25 (commit) from 51527f1e3564f210e984fe5b654c45d34e4f03d7 (commit) - Log ----------------------------------------------------------------- commit 9f114219508d64a5b9522006eab1ed2db918dd25 Author: Matt Caswell Date: Wed Mar 4 17:49:51 2015 +0000 Unchecked malloc fixes Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c Conflicts: apps/cms.c apps/s_cb.c apps/s_server.c apps/speed.c crypto/dh/dh_pmeth.c ssl/s3_pkt.c ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 11 +++++++++++ apps/ca.c | 8 ++++++++ apps/dgst.c | 5 +++++ apps/rsautl.c | 5 +++++ apps/s_client.c | 5 +++++ apps/s_server.c | 6 +++++- apps/srp.c | 8 ++++++++ apps/x509.c | 5 +++++ crypto/asn1/bio_ndef.c | 6 ++++++ crypto/bio/b_print.c | 8 ++++++++ crypto/bio/bss_dgram.c | 15 ++++++++++++++- crypto/cms/cms_pwri.c | 2 ++ crypto/dso/dso_vms.c | 3 ++- crypto/objects/o_names.c | 15 +++++++++------ crypto/rand/rand_os2.c | 3 +++ crypto/threads/th-lock.c | 23 ++++++++++++++++++++++- 16 files changed, 118 insertions(+), 10 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 918c647..9862afd 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -572,6 +572,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if(!prompt) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + return 0; + } ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -581,6 +586,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); + if(!buff) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + OPENSSL_free(prompt); + return 0; + } ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } diff --git a/apps/ca.c b/apps/ca.c index 174ad9a..055548a 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -558,10 +558,18 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); #endif diff --git a/apps/dgst.c b/apps/dgst.c index 6bf77d2..8459c19 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -448,6 +448,11 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + if (!sigbuf) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if (siglen <= 0) { diff --git a/apps/rsautl.c b/apps/rsautl.c index 0030aca..d642f9a 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -268,6 +268,11 @@ int MAIN(int argc, char **argv) rsa_in = OPENSSL_malloc(keysize * 2); rsa_out = OPENSSL_malloc(keysize); + if (!rsa_in || !rsa_out) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); diff --git a/apps/s_client.c b/apps/s_client.c index 758fb25..ef41cec 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -547,6 +547,11 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; + if(!pass) { + BIO_printf(bio_err, "Malloc failure\n"); + return NULL; + } + cb_tmp.password = (char *)srp_arg->srppassin; cb_tmp.prompt_info = "SRP user"; if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { diff --git a/apps/s_server.c b/apps/s_server.c index f472126..d5ac75a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -662,6 +662,8 @@ static int ebcdic_new(BIO *bi) EBCDIC_OUTBUFF *wbuf; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + if (!wbuf) + return 0; wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -716,9 +718,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - OPENSSL_free(wbuf); wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); + if(!wbuf) + return 0; + OPENSSL_free(b->ptr); wbuf->alloced = num; wbuf->buff[0] = '\0'; diff --git a/apps/srp.c b/apps/srp.c index 47b45fb..c679448 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -435,10 +435,18 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); # endif diff --git a/apps/x509.c b/apps/x509.c index 7c3b080..929359b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -783,6 +783,11 @@ int MAIN(int argc, char **argv) z = i2d_X509(x, NULL); m = OPENSSL_malloc(z); + if (!m) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } d = (unsigned char *)m; z = i2d_X509_NAME(X509_get_subject_name(x), &d); diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 5817a2b..4a73ca9 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -162,6 +162,9 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); @@ -229,6 +232,9 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 5dc7630..f7940f2 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -713,6 +713,10 @@ doapr_outch(char **sbuffer, if (*maxlen == 0) *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } if (*currlen > 0) { assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); @@ -721,6 +725,10 @@ doapr_outch(char **sbuffer, } else { *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } } } /* What to do if *buffer is NULL? */ diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index dd36802..b495db2 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -953,6 +953,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(sockopt_len); + if(!authchunks) { + BIO_vfree(bio); + return (NULL); + } memset(authchunks, 0, sizeof(sockopt_len)); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, @@ -1288,6 +1292,10 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) optlen = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); + if (!authchunks) { + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); + return -1; + } memset(authchunks, 0, sizeof(optlen)); ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); @@ -1354,10 +1362,15 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) * yet, we have to save it and send it as soon as the socket gets dry. */ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { + char *tmp; data->saved_message.bio = b; + if(!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); + return -1; + } if (data->saved_message.data) OPENSSL_free(data->saved_message.data); - data->saved_message.data = OPENSSL_malloc(inl); + data->saved_message.data = tmp; memcpy(data->saved_message.data, in, inl); data->saved_message.length = inl; return inl; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index d93b14f..076b545 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -231,6 +231,8 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); + if(!tmp) + return 0; /* setup IV by decrypting last two blocks */ EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, in + inlen - 2 * blocklen, blocklen * 2); diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 8793f7e..0eff96e 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -539,7 +539,8 @@ static char *vms_name_converter(DSO *dso, const char *filename) { int len = strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); - strcpy(not_translated, filename); + if(not_translated) + strcpy(not_translated, filename); return (not_translated); } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index e1e13a6..c6774f4 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -312,15 +312,18 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); - d.n = 0; - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); + /* Really should return an error if !d.names...but its a void function! */ + if(d.names) { + d.n = 0; + OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); + for (n = 0; n < d.n; ++n) + fn(d.names[n], arg); - OPENSSL_free((void *)d.names); + OPENSSL_free((void *)d.names); + } } static int free_type; diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c index 9c4a137..02148d5 100644 --- a/crypto/rand/rand_os2.c +++ b/crypto/rand/rand_os2.c @@ -149,6 +149,9 @@ int RAND_poll(void) if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); + if(!buffer) + return 0; + if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { /* * First 4 bytes in buffer is a pointer to the thread count there diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 1b57659..28884c2 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -117,6 +117,10 @@ void CRYPTO_thread_setup(void) int i; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = CreateMutex(NULL, FALSE, NULL); } @@ -168,6 +172,10 @@ void CRYPTO_thread_setup(void) # else lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t)); # endif + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; @@ -251,6 +259,12 @@ void CRYPTO_thread_setup(void) int i; char filename[20]; + lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } + strcpy(filename, "/tmp/mttest.XXXXXX"); mktemp(filename); @@ -261,7 +275,6 @@ void CRYPTO_thread_setup(void) arena = usinit(filename); unlink(filename); - lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = usnewsema(arena, 1); } @@ -315,6 +328,14 @@ void CRYPTO_thread_setup(void) lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + if(!lock_cs || !lock_count) { + /* Nothing we can do about this...void function! */ + if(lock_cs) + OPENSSL_free(lock_cs); + if(lock_count) + OPENSSL_free(lock_count); + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; pthread_mutex_init(&(lock_cs[i]), NULL); From matt at openssl.org Thu Mar 5 09:24:05 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Mar 2015 09:24:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425547445.802395.8085.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d6b4a41d100c2d3b401baf8edc34085ff610c5ba (commit) from 9fdbaf3a322689a58381c724e4f3497320a69581 (commit) - Log ----------------------------------------------------------------- commit d6b4a41d100c2d3b401baf8edc34085ff610c5ba Author: Matt Caswell Date: Wed Mar 4 17:49:51 2015 +0000 Unchecked malloc fixes Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson (cherry picked from commit 918bb8652969fd53f0c390c1cd909265ed502c7e) Conflicts: crypto/bio/bss_dgram.c ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 11 +++++++++++ apps/ca.c | 8 ++++++++ apps/cms.c | 4 ++++ apps/dgst.c | 5 +++++ apps/rsautl.c | 5 +++++ apps/s_cb.c | 5 +++++ apps/s_client.c | 5 +++++ apps/s_server.c | 20 +++++++++++++++++++- apps/speed.c | 12 ++++++++++-- apps/srp.c | 8 ++++++++ apps/x509.c | 5 +++++ crypto/asn1/bio_ndef.c | 6 ++++++ crypto/bio/b_print.c | 8 ++++++++ crypto/bio/bss_dgram.c | 15 ++++++++++++++- crypto/cms/cms_pwri.c | 2 ++ crypto/dh/dh_pmeth.c | 3 +++ crypto/dso/dso_vms.c | 3 ++- crypto/objects/o_names.c | 15 +++++++++------ crypto/rand/rand_os2.c | 3 +++ crypto/threads/th-lock.c | 23 ++++++++++++++++++++++- ssl/s3_pkt.c | 4 ++++ 21 files changed, 158 insertions(+), 12 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index ef5d087..b0acbc7 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -574,6 +574,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if(!prompt) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + return 0; + } ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -583,6 +588,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); + if(!buff) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + OPENSSL_free(prompt); + return 0; + } ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } diff --git a/apps/ca.c b/apps/ca.c index f0a19cf..3215c56 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -563,10 +563,18 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); #endif diff --git a/apps/cms.c b/apps/cms.c index 2c8ada6..2c92253 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -463,6 +463,10 @@ int MAIN(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = OPENSSL_malloc(sizeof(cms_key_param)); + if(!nparam) { + BIO_printf(bio_err, "Out of memory\n"); + goto argerr; + } nparam->idx = keyidx; nparam->param = sk_OPENSSL_STRING_new_null(); nparam->next = NULL; diff --git a/apps/dgst.c b/apps/dgst.c index adb7a06..47c2f69 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -460,6 +460,11 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + if (!sigbuf) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if (siglen <= 0) { diff --git a/apps/rsautl.c b/apps/rsautl.c index 0030aca..d642f9a 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -268,6 +268,11 @@ int MAIN(int argc, char **argv) rsa_in = OPENSSL_malloc(keysize * 2); rsa_out = OPENSSL_malloc(keysize); + if (!rsa_in || !rsa_out) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); diff --git a/apps/s_cb.c b/apps/s_cb.c index d5756c0..f6e6bcd 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -456,8 +456,13 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); + if(!curves) { + BIO_puts(out, "Malloc error getting supported curves\n"); + return 0; + } SSL_get1_curves(s, curves); + BIO_puts(out, "Supported Elliptic Curves: "); for (i = 0; i < ncurves; i++) { if (i) diff --git a/apps/s_client.c b/apps/s_client.c index 8212c9f..8fa2b73 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -560,6 +560,11 @@ static char *MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; + if(!pass) { + BIO_printf(bio_err, "Malloc failure\n"); + return NULL; + } + cb_tmp.password = (char *)srp_arg->srppassin; cb_tmp.prompt_info = "SRP user"; if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { diff --git a/apps/s_server.c b/apps/s_server.c index 5709546..655ada0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -696,6 +696,8 @@ static int ebcdic_new(BIO *bi) EBCDIC_OUTBUFF *wbuf; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + if (!wbuf) + return 0; wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -750,9 +752,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - OPENSSL_free(wbuf); wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); + if(!wbuf) + return 0; + OPENSSL_free(b->ptr); wbuf->alloced = num; wbuf->buff[0] = '\0'; @@ -3319,6 +3323,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session) unsigned char *p; sess = OPENSSL_malloc(sizeof(simple_ssl_session)); + if(!sess) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + return 0; + } SSL_SESSION_get_id(session, &sess->idlen); sess->derlen = i2d_SSL_SESSION(session, NULL); @@ -3326,6 +3334,16 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); + if(!sess->id || !sess->der) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + + if(sess->id) + OPENSSL_free(sess->id); + if(sess->der) + OPENSSL_free(sess->der); + OPENSSL_free(sess); + return 0; + } p = sess->der; i2d_SSL_SESSION(session, &p); diff --git a/apps/speed.c b/apps/speed.c index 7dcd354..7b1acc1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2775,6 +2775,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) inp = OPENSSL_malloc(mblengths[num - 1]); out = OPENSSL_malloc(mblengths[num - 1] + 1024); + if(!inp || !out) { + BIO_printf(bio_err,"Out of memory\n"); + goto end; + } + EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv); @@ -2859,7 +2864,10 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) fprintf(stdout, "\n"); } - OPENSSL_free(inp); - OPENSSL_free(out); +end: + if(inp) + OPENSSL_free(inp); + if(out) + OPENSSL_free(out); } #endif diff --git a/apps/srp.c b/apps/srp.c index 47b45fb..c679448 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -435,10 +435,18 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); # endif diff --git a/apps/x509.c b/apps/x509.c index d005c82..864a60d 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -829,6 +829,11 @@ int MAIN(int argc, char **argv) z = i2d_X509(x, NULL); m = OPENSSL_malloc(z); + if (!m) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } d = (unsigned char *)m; z = i2d_X509_NAME(X509_get_subject_name(x), &d); diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 5817a2b..4a73ca9 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -162,6 +162,9 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); @@ -229,6 +232,9 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 5dc7630..f7940f2 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -713,6 +713,10 @@ doapr_outch(char **sbuffer, if (*maxlen == 0) *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } if (*currlen > 0) { assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); @@ -721,6 +725,10 @@ doapr_outch(char **sbuffer, } else { *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } } } /* What to do if *buffer is NULL? */ diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index fcbae5f..388d90d 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1012,6 +1012,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(sockopt_len); + if(!authchunks) { + BIO_vfree(bio); + return (NULL); + } memset(authchunks, 0, sizeof(sockopt_len)); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, @@ -1347,6 +1351,10 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) optlen = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); + if (!authchunks) { + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); + return -1; + } memset(authchunks, 0, sizeof(optlen)); ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); @@ -1413,10 +1421,15 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) * yet, we have to save it and send it as soon as the socket gets dry. */ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { + char *tmp; data->saved_message.bio = b; + if(!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); + return -1; + } if (data->saved_message.data) OPENSSL_free(data->saved_message.data); - data->saved_message.data = OPENSSL_malloc(inl); + data->saved_message.data = tmp; memcpy(data->saved_message.data, in, inl); data->saved_message.length = inl; return inl; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index d93b14f..076b545 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -231,6 +231,8 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); + if(!tmp) + return 0; /* setup IV by decrypting last two blocks */ EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, in + inlen - 2 * blocklen, blocklen * 2); diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 494a887..b3a3147 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -462,6 +462,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ret = 0; Zlen = DH_size(dh); Z = OPENSSL_malloc(Zlen); + if(!Z) { + goto err; + } if (DH_compute_key_padded(Z, dhpub, dh) <= 0) goto err; if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 8793f7e..0eff96e 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -539,7 +539,8 @@ static char *vms_name_converter(DSO *dso, const char *filename) { int len = strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); - strcpy(not_translated, filename); + if(not_translated) + strcpy(not_translated, filename); return (not_translated); } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index e1e13a6..c6774f4 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -312,15 +312,18 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); - d.n = 0; - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); + /* Really should return an error if !d.names...but its a void function! */ + if(d.names) { + d.n = 0; + OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); + for (n = 0; n < d.n; ++n) + fn(d.names[n], arg); - OPENSSL_free((void *)d.names); + OPENSSL_free((void *)d.names); + } } static int free_type; diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c index 9c4a137..02148d5 100644 --- a/crypto/rand/rand_os2.c +++ b/crypto/rand/rand_os2.c @@ -149,6 +149,9 @@ int RAND_poll(void) if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); + if(!buffer) + return 0; + if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { /* * First 4 bytes in buffer is a pointer to the thread count there diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 1b57659..28884c2 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -117,6 +117,10 @@ void CRYPTO_thread_setup(void) int i; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = CreateMutex(NULL, FALSE, NULL); } @@ -168,6 +172,10 @@ void CRYPTO_thread_setup(void) # else lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t)); # endif + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; @@ -251,6 +259,12 @@ void CRYPTO_thread_setup(void) int i; char filename[20]; + lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } + strcpy(filename, "/tmp/mttest.XXXXXX"); mktemp(filename); @@ -261,7 +275,6 @@ void CRYPTO_thread_setup(void) arena = usinit(filename); unlink(filename); - lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = usnewsema(arena, 1); } @@ -315,6 +328,14 @@ void CRYPTO_thread_setup(void) lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + if(!lock_cs || !lock_count) { + /* Nothing we can do about this...void function! */ + if(lock_cs) + OPENSSL_free(lock_cs); + if(lock_count) + OPENSSL_free(lock_count); + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; pthread_mutex_init(&(lock_cs[i]), NULL); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index d5ddb60..136d273 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -708,6 +708,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen *= 4; wb->buf = OPENSSL_malloc(packlen); + if(!wb->buf) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); + return -1; + } wb->len = packlen; } else if (tot == len) { /* done? */ OPENSSL_free(wb->buf); /* free jumbo buffer */ From matt at openssl.org Thu Mar 5 09:24:13 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Mar 2015 09:24:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425547453.252177.8358.nullmailer@dev.openssl.org> The branch master has been updated via 918bb8652969fd53f0c390c1cd909265ed502c7e (commit) from 618be04e407a7800a7198ac87fa5e8cee7c6e10b (commit) - Log ----------------------------------------------------------------- commit 918bb8652969fd53f0c390c1cd909265ed502c7e Author: Matt Caswell Date: Wed Mar 4 17:49:51 2015 +0000 Unchecked malloc fixes Miscellaneous unchecked malloc fixes. Also fixed some mem leaks on error paths as I spotted them along the way. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 11 +++++++++++ apps/ca.c | 8 ++++++++ apps/cms.c | 4 ++++ apps/dgst.c | 5 +++++ apps/rsautl.c | 5 +++++ apps/s_cb.c | 5 +++++ apps/s_client.c | 5 +++++ apps/s_server.c | 20 +++++++++++++++++++- apps/speed.c | 12 ++++++++++-- apps/srp.c | 8 ++++++++ apps/x509.c | 5 +++++ crypto/asn1/bio_ndef.c | 6 ++++++ crypto/bio/b_print.c | 8 ++++++++ crypto/bio/bss_dgram.c | 15 ++++++++++++++- crypto/cms/cms_pwri.c | 2 ++ crypto/dh/dh_pmeth.c | 3 +++ crypto/dso/dso_vms.c | 3 ++- crypto/objects/o_names.c | 15 +++++++++------ crypto/rand/rand_os2.c | 3 +++ crypto/threads/th-lock.c | 23 ++++++++++++++++++++++- ssl/s3_pkt.c | 4 ++++ 21 files changed, 158 insertions(+), 12 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 8412e24..233d382 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -576,6 +576,11 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) char *prompt = NULL; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if(!prompt) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + return 0; + } ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD; UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0); @@ -585,6 +590,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) PW_MIN_LENGTH, bufsiz - 1); if (ok >= 0 && verify) { buff = (char *)OPENSSL_malloc(bufsiz); + if(!buff) { + BIO_printf(bio_err, "Out of memory\n"); + UI_free(ui); + OPENSSL_free(prompt); + return 0; + } ok = UI_add_verify_string(ui, prompt, ui_flags, buff, PW_MIN_LENGTH, bufsiz - 1, buf); } diff --git a/apps/ca.c b/apps/ca.c index bcb3f50..814162d 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -563,10 +563,18 @@ int MAIN(int argc, char **argv) #ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); #else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); #endif diff --git a/apps/cms.c b/apps/cms.c index 479d1dd..d983e28 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -465,6 +465,10 @@ int MAIN(int argc, char **argv) if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; nparam = OPENSSL_malloc(sizeof(cms_key_param)); + if(!nparam) { + BIO_printf(bio_err, "Out of memory\n"); + goto argerr; + } nparam->idx = keyidx; nparam->param = sk_OPENSSL_STRING_new_null(); nparam->next = NULL; diff --git a/apps/dgst.c b/apps/dgst.c index adb7a06..47c2f69 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -460,6 +460,11 @@ int MAIN(int argc, char **argv) ERR_print_errors(bio_err); goto end; } + if (!sigbuf) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } siglen = BIO_read(sigbio, sigbuf, siglen); BIO_free(sigbio); if (siglen <= 0) { diff --git a/apps/rsautl.c b/apps/rsautl.c index 0030aca..d642f9a 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -268,6 +268,11 @@ int MAIN(int argc, char **argv) rsa_in = OPENSSL_malloc(keysize * 2); rsa_out = OPENSSL_malloc(keysize); + if (!rsa_in || !rsa_out) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } /* Read the input data */ rsa_inlen = BIO_read(in, rsa_in, keysize * 2); diff --git a/apps/s_cb.c b/apps/s_cb.c index eef86cb..12f7b8c 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -460,8 +460,13 @@ int ssl_print_curves(BIO *out, SSL *s, int noshared) if (ncurves <= 0) return 1; curves = OPENSSL_malloc(ncurves * sizeof(int)); + if(!curves) { + BIO_puts(out, "Malloc error getting supported curves\n"); + return 0; + } SSL_get1_curves(s, curves); + BIO_puts(out, "Supported Elliptic Curves: "); for (i = 0; i < ncurves; i++) { if (i) diff --git a/apps/s_client.c b/apps/s_client.c index bc82239..3ec754f 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -550,6 +550,11 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) PW_CB_DATA cb_tmp; int l; + if(!pass) { + BIO_printf(bio_err, "Malloc failure\n"); + return NULL; + } + cb_tmp.password = (char *)srp_arg->srppassin; cb_tmp.prompt_info = "SRP user"; if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) { diff --git a/apps/s_server.c b/apps/s_server.c index 1792a3c..cf5b500 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -649,6 +649,8 @@ static int ebcdic_new(BIO *bi) EBCDIC_OUTBUFF *wbuf; wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + 1024); + if (!wbuf) + return 0; wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -703,9 +705,11 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - OPENSSL_free(wbuf); wbuf = (EBCDIC_OUTBUFF *) OPENSSL_malloc(sizeof(EBCDIC_OUTBUFF) + num); + if(!wbuf) + return 0; + OPENSSL_free(b->ptr); wbuf->alloced = num; wbuf->buff[0] = '\0'; @@ -3204,6 +3208,10 @@ static int add_session(SSL *ssl, SSL_SESSION *session) unsigned char *p; sess = OPENSSL_malloc(sizeof(simple_ssl_session)); + if(!sess) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + return 0; + } SSL_SESSION_get_id(session, &sess->idlen); sess->derlen = i2d_SSL_SESSION(session, NULL); @@ -3211,6 +3219,16 @@ static int add_session(SSL *ssl, SSL_SESSION *session) sess->id = BUF_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen); sess->der = OPENSSL_malloc(sess->derlen); + if(!sess->id || !sess->der) { + BIO_printf(bio_err, "Out of memory adding session to external cache\n"); + + if(sess->id) + OPENSSL_free(sess->id); + if(sess->der) + OPENSSL_free(sess->der); + OPENSSL_free(sess); + return 0; + } p = sess->der; i2d_SSL_SESSION(session, &p); diff --git a/apps/speed.c b/apps/speed.c index ee9d2de..57b53ce 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2764,6 +2764,11 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) inp = OPENSSL_malloc(mblengths[num - 1]); out = OPENSSL_malloc(mblengths[num - 1] + 1024); + if(!inp || !out) { + BIO_printf(bio_err,"Out of memory\n"); + goto end; + } + EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, evp_cipher, NULL, no_key, no_iv); @@ -2848,6 +2853,9 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) fprintf(stdout, "\n"); } - OPENSSL_free(inp); - OPENSSL_free(out); +end: + if(inp) + OPENSSL_free(inp); + if(out) + OPENSSL_free(out); } diff --git a/apps/srp.c b/apps/srp.c index e832535..b9312f8 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -437,10 +437,18 @@ int MAIN(int argc, char **argv) # ifdef OPENSSL_SYS_VMS len = strlen(s) + sizeof(CONFIG_FILE); tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } strcpy(tofree, s); # else len = strlen(s) + sizeof(CONFIG_FILE) + 1; tofree = OPENSSL_malloc(len); + if(!tofree) { + BIO_printf(bio_err, "Out of memory\n"); + goto err; + } BUF_strlcpy(tofree, s, len); BUF_strlcat(tofree, "/", len); # endif diff --git a/apps/x509.c b/apps/x509.c index 4b08c18..380f0f0 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -819,6 +819,11 @@ int MAIN(int argc, char **argv) z = i2d_X509(x, NULL); m = OPENSSL_malloc(z); + if (!m) { + BIO_printf(bio_err, "Out of memory\n"); + ERR_print_errors(bio_err); + goto end; + } d = (unsigned char *)m; z = i2d_X509_NAME(X509_get_subject_name(x), &d); diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 5817a2b..4a73ca9 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -162,6 +162,9 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); @@ -229,6 +232,9 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); p = OPENSSL_malloc(derlen); + if(!p) + return 0; + ndef_aux->derbuf = p; *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 5dc7630..f7940f2 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -713,6 +713,10 @@ doapr_outch(char **sbuffer, if (*maxlen == 0) *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } if (*currlen > 0) { assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); @@ -721,6 +725,10 @@ doapr_outch(char **sbuffer, } else { *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); + if(!*buffer) { + /* Panic! Can't really do anything sensible. Just return */ + return; + } } } /* What to do if *buffer is NULL? */ diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 0767809..aef8149 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -998,6 +998,10 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) */ sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(sockopt_len); + if(!authchunks) { + BIO_vfree(bio); + return (NULL); + } memset(authchunks, 0, sockopt_len); ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, @@ -1333,6 +1337,10 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) optlen = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t)); authchunks = OPENSSL_malloc(optlen); + if (!authchunks) { + BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR); + return -1; + } memset(authchunks, 0, optlen); ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen); @@ -1399,10 +1407,15 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) * yet, we have to save it and send it as soon as the socket gets dry. */ if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { + char *tmp; data->saved_message.bio = b; + if(!(tmp = OPENSSL_malloc(inl))) { + BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR); + return -1; + } if (data->saved_message.data) OPENSSL_free(data->saved_message.data); - data->saved_message.data = OPENSSL_malloc(inl); + data->saved_message.data = tmp; memcpy(data->saved_message.data, in, inl); data->saved_message.length = inl; return inl; diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 5969190..6729930 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -231,6 +231,8 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); + if(!tmp) + return 0; /* setup IV by decrypting last two blocks */ if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, in + inlen - 2 * blocklen, blocklen * 2) diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index c41de92..8975f44 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -468,6 +468,9 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key, ret = 0; Zlen = DH_size(dh); Z = OPENSSL_malloc(Zlen); + if(!Z) { + goto err; + } if (DH_compute_key_padded(Z, dhpub, dh) <= 0) goto err; if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid, diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 6498184..d3c4eab 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -527,7 +527,8 @@ static char *vms_name_converter(DSO *dso, const char *filename) { int len = strlen(filename); char *not_translated = OPENSSL_malloc(len + 1); - strcpy(not_translated, filename); + if(not_translated) + strcpy(not_translated, filename); return (not_translated); } diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index d7fa0d8..48ab1a7 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -311,15 +311,18 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); - d.n = 0; - OBJ_NAME_do_all(type, do_all_sorted_fn, &d); + /* Really should return an error if !d.names...but its a void function! */ + if(d.names) { + d.n = 0; + OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); - for (n = 0; n < d.n; ++n) - fn(d.names[n], arg); + for (n = 0; n < d.n; ++n) + fn(d.names[n], arg); - OPENSSL_free((void *)d.names); + OPENSSL_free((void *)d.names); + } } static int free_type; diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c index 9c4a137..02148d5 100644 --- a/crypto/rand/rand_os2.c +++ b/crypto/rand/rand_os2.c @@ -149,6 +149,9 @@ int RAND_poll(void) if (DosQuerySysState) { char *buffer = OPENSSL_malloc(256 * 1024); + if(!buffer) + return 0; + if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) { /* * First 4 bytes in buffer is a pointer to the thread count there diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 9a8e909..7b303b2 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -117,6 +117,10 @@ void CRYPTO_thread_setup(void) int i; lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(HANDLE)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = CreateMutex(NULL, FALSE, NULL); } @@ -168,6 +172,10 @@ void CRYPTO_thread_setup(void) # else lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(rwlock_t)); # endif + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; @@ -239,6 +247,12 @@ void CRYPTO_thread_setup(void) int i; char filename[20]; + lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); + if(!lock_cs) { + /* Nothing we can do about this...void function! */ + return; + } + strcpy(filename, "/tmp/mttest.XXXXXX"); mktemp(filename); @@ -249,7 +263,6 @@ void CRYPTO_thread_setup(void) arena = usinit(filename); unlink(filename); - lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(usema_t *)); for (i = 0; i < CRYPTO_num_locks(); i++) { lock_cs[i] = usnewsema(arena, 1); } @@ -303,6 +316,14 @@ void CRYPTO_thread_setup(void) lock_cs = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); + if(!lock_cs || !lock_count) { + /* Nothing we can do about this...void function! */ + if(lock_cs) + OPENSSL_free(lock_cs); + if(lock_count) + OPENSSL_free(lock_count); + return; + } for (i = 0; i < CRYPTO_num_locks(); i++) { lock_count[i] = 0; pthread_mutex_init(&(lock_cs[i]), NULL); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 11b1c55..f54152e 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -727,6 +727,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) packlen *= 4; wb->buf = OPENSSL_malloc(packlen); + if(!wb->buf) { + SSLerr(SSL_F_SSL3_WRITE_BYTES, ERR_R_MALLOC_FAILURE); + return -1; + } wb->len = packlen; } else if (tot == len) { /* done? */ OPENSSL_free(wb->buf); /* free jumbo buffer */ From matt at openssl.org Thu Mar 5 09:32:03 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Mar 2015 09:32:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425547923.824536.10007.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 183db9af80510abfe522c97387268906fd1d31c6 (commit) from 9f114219508d64a5b9522006eab1ed2db918dd25 (commit) - Log ----------------------------------------------------------------- commit 183db9af80510abfe522c97387268906fd1d31c6 Author: Kurt Cancemi Date: Wed Mar 4 10:57:45 2015 +0000 Use constants not numbers This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz (cherry picked from commit fd865cadcb603918bdcfcf44e487721c657a1117) ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 4 ++-- ssl/s3_pkt.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 2abb7ef..0985bb0 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1138,7 +1138,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP @@ -1187,7 +1187,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index d422abf..7c9f20c 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1258,7 +1258,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -1281,7 +1281,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) return (0); #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; From matt at openssl.org Thu Mar 5 09:32:14 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Mar 2015 09:32:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425547934.353740.10245.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f9a21ed069846c4c18f9894bbef2fc77551a1028 (commit) from d6b4a41d100c2d3b401baf8edc34085ff610c5ba (commit) - Log ----------------------------------------------------------------- commit f9a21ed069846c4c18f9894bbef2fc77551a1028 Author: Kurt Cancemi Date: Wed Mar 4 10:57:45 2015 +0000 Use constants not numbers This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz (cherry picked from commit fd865cadcb603918bdcfcf44e487721c657a1117) ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 4 ++-- ssl/s3_pkt.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index c07be8f..bf96f60 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1142,7 +1142,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP @@ -1191,7 +1191,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 136d273..4e6a41b 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1430,7 +1430,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -1453,7 +1453,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) return (0); #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; From matt at openssl.org Thu Mar 5 09:32:20 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 05 Mar 2015 09:32:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425547940.520539.10484.nullmailer@dev.openssl.org> The branch master has been updated via fd865cadcb603918bdcfcf44e487721c657a1117 (commit) from 918bb8652969fd53f0c390c1cd909265ed502c7e (commit) - Log ----------------------------------------------------------------- commit fd865cadcb603918bdcfcf44e487721c657a1117 Author: Kurt Cancemi Date: Wed Mar 4 10:57:45 2015 +0000 Use constants not numbers This patch uses warning/fatal constants instead of numbers with comments for warning/alerts in d1_pkt.c and s3_pkt.c RT#3725 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 4 ++-- ssl/s3_pkt.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index d66ecf5..b1d9156 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1088,7 +1088,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { #ifndef OPENSSL_NO_SCTP @@ -1137,7 +1137,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } } #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index f54152e..66fa9d1 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -1451,7 +1451,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) cb(s, SSL_CB_READ_ALERT, j); } - if (alert_level == 1) { /* warning */ + if (alert_level == SSL3_AL_WARNING) { s->s3->warn_alert = alert_descr; if (alert_descr == SSL_AD_CLOSE_NOTIFY) { s->shutdown |= SSL_RECEIVED_SHUTDOWN; @@ -1474,7 +1474,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME) return (0); #endif - } else if (alert_level == 2) { /* fatal */ + } else if (alert_level == SSL3_AL_FATAL) { char tmp[16]; s->rwstate = SSL_NOTHING; From angluvschris at gmail.com Thu Mar 5 10:07:46 2015 From: angluvschris at gmail.com (angela Austin) Date: Thu, 5 Mar 2015 04:07:46 -0600 Subject: [openssl-commits] (no subject) Message-ID: -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at openssl.org Thu Mar 5 14:48:55 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 05 Mar 2015 14:48:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425566935.441131.13052.nullmailer@dev.openssl.org> The branch master has been updated via 6ef869d7d0a9d2e7ea7908c0b5aab1cb451e00fa (commit) from fd865cadcb603918bdcfcf44e487721c657a1117 (commit) - Log ----------------------------------------------------------------- commit 6ef869d7d0a9d2e7ea7908c0b5aab1cb451e00fa Author: Dr. Stephen Henson Date: Thu Mar 5 13:41:11 2015 +0000 Make OCSP structures opaque. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 8 +- crypto/ocsp/Makefile | 6 +- crypto/ocsp/ocsp.h | 219 +++--------------------------- crypto/ocsp/ocsp_asn.c | 1 + crypto/ocsp/ocsp_cl.c | 6 + crypto/ocsp/ocsp_ext.c | 1 + crypto/ocsp/ocsp_lcl.h | 273 ++++++++++++++++++++++++++++++++++++++ crypto/ocsp/ocsp_lib.c | 1 + crypto/ocsp/ocsp_prn.c | 1 + crypto/ocsp/ocsp_srv.c | 1 + crypto/ocsp/ocsp_vfy.c | 1 + crypto/{x509v3 => ocsp}/v3_ocsp.c | 4 +- crypto/x509v3/Makefile | 18 +-- 13 files changed, 316 insertions(+), 224 deletions(-) create mode 100644 crypto/ocsp/ocsp_lcl.h rename crypto/{x509v3 => ocsp}/v3_ocsp.c (99%) diff --git a/apps/ocsp.c b/apps/ocsp.c index b0b3069..83a7175 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1110,8 +1110,12 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags); - if (badsig) - bs->signature->data[bs->signature->length - 1] ^= 0x1; + if (badsig) { + ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); + unsigned char *sigptr; + sigptr = ASN1_STRING_data(sig); + sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1; + } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index 60c414c..f5b8445 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -18,15 +18,15 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \ - ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c + ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c v3_ocsp.c LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \ - ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o + ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o v3_ocsp.o SRC= $(LIBSRC) EXHEADER= ocsp.h -HEADER= $(EXHEADER) +HEADER= ocsp_lcl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index ca2ee76..6999788 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -93,76 +93,19 @@ extern "C" { # define OCSP_RESPID_KEY 0x400 # define OCSP_NOTIME 0x800 -/*- CertID ::= SEQUENCE { - * hashAlgorithm AlgorithmIdentifier, - * issuerNameHash OCTET STRING, -- Hash of Issuer's DN - * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) - * serialNumber CertificateSerialNumber } - */ -typedef struct ocsp_cert_id_st { - X509_ALGOR *hashAlgorithm; - ASN1_OCTET_STRING *issuerNameHash; - ASN1_OCTET_STRING *issuerKeyHash; - ASN1_INTEGER *serialNumber; -} OCSP_CERTID; +typedef struct ocsp_cert_id_st OCSP_CERTID; DECLARE_STACK_OF(OCSP_CERTID) -/*- Request ::= SEQUENCE { - * reqCert CertID, - * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_one_request_st { - OCSP_CERTID *reqCert; - STACK_OF(X509_EXTENSION) *singleRequestExtensions; -} OCSP_ONEREQ; +typedef struct ocsp_one_request_st OCSP_ONEREQ; DECLARE_STACK_OF(OCSP_ONEREQ) DECLARE_ASN1_SET_OF(OCSP_ONEREQ) -/*- TBSRequest ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * requestorName [1] EXPLICIT GeneralName OPTIONAL, - * requestList SEQUENCE OF Request, - * requestExtensions [2] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_req_info_st { - ASN1_INTEGER *version; - GENERAL_NAME *requestorName; - STACK_OF(OCSP_ONEREQ) *requestList; - STACK_OF(X509_EXTENSION) *requestExtensions; -} OCSP_REQINFO; - -/*- Signature ::= SEQUENCE { - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ -typedef struct ocsp_signature_st { - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_SIGNATURE; - -/*- OCSPRequest ::= SEQUENCE { - * tbsRequest TBSRequest, - * optionalSignature [0] EXPLICIT Signature OPTIONAL } - */ -typedef struct ocsp_request_st { - OCSP_REQINFO *tbsRequest; - OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ -} OCSP_REQUEST; - -/*- OCSPResponseStatus ::= ENUMERATED { - * successful (0), --Response has valid confirmations - * malformedRequest (1), --Illegal confirmation request - * internalError (2), --Internal error in issuer - * tryLater (3), --Try again later - * --(4) is not used - * sigRequired (5), --Must sign the request - * unauthorized (6) --Request unauthorized - * } - */ +typedef struct ocsp_req_info_st OCSP_REQINFO; +typedef struct ocsp_signature_st OCSP_SIGNATURE; +typedef struct ocsp_request_st OCSP_REQUEST; + # define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 # define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 # define OCSP_RESPONSE_STATUS_INTERNALERROR 2 @@ -170,136 +113,29 @@ typedef struct ocsp_request_st { # define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 # define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 -/*- ResponseBytes ::= SEQUENCE { - * responseType OBJECT IDENTIFIER, - * response OCTET STRING } - */ -typedef struct ocsp_resp_bytes_st { - ASN1_OBJECT *responseType; - ASN1_OCTET_STRING *response; -} OCSP_RESPBYTES; - -/*- OCSPResponse ::= SEQUENCE { - * responseStatus OCSPResponseStatus, - * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } - */ -struct ocsp_response_st { - ASN1_ENUMERATED *responseStatus; - OCSP_RESPBYTES *responseBytes; -}; - -/*- ResponderID ::= CHOICE { - * byName [1] Name, - * byKey [2] KeyHash } - */ +typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; + # define V_OCSP_RESPID_NAME 0 # define V_OCSP_RESPID_KEY 1 -struct ocsp_responder_id_st { - int type; - union { - X509_NAME *byName; - ASN1_OCTET_STRING *byKey; - } value; -}; DECLARE_STACK_OF(OCSP_RESPID) DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) -/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key - * --(excluding the tag and length fields) - */ +typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; -/*- RevokedInfo ::= SEQUENCE { - * revocationTime GeneralizedTime, - * revocationReason [0] EXPLICIT CRLReason OPTIONAL } - */ -typedef struct ocsp_revoked_info_st { - ASN1_GENERALIZEDTIME *revocationTime; - ASN1_ENUMERATED *revocationReason; -} OCSP_REVOKEDINFO; - -/*- CertStatus ::= CHOICE { - * good [0] IMPLICIT NULL, - * revoked [1] IMPLICIT RevokedInfo, - * unknown [2] IMPLICIT UnknownInfo } - */ # define V_OCSP_CERTSTATUS_GOOD 0 # define V_OCSP_CERTSTATUS_REVOKED 1 # define V_OCSP_CERTSTATUS_UNKNOWN 2 -typedef struct ocsp_cert_status_st { - int type; - union { - ASN1_NULL *good; - OCSP_REVOKEDINFO *revoked; - ASN1_NULL *unknown; - } value; -} OCSP_CERTSTATUS; - -/*- SingleResponse ::= SEQUENCE { - * certID CertID, - * certStatus CertStatus, - * thisUpdate GeneralizedTime, - * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, - * singleExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_single_response_st { - OCSP_CERTID *certId; - OCSP_CERTSTATUS *certStatus; - ASN1_GENERALIZEDTIME *thisUpdate; - ASN1_GENERALIZEDTIME *nextUpdate; - STACK_OF(X509_EXTENSION) *singleExtensions; -} OCSP_SINGLERESP; + +typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; +typedef struct ocsp_single_response_st OCSP_SINGLERESP; DECLARE_STACK_OF(OCSP_SINGLERESP) DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) -/*- ResponseData ::= SEQUENCE { - * version [0] EXPLICIT Version DEFAULT v1, - * responderID ResponderID, - * producedAt GeneralizedTime, - * responses SEQUENCE OF SingleResponse, - * responseExtensions [1] EXPLICIT Extensions OPTIONAL } - */ -typedef struct ocsp_response_data_st { - ASN1_INTEGER *version; - OCSP_RESPID *responderId; - ASN1_GENERALIZEDTIME *producedAt; - STACK_OF(OCSP_SINGLERESP) *responses; - STACK_OF(X509_EXTENSION) *responseExtensions; -} OCSP_RESPDATA; - -/*- BasicOCSPResponse ::= SEQUENCE { - * tbsResponseData ResponseData, - * signatureAlgorithm AlgorithmIdentifier, - * signature BIT STRING, - * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } - */ - /* - * Note 1: The value for "signature" is specified in the OCSP rfc2560 as - * follows: "The value for the signature SHALL be computed on the hash of - * the DER encoding ResponseData." This means that you must hash the - * DER-encoded tbsResponseData, and then run it through a crypto-signing - * function, which will (at least w/RSA) do a hash-'n'-private-encrypt - * operation. This seems a bit odd, but that's the spec. Also note that - * the data structures do not leave anywhere to independently specify the - * algorithm used for the initial hash. So, we look at the - * signature-specification algorithm, and try to do something intelligent. - * -- Kathy Weinhold, CertCo - */ - /* - * Note 2: It seems that the mentioned passage from RFC 2560 (section - * 4.2.1) is open for interpretation. I've done tests against another - * responder, and found that it doesn't do the double hashing that the RFC - * seems to say one should. Therefore, all relevant functions take a flag - * saying which variant should be used. -- Richard Levitte, OpenSSL team - * and CeloCom - */ -typedef struct ocsp_basic_response_st { - OCSP_RESPDATA *tbsResponseData; - X509_ALGOR *signatureAlgorithm; - ASN1_BIT_STRING *signature; - STACK_OF(X509) *certs; -} OCSP_BASICRESP; +typedef struct ocsp_response_data_st OCSP_RESPDATA; + +typedef struct ocsp_basic_response_st OCSP_BASICRESP; /*- * CRLReason ::= ENUMERATED { @@ -322,27 +158,8 @@ typedef struct ocsp_basic_response_st { # define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 # define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 -/*- - * CrlID ::= SEQUENCE { - * crlUrl [0] EXPLICIT IA5String OPTIONAL, - * crlNum [1] EXPLICIT INTEGER OPTIONAL, - * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } - */ -typedef struct ocsp_crl_id_st { - ASN1_IA5STRING *crlUrl; - ASN1_INTEGER *crlNum; - ASN1_GENERALIZEDTIME *crlTime; -} OCSP_CRLID; - -/*- - * ServiceLocator ::= SEQUENCE { - * issuer Name, - * locator AuthorityInfoAccessSyntax OPTIONAL } - */ -typedef struct ocsp_service_locator_st { - X509_NAME *issuer; - STACK_OF(ACCESS_DESCRIPTION) *locator; -} OCSP_SERVICELOC; +typedef struct ocsp_crl_id_st OCSP_CRLID; +typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" # define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" @@ -440,6 +257,8 @@ int OCSP_request_sign(OCSP_REQUEST *req, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs); + int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index e2e52e7..c3362f0 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -59,6 +59,7 @@ #include #include #include +#include "ocsp_lcl.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 7e6ccdd..78d817d 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -73,6 +73,7 @@ #include #include #include +#include "ocsp_lcl.h" /* * Utility functions related to sending OCSP requests and extracting relevant @@ -216,6 +217,11 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); } +ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs) +{ + return bs->signature; +} + /* * Return number of OCSP_SINGLERESP reponses present in a basic response. */ diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index ce31b1b..04ae17f 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -69,6 +69,7 @@ #include #include #include +#include "ocsp_lcl.h" #include #include diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h new file mode 100644 index 0000000..86fb0b9 --- /dev/null +++ b/crypto/ocsp/ocsp_lcl.h @@ -0,0 +1,273 @@ +/* ocsp_lcl.h */ +/* + * Written by Tom Titchener for the OpenSSL + * project. + */ + +/* + * History: This file was transfered to Richard Levitte from CertCo by Kathy + * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a + * patch kit. + */ + +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +/*- CertID ::= SEQUENCE { + * hashAlgorithm AlgorithmIdentifier, + * issuerNameHash OCTET STRING, -- Hash of Issuer's DN + * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) + * serialNumber CertificateSerialNumber } + */ +struct ocsp_cert_id_st { + X509_ALGOR *hashAlgorithm; + ASN1_OCTET_STRING *issuerNameHash; + ASN1_OCTET_STRING *issuerKeyHash; + ASN1_INTEGER *serialNumber; +}; + +/*- Request ::= SEQUENCE { + * reqCert CertID, + * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_one_request_st { + OCSP_CERTID *reqCert; + STACK_OF(X509_EXTENSION) *singleRequestExtensions; +}; + +/*- TBSRequest ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * requestorName [1] EXPLICIT GeneralName OPTIONAL, + * requestList SEQUENCE OF Request, + * requestExtensions [2] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_req_info_st { + ASN1_INTEGER *version; + GENERAL_NAME *requestorName; + STACK_OF(OCSP_ONEREQ) *requestList; + STACK_OF(X509_EXTENSION) *requestExtensions; +}; + +/*- Signature ::= SEQUENCE { + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ +struct ocsp_signature_st { + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +}; + +/*- OCSPRequest ::= SEQUENCE { + * tbsRequest TBSRequest, + * optionalSignature [0] EXPLICIT Signature OPTIONAL } + */ +struct ocsp_request_st { + OCSP_REQINFO *tbsRequest; + OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ +}; + +/*- OCSPResponseStatus ::= ENUMERATED { + * successful (0), --Response has valid confirmations + * malformedRequest (1), --Illegal confirmation request + * internalError (2), --Internal error in issuer + * tryLater (3), --Try again later + * --(4) is not used + * sigRequired (5), --Must sign the request + * unauthorized (6) --Request unauthorized + * } + */ + +/*- ResponseBytes ::= SEQUENCE { + * responseType OBJECT IDENTIFIER, + * response OCTET STRING } + */ +struct ocsp_resp_bytes_st { + ASN1_OBJECT *responseType; + ASN1_OCTET_STRING *response; +}; + +/*- OCSPResponse ::= SEQUENCE { + * responseStatus OCSPResponseStatus, + * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } + */ +struct ocsp_response_st { + ASN1_ENUMERATED *responseStatus; + OCSP_RESPBYTES *responseBytes; +}; + +/*- ResponderID ::= CHOICE { + * byName [1] Name, + * byKey [2] KeyHash } + */ +struct ocsp_responder_id_st { + int type; + union { + X509_NAME *byName; + ASN1_OCTET_STRING *byKey; + } value; +}; + +/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key + * --(excluding the tag and length fields) + */ + +/*- RevokedInfo ::= SEQUENCE { + * revocationTime GeneralizedTime, + * revocationReason [0] EXPLICIT CRLReason OPTIONAL } + */ +struct ocsp_revoked_info_st { + ASN1_GENERALIZEDTIME *revocationTime; + ASN1_ENUMERATED *revocationReason; +}; + +/*- CertStatus ::= CHOICE { + * good [0] IMPLICIT NULL, + * revoked [1] IMPLICIT RevokedInfo, + * unknown [2] IMPLICIT UnknownInfo } + */ +struct ocsp_cert_status_st { + int type; + union { + ASN1_NULL *good; + OCSP_REVOKEDINFO *revoked; + ASN1_NULL *unknown; + } value; +}; + +/*- SingleResponse ::= SEQUENCE { + * certID CertID, + * certStatus CertStatus, + * thisUpdate GeneralizedTime, + * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, + * singleExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_single_response_st { + OCSP_CERTID *certId; + OCSP_CERTSTATUS *certStatus; + ASN1_GENERALIZEDTIME *thisUpdate; + ASN1_GENERALIZEDTIME *nextUpdate; + STACK_OF(X509_EXTENSION) *singleExtensions; +}; + +/*- ResponseData ::= SEQUENCE { + * version [0] EXPLICIT Version DEFAULT v1, + * responderID ResponderID, + * producedAt GeneralizedTime, + * responses SEQUENCE OF SingleResponse, + * responseExtensions [1] EXPLICIT Extensions OPTIONAL } + */ +struct ocsp_response_data_st { + ASN1_INTEGER *version; + OCSP_RESPID *responderId; + ASN1_GENERALIZEDTIME *producedAt; + STACK_OF(OCSP_SINGLERESP) *responses; + STACK_OF(X509_EXTENSION) *responseExtensions; +}; + +/*- BasicOCSPResponse ::= SEQUENCE { + * tbsResponseData ResponseData, + * signatureAlgorithm AlgorithmIdentifier, + * signature BIT STRING, + * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } + */ + /* + * Note 1: The value for "signature" is specified in the OCSP rfc2560 as + * follows: "The value for the signature SHALL be computed on the hash of + * the DER encoding ResponseData." This means that you must hash the + * DER-encoded tbsResponseData, and then run it through a crypto-signing + * function, which will (at least w/RSA) do a hash-'n'-private-encrypt + * operation. This seems a bit odd, but that's the spec. Also note that + * the data structures do not leave anywhere to independently specify the + * algorithm used for the initial hash. So, we look at the + * signature-specification algorithm, and try to do something intelligent. + * -- Kathy Weinhold, CertCo + */ + /* + * Note 2: It seems that the mentioned passage from RFC 2560 (section + * 4.2.1) is open for interpretation. I've done tests against another + * responder, and found that it doesn't do the double hashing that the RFC + * seems to say one should. Therefore, all relevant functions take a flag + * saying which variant should be used. -- Richard Levitte, OpenSSL team + * and CeloCom + */ +struct ocsp_basic_response_st { + OCSP_RESPDATA *tbsResponseData; + X509_ALGOR *signatureAlgorithm; + ASN1_BIT_STRING *signature; + STACK_OF(X509) *certs; +}; + +/*- + * CrlID ::= SEQUENCE { + * crlUrl [0] EXPLICIT IA5String OPTIONAL, + * crlNum [1] EXPLICIT INTEGER OPTIONAL, + * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } + */ +struct ocsp_crl_id_st { + ASN1_IA5STRING *crlUrl; + ASN1_INTEGER *crlNum; + ASN1_GENERALIZEDTIME *crlTime; +}; + +/*- + * ServiceLocator ::= SEQUENCE { + * issuer Name, + * locator AuthorityInfoAccessSyntax OPTIONAL } + */ +struct ocsp_service_locator_st { + X509_NAME *issuer; + STACK_OF(ACCESS_DESCRIPTION) *locator; +}; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 24ca40e..8e87f49 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -72,6 +72,7 @@ #include #include #include +#include "ocsp_lcl.h" #include /* Convert a certificate and its issuer to an OCSP_CERTID */ diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 1834256..96c2023 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -67,6 +67,7 @@ #include #include #include +#include "ocsp_lcl.h" #include static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 2ec2c63..00cafea 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -65,6 +65,7 @@ #include #include #include +#include "ocsp_lcl.h" /* * Utility functions related to sending OCSP responses and extracting diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 6c0ccb5..8beadf7 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -58,6 +58,7 @@ */ #include +#include "ocsp_lcl.h" #include #include diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c similarity index 99% rename from crypto/x509v3/v3_ocsp.c rename to crypto/ocsp/v3_ocsp.c index b151eac..006db17 100644 --- a/crypto/x509v3/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -57,13 +57,12 @@ * */ -#ifndef OPENSSL_NO_OCSP - # include # include "cryptlib.h" # include # include # include +# include "ocsp_lcl.h" # include /* @@ -309,4 +308,3 @@ static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, err: return 0; } -#endif diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index cdbfd52..284dfa8 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -20,13 +20,13 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \ v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \ +v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \ pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ v3_asid.c v3_addr.c v3_scts.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_ocsp.o v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \ +v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \ pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \ v3_asid.o v3_addr.o v3_scts.o @@ -422,20 +422,6 @@ v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_ncons.o: ../cryptlib.h v3_ncons.c -v3_ocsp.o: ../../e_os.h ../../include/openssl/asn1.h -v3_ocsp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -v3_ocsp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -v3_ocsp.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -v3_ocsp.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -v3_ocsp.o: ../../include/openssl/err.h ../../include/openssl/evp.h -v3_ocsp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -v3_ocsp.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h -v3_ocsp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ocsp.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h From steve at openssl.org Thu Mar 5 15:50:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 05 Mar 2015 15:50:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425570641.035125.20652.nullmailer@dev.openssl.org> The branch master has been updated via d62bc5d30f7d9519aeff9160f98b9ad9aa592c41 (commit) from 6ef869d7d0a9d2e7ea7908c0b5aab1cb451e00fa (commit) - Log ----------------------------------------------------------------- commit d62bc5d30f7d9519aeff9160f98b9ad9aa592c41 Author: Dr. Stephen Henson Date: Thu Mar 5 15:44:41 2015 +0000 update ordinals Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/util/libeay.num b/util/libeay.num index 32cba2e..1bb1749 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -943,7 +943,7 @@ EVP_rc2_40_cbc 959 EXIST::FUNCTION:RC2 EVP_rc4_40 960 EXIST::FUNCTION:RC4 EVP_CIPHER_CTX_init 961 EXIST::FUNCTION: HMAC 962 EXIST::FUNCTION: -HMAC_Init 963 EXIST::FUNCTION: +HMAC_Init 963 EXIST::FUNCTION:DEPRECATED HMAC_Update 964 EXIST::FUNCTION: HMAC_Final 965 EXIST::FUNCTION: ERR_get_next_error_library 966 EXIST::FUNCTION: @@ -3001,7 +3001,7 @@ pqueue_print 3428 EXIST::FUNCTION: EC_GROUP_have_precompute_mult 3429 EXIST::FUNCTION:EC EC_KEY_print_fp 3430 EXIST::FUNCTION:EC,STDIO BN_GF2m_mod_arr 3431 EXIST::FUNCTION:EC2M -PEM_write_bio_X509_CERT_PAIR 3432 EXIST::FUNCTION: +PEM_write_bio_X509_CERT_PAIR 3432 NOEXIST::FUNCTION: EVP_PKEY_cmp 3433 EXIST::FUNCTION: X509_policy_level_node_count 3434 EXIST::FUNCTION: STORE_new_engine 3435 NOEXIST::FUNCTION: @@ -3081,7 +3081,7 @@ BN_is_prime_ex 3503 EXIST::FUNCTION: STORE_revoke_public_key 3504 NOEXIST::FUNCTION: X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION: STORE_delete_arbitrary 3506 NOEXIST::FUNCTION: -PEM_read_X509_CERT_PAIR 3507 EXIST::FUNCTION: +PEM_read_X509_CERT_PAIR 3507 NOEXIST::FUNCTION: X509_STORE_set_depth 3508 EXIST::FUNCTION: ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA SHA224 3510 EXIST::FUNCTION: @@ -3110,8 +3110,8 @@ STORE_method_set_modify_function 3530 NOEXIST::FUNCTION: STORE_parse_attrs_next 3531 NOEXIST::FUNCTION: ENGINE_load_padlock 3532 EXIST::FUNCTION:ENGINE,STATIC_ENGINE EC_GROUP_set_curve_name 3533 EXIST::FUNCTION:EC -X509_CERT_PAIR_it 3534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -X509_CERT_PAIR_it 3534 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +X509_CERT_PAIR_it 3534 NOEXIST::FUNCTION: +X509_CERT_PAIR_it 3534 NOEXIST::FUNCTION: STORE_meth_get_revoke_fn 3535 NOEXIST::FUNCTION: STORE_method_get_revoke_function 3535 NOEXIST::FUNCTION: STORE_method_set_get_function 3536 NOEXIST::FUNCTION: @@ -3159,7 +3159,7 @@ BN_GF2m_add 3574 EXIST::FUNCTION:EC2M EC_KEY_get0_group 3575 EXIST::FUNCTION:EC STORE_generate_crl 3576 NOEXIST::FUNCTION: STORE_store_public_key 3577 NOEXIST::FUNCTION: -X509_CERT_PAIR_free 3578 EXIST::FUNCTION: +X509_CERT_PAIR_free 3578 NOEXIST::FUNCTION: STORE_revoke_private_key 3579 NOEXIST::FUNCTION: BN_nist_mod_224 3580 EXIST::FUNCTION: SHA512_Final 3581 EXIST:!VMSVAX:FUNCTION: @@ -3230,7 +3230,7 @@ STORE_list_public_key_next 3638 NOEXIST::FUNCTION: i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION: STORE_OBJECT_free 3640 NOEXIST::FUNCTION: BN_nist_mod_384 3641 EXIST::FUNCTION: -i2d_X509_CERT_PAIR 3642 EXIST::FUNCTION: +i2d_X509_CERT_PAIR 3642 NOEXIST::FUNCTION: PEM_write_ECPKParameters 3643 EXIST::FUNCTION:EC ECDH_compute_key 3644 EXIST::FUNCTION:ECDH STORE_ATTR_INFO_get0_sha1str 3645 NOEXIST::FUNCTION: @@ -3276,7 +3276,7 @@ STORE_method_get_unlock_store_function 3680 NOEXIST::FUNCTION: STORE_get_ex_data 3681 NOEXIST::FUNCTION: EC_KEY_set_public_key 3682 EXIST::FUNCTION:EC PEM_read_ECPKParameters 3683 EXIST::FUNCTION:EC -X509_CERT_PAIR_new 3684 EXIST::FUNCTION: +X509_CERT_PAIR_new 3684 NOEXIST::FUNCTION: ENGINE_register_STORE 3685 EXIST::FUNCTION:ENGINE RSA_generate_key_ex 3686 EXIST::FUNCTION:RSA DSA_generate_parameters_ex 3687 EXIST::FUNCTION:DSA @@ -3290,9 +3290,9 @@ POLICY_MAPPINGS_it 3693 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI GENERAL_SUBTREE_it 3694 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: GENERAL_SUBTREE_it 3694 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_get_curve_name 3695 EXIST::FUNCTION:EC -PEM_write_X509_CERT_PAIR 3696 EXIST::FUNCTION: +PEM_write_X509_CERT_PAIR 3696 NOEXIST::FUNCTION: BIO_dump_indent_cb 3697 EXIST::FUNCTION: -d2i_X509_CERT_PAIR 3698 EXIST::FUNCTION: +d2i_X509_CERT_PAIR 3698 NOEXIST::FUNCTION: STORE_list_private_key_endp 3699 NOEXIST::FUNCTION: asn1_const_Finish 3700 EXIST::FUNCTION: i2d_EC_PUBKEY_fp 3701 EXIST::FUNCTION:EC,STDIO @@ -3349,7 +3349,7 @@ EC_GROUP_set_asn1_flag 3749 EXIST::FUNCTION:EC EC_KEY_check_key 3750 EXIST::FUNCTION:EC d2i_EC_PUBKEY_fp 3751 EXIST::FUNCTION:EC,STDIO PKCS7_set0_type_other 3752 EXIST::FUNCTION: -PEM_read_bio_X509_CERT_PAIR 3753 EXIST::FUNCTION: +PEM_read_bio_X509_CERT_PAIR 3753 NOEXIST::FUNCTION: pqueue_next 3754 EXIST::FUNCTION: STORE_meth_get_list_end_fn 3755 NOEXIST::FUNCTION: STORE_method_get_list_end_function 3755 NOEXIST::FUNCTION: @@ -4545,3 +4545,7 @@ BN_GENCB_get_arg 4904 EXIST::FUNCTION: BN_zero_ex 4905 EXIST::FUNCTION: BN_is_odd 4906 EXIST::FUNCTION: BN_set_flags 4907 EXIST::FUNCTION: +EVP_camellia_128_ctr 4908 EXIST::FUNCTION:CAMELLIA +EVP_camellia_256_ctr 4909 EXIST::FUNCTION:CAMELLIA +EVP_camellia_192_ctr 4910 EXIST::FUNCTION:CAMELLIA +OCSP_resp_get0_signature 4911 EXIST::FUNCTION: From steve at openssl.org Thu Mar 5 16:08:00 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 05 Mar 2015 16:08:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425571680.573203.23277.nullmailer@dev.openssl.org> The branch master has been updated via 31c2b6ee7a5bc69b9bfc7eb96f4fa30f3a2681bd (commit) from d62bc5d30f7d9519aeff9160f98b9ad9aa592c41 (commit) - Log ----------------------------------------------------------------- commit 31c2b6ee7a5bc69b9bfc7eb96f4fa30f3a2681bd Author: Dr. Stephen Henson Date: Thu Mar 5 15:17:33 2015 +0000 Make STACK_OF opaque. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/stack/safestack.h | 12 ++---------- crypto/stack/stack.c | 8 ++++++++ crypto/stack/stack.h | 11 +---------- 3 files changed, 11 insertions(+), 20 deletions(-) diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index bd0397d..ceb0ba8 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -88,16 +88,8 @@ extern "C" { # define STACK_OF(type) struct stack_st_##type # define PREDECLARE_STACK_OF(type) STACK_OF(type); -# define DECLARE_STACK_OF(type) \ -STACK_OF(type) \ - { \ - _STACK stack; \ - }; -# define DECLARE_SPECIAL_STACK_OF(type, type2) \ -STACK_OF(type) \ - { \ - _STACK stack; \ - }; +# define DECLARE_STACK_OF(type) STACK_OF(type); +# define DECLARE_SPECIAL_STACK_OF(type, type2) STACK_OF(type); /*- * Strings are special: normally an lhash entry will point to a single diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 758ace9..1b89f55 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -60,6 +60,14 @@ #include #include +struct stack_st { + int num; + char **data; + int sorted; + int num_alloc; + int (*comp) (const void *, const void *); +}; + #undef MIN_NODES #define MIN_NODES 4 diff --git a/crypto/stack/stack.h b/crypto/stack/stack.h index eb07216..6b8869c 100644 --- a/crypto/stack/stack.h +++ b/crypto/stack/stack.h @@ -63,16 +63,7 @@ extern "C" { #endif -typedef struct stack_st { - int num; - char **data; - int sorted; - int num_alloc; - int (*comp) (const void *, const void *); -} _STACK; /* Use STACK_OF(...) instead */ - -# define M_sk_num(sk) ((sk) ? (sk)->num:-1) -# define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) +typedef struct stack_st _STACK; /* Use STACK_OF(...) instead */ int sk_num(const _STACK *); void *sk_value(const _STACK *, int); From Steve at openssl.org Thu Mar 5 19:56:40 2015 From: Steve at openssl.org (Steve at openssl.org) Date: Thu, 05 Mar 2015 19:56:40 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1425585400.082688.15558.nullmailer@dev.openssl.org> The branch master has been updated via c1a690a05e888b41ed73cc24a91e471ea47d4fe8 (commit) from d48d043b3068069836cf76238ca279de59e69ed1 (commit) - Log ----------------------------------------------------------------- commit c1a690a05e888b41ed73cc24a91e471ea47d4fe8 Author: Steve Marquess Date: Thu Mar 5 14:56:26 2015 -0500 Add 8.odt files to index ----------------------------------------------------------------------- Summary of changes: docs/fips/index.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fips/index.wml b/docs/fips/index.wml index 0e8ccd3..0bb9a6a 100644 --- a/docs/fips/index.wml +++ b/docs/fips/index.wml @@ -12,7 +12,7 @@ introduction and some general background see Important Notes About OpenSSL and FIPS 140-2, also note the summary and status of the ongoing open source based OpenSSL FIPS Object Module validation.

- +

Note FIPS module and FIPS validation support is included in some of the OpenSSL support plans. Assistance From levitte at openssl.org Fri Mar 6 09:21:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 06 Mar 2015 09:21:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425633702.082514.12861.nullmailer@dev.openssl.org> The branch master has been updated via cdca82dcde1d233a648c18b2359f058f42dfe9ae (commit) from 31c2b6ee7a5bc69b9bfc7eb96f4fa30f3a2681bd (commit) - Log ----------------------------------------------------------------- commit cdca82dcde1d233a648c18b2359f058f42dfe9ae Author: Richard Levitte Date: Thu Mar 5 18:19:06 2015 +0100 Catch up the VMS build. crypto/crypto-lib.com - catch up with the OCSP changes test/maketest.com and test/tests.com - catch up with the addition of test_evp_extra Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/crypto-lib.com | 4 ++-- test/maketests.com | 6 ++++-- test/tests.com | 8 ++++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index bf01471..0514821 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -328,7 +328,7 @@ $ LIB_X509 = "x509_def,x509_d2,x509_r2x,x509_cmp,"+ - $ LIB_X509V3 = "v3_bcons,v3_bitst,v3_conf,v3_extku,v3_ia5,v3_lib,"+ - "v3_prn,v3_utl,v3err,v3_genn,v3_alt,v3_skey,v3_akey,v3_pku,"+ - "v3_int,v3_enum,v3_sxnet,v3_cpols,v3_crld,v3_purp,v3_info,"+ - - "v3_ocsp,v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ - + "v3_akeya,v3_pmaps,v3_pcons,v3_ncons,v3_pcia,v3_pci,"+ - "pcy_cache,pcy_node,pcy_data,pcy_map,pcy_tree,pcy_lib,"+ - "v3_asid,v3_addr,v3_scts" $ LIB_CONF = "conf_err,conf_lib,conf_api,conf_def,conf_mod,conf_mall,conf_sap" @@ -341,7 +341,7 @@ $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - $ LIB_COMP = "comp_lib,comp_err,"+ - "c_rle,c_zlib" $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err" + "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err,v3_ocsp" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util" $ LIB_KRB5 = "krb5_asn" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - diff --git a/test/maketests.com b/test/maketests.com index 5919374..b0ff39d 100644 --- a/test/maketests.com +++ b/test/maketests.com @@ -148,8 +148,9 @@ $ TEST_FILES = "BNTEST,ECTEST,ECDSATEST,ECDHTEST,IDEATEST,"+ - "GOST2814789TEST,"+ - "BFTEST,CASTTEST,SSLTEST,"+ - "EXPTEST,DSATEST,RSA_TEST,"+ - - "EVP_TEST,IGETEST,JPAKETEST,SRPTEST,"+ - - "V3NAMETEST,HEARTBEAT_TEST,P5_CRPT2_TEST,"+ - + "EVP_TEST,EVP_EXTRA_TEST,IGETEST,"+ - + "JPAKETEST,SRPTEST,V3NAMETEST,"+ - + "HEARTBEAT_TEST,P5_CRPT2_TEST,"+ - "CONSTANT_TIME_TEST" $! Should we add MTTEST,PQ_TEST,LH_TEST,DIVTEST,TABTEST as well? $! @@ -185,6 +186,7 @@ $ T_D_EXPTEST := [-.crypto.bn] $ T_D_DSATEST := [-.crypto.dsa] $ T_D_RSA_TEST := [-.crypto.rsa] $ T_D_EVP_TEST := [-.crypto.evp] +$ T_D_EVP_EXTRA_TEST := [-.crypto.evp] $ T_D_IGETEST := [-.test] $ T_D_JPAKETEST := [-.crypto.jpake] $ T_D_SRPTEST := [-.crypto.srp] diff --git a/test/tests.com b/test/tests.com index ba947be..f01d169 100644 --- a/test/tests.com +++ b/test/tests.com @@ -56,8 +56,8 @@ $ tests := - test_rand,test_bn,test_ec,test_ecdsa,test_ecdh,- test_enc,test_x509,test_rsa,test_crl,test_sid,- test_gen,test_req,test_pkcs7,test_verify,test_dh,test_dsa,- - test_ss,test_ca,test_engine,test_evp,test_ssl,test_tsa,test_ige,- - test_jpake,test_srp,test_cms,test_v3name,test_ocsp,- + test_ss,test_ca,test_engine,test_evp,test_evp_extra,test_ssl,test_tsa,- + test_ige,test_jpake,test_srp,test_cms,test_v3name,test_ocsp,- test_gost2814789,test_heartbeat,test_p5_crpt2,- test_constant_time $ endif @@ -94,6 +94,7 @@ $ RSATEST := rsa_test $ ENGINETEST := enginetest $ GOST2814789TEST := gost2814789test $ EVPTEST := evp_test +$ EVPEXTRATEST := evp_extra_test $ P5_CRPT2_TEST := p5_crpt2_test $ IGETEST := igetest $ JPAKETEST := jpaketest @@ -114,6 +115,9 @@ $ $ test_evp: $ mcr 'texe_dir''evptest' 'ROOT'.CRYPTO.EVP]evptests.txt $ return +$ test_evp_extra: +$ mcr 'texe_dir''evpextratest' +$ return $ test_p5_crpt2: $ mcr 'texe_dir''p5_crpt2_test' $ return From levitte at openssl.org Fri Mar 6 09:24:35 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 06 Mar 2015 09:24:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425633875.789669.13916.nullmailer@dev.openssl.org> The branch master has been updated via c7223a115f0b372d54f0a50c1e6dc92cabb1429c (commit) via 4a577300c26d9e414ca09daa27b2c0aa0db6ab6c (commit) from cdca82dcde1d233a648c18b2359f058f42dfe9ae (commit) - Log ----------------------------------------------------------------- commit c7223a115f0b372d54f0a50c1e6dc92cabb1429c Author: Richard Levitte Date: Fri Mar 6 01:16:29 2015 +0100 update TABLE Reviewed-by: Rich Salz commit 4a577300c26d9e414ca09daa27b2c0aa0db6ab6c Author: Richard Levitte Date: Fri Mar 6 01:16:19 2015 +0100 Cleanup spaces Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Configurations | 6 +-- TABLE | 148 ++++++++++++++++++++++++++++----------------------------- 2 files changed, 77 insertions(+), 77 deletions(-) diff --git a/Configurations b/Configurations index 47a5a3f..9c64956 100644 --- a/Configurations +++ b/Configurations @@ -181,8 +181,8 @@ my $no_asm_filler="::::::::::::::::void"; # # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 # -"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-aarch64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # Configure script adds minimally required -march for assembly support, # if no -march was specified at command line. mips32 and mips64 below # refer to contemporary MIPS Architecture specifications, MIPS32 and @@ -201,7 +201,7 @@ my $no_asm_filler="::::::::::::::::void"; "linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", +"linux-x86_64-clang", "clang:-m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", diff --git a/TABLE b/TABLE index 67c6639..f214b7b 100644 --- a/TABLE +++ b/TABLE @@ -36,7 +36,7 @@ $multilib = *** BS2000-OSD $cc = c89 -$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC +$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC $unistd = $thread_cflag = (unknown) $sys_id = @@ -70,7 +70,7 @@ $multilib = *** BSD-generic32 $cc = gcc -$cflags = -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -104,7 +104,7 @@ $multilib = *** BSD-generic64 $cc = gcc -$cflags = -DTERMIOS -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -138,7 +138,7 @@ $multilib = *** BSD-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -172,7 +172,7 @@ $multilib = *** BSD-sparc64 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall +$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -206,7 +206,7 @@ $multilib = *** BSD-sparcv8 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall +$cflags = -DB_ENDIAN -O3 -mv8 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -240,7 +240,7 @@ $multilib = *** BSD-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -274,7 +274,7 @@ $multilib = *** BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -308,7 +308,7 @@ $multilib = *** BSD-x86_64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -410,7 +410,7 @@ $multilib = *** DJGPP $cc = gcc -$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall +$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall $unistd = $thread_cflag = $sys_id = MSDOS @@ -546,7 +546,7 @@ $multilib = *** QNX6 $cc = gcc -$cflags = -DTERMIOS +$cflags = $unistd = $thread_cflag = $sys_id = @@ -580,7 +580,7 @@ $multilib = *** QNX6-i386 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -1260,7 +1260,7 @@ $multilib = *** darwin64-debug-test-64-clang $cc = clang -$cflags = -arch x86_64 -DL_ENDIAN -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$cflags = -arch x86_64 -DL_ENDIAN -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = MACOSX @@ -1396,7 +1396,7 @@ $multilib = *** debug-BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall -g +$cflags = -DL_ENDIAN -O3 -Wall -g $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -1532,7 +1532,7 @@ $multilib = *** debug-ben $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe $unistd = $thread_cflag = (unknown) $sys_id = @@ -1566,7 +1566,7 @@ $multilib = *** debug-ben-darwin64 $cc = cc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX @@ -1600,7 +1600,7 @@ $multilib = *** debug-ben-debug $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe $unistd = $thread_cflag = (unknown) $sys_id = @@ -1634,7 +1634,7 @@ $multilib = *** debug-ben-debug-64 $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -1668,7 +1668,7 @@ $multilib = *** debug-ben-debug-64-clang $cc = clang -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -1702,7 +1702,7 @@ $multilib = *** debug-ben-debug-64-noopt $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -1736,7 +1736,7 @@ $multilib = *** debug-ben-macos $cc = cc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe $unistd = $thread_cflag = (unknown) $sys_id = @@ -1770,7 +1770,7 @@ $multilib = *** debug-ben-no-opt $cc = gcc -$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3 +$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3 $unistd = $thread_cflag = (unknown) $sys_id = @@ -1906,7 +1906,7 @@ $multilib = *** debug-bodo $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2042,7 +2042,7 @@ $multilib = *** debug-erbridge $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2178,7 +2178,7 @@ $multilib = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2246,7 +2246,7 @@ $multilib = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2280,7 +2280,7 @@ $multilib = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2314,7 +2314,7 @@ $multilib = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2348,7 +2348,7 @@ $multilib = *** debug-linux-generic32 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2382,7 +2382,7 @@ $multilib = *** debug-linux-generic64 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2416,7 +2416,7 @@ $multilib = *** debug-linux-ia32-aes $cc = gcc -$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2450,7 +2450,7 @@ $multilib = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2484,7 +2484,7 @@ $multilib = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2518,7 +2518,7 @@ $multilib = *** debug-linux-x86_64 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2552,7 +2552,7 @@ $multilib = 64 *** debug-rse $cc = cc -$cflags = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall +$cflags = -DL_ENDIAN -pipe -O -g -ggdb3 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -2722,7 +2722,7 @@ $multilib = *** debug-steve-opt $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2756,7 +2756,7 @@ $multilib = *** debug-steve32 $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2790,7 +2790,7 @@ $multilib = *** debug-steve64 $cc = gcc -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2824,7 +2824,7 @@ $multilib = *** debug-test-64-clang $cc = clang -$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -3470,7 +3470,7 @@ $multilib = /pa20_64 *** hurd-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3572,7 +3572,7 @@ $multilib = *** irix-cc $cc = cc -$cflags = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN +$cflags = -O2 -use_readonly_const -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3606,7 +3606,7 @@ $multilib = *** irix-gcc $cc = gcc -$cflags = -O3 -DTERMIOS -DB_ENDIAN +$cflags = -O3 -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3640,7 +3640,7 @@ $multilib = *** irix-mips3-cc $cc = cc -$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3674,7 +3674,7 @@ $multilib = 32 *** irix-mips3-gcc $cc = gcc -$cflags = -mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3708,7 +3708,7 @@ $multilib = 32 *** irix64-mips4-cc $cc = cc -$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3742,7 +3742,7 @@ $multilib = 64 *** irix64-mips4-gcc $cc = gcc -$cflags = -mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3776,7 +3776,7 @@ $multilib = 64 *** linux-aarch64 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3810,7 +3810,7 @@ $multilib = *** linux-alpha+bwx-ccc $cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO +$cflags = -fast -readonly_strings -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3844,7 +3844,7 @@ $multilib = *** linux-alpha+bwx-gcc $cc = gcc -$cflags = -O3 -DL_ENDIAN -DTERMIO +$cflags = -O3 -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3878,7 +3878,7 @@ $multilib = *** linux-alpha-ccc $cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO +$cflags = -fast -readonly_strings -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3912,7 +3912,7 @@ $multilib = *** linux-alpha-gcc $cc = gcc -$cflags = -O3 -DL_ENDIAN -DTERMIO +$cflags = -O3 -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3946,7 +3946,7 @@ $multilib = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -3980,7 +3980,7 @@ $multilib = *** linux-armv4 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4048,7 +4048,7 @@ $multilib = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4082,7 +4082,7 @@ $multilib = *** linux-generic32 $cc = gcc -$cflags = -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4116,7 +4116,7 @@ $multilib = *** linux-generic64 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4150,7 +4150,7 @@ $multilib = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 +$cflags = -DL_ENDIAN -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4184,7 +4184,7 @@ $multilib = *** linux-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4218,7 +4218,7 @@ $multilib = *** linux-ia64-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4252,7 +4252,7 @@ $multilib = *** linux-mips32 $cc = gcc -$cflags = -mabi=32 -DTERMIO -O3 -Wall -DBN_DIV3W +$cflags = -mabi=32 -O3 -Wall -DBN_DIV3W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4286,7 +4286,7 @@ $multilib = *** linux-mips64 $cc = gcc -$cflags = -mabi=n32 -DTERMIO -O3 -Wall -DBN_DIV3W +$cflags = -mabi=n32 -O3 -Wall -DBN_DIV3W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4320,7 +4320,7 @@ $multilib = 32 *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4354,7 +4354,7 @@ $multilib = *** linux-ppc64 $cc = gcc -$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4388,7 +4388,7 @@ $multilib = 64 *** linux-ppc64le $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4422,7 +4422,7 @@ $multilib = *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4456,7 +4456,7 @@ $multilib = *** linux-sparcv9 $cc = gcc -$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -4490,7 +4490,7 @@ $multilib = *** linux-x32 $cc = gcc -$cflags = -mx32 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -mx32 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4524,7 +4524,7 @@ $multilib = x32 *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4558,7 +4558,7 @@ $multilib = 64 *** linux-x86_64-clang $cc = clang -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments +$cflags = -m64 -DL_ENDIAN -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4592,7 +4592,7 @@ $multilib = 64 *** linux-x86_64-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 +$cflags = -DL_ENDIAN -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4626,7 +4626,7 @@ $multilib = 64 *** linux32-s390x $cc = gcc -$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4660,7 +4660,7 @@ $multilib = /highgprs *** linux64-mips64 $cc = gcc -$cflags = -mabi=64 -DTERMIO -O3 -Wall -DBN_DIV3W +$cflags = -mabi=64 -O3 -Wall -DBN_DIV3W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4694,7 +4694,7 @@ $multilib = 64 *** linux64-s390x $cc = gcc -$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4728,7 +4728,7 @@ $multilib = 64 *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC From matt at openssl.org Fri Mar 6 14:11:33 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Mar 2015 14:11:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1425651093.976517.13794.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via a065737afbc924c75fa332dce3ada7f120eb866a (commit) from 241cff623e2b0f7c435a3a80ae783c29d994f061 (commit) - Log ----------------------------------------------------------------- commit a065737afbc924c75fa332dce3ada7f120eb866a Author: Matt Caswell Date: Fri Mar 6 13:00:47 2015 +0000 Update mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkerr.pl | 132 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index 768f0df..8109ab6 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -376,7 +376,8 @@ foreach $lib (keys %csrc) print OUT @out; undef @out; print OUT <<"EOF"; -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ EOF @@ -390,7 +391,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) EOF } @@ -401,7 +402,7 @@ EOF EOF foreach $i (@function) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($fcodes{$i} eq "X") { $fassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -415,13 +416,13 @@ EOF $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } - printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $fcodes{$i}\n"," " x $z; } print OUT "\n/* Reason codes. */\n"; foreach $i (@reasons) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($rcodes{$i} eq "X") { $rassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -435,7 +436,7 @@ EOF $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $rcodes{$i}\n"," " x $z; } print OUT <<"EOF"; @@ -494,7 +495,7 @@ EOF * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -540,7 +541,8 @@ EOF * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -552,11 +554,10 @@ EOF /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) -#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) +# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) +# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) -static ERR_STRING_DATA ${lib}_str_functs[]= - { +static ERR_STRING_DATA ${lib}_str_functs[] = { EOF # Add each function code: if a function name is found then use it. foreach $i (@function) { @@ -567,20 +568,22 @@ EOF $fn = $ftrans{$fn}; } # print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; - print OUT "{ERR_FUNC($i),\t\"$fn\"},\n"; + if(length($i) + length($fn) > 58) { + print OUT " {ERR_FUNC($i),\n \"$fn\"},\n"; + } else { + print OUT " {ERR_FUNC($i), \"$fn\"},\n"; + } } print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; -static ERR_STRING_DATA ${lib}_str_reasons[]= - { +static ERR_STRING_DATA ${lib}_str_reasons[] = { EOF # Add each reason code. foreach $i (@reasons) { my $rn; my $rstr = "ERR_REASON($i)"; - my $nspc = 0; if (exists $err_reason_strings{$i}) { $rn = $err_reason_strings{$i}; } else { @@ -588,90 +591,87 @@ EOF $rn = $1; $rn =~ tr/_[A-Z]/ [a-z]/; } - $nspc = 40 - length($rstr) unless length($rstr) > 40; - $nspc = " " x $nspc; - print OUT "{${rstr}${nspc},\"$rn\"},\n"; + if(length($i) + length($rn) > 56) { + print OUT " {${rstr},\n \"$rn\"},\n"; + } else { + print OUT " {${rstr}, \"$rn\"},\n"; + } } if($static) { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif ${staticloader}void ERR_load_${lib}_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) - { - ERR_load_strings($load_errcode,${lib}_str_functs); - ERR_load_strings($load_errcode,${lib}_str_reasons); - } + if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { + ERR_load_strings($load_errcode, ${lib}_str_functs); + ERR_load_strings($load_errcode, ${lib}_str_reasons); + } #endif - } +} EOF } else { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif #ifdef ${lib}_LIB_NAME -static ERR_STRING_DATA ${lib}_lib_name[]= - { -{0 ,${lib}_LIB_NAME}, -{0,NULL} - }; +static ERR_STRING_DATA ${lib}_lib_name[] = { + {0, ${lib}_LIB_NAME}, + {0, NULL} +}; #endif - -static int ${lib}_lib_error_code=0; -static int ${lib}_error_init=1; +static int ${lib}_lib_error_code = 0; +static int ${lib}_error_init = 1; ${staticloader}void ERR_load_${lib}_strings(void) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); - if (${lib}_error_init) - { - ${lib}_error_init=0; + if (${lib}_error_init) { + ${lib}_error_init = 0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); - ERR_load_strings(0,${lib}_lib_name); + ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0); + ERR_load_strings(0, ${lib}_lib_name); #endif - } - } + } +} ${staticloader}void ERR_unload_${lib}_strings(void) - { - if (${lib}_error_init == 0) - { +{ + if (${lib}_error_init == 0) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ERR_unload_strings(0,${lib}_lib_name); + ERR_unload_strings(0, ${lib}_lib_name); #endif - ${lib}_error_init=1; - } - } + ${lib}_error_init = 1; + } +} ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line); - } +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line); +} EOF } From matt at openssl.org Fri Mar 6 14:12:05 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Mar 2015 14:12:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425651125.173791.14568.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 6ee3997134e2adfaaaa62ca685681a773d2a7d9c (commit) from f9a21ed069846c4c18f9894bbef2fc77551a1028 (commit) - Log ----------------------------------------------------------------- commit 6ee3997134e2adfaaaa62ca685681a773d2a7d9c Author: Matt Caswell Date: Fri Mar 6 13:00:47 2015 +0000 Update mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkerr.pl | 132 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index 88388f5..7b6776d 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -459,7 +459,8 @@ foreach $lib (keys %csrc) print OUT @out; undef @out; print OUT <<"EOF"; -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ EOF @@ -473,7 +474,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) EOF } @@ -484,7 +485,7 @@ EOF EOF foreach $i (@function) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($fcodes{$i} eq "X") { $fassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -498,13 +499,13 @@ EOF $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } - printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $fcodes{$i}\n"," " x $z; } print OUT "\n/* Reason codes. */\n"; foreach $i (@reasons) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($rcodes{$i} eq "X") { $rassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -518,7 +519,7 @@ EOF $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $rcodes{$i}\n"," " x $z; } print OUT <<"EOF"; @@ -584,7 +585,7 @@ EOF * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -630,7 +631,8 @@ EOF * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -642,11 +644,10 @@ EOF /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) -#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) +# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) +# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) -static ERR_STRING_DATA ${lib}_str_functs[]= - { +static ERR_STRING_DATA ${lib}_str_functs[] = { EOF # Add each function code: if a function name is found then use it. foreach $i (@function) { @@ -657,20 +658,22 @@ EOF $fn = $ftrans{$fn}; } # print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; - print OUT "{ERR_FUNC($i),\t\"$fn\"},\n"; + if(length($i) + length($fn) > 58) { + print OUT " {ERR_FUNC($i),\n \"$fn\"},\n"; + } else { + print OUT " {ERR_FUNC($i), \"$fn\"},\n"; + } } print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; -static ERR_STRING_DATA ${lib}_str_reasons[]= - { +static ERR_STRING_DATA ${lib}_str_reasons[] = { EOF # Add each reason code. foreach $i (@reasons) { my $rn; my $rstr = "ERR_REASON($i)"; - my $nspc = 0; if (exists $err_reason_strings{$i}) { $rn = $err_reason_strings{$i}; } else { @@ -678,90 +681,87 @@ EOF $rn = $1; $rn =~ tr/_[A-Z]/ [a-z]/; } - $nspc = 40 - length($rstr) unless length($rstr) > 40; - $nspc = " " x $nspc; - print OUT "{${rstr}${nspc},\"$rn\"},\n"; + if(length($i) + length($rn) > 56) { + print OUT " {${rstr},\n \"$rn\"},\n"; + } else { + print OUT " {${rstr}, \"$rn\"},\n"; + } } if($static) { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif ${staticloader}void ERR_load_${lib}_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) - { - ERR_load_strings($load_errcode,${lib}_str_functs); - ERR_load_strings($load_errcode,${lib}_str_reasons); - } + if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { + ERR_load_strings($load_errcode, ${lib}_str_functs); + ERR_load_strings($load_errcode, ${lib}_str_reasons); + } #endif - } +} EOF } else { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif #ifdef ${lib}_LIB_NAME -static ERR_STRING_DATA ${lib}_lib_name[]= - { -{0 ,${lib}_LIB_NAME}, -{0,NULL} - }; +static ERR_STRING_DATA ${lib}_lib_name[] = { + {0, ${lib}_LIB_NAME}, + {0, NULL} +}; #endif - -static int ${lib}_lib_error_code=0; -static int ${lib}_error_init=1; +static int ${lib}_lib_error_code = 0; +static int ${lib}_error_init = 1; ${staticloader}void ERR_load_${lib}_strings(void) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); - if (${lib}_error_init) - { - ${lib}_error_init=0; + if (${lib}_error_init) { + ${lib}_error_init = 0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); - ERR_load_strings(0,${lib}_lib_name); + ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0); + ERR_load_strings(0, ${lib}_lib_name); #endif - } - } + } +} ${staticloader}void ERR_unload_${lib}_strings(void) - { - if (${lib}_error_init == 0) - { +{ + if (${lib}_error_init == 0) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ERR_unload_strings(0,${lib}_lib_name); + ERR_unload_strings(0, ${lib}_lib_name); #endif - ${lib}_error_init=1; - } - } + ${lib}_error_init = 1; + } +} ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line); - } +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line); +} EOF } From matt at openssl.org Fri Mar 6 14:11:48 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Mar 2015 14:11:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425651108.299289.14060.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 09712fd0e3754172fa9f6da30a6782f36c43f195 (commit) from 4bf7b291692c59270ddca0e62de1f11611591cfc (commit) - Log ----------------------------------------------------------------- commit 09712fd0e3754172fa9f6da30a6782f36c43f195 Author: Matt Caswell Date: Fri Mar 6 13:00:47 2015 +0000 Update mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkerr.pl | 132 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index bf95388..8d2fdbc 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -458,7 +458,8 @@ foreach $lib (keys %csrc) print OUT @out; undef @out; print OUT <<"EOF"; -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ EOF @@ -472,7 +473,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) EOF } @@ -483,7 +484,7 @@ EOF EOF foreach $i (@function) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($fcodes{$i} eq "X") { $fassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -497,13 +498,13 @@ EOF $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } - printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $fcodes{$i}\n"," " x $z; } print OUT "\n/* Reason codes. */\n"; foreach $i (@reasons) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($rcodes{$i} eq "X") { $rassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -517,7 +518,7 @@ EOF $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $rcodes{$i}\n"," " x $z; } print OUT <<"EOF"; @@ -583,7 +584,7 @@ EOF * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -629,7 +630,8 @@ EOF * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -641,11 +643,10 @@ EOF /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) -#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) +# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) +# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) -static ERR_STRING_DATA ${lib}_str_functs[]= - { +static ERR_STRING_DATA ${lib}_str_functs[] = { EOF # Add each function code: if a function name is found then use it. foreach $i (@function) { @@ -656,20 +657,22 @@ EOF $fn = $ftrans{$fn}; } # print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; - print OUT "{ERR_FUNC($i),\t\"$fn\"},\n"; + if(length($i) + length($fn) > 58) { + print OUT " {ERR_FUNC($i),\n \"$fn\"},\n"; + } else { + print OUT " {ERR_FUNC($i), \"$fn\"},\n"; + } } print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; -static ERR_STRING_DATA ${lib}_str_reasons[]= - { +static ERR_STRING_DATA ${lib}_str_reasons[] = { EOF # Add each reason code. foreach $i (@reasons) { my $rn; my $rstr = "ERR_REASON($i)"; - my $nspc = 0; if (exists $err_reason_strings{$i}) { $rn = $err_reason_strings{$i}; } else { @@ -677,90 +680,87 @@ EOF $rn = $1; $rn =~ tr/_[A-Z]/ [a-z]/; } - $nspc = 40 - length($rstr) unless length($rstr) > 40; - $nspc = " " x $nspc; - print OUT "{${rstr}${nspc},\"$rn\"},\n"; + if(length($i) + length($rn) > 56) { + print OUT " {${rstr},\n \"$rn\"},\n"; + } else { + print OUT " {${rstr}, \"$rn\"},\n"; + } } if($static) { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif ${staticloader}void ERR_load_${lib}_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) - { - ERR_load_strings($load_errcode,${lib}_str_functs); - ERR_load_strings($load_errcode,${lib}_str_reasons); - } + if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { + ERR_load_strings($load_errcode, ${lib}_str_functs); + ERR_load_strings($load_errcode, ${lib}_str_reasons); + } #endif - } +} EOF } else { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif #ifdef ${lib}_LIB_NAME -static ERR_STRING_DATA ${lib}_lib_name[]= - { -{0 ,${lib}_LIB_NAME}, -{0,NULL} - }; +static ERR_STRING_DATA ${lib}_lib_name[] = { + {0, ${lib}_LIB_NAME}, + {0, NULL} +}; #endif - -static int ${lib}_lib_error_code=0; -static int ${lib}_error_init=1; +static int ${lib}_lib_error_code = 0; +static int ${lib}_error_init = 1; ${staticloader}void ERR_load_${lib}_strings(void) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); - if (${lib}_error_init) - { - ${lib}_error_init=0; + if (${lib}_error_init) { + ${lib}_error_init = 0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); - ERR_load_strings(0,${lib}_lib_name); + ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0); + ERR_load_strings(0, ${lib}_lib_name); #endif - } - } + } +} ${staticloader}void ERR_unload_${lib}_strings(void) - { - if (${lib}_error_init == 0) - { +{ + if (${lib}_error_init == 0) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ERR_unload_strings(0,${lib}_lib_name); + ERR_unload_strings(0, ${lib}_lib_name); #endif - ${lib}_error_init=1; - } - } + ${lib}_error_init = 1; + } +} ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line); - } +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line); +} EOF } From matt at openssl.org Fri Mar 6 14:11:58 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Mar 2015 14:11:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425651118.412686.14328.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 0440d4ebe41d523d57acc841c483375df0e3e75f (commit) from 183db9af80510abfe522c97387268906fd1d31c6 (commit) - Log ----------------------------------------------------------------- commit 0440d4ebe41d523d57acc841c483375df0e3e75f Author: Matt Caswell Date: Fri Mar 6 13:00:47 2015 +0000 Update mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkerr.pl | 132 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 66 insertions(+), 66 deletions(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index bf95388..8d2fdbc 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -458,7 +458,8 @@ foreach $lib (keys %csrc) print OUT @out; undef @out; print OUT <<"EOF"; -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ EOF @@ -472,7 +473,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) EOF } @@ -483,7 +484,7 @@ EOF EOF foreach $i (@function) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($fcodes{$i} eq "X") { $fassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -497,13 +498,13 @@ EOF $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } - printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $fcodes{$i}\n"," " x $z; } print OUT "\n/* Reason codes. */\n"; foreach $i (@reasons) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($rcodes{$i} eq "X") { $rassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -517,7 +518,7 @@ EOF $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $rcodes{$i}\n"," " x $z; } print OUT <<"EOF"; @@ -583,7 +584,7 @@ EOF * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -629,7 +630,8 @@ EOF * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -641,11 +643,10 @@ EOF /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) -#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) +# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) +# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) -static ERR_STRING_DATA ${lib}_str_functs[]= - { +static ERR_STRING_DATA ${lib}_str_functs[] = { EOF # Add each function code: if a function name is found then use it. foreach $i (@function) { @@ -656,20 +657,22 @@ EOF $fn = $ftrans{$fn}; } # print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; - print OUT "{ERR_FUNC($i),\t\"$fn\"},\n"; + if(length($i) + length($fn) > 58) { + print OUT " {ERR_FUNC($i),\n \"$fn\"},\n"; + } else { + print OUT " {ERR_FUNC($i), \"$fn\"},\n"; + } } print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; -static ERR_STRING_DATA ${lib}_str_reasons[]= - { +static ERR_STRING_DATA ${lib}_str_reasons[] = { EOF # Add each reason code. foreach $i (@reasons) { my $rn; my $rstr = "ERR_REASON($i)"; - my $nspc = 0; if (exists $err_reason_strings{$i}) { $rn = $err_reason_strings{$i}; } else { @@ -677,90 +680,87 @@ EOF $rn = $1; $rn =~ tr/_[A-Z]/ [a-z]/; } - $nspc = 40 - length($rstr) unless length($rstr) > 40; - $nspc = " " x $nspc; - print OUT "{${rstr}${nspc},\"$rn\"},\n"; + if(length($i) + length($rn) > 56) { + print OUT " {${rstr},\n \"$rn\"},\n"; + } else { + print OUT " {${rstr}, \"$rn\"},\n"; + } } if($static) { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif ${staticloader}void ERR_load_${lib}_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) - { - ERR_load_strings($load_errcode,${lib}_str_functs); - ERR_load_strings($load_errcode,${lib}_str_reasons); - } + if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { + ERR_load_strings($load_errcode, ${lib}_str_functs); + ERR_load_strings($load_errcode, ${lib}_str_reasons); + } #endif - } +} EOF } else { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif #ifdef ${lib}_LIB_NAME -static ERR_STRING_DATA ${lib}_lib_name[]= - { -{0 ,${lib}_LIB_NAME}, -{0,NULL} - }; +static ERR_STRING_DATA ${lib}_lib_name[] = { + {0, ${lib}_LIB_NAME}, + {0, NULL} +}; #endif - -static int ${lib}_lib_error_code=0; -static int ${lib}_error_init=1; +static int ${lib}_lib_error_code = 0; +static int ${lib}_error_init = 1; ${staticloader}void ERR_load_${lib}_strings(void) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); - if (${lib}_error_init) - { - ${lib}_error_init=0; + if (${lib}_error_init) { + ${lib}_error_init = 0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); - ERR_load_strings(0,${lib}_lib_name); + ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0); + ERR_load_strings(0, ${lib}_lib_name); #endif - } - } + } +} ${staticloader}void ERR_unload_${lib}_strings(void) - { - if (${lib}_error_init == 0) - { +{ + if (${lib}_error_init == 0) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ERR_unload_strings(0,${lib}_lib_name); + ERR_unload_strings(0, ${lib}_lib_name); #endif - ${lib}_error_init=1; - } - } + ${lib}_error_init = 1; + } +} ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line); - } +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line); +} EOF } From matt at openssl.org Fri Mar 6 14:12:12 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 06 Mar 2015 14:12:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425651132.089735.14838.nullmailer@dev.openssl.org> The branch master has been updated via f3b9ce90bbd4f9dd10dc30ce354d95ec2d6b892a (commit) via 65aaab2fa6c00a7a987ac756e57243a70f729c42 (commit) from c7223a115f0b372d54f0a50c1e6dc92cabb1429c (commit) - Log ----------------------------------------------------------------- commit f3b9ce90bbd4f9dd10dc30ce354d95ec2d6b892a Author: Matt Caswell Date: Fri Mar 6 13:01:31 2015 +0000 make errors Run make errors on master Reviewed-by: Richard Levitte commit 65aaab2fa6c00a7a987ac756e57243a70f729c42 Author: Matt Caswell Date: Fri Mar 6 13:00:47 2015 +0000 Update mkerr.pl for new format Make the output from mkerr.pl consistent with the newly reformatted code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio.h | 1 + crypto/bio/bio_err.c | 3 +- util/mkerr.pl | 132 +++++++++++++++++++++++++-------------------------- 3 files changed, 69 insertions(+), 67 deletions(-) diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 2d3e9e7..76b6662 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -833,6 +833,7 @@ void ERR_load_BIO_strings(void); # define BIO_F_CONN_CTRL 127 # define BIO_F_CONN_STATE 115 # define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 # define BIO_F_FILE_CTRL 116 # define BIO_F_FILE_READ 130 # define BIO_F_LINEBUFFER_CTRL 129 diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index e8d3027..d9007aa 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* crypto/bio/bio_err.c */ /* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,6 +96,7 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, + {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, diff --git a/util/mkerr.pl b/util/mkerr.pl index 2438e8e..96c705e 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -459,7 +459,8 @@ foreach $lib (keys %csrc) print OUT @out; undef @out; print OUT <<"EOF"; -/* The following lines are auto generated by the script mkerr.pl. Any changes +/* + * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ EOF @@ -473,7 +474,7 @@ EOF ${staticloader}void ERR_load_${lib}_strings(void); ${staticloader}void ERR_unload_${lib}_strings(void); ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); -#define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) +# define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) EOF } @@ -484,7 +485,7 @@ EOF EOF foreach $i (@function) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($fcodes{$i} eq "X") { $fassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -498,13 +499,13 @@ EOF $fassigned{$lib} .= "$findcode:"; print STDERR "New Function code $i\n" if $debug; } - printf OUT "#define $i%s $fcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $fcodes{$i}\n"," " x $z; } print OUT "\n/* Reason codes. */\n"; foreach $i (@reasons) { - $z=6-int(length($i)/8); + $z=48 - length($i); if($rcodes{$i} eq "X") { $rassigned{$lib} =~ m/^:([^:]*):/; $findcode = $1; @@ -518,7 +519,7 @@ EOF $rassigned{$lib} .= "$findcode:"; print STDERR "New Reason code $i\n" if $debug; } - printf OUT "#define $i%s $rcodes{$i}\n","\t" x $z; + printf OUT "# define $i%s $rcodes{$i}\n"," " x $z; } print OUT <<"EOF"; @@ -584,7 +585,7 @@ EOF * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -630,7 +631,8 @@ EOF * */ -/* NOTE: this file was auto generated by the mkerr.pl script: any changes +/* + * NOTE: this file was auto generated by the mkerr.pl script: any changes * made to it will be overwritten when the script next updates this file, * only reason strings will be preserved. */ @@ -642,11 +644,10 @@ EOF /* BEGIN ERROR CODES */ #ifndef OPENSSL_NO_ERR -#define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) -#define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) +# define ERR_FUNC(func) ERR_PACK($pack_errcode,func,0) +# define ERR_REASON(reason) ERR_PACK($pack_errcode,0,reason) -static ERR_STRING_DATA ${lib}_str_functs[]= - { +static ERR_STRING_DATA ${lib}_str_functs[] = { EOF # Add each function code: if a function name is found then use it. foreach $i (@function) { @@ -657,20 +658,22 @@ EOF $fn = $ftrans{$fn}; } # print OUT "{ERR_PACK($pack_errcode,$i,0),\t\"$fn\"},\n"; - print OUT "{ERR_FUNC($i),\t\"$fn\"},\n"; + if(length($i) + length($fn) > 58) { + print OUT " {ERR_FUNC($i),\n \"$fn\"},\n"; + } else { + print OUT " {ERR_FUNC($i), \"$fn\"},\n"; + } } print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; -static ERR_STRING_DATA ${lib}_str_reasons[]= - { +static ERR_STRING_DATA ${lib}_str_reasons[] = { EOF # Add each reason code. foreach $i (@reasons) { my $rn; my $rstr = "ERR_REASON($i)"; - my $nspc = 0; if (exists $err_reason_strings{$i}) { $rn = $err_reason_strings{$i}; } else { @@ -678,90 +681,87 @@ EOF $rn = $1; $rn =~ tr/_[A-Z]/ [a-z]/; } - $nspc = 40 - length($rstr) unless length($rstr) > 40; - $nspc = " " x $nspc; - print OUT "{${rstr}${nspc},\"$rn\"},\n"; + if(length($i) + length($rn) > 56) { + print OUT " {${rstr},\n \"$rn\"},\n"; + } else { + print OUT " {${rstr}, \"$rn\"},\n"; + } } if($static) { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif ${staticloader}void ERR_load_${lib}_strings(void) - { +{ #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) - { - ERR_load_strings($load_errcode,${lib}_str_functs); - ERR_load_strings($load_errcode,${lib}_str_reasons); - } + if (ERR_func_error_string(${lib}_str_functs[0].error) == NULL) { + ERR_load_strings($load_errcode, ${lib}_str_functs); + ERR_load_strings($load_errcode, ${lib}_str_reasons); + } #endif - } +} EOF } else { print OUT <<"EOF"; -{0,NULL} - }; + {0, NULL} +}; #endif #ifdef ${lib}_LIB_NAME -static ERR_STRING_DATA ${lib}_lib_name[]= - { -{0 ,${lib}_LIB_NAME}, -{0,NULL} - }; +static ERR_STRING_DATA ${lib}_lib_name[] = { + {0, ${lib}_LIB_NAME}, + {0, NULL} +}; #endif - -static int ${lib}_lib_error_code=0; -static int ${lib}_error_init=1; +static int ${lib}_lib_error_code = 0; +static int ${lib}_error_init = 1; ${staticloader}void ERR_load_${lib}_strings(void) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); - if (${lib}_error_init) - { - ${lib}_error_init=0; + if (${lib}_error_init) { + ${lib}_error_init = 0; #ifndef OPENSSL_NO_ERR - ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_load_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); - ERR_load_strings(0,${lib}_lib_name); + ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code, 0, 0); + ERR_load_strings(0, ${lib}_lib_name); #endif - } - } + } +} ${staticloader}void ERR_unload_${lib}_strings(void) - { - if (${lib}_error_init == 0) - { +{ + if (${lib}_error_init == 0) { #ifndef OPENSSL_NO_ERR - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs); - ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_functs); + ERR_unload_strings(${lib}_lib_error_code, ${lib}_str_reasons); #endif #ifdef ${lib}_LIB_NAME - ERR_unload_strings(0,${lib}_lib_name); + ERR_unload_strings(0, ${lib}_lib_name); #endif - ${lib}_error_init=1; - } - } + ${lib}_error_init = 1; + } +} ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) - { - if (${lib}_lib_error_code == 0) - ${lib}_lib_error_code=ERR_get_next_error_library(); - ERR_PUT_error(${lib}_lib_error_code,function,reason,file,line); - } +{ + if (${lib}_lib_error_code == 0) + ${lib}_lib_error_code = ERR_get_next_error_library(); + ERR_PUT_error(${lib}_lib_error_code, function, reason, file, line); +} EOF } From kurt at openssl.org Sat Mar 7 22:05:23 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 07 Mar 2015 22:05:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425765923.529840.6603.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f417997a324037025be61737288e40e171a8218c (commit) from 6ee3997134e2adfaaaa62ca685681a773d2a7d9c (commit) - Log ----------------------------------------------------------------- commit f417997a324037025be61737288e40e171a8218c Author: Kurt Roeckx Date: Wed Mar 4 21:57:52 2015 +0100 Remove export ciphers from the DEFAULT cipher list They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- doc/apps/ciphers.pod | 4 ++-- ssl/ssl.h | 2 +- ssl/ssl_ciph.c | 10 ++++++++-- 4 files changed, 13 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index c1a07d7..11d93b6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.2 and 1.0.2a [xx XXX xxxx] - *) + *) Removed the export ciphers from the DEFAULT ciphers + [Kurt Roeckx] Changes between 1.0.1l and 1.0.2 [22 Jan 2015] diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 4eeb55b..e9280bc 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -109,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings. =item B -the default cipher list. This is determined at compile time and, as of OpenSSL -1.0.0, is normally B. This must be the first cipher string +the default cipher list. This is determined at compile time and +is normally B. This must be the firstcipher string specified. =item B diff --git a/ssl/ssl.h b/ssl/ssl.h index 2b0f662..a6d845d 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -338,7 +338,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b038c55..2cc9a4a 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -235,8 +235,8 @@ static const SSL_CIPHER cipher_aliases[] = { * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0, - 0, 0, 0, 0}, + {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, + SSL_EXP_MASK, 0, 0, 0}, /* * key exchange aliases (some of those using only a single bit here @@ -1027,6 +1027,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, if (cipher_id && cipher_id != cp->id) continue; #endif + if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) + goto ok; + if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) + goto ok; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -1045,6 +1049,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, continue; } + ok: + #ifdef CIPHER_DEBUG fprintf(stderr, "Action = %d\n", rule); #endif From kurt at openssl.org Sat Mar 7 22:12:00 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 07 Mar 2015 22:12:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425766320.689474.7489.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28 (commit) from 0440d4ebe41d523d57acc841c483375df0e3e75f (commit) - Log ----------------------------------------------------------------- commit bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28 Author: Kurt Roeckx Date: Wed Mar 4 21:57:52 2015 +0100 Remove export ciphers from the DEFAULT cipher list They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz (cherry picked from commit f417997a324037025be61737288e40e171a8218c) Conflicts: ssl/ssl_ciph.c ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- doc/apps/ciphers.pod | 4 ++-- ssl/ssl.h | 2 +- ssl/ssl_ciph.c | 11 ++++++++--- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index d6233cb..0bb2587 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.1l and 1.0.1m [xx XXX xxxx] - *) + *) Removed the export ciphers from the DEFAULT ciphers + [Kurt Roeckx] Changes between 1.0.1k and 1.0.1l [15 Jan 2015] diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 6086d0a..0aa1bad 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -109,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings. =item B -the default cipher list. This is determined at compile time and, as of OpenSSL -1.0.0, is normally B. This must be the first cipher string +the default cipher list. This is determined at compile time and +is normally B. This must be the firstcipher string specified. =item B diff --git a/ssl/ssl.h b/ssl/ssl.h index 551fa2d..b93b67b 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -334,7 +334,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 51a4a04..cac525e 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -235,8 +235,8 @@ static const SSL_CIPHER cipher_aliases[] = { * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0, - 0, 0, 0, 0}, + {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, + SSL_EXP_MASK, 0, 0, 0}, /* * key exchange aliases (some of those using only a single bit here @@ -997,7 +997,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); #endif - + if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) + goto ok; + if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) + goto ok; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -1016,6 +1019,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, continue; } + ok: + #ifdef CIPHER_DEBUG fprintf(stderr, "Action = %d\n", rule); #endif From kurt at openssl.org Sat Mar 7 22:18:27 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 07 Mar 2015 22:18:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425766707.263392.8455.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 71b0bb764c03b76214af4ee8fc35ee940f52b783 (commit) from 09712fd0e3754172fa9f6da30a6782f36c43f195 (commit) - Log ----------------------------------------------------------------- commit 71b0bb764c03b76214af4ee8fc35ee940f52b783 Author: Kurt Roeckx Date: Wed Mar 4 21:57:52 2015 +0100 Remove export ciphers from the DEFAULT cipher list They are moved to the COMPLEMENTOFDEFAULT instead. This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT. Reviewed-by: Rich Salz (cherry picked from commit bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28) ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- doc/apps/ciphers.pod | 4 ++-- ssl/ssl.h | 2 +- ssl/ssl_ciph.c | 11 ++++++++--- 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index f48a002..3e146ab 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.0q and 1.0.0r [xx XXX xxxx] - *) + *) Removed the export ciphers from the DEFAULT ciphers + [Kurt Roeckx] Changes between 1.0.0p and 1.0.0q [15 Jan 2015] diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index f44aa00..cbd9fa3 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -109,8 +109,8 @@ The following is a list of all permitted cipher strings and their meanings. =item B -the default cipher list. This is determined at compile time and, as of OpenSSL -1.0.0, is normally B. This must be the first cipher string +the default cipher list. This is determined at compile time and +is normally B. This must be the firstcipher string specified. =item B diff --git a/ssl/ssl.h b/ssl/ssl.h index c977da3..3f4d0ac 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -326,7 +326,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -# define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2" /* * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always * starts with a reasonable order, and all we have to do for DEFAULT is diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a61cab6..cae03b3 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -228,8 +228,8 @@ static const SSL_CIPHER cipher_aliases[] = { * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in * ALL!) */ - {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, ~SSL_eNULL, 0, 0, - 0, 0, 0, 0}, + {0, SSL_TXT_CMPDEF, 0, 0, SSL_aNULL, ~SSL_eNULL, 0, ~SSL_SSLV2, + SSL_EXP_MASK, 0, 0, 0}, /* * key exchange aliases (some of those using only a single bit here @@ -916,7 +916,10 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, cp->algorithm_enc, cp->algorithm_mac, cp->algorithm_ssl, cp->algo_strength); #endif - + if (algo_strength == SSL_EXP_MASK && SSL_C_IS_EXPORT(cp)) + goto ok; + if (alg_ssl == ~SSL_SSLV2 && cp->algorithm_ssl == SSL_SSLV2) + goto ok; if (alg_mkey && !(alg_mkey & cp->algorithm_mkey)) continue; if (alg_auth && !(alg_auth & cp->algorithm_auth)) @@ -935,6 +938,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, continue; } + ok: + #ifdef CIPHER_DEBUG printf("Action = %d\n", rule); #endif From rsalz at openssl.org Sun Mar 8 02:25:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 08 Mar 2015 02:25:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425781519.585789.31800.nullmailer@dev.openssl.org> The branch master has been updated via 63a3c45582670f1f2d8e0df3835e9bd81c34d137 (commit) from f3b9ce90bbd4f9dd10dc30ce354d95ec2d6b892a (commit) - Log ----------------------------------------------------------------- commit 63a3c45582670f1f2d8e0df3835e9bd81c34d137 Author: Viktor Szakats Date: Sat Mar 7 21:24:40 2015 -0500 GitHub 237: Use https for IETF links Signed-off-by: Rich Salz Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/standards.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/standards.txt b/doc/standards.txt index 146525e..691fafe 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -4,9 +4,9 @@ Standards related to OpenSSL This is a work in progress. These are documents that describe things that are implemented (in whole or at least great parts) in OpenSSL. -To search for RFCs, you can start at http://www.ietf.org/rfc.html +To search for RFCs, you can start at https://www.ietf.org/rfc.html -To search for internet-drafts, you can start at http://www.ietf.org/id-info/ +To search for internet-drafts, you can start at https://www.ietf.org/id-info/ Many PKCS standards are now RFC's; PKCS#11 is now at Oasis and can be found at https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=pkcs11 From appro at openssl.org Sun Mar 8 13:10:56 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 08 Mar 2015 13:10:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425820256.228786.8016.nullmailer@dev.openssl.org> The branch master has been updated via e390ae50e0bc41676994c6fa23f7b65a8afc4d7f (commit) from 63a3c45582670f1f2d8e0df3835e9bd81c34d137 (commit) - Log ----------------------------------------------------------------- commit e390ae50e0bc41676994c6fa23f7b65a8afc4d7f Author: Andy Polyakov Date: Tue Mar 3 21:44:53 2015 +0100 ARMv4 assembly pack: add Cortex-A15 performance data. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/modes/asm/ghash-armv4.pl | 4 ++-- crypto/sha/asm/sha1-armv4-large.pl | 4 +++- crypto/sha/asm/sha512-armv4.pl | 13 +++---------- 3 files changed, 8 insertions(+), 13 deletions(-) diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index 77fbf34..44521f8 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -42,8 +42,8 @@ # below and combine it with reduction algorithm from x86 module. # Performance improvement over previous version varies from 65% on # Snapdragon S4 to 110% on Cortex A9. In absolute terms Cortex A8 -# processes one byte in 8.45 cycles, A9 - in 10.2, Snapdragon S4 - -# in 9.33. +# processes one byte in 8.45 cycles, A9 - in 10.2, A15 - in 7.63, +# Snapdragon S4 - in 9.33. # # C?mara, D.; Gouv?a, C. P. L.; L?pez, J. & Dahab, R.: Fast Software # Polynomial Multiplication on ARM Processors using the NEON Engine. diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index b2c3032..61307b7 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -60,7 +60,9 @@ # is ~2.5x larger and there are some redundant instructions executed # when processing last block, improvement is not as big for smallest # blocks, only ~30%. Snapdragon S4 is a tad faster, 6.4 cycles per -# byte, which is also >80% faster than integer-only code. +# byte, which is also >80% faster than integer-only code. Cortex-A15 +# is even faster spending 5.6 cycles per byte outperforming integer- +# only code by factor of 2. # May 2014. # diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index fb7dc50..daab297 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -34,16 +34,9 @@ # terms it's 22.6 cycles per byte, which is disappointing result. # Technical writers asserted that 3-way S4 pipeline can sustain # multiple NEON instructions per cycle, but dual NEON issue could -# not be observed, and for NEON-only sequences IPC(*) was found to -# be limited by 1:-( 0.33 and 0.66 were measured for sequences with -# ILPs(*) of 1 and 2 respectively. This in turn means that you can -# even find yourself striving, as I did here, for achieving IPC -# adequate to one delivered by Cortex A8 [for reference, it's -# 0.5 for ILP of 1, and 1 for higher ILPs]. -# -# (*) ILP, instruction-level parallelism, how many instructions -# *can* execute at the same time. IPC, instructions per cycle, -# indicates how many instructions actually execute. +# not be observed, see http://www.openssl.org/~appro/Snapdragon-S4.html +# for further details. On side note Cortex-A15 processes one byte in +# 16 cycles. # Byte order [in]dependence. ========================================= # From steve at openssl.org Sun Mar 8 16:18:50 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:18:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425831530.881016.32339.nullmailer@dev.openssl.org> The branch master has been updated via e3013932df2d899e8600c305342bc14b682dc0d1 (commit) from e390ae50e0bc41676994c6fa23f7b65a8afc4d7f (commit) - Log ----------------------------------------------------------------- commit e3013932df2d899e8600c305342bc14b682dc0d1 Author: Dr. Stephen Henson Date: Tue Feb 24 16:35:37 2015 +0000 Additional CMS documentation. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/crypto/CMS_get0_type.pod | 22 ++++++++++++++++++---- doc/crypto/d2i_CMS_ContentInfo.pod | 29 +++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 doc/crypto/d2i_CMS_ContentInfo.pod diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod index 8ff1c31..3ed92bd 100644 --- a/doc/crypto/CMS_get0_type.pod +++ b/doc/crypto/CMS_get0_type.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType - get and set CMS content types + CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content =head1 SYNOPSIS @@ -11,6 +11,7 @@ const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); =head1 DESCRIPTION @@ -26,11 +27,15 @@ undefined. ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded content type. +CMS_get0_content() returns a pointer to the B pointer +containing the embedded content. + =head1 NOTES -As the B<0> implies CMS_get0_type() and CMS_get0_eContentType() return internal -pointers which should B be freed up. CMS_set1_eContentType() copies the -supplied OID and it B be freed up after use. +As the B<0> implies CMS_get0_type(), CMS_get0_eContentType() and +CMS_get0_content() return internal pointers which should B be freed up. +CMS_set1_eContentType() copies the supplied OID and it B be freed up +after use. The B values returned can be converted to an integer B value using OBJ_obj2nid(). For the currently supported content types the following @@ -43,6 +48,15 @@ values are returned: NID_pkcs7_encrypted NID_pkcs7_enveloped +The return value of CMS_get0_content() is a pointer to the B +content pointer. That means that for example: + + ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); + +B<*pconf> could be NULL if there is no embedded content. Applications can +access, modify or create the embedded content in a B structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. =head1 RETURN VALUES diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod new file mode 100644 index 0000000..6ddb2f6 --- /dev/null +++ b/doc/crypto/d2i_CMS_ContentInfo.pod @@ -0,0 +1,29 @@ +=pod + +=head1 NAME + +d2i_CMS_ContentInfo, i2d_CMS_ContentInfo - CMS ContentInfo functions + +=head1 SYNOPSIS + + #include + + CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, unsigned char **pp, long length); + int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **pp); + +=head1 DESCRIPTION + +These functions decode and encode an CMS ContentInfo structure. + +Otherwise they behave in a similar way to d2i_X509() and i2d_X509() +described in the L manual page. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +These functions were first added to OpenSSL 0.9.8 + +=cut From steve at openssl.org Sun Mar 8 16:20:06 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:20:06 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425831606.014036.7444.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 876ed1057438cf691646848ab6b8842663944218 (commit) from bc2e18a3c818ae7e2d8c996b6648aa4ae8e3ee28 (commit) - Log ----------------------------------------------------------------- commit 876ed1057438cf691646848ab6b8842663944218 Author: Dr. Stephen Henson Date: Tue Feb 24 16:35:37 2015 +0000 Additional CMS documentation. Reviewed-by: Rich Salz (cherry picked from commit e3013932df2d899e8600c305342bc14b682dc0d1) ----------------------------------------------------------------------- Summary of changes: doc/crypto/CMS_get0_type.pod | 22 ++++++++++++++++++---- doc/crypto/d2i_CMS_ContentInfo.pod | 29 +++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 doc/crypto/d2i_CMS_ContentInfo.pod diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod index 8ff1c31..3ed92bd 100644 --- a/doc/crypto/CMS_get0_type.pod +++ b/doc/crypto/CMS_get0_type.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType - get and set CMS content types + CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content =head1 SYNOPSIS @@ -11,6 +11,7 @@ const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); =head1 DESCRIPTION @@ -26,11 +27,15 @@ undefined. ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded content type. +CMS_get0_content() returns a pointer to the B pointer +containing the embedded content. + =head1 NOTES -As the B<0> implies CMS_get0_type() and CMS_get0_eContentType() return internal -pointers which should B be freed up. CMS_set1_eContentType() copies the -supplied OID and it B be freed up after use. +As the B<0> implies CMS_get0_type(), CMS_get0_eContentType() and +CMS_get0_content() return internal pointers which should B be freed up. +CMS_set1_eContentType() copies the supplied OID and it B be freed up +after use. The B values returned can be converted to an integer B value using OBJ_obj2nid(). For the currently supported content types the following @@ -43,6 +48,15 @@ values are returned: NID_pkcs7_encrypted NID_pkcs7_enveloped +The return value of CMS_get0_content() is a pointer to the B +content pointer. That means that for example: + + ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); + +B<*pconf> could be NULL if there is no embedded content. Applications can +access, modify or create the embedded content in a B structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. =head1 RETURN VALUES diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod new file mode 100644 index 0000000..6ddb2f6 --- /dev/null +++ b/doc/crypto/d2i_CMS_ContentInfo.pod @@ -0,0 +1,29 @@ +=pod + +=head1 NAME + +d2i_CMS_ContentInfo, i2d_CMS_ContentInfo - CMS ContentInfo functions + +=head1 SYNOPSIS + + #include + + CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, unsigned char **pp, long length); + int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **pp); + +=head1 DESCRIPTION + +These functions decode and encode an CMS ContentInfo structure. + +Otherwise they behave in a similar way to d2i_X509() and i2d_X509() +described in the L manual page. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +These functions were first added to OpenSSL 0.9.8 + +=cut From steve at openssl.org Sun Mar 8 16:20:06 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:20:06 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425831606.100877.7467.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f9aa27dc78c617c35c3eea6810fd5f83999ff724 (commit) from f417997a324037025be61737288e40e171a8218c (commit) - Log ----------------------------------------------------------------- commit f9aa27dc78c617c35c3eea6810fd5f83999ff724 Author: Dr. Stephen Henson Date: Tue Feb 24 16:35:37 2015 +0000 Additional CMS documentation. Reviewed-by: Rich Salz (cherry picked from commit e3013932df2d899e8600c305342bc14b682dc0d1) ----------------------------------------------------------------------- Summary of changes: doc/crypto/CMS_get0_type.pod | 22 ++++++++++++++++++---- doc/crypto/d2i_CMS_ContentInfo.pod | 29 +++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) create mode 100644 doc/crypto/d2i_CMS_ContentInfo.pod diff --git a/doc/crypto/CMS_get0_type.pod b/doc/crypto/CMS_get0_type.pod index 8ff1c31..3ed92bd 100644 --- a/doc/crypto/CMS_get0_type.pod +++ b/doc/crypto/CMS_get0_type.pod @@ -2,7 +2,7 @@ =head1 NAME - CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType - get and set CMS content types + CMS_get0_type, CMS_set1_eContentType, CMS_get0_eContentType, CMS_get0_content - get and set CMS content types and content =head1 SYNOPSIS @@ -11,6 +11,7 @@ const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); + ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); =head1 DESCRIPTION @@ -26,11 +27,15 @@ undefined. ASN1_OBJECT *CMS_get0_eContentType() returns a pointer to the embedded content type. +CMS_get0_content() returns a pointer to the B pointer +containing the embedded content. + =head1 NOTES -As the B<0> implies CMS_get0_type() and CMS_get0_eContentType() return internal -pointers which should B be freed up. CMS_set1_eContentType() copies the -supplied OID and it B be freed up after use. +As the B<0> implies CMS_get0_type(), CMS_get0_eContentType() and +CMS_get0_content() return internal pointers which should B be freed up. +CMS_set1_eContentType() copies the supplied OID and it B be freed up +after use. The B values returned can be converted to an integer B value using OBJ_obj2nid(). For the currently supported content types the following @@ -43,6 +48,15 @@ values are returned: NID_pkcs7_encrypted NID_pkcs7_enveloped +The return value of CMS_get0_content() is a pointer to the B +content pointer. That means that for example: + + ASN1_OCTET_STRING **pconf = CMS_get0_content(cms); + +B<*pconf> could be NULL if there is no embedded content. Applications can +access, modify or create the embedded content in a B structure +using this function. Applications usually will not need to modify the +embedded content as it is normally set by higher level functions. =head1 RETURN VALUES diff --git a/doc/crypto/d2i_CMS_ContentInfo.pod b/doc/crypto/d2i_CMS_ContentInfo.pod new file mode 100644 index 0000000..6ddb2f6 --- /dev/null +++ b/doc/crypto/d2i_CMS_ContentInfo.pod @@ -0,0 +1,29 @@ +=pod + +=head1 NAME + +d2i_CMS_ContentInfo, i2d_CMS_ContentInfo - CMS ContentInfo functions + +=head1 SYNOPSIS + + #include + + CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a, unsigned char **pp, long length); + int i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **pp); + +=head1 DESCRIPTION + +These functions decode and encode an CMS ContentInfo structure. + +Otherwise they behave in a similar way to d2i_X509() and i2d_X509() +described in the L manual page. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +These functions were first added to OpenSSL 0.9.8 + +=cut From steve at openssl.org Sun Mar 8 16:29:22 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:29:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425832162.357164.8860.nullmailer@dev.openssl.org> The branch master has been updated via a8ae0891d4bfd18f224777aed1fbb172504421f1 (commit) from e3013932df2d899e8600c305342bc14b682dc0d1 (commit) - Log ----------------------------------------------------------------- commit a8ae0891d4bfd18f224777aed1fbb172504421f1 Author: Dr. Stephen Henson Date: Tue Mar 3 14:20:23 2015 +0000 Cleanse PKCS#8 private key components. New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_lib.c | 7 +++++++ crypto/dh/dh_ameth.c | 8 ++++---- crypto/dsa/dsa_ameth.c | 10 +++++----- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 5254c7d..692b81a 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -799,6 +799,7 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); ASN1_STRING *ASN1_STRING_type_new(int type); diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index bf84526..1586aaf 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -427,6 +427,13 @@ void ASN1_STRING_free(ASN1_STRING *a) OPENSSL_free(a); } +void ASN1_STRING_clear_free(ASN1_STRING *a) +{ + if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_cleanse(a->data, a->length); + ASN1_STRING_free(a); +} + int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) { int i; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 14d291f..8dac573 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -240,7 +240,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -248,7 +248,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 0; } @@ -283,7 +283,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, @@ -298,7 +298,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 1569a33..c3a85da 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -226,7 +226,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; } @@ -264,7 +264,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -273,7 +273,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) dsaerr: BN_CTX_free(ctx); if (privkey) - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; @@ -315,7 +315,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) @@ -329,7 +329,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } From steve at openssl.org Sun Mar 8 16:48:46 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:48:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425833326.734694.12236.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 36971258e3e47f04671f5f8e828293b253b4a79a (commit) from 71b0bb764c03b76214af4ee8fc35ee940f52b783 (commit) - Log ----------------------------------------------------------------- commit 36971258e3e47f04671f5f8e828293b253b4a79a Author: Dr. Stephen Henson Date: Tue Mar 3 14:20:23 2015 +0000 Cleanse PKCS#8 private key components. New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz (cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1) Conflicts: crypto/dh/dh_ameth.c ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_lib.c | 7 +++++++ crypto/dh/dh_ameth.c | 8 +++++--- crypto/dsa/dsa_ameth.c | 10 +++++----- 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index ed2b9e6..8709849 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -796,6 +796,7 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); ASN1_STRING *ASN1_STRING_type_new(int type); diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 00733a6..0b61fc9 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -430,6 +430,13 @@ void ASN1_STRING_free(ASN1_STRING *a) OPENSSL_free(a); } +void ASN1_STRING_clear_free(ASN1_STRING *a) +{ + if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_cleanse(a->data, a->length); + ASN1_STRING_free(a); +} + int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) { int i; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 2323f22..8a68aea 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -215,7 +215,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign_DH(pkey, dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -223,6 +223,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); + ASN1_STRING_clear_free(privkey); return 0; } @@ -257,7 +258,8 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); + prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, V_ASN1_SEQUENCE, params, dp, dplen)) @@ -271,7 +273,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 150a3ed..9fdce81 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -226,7 +226,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; } @@ -264,7 +264,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -273,7 +273,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) dsaerr: BN_CTX_free(ctx); if (privkey) - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; @@ -315,7 +315,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) @@ -329,7 +329,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } From steve at openssl.org Sun Mar 8 16:48:46 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:48:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425833326.803990.12259.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via cb9d5b7b53d3e781c2110e2c4b8f9530ce312eb8 (commit) from 876ed1057438cf691646848ab6b8842663944218 (commit) - Log ----------------------------------------------------------------- commit cb9d5b7b53d3e781c2110e2c4b8f9530ce312eb8 Author: Dr. Stephen Henson Date: Tue Mar 3 14:20:23 2015 +0000 Cleanse PKCS#8 private key components. New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz (cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_lib.c | 7 +++++++ crypto/dh/dh_ameth.c | 8 ++++---- crypto/dsa/dsa_ameth.c | 10 +++++----- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index b3c38fd..39b7833 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -795,6 +795,7 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); ASN1_STRING *ASN1_STRING_type_new(int type); diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 00733a6..0b61fc9 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -430,6 +430,13 @@ void ASN1_STRING_free(ASN1_STRING *a) OPENSSL_free(a); } +void ASN1_STRING_clear_free(ASN1_STRING *a) +{ + if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_cleanse(a->data, a->length); + ASN1_STRING_free(a); +} + int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) { int i; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 786f021..680400f 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -215,7 +215,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign_DH(pkey, dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -223,7 +223,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 0; } @@ -258,7 +258,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dhKeyAgreement), 0, @@ -273,7 +273,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 61a73b3..1b29d81 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -226,7 +226,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; } @@ -264,7 +264,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -273,7 +273,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) dsaerr: BN_CTX_free(ctx); if (privkey) - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; @@ -315,7 +315,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) @@ -329,7 +329,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } From steve at openssl.org Sun Mar 8 16:48:46 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 16:48:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425833326.892021.12289.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via bfa34f551c2d38e826deb44a269cb0f720f9f63b (commit) from f9aa27dc78c617c35c3eea6810fd5f83999ff724 (commit) - Log ----------------------------------------------------------------- commit bfa34f551c2d38e826deb44a269cb0f720f9f63b Author: Dr. Stephen Henson Date: Tue Mar 3 14:20:23 2015 +0000 Cleanse PKCS#8 private key components. New function ASN1_STRING_clear_free which cleanses an ASN1_STRING structure before freeing it. Call ASN1_STRING_clear_free on PKCS#8 private key components. Reviewed-by: Rich Salz (cherry picked from commit a8ae0891d4bfd18f224777aed1fbb172504421f1) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1.h | 1 + crypto/asn1/asn1_lib.c | 7 +++++++ crypto/dh/dh_ameth.c | 8 ++++---- crypto/dsa/dsa_ameth.c | 10 +++++----- 4 files changed, 17 insertions(+), 9 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index bb6ac95..68e791f 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -795,6 +795,7 @@ DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); +void ASN1_STRING_clear_free(ASN1_STRING *a); int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a); ASN1_STRING *ASN1_STRING_type_new(int type); diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index 00733a6..0b61fc9 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -430,6 +430,13 @@ void ASN1_STRING_free(ASN1_STRING *a) OPENSSL_free(a); } +void ASN1_STRING_clear_free(ASN1_STRING *a) +{ + if (a && a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + OPENSSL_cleanse(a->data, a->length); + ASN1_STRING_free(a); +} + int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) { int i; diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index f32d376..1d573a4 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -240,7 +240,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -248,7 +248,7 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR); dherr: DH_free(dh); - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 0; } @@ -283,7 +283,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); prkey = NULL; if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0, @@ -298,7 +298,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c142ce7..529efb7 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -226,7 +226,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) goto decerr; if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) goto decerr; } @@ -264,7 +264,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); else - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); return 1; @@ -273,7 +273,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) dsaerr: BN_CTX_free(ctx); if (privkey) - ASN1_INTEGER_free(privkey); + ASN1_STRING_clear_free(privkey); sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); DSA_free(dsa); return 0; @@ -315,7 +315,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) dplen = i2d_ASN1_INTEGER(prkey, &dp); - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0, V_ASN1_SEQUENCE, params, dp, dplen)) @@ -329,7 +329,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) if (params != NULL) ASN1_STRING_free(params); if (prkey != NULL) - ASN1_INTEGER_free(prkey); + ASN1_STRING_clear_free(prkey); return 0; } From steve at openssl.org Sun Mar 8 17:24:06 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 17:24:06 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1425835446.895496.16734.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 01320ad3b9261fe845d30881d760ed1da3a97a14 (commit) from a065737afbc924c75fa332dce3ada7f120eb866a (commit) - Log ----------------------------------------------------------------- commit 01320ad3b9261fe845d30881d760ed1da3a97a14 Author: Dr. Stephen Henson Date: Sun Mar 8 17:01:28 2015 +0000 Fix warnings. Fix compiler warnings (similar to commit 25012d5e79) Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/md32_common.h | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 01f57b7..8687665 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -231,8 +231,7 @@ # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ - l) + *((c)++)=(unsigned char)(((l) )&0xff) ) # endif #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) @@ -252,8 +251,8 @@ # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # ifndef B_ENDIAN /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) # endif # endif @@ -267,8 +266,7 @@ # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ - *((c)++)=(unsigned char)(((l)>>24)&0xff), \ - l) + *((c)++)=(unsigned char)(((l)>>24)&0xff) ) # endif #endif From steve at openssl.org Sun Mar 8 17:24:06 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 17:24:06 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425835446.967576.16764.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 394a30c2f8f68c5d657a9eef9da4941a8e66c0c0 (commit) from 36971258e3e47f04671f5f8e828293b253b4a79a (commit) - Log ----------------------------------------------------------------- commit 394a30c2f8f68c5d657a9eef9da4941a8e66c0c0 Author: Dr. Stephen Henson Date: Sun Mar 8 16:57:46 2015 +0000 Fix warnings. Fix compiler warnings (similar to commit 25012d5e79) Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/md32_common.h | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/crypto/md32_common.h b/crypto/md32_common.h index 0004268..018b99e 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -225,15 +225,13 @@ # define HOST_c2l(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ l|=(((unsigned long)(*((c)++)))<<16), \ l|=(((unsigned long)(*((c)++)))<< 8), \ - l|=(((unsigned long)(*((c)++))) ), \ - l) + l|=(((unsigned long)(*((c)++))) ) ) # endif # ifndef HOST_l2c # define HOST_l2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ *((c)++)=(unsigned char)(((l)>>16)&0xff), \ *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ - *((c)++)=(unsigned char)(((l) )&0xff), \ - l) + *((c)++)=(unsigned char)(((l) )&0xff) ) # endif #elif defined(DATA_ORDER_IS_LITTLE_ENDIAN) @@ -253,8 +251,8 @@ # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__) # ifndef B_ENDIAN /* See comment in DATA_ORDER_IS_BIG_ENDIAN section. */ -# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, l) -# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, l) +# define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4) +# define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4) # endif # endif From steve at openssl.org Sun Mar 8 22:41:27 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 22:41:27 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425854487.468347.12983.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d6ca1cee8b6efac5906ac66443d1ca67fe689ff8 (commit) from bfa34f551c2d38e826deb44a269cb0f720f9f63b (commit) - Log ----------------------------------------------------------------- commit d6ca1cee8b6efac5906ac66443d1ca67fe689ff8 Author: Dr. Stephen Henson Date: Sun Mar 8 17:31:48 2015 +0000 fix warning Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 46ea18a..79b85b9 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -370,10 +370,10 @@ # define SSL_AEAD 0x00000040L /* Bits for algorithm_ssl (protocol version) */ -# define SSL_SSLV2 0x00000001L -# define SSL_SSLV3 0x00000002L +# define SSL_SSLV2 0x00000001UL +# define SSL_SSLV3 0x00000002UL # define SSL_TLSV1 SSL_SSLV3/* for now */ -# define SSL_TLSV1_2 0x00000004L +# define SSL_TLSV1_2 0x00000004UL /* Bits for algorithm2 (handshake digests and other extra flags) */ From steve at openssl.org Sun Mar 8 22:46:48 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 22:46:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425854808.259437.13787.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via f10dfa0757227b317ba11fae99ed7c4d77b4af3e (commit) from 394a30c2f8f68c5d657a9eef9da4941a8e66c0c0 (commit) - Log ----------------------------------------------------------------- commit f10dfa0757227b317ba11fae99ed7c4d77b4af3e Author: Dr. Stephen Henson Date: Sun Mar 8 17:31:48 2015 +0000 fix warning Reviewed-by: Richard Levitte (cherry picked from commit d6ca1cee8b6efac5906ac66443d1ca67fe689ff8) Conflicts: ssl/ssl_locl.h ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9623c65..60ad58d 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -358,8 +358,8 @@ # define SSL_GOST89MAC 0x00000008L /* Bits for algorithm_ssl (protocol version) */ -# define SSL_SSLV2 0x00000001L -# define SSL_SSLV3 0x00000002L +# define SSL_SSLV2 0x00000001UL +# define SSL_SSLV3 0x00000002UL # define SSL_TLSV1 SSL_SSLV3/* for now */ /* Bits for algorithm2 (handshake digests and other extra flags) */ From steve at openssl.org Sun Mar 8 22:46:48 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 08 Mar 2015 22:46:48 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425854808.328592.13810.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via a67303954caa923e8bf2f2bdf04882e9cbc45cc1 (commit) from cb9d5b7b53d3e781c2110e2c4b8f9530ce312eb8 (commit) - Log ----------------------------------------------------------------- commit a67303954caa923e8bf2f2bdf04882e9cbc45cc1 Author: Dr. Stephen Henson Date: Sun Mar 8 17:31:48 2015 +0000 fix warning Reviewed-by: Richard Levitte (cherry picked from commit d6ca1cee8b6efac5906ac66443d1ca67fe689ff8) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_locl.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 4c8df3c..aff3b65 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -369,10 +369,10 @@ # define SSL_AEAD 0x00000040L /* Bits for algorithm_ssl (protocol version) */ -# define SSL_SSLV2 0x00000001L -# define SSL_SSLV3 0x00000002L +# define SSL_SSLV2 0x00000001UL +# define SSL_SSLV3 0x00000002UL # define SSL_TLSV1 SSL_SSLV3/* for now */ -# define SSL_TLSV1_2 0x00000004L +# define SSL_TLSV1_2 0x00000004UL /* Bits for algorithm2 (handshake digests and other extra flags) */ From matt at openssl.org Mon Mar 9 10:55:52 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Mar 2015 10:55:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425898552.449186.29377.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ae3fcdf1e5865b709aed4e66924197bc6191fc5b (commit) from d6ca1cee8b6efac5906ac66443d1ca67fe689ff8 (commit) - Log ----------------------------------------------------------------- commit ae3fcdf1e5865b709aed4e66924197bc6191fc5b Author: Matt Caswell Date: Mon Mar 2 14:34:19 2015 +0000 Fix DTLS1_BAD_VER regression Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse RT#3703 Reviewed-by: Tim Hudson (cherry picked from commit 5178a16c4375471d25e1f5ef5de46febb62a5529) ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 2553c3d..2104800 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1108,8 +1108,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->init_buf->data, s->init_num); if (is_ccs) { + /* For DTLS1_BAD_VER the header length is non-standard */ OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num); } else { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); From matt at openssl.org Mon Mar 9 10:56:01 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Mar 2015 10:56:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425898561.197998.29607.nullmailer@dev.openssl.org> The branch master has been updated via 5178a16c4375471d25e1f5ef5de46febb62a5529 (commit) from a8ae0891d4bfd18f224777aed1fbb172504421f1 (commit) - Log ----------------------------------------------------------------- commit 5178a16c4375471d25e1f5ef5de46febb62a5529 Author: Matt Caswell Date: Mon Mar 2 14:34:19 2015 +0000 Fix DTLS1_BAD_VER regression Commit 9cf0f187 in HEAD, and 68039af3 in 1.0.2, removed a version check from dtls1_buffer_message() which was needed to distinguish between DTLS 1.x and Cisco's pre-standard version of DTLS (DTLS1_BAD_VER). Based on an original patch by David Woodhouse RT#3703 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 7d48cc4..a7d0a82 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1086,8 +1086,10 @@ int dtls1_buffer_message(SSL *s, int is_ccs) memcpy(frag->fragment, s->init_buf->data, s->init_num); if (is_ccs) { + /* For DTLS1_BAD_VER the header length is non-standard */ OPENSSL_assert(s->d1->w_msg_hdr.msg_len + - DTLS1_CCS_HEADER_LENGTH == (unsigned int)s->init_num); + ((s->version==DTLS1_BAD_VER)?3:DTLS1_CCS_HEADER_LENGTH) + == (unsigned int)s->init_num); } else { OPENSSL_assert(s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num); From matt at openssl.org Mon Mar 9 11:09:32 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Mar 2015 11:09:32 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425899372.492357.32056.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0d691e0e27a5eed8ece790830b8a2168348b1373 (commit) from ae3fcdf1e5865b709aed4e66924197bc6191fc5b (commit) - Log ----------------------------------------------------------------- commit 0d691e0e27a5eed8ece790830b8a2168348b1373 Author: David Woodhouse Date: Mon Mar 2 16:20:15 2015 +0000 Wrong SSL version in DTLS1_BAD_VER ClientHello Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: Rich Salz (cherry picked from commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d) ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 2845757..1f10054 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -270,7 +270,7 @@ void dtls1_clear(SSL *s) ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version = DTLS1_BAD_VER; + s->client_version = s->version = DTLS1_BAD_VER; else if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS1_2_VERSION; else From matt at openssl.org Mon Mar 9 11:09:40 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 09 Mar 2015 11:09:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425899380.209711.32287.nullmailer@dev.openssl.org> The branch master has been updated via f7683aaf36341dc65672ac2ccdbfd4a232e3626d (commit) from 5178a16c4375471d25e1f5ef5de46febb62a5529 (commit) - Log ----------------------------------------------------------------- commit f7683aaf36341dc65672ac2ccdbfd4a232e3626d Author: David Woodhouse Date: Mon Mar 2 16:20:15 2015 +0000 Wrong SSL version in DTLS1_BAD_VER ClientHello Since commit 741c9959 ("DTLS revision."), we put the wrong protocol version into our ClientHello for DTLS1_BAD_VER. The old DTLS code which used ssl->version was replaced by the more generic SSL3 code which uses ssl->client_version. The Cisco ASA no longer likes our ClientHello. RT#3711 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/d1_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 4ca6bb3..626cecb 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -273,7 +273,7 @@ void dtls1_clear(SSL *s) ssl3_clear(s); if (s->options & SSL_OP_CISCO_ANYCONNECT) - s->version = DTLS1_BAD_VER; + s->client_version = s->version = DTLS1_BAD_VER; else if (s->method->version == DTLS_ANY_VERSION) s->version = DTLS1_2_VERSION; else From steve at openssl.org Mon Mar 9 16:52:17 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 09 Mar 2015 16:52:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1425919937.937030.11874.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 765e2465cace18be949bd537edf153f9445eb1fc (commit) from f10dfa0757227b317ba11fae99ed7c4d77b4af3e (commit) - Log ----------------------------------------------------------------- commit 765e2465cace18be949bd537edf153f9445eb1fc Author: Dr. Stephen Henson Date: Mon Mar 9 16:40:22 2015 +0000 update ordinals Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index a992e0d..bd20a3b 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1806,6 +1806,7 @@ d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP +ASN1_STRING_clear_free 2392 EXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: From steve at openssl.org Mon Mar 9 16:56:00 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 09 Mar 2015 16:56:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425920160.052139.12522.nullmailer@dev.openssl.org> The branch master has been updated via 99e1ad3c4bb1dd03f36429c1ce4eafa5ed162964 (commit) from f7683aaf36341dc65672ac2ccdbfd4a232e3626d (commit) - Log ----------------------------------------------------------------- commit 99e1ad3c4bb1dd03f36429c1ce4eafa5ed162964 Author: Dr. Stephen Henson Date: Mon Mar 9 16:55:18 2015 +0000 update ordinals Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index 1bb1749..a991d77 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1806,6 +1806,7 @@ d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION: X509_CRL_digest 2391 EXIST::FUNCTION: +ASN1_STRING_clear_free 2392 EXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: From steve at openssl.org Mon Mar 9 16:59:03 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 09 Mar 2015 16:59:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425920343.324013.13591.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via ef6d3485eca973edf1cf94a8b0156588753aaf3f (commit) from a67303954caa923e8bf2f2bdf04882e9cbc45cc1 (commit) - Log ----------------------------------------------------------------- commit ef6d3485eca973edf1cf94a8b0156588753aaf3f Author: Dr. Stephen Henson Date: Mon Mar 9 16:58:16 2015 +0000 update ordinals Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index 3821c9c..b594caf 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1806,6 +1806,7 @@ d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP +ASN1_STRING_clear_free 2392 EXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: From steve at openssl.org Mon Mar 9 16:59:03 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 09 Mar 2015 16:59:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425920343.398644.13614.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via ef116b000314848b6aa11a2d9f5205b82c8b59b4 (commit) from 0d691e0e27a5eed8ece790830b8a2168348b1373 (commit) - Log ----------------------------------------------------------------- commit ef116b000314848b6aa11a2d9f5205b82c8b59b4 Author: Dr. Stephen Henson Date: Mon Mar 9 16:57:24 2015 +0000 update ordinals Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: util/libeay.num | 1 + 1 file changed, 1 insertion(+) diff --git a/util/libeay.num b/util/libeay.num index 4a11d78..b977e4e 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1806,6 +1806,7 @@ d2i_ASN1_SET_OF_PKCS12_SAFEBAG 2341 NOEXIST::FUNCTION: ASN1_UTCTIME_get 2350 NOEXIST::FUNCTION: X509_REQ_digest 2362 EXIST::FUNCTION:EVP X509_CRL_digest 2391 EXIST::FUNCTION:EVP +ASN1_STRING_clear_free 2392 EXIST::FUNCTION: d2i_ASN1_SET_OF_PKCS7 2397 NOEXIST::FUNCTION: X509_ALGOR_cmp 2398 EXIST::FUNCTION: EVP_CIPHER_CTX_set_key_length 2399 EXIST::FUNCTION: From levitte at openssl.org Mon Mar 9 20:03:25 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Mar 2015 20:03:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425931405.595866.5636.nullmailer@dev.openssl.org> The branch master has been updated via 0b142f022e2c5072295e00ebc11c5b707a726d74 (commit) from 99e1ad3c4bb1dd03f36429c1ce4eafa5ed162964 (commit) - Log ----------------------------------------------------------------- commit 0b142f022e2c5072295e00ebc11c5b707a726d74 Author: Dmitry-Me Date: Sun Jun 1 21:30:52 2014 +0400 Fix wrong numbers being passed as string lengths Signed-off-by: Richard Levitte Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_par.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index cf5b500..42088d0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2745,7 +2745,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) /* else we have data */ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) { + ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer; STACK_OF(SSL_CIPHER) *sk; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 9735cb5..16a1b5a 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -359,7 +359,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) arg->format = ASN1_GEN_FORMAT_UTF8; else if (!strncmp(vstart, "HEX", 3)) arg->format = ASN1_GEN_FORMAT_HEX; - else if (!strncmp(vstart, "BITLIST", 3)) + else if (!strncmp(vstart, "BITLIST", 7)) arg->format = ASN1_GEN_FORMAT_BITLIST; else { ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 58d65ac..b12edf9 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -330,7 +330,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; } } else { - if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0) + if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) goto end; } M_ASN1_ENUMERATED_free(bs); From levitte at openssl.org Mon Mar 9 20:06:59 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Mar 2015 20:06:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425931619.037881.7022.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b65b4c3481d9fc88056cd8373fd693d888ca064f (commit) from ef116b000314848b6aa11a2d9f5205b82c8b59b4 (commit) - Log ----------------------------------------------------------------- commit b65b4c3481d9fc88056cd8373fd693d888ca064f Author: Dmitry-Me Date: Sun Jun 1 21:30:52 2014 +0400 Fix wrong numbers being passed as string lengths Signed-off-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_par.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 655ada0..d5d2492 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2869,7 +2869,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) /* else we have data */ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) { + ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer; STACK_OF(SSL_CIPHER) *sk; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index aaec009..b71ae48 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -359,7 +359,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) arg->format = ASN1_GEN_FORMAT_UTF8; else if (!strncmp(vstart, "HEX", 3)) arg->format = ASN1_GEN_FORMAT_HEX; - else if (!strncmp(vstart, "BITLIST", 3)) + else if (!strncmp(vstart, "BITLIST", 7)) arg->format = ASN1_GEN_FORMAT_BITLIST; else { ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index f6cd4b2..a5d2da1 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -337,7 +337,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; } } else { - if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0) + if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) goto end; } M_ASN1_ENUMERATED_free(bs); From levitte at openssl.org Mon Mar 9 20:06:49 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 09 Mar 2015 20:06:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425931609.817158.6769.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 521246e6085d5e1530c58ab8a50ce898d280ceed (commit) from ef6d3485eca973edf1cf94a8b0156588753aaf3f (commit) - Log ----------------------------------------------------------------- commit 521246e6085d5e1530c58ab8a50ce898d280ceed Author: Dmitry-Me Date: Sun Jun 1 21:30:52 2014 +0400 Fix wrong numbers being passed as string lengths Signed-off-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 0b142f022e2c5072295e00ebc11c5b707a726d74) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_par.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index d5ac75a..caba5b3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2642,7 +2642,7 @@ static int www_body(char *hostname, int s, unsigned char *context) /* else we have data */ if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) || - ((www == 2) && (strncmp("GET /stats ", buf, 10) == 0))) { + ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) { char *p; X509 *peer; STACK_OF(SSL_CIPHER) *sk; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index aaec009..b71ae48 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -359,7 +359,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) arg->format = ASN1_GEN_FORMAT_UTF8; else if (!strncmp(vstart, "HEX", 3)) arg->format = ASN1_GEN_FORMAT_HEX; - else if (!strncmp(vstart, "BITLIST", 3)) + else if (!strncmp(vstart, "BITLIST", 7)) arg->format = ASN1_GEN_FORMAT_BITLIST; else { ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index f6cd4b2..a5d2da1 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -337,7 +337,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; } } else { - if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0) + if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0) goto end; } M_ASN1_ENUMERATED_free(bs); From matt at openssl.org Tue Mar 10 10:47:37 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Mar 2015 10:47:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425984457.761228.20878.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 (commit) from b65b4c3481d9fc88056cd8373fd693d888ca064f (commit) - Log ----------------------------------------------------------------- commit 2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 Author: Matt Caswell Date: Thu Feb 26 11:56:00 2015 +0000 Prevent handshake with unseeded PRNG Fix security issue where under certain conditions a client can complete a handshake with an unseeded PRNG. The conditions are: - Client is on a platform where the PRNG has not been seeded, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA) If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA CVE-2015-0285 Reviewed-by: Richard Levitte (cherry picked from commit e1b568dd2462f7cacf98f3d117936c34e2849a6b) ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f186c3c..91053d5 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -717,8 +717,9 @@ int ssl3_client_hello(SSL *s) } else i = 1; - if (i) - ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)); + if (i && ssl_fill_hello_random(s, 0, p, + sizeof(s->s3->client_random)) <= 0) + goto err; /* Do the message type and length last */ d = p = ssl_handshake_start(s); From matt at openssl.org Tue Mar 10 10:47:44 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 10 Mar 2015 10:47:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425984464.427874.21148.nullmailer@dev.openssl.org> The branch master has been updated via e1b568dd2462f7cacf98f3d117936c34e2849a6b (commit) from 0b142f022e2c5072295e00ebc11c5b707a726d74 (commit) - Log ----------------------------------------------------------------- commit e1b568dd2462f7cacf98f3d117936c34e2849a6b Author: Matt Caswell Date: Thu Feb 26 11:56:00 2015 +0000 Prevent handshake with unseeded PRNG Fix security issue where under certain conditions a client can complete a handshake with an unseeded PRNG. The conditions are: - Client is on a platform where the PRNG has not been seeded, and the user has not seeded manually - A protocol specific client method version has been used (i.e. not SSL_client_methodv23) - A ciphersuite is used that does not require additional random data from the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA) If the handshake succeeds then the client random that has been used will have been generated from a PRNG with insufficient entropy and therefore the output may be predictable. For example using the following command with an unseeded openssl will succeed on an unpatched platform: openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA CVE-2015-0285 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1e437b2..750217f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -719,8 +719,9 @@ int ssl3_client_hello(SSL *s) } else i = 1; - if (i) - ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random)); + if (i && ssl_fill_hello_random(s, 0, p, + sizeof(s->s3->client_random)) <= 0) + goto err; /* Do the message type and length last */ d = p = ssl_handshake_start(s); From levitte at openssl.org Tue Mar 10 11:33:25 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Mar 2015 11:33:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1425987205.742183.27774.nullmailer@dev.openssl.org> The branch master has been updated via 460e920d8a274e27aab36346eeda6685a42c3314 (commit) from e1b568dd2462f7cacf98f3d117936c34e2849a6b (commit) - Log ----------------------------------------------------------------- commit 460e920d8a274e27aab36346eeda6685a42c3314 Author: Richard Godbee Date: Sun Sep 21 02:14:11 2014 -0400 BIO_debug_callback: Fix output on 64-bit machines BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: Richard Levitte Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_cb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 3607375..dcb428b 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -70,14 +70,17 @@ long BIO_debug_callback(BIO *bio, int cmd, const char *argp, char buf[256]; char *p; long r = 1; + int len; size_t p_maxlen; if (BIO_CB_RETURN & cmd) r = ret; - BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); - p = &(buf[14]); - p_maxlen = sizeof buf - 14; + len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + + p = buf + len; + p_maxlen = sizeof(buf) - len; + switch (cmd) { case BIO_CB_FREE: BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); From levitte at openssl.org Tue Mar 10 11:34:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Mar 2015 11:34:42 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1425987282.439892.28739.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 93cb447df263a0ba91c09be679eef6b1523df4f4 (commit) from 521246e6085d5e1530c58ab8a50ce898d280ceed (commit) - Log ----------------------------------------------------------------- commit 93cb447df263a0ba91c09be679eef6b1523df4f4 Author: Richard Godbee Date: Sun Sep 21 02:14:11 2014 -0400 BIO_debug_callback: Fix output on 64-bit machines BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 460e920d8a274e27aab36346eeda6685a42c3314) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_cb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 8715f5c..d3e8606 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -70,14 +70,17 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, MS_STATIC char buf[256]; char *p; long r = 1; + int len; size_t p_maxlen; if (BIO_CB_RETURN & cmd) r = ret; - BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); - p = &(buf[14]); - p_maxlen = sizeof buf - 14; + len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + + p = buf + len; + p_maxlen = sizeof(buf) - len; + switch (cmd) { case BIO_CB_FREE: BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); From levitte at openssl.org Tue Mar 10 11:34:45 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 10 Mar 2015 11:34:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1425987285.417432.28977.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 5a9e9669d8073ddc5efeea08f3daee42509b2aa7 (commit) from 2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 (commit) - Log ----------------------------------------------------------------- commit 5a9e9669d8073ddc5efeea08f3daee42509b2aa7 Author: Richard Godbee Date: Sun Sep 21 02:14:11 2014 -0400 BIO_debug_callback: Fix output on 64-bit machines BIO_debug_callback() no longer assumes the hexadecimal representation of a pointer fits in 8 characters. Signed-off-by: Richard Levitte Reviewed-by: Matt Caswell (cherry picked from commit 460e920d8a274e27aab36346eeda6685a42c3314) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bio_cb.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index 8715f5c..d3e8606 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -70,14 +70,17 @@ long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, MS_STATIC char buf[256]; char *p; long r = 1; + int len; size_t p_maxlen; if (BIO_CB_RETURN & cmd) r = ret; - BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio); - p = &(buf[14]); - p_maxlen = sizeof buf - 14; + len = BIO_snprintf(buf,sizeof buf,"BIO[%p]: ",(void *)bio); + + p = buf + len; + p_maxlen = sizeof(buf) - len; + switch (cmd) { case BIO_CB_FREE: BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name); From emilia at openssl.org Tue Mar 10 20:53:07 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 10 Mar 2015 20:53:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426020787.455934.1458.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 8b7e469d06d7c487342eef1dcca3dc02fe7cd267 (commit) from 93cb447df263a0ba91c09be679eef6b1523df4f4 (commit) - Log ----------------------------------------------------------------- commit 8b7e469d06d7c487342eef1dcca3dc02fe7cd267 Author: Emilia Kasper Date: Wed Mar 4 13:05:53 2015 -0800 Harmonize return values in dtls1_buffer_record Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell (cherry picked from commit 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a) ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 0985bb0..7b49a7d 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -236,7 +236,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - return (0); + return -1; } rdata->packet = s->packet; From emilia at openssl.org Tue Mar 10 20:53:07 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 10 Mar 2015 20:53:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426020787.685419.1522.nullmailer@dev.openssl.org> The branch master has been updated via 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a (commit) from 460e920d8a274e27aab36346eeda6685a42c3314 (commit) - Log ----------------------------------------------------------------- commit 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a Author: Emilia Kasper Date: Wed Mar 4 13:05:53 2015 -0800 Harmonize return values in dtls1_buffer_record Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index b1d9156..4dbd694 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -231,7 +231,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - return (0); + return -1; } rdata->packet = s->packet; From emilia at openssl.org Tue Mar 10 20:53:07 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 10 Mar 2015 20:53:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426020787.549929.1482.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0c14565c5b7683e4bd47cf299b2f6d4bc26d61aa (commit) from 5a9e9669d8073ddc5efeea08f3daee42509b2aa7 (commit) - Log ----------------------------------------------------------------- commit 0c14565c5b7683e4bd47cf299b2f6d4bc26d61aa Author: Emilia Kasper Date: Wed Mar 4 13:05:53 2015 -0800 Harmonize return values in dtls1_buffer_record Ensure all malloc failures return -1. Reported by Adam Langley (Google). Reviewed-by: Matt Caswell (cherry picked from commit 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a) ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index bf96f60..940ca69 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -236,7 +236,7 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - return (0); + return -1; } rdata->packet = s->packet; From matt at openssl.org Wed Mar 11 10:58:42 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 10:58:42 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1426071522.273914.30199.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via c2f5de13cd09179169b28179ad1e1cac0e4cd1fb (commit) from 01320ad3b9261fe845d30881d760ed1da3a97a14 (commit) - Log ----------------------------------------------------------------- commit c2f5de13cd09179169b28179ad1e1cac0e4cd1fb Author: Matt Caswell Date: Mon Mar 9 13:59:58 2015 +0000 Cleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Conflicts: ssl/s3_enc.c Conflicts: ssl/t1_enc.c Conflicts: ssl/t1_enc.c Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_enc.c | 1 + ssl/t1_enc.c | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index f330577..5eaea69 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -712,6 +712,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, ret += n; } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index c5e7f23..a419e44 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -707,6 +707,8 @@ int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, out, buf2, sizeof buf2); EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); return sizeof buf2; } @@ -850,6 +852,8 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, tls1_PRF(s->ctx->md5, s->ctx->sha1, buf, TLS_MD_MASTER_SECRET_CONST_SIZE + SSL3_RANDOM_SIZE * 2, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buff, sizeof buff); #ifdef KSSL_DEBUG printf("tls1_generate_master_secret() complete\n"); #endif /* KSSL_DEBUG */ From matt at openssl.org Wed Mar 11 10:58:53 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 10:58:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1426071533.227207.30495.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 683f03e4881ffd19b8671f290387cd4e68fad457 (commit) from 765e2465cace18be949bd537edf153f9445eb1fc (commit) - Log ----------------------------------------------------------------- commit 683f03e4881ffd19b8671f290387cd4e68fad457 Author: Matt Caswell Date: Mon Mar 9 13:59:58 2015 +0000 Cleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Reviewed-by: Richard Levitte (cherry picked from commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de) Conflicts: ssl/s3_enc.c Conflicts: ssl/t1_enc.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_enc.c | 1 + ssl/t1_enc.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 7c3a38c..247efdc 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -830,6 +830,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, ret += n; } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index acef20b..c233827 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -860,6 +860,8 @@ int tls1_final_finish_mac(SSL *s, err = 1; EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); if (err) return 0; else @@ -1017,6 +1019,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, so, sol, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buff, sizeof buff); #ifdef KSSL_DEBUG printf("tls1_generate_master_secret() complete\n"); From matt at openssl.org Wed Mar 11 10:59:04 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 10:59:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426071544.421097.30781.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 58d8a271ab1eb38fc2983519fb3c37a900df41cf (commit) from 8b7e469d06d7c487342eef1dcca3dc02fe7cd267 (commit) - Log ----------------------------------------------------------------- commit 58d8a271ab1eb38fc2983519fb3c37a900df41cf Author: Matt Caswell Date: Mon Mar 9 13:59:58 2015 +0000 Cleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Reviewed-by: Richard Levitte (cherry picked from commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de) Conflicts: ssl/s3_enc.c ----------------------------------------------------------------------- Summary of changes: ssl/s3_enc.c | 1 + ssl/t1_enc.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index b4a1456..152f40d 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -841,6 +841,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, ret += n; } EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 0d70116..fa1c002 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -958,6 +958,8 @@ int tls1_final_finish_mac(SSL *s, err = 1; EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); if (err) return 0; else @@ -1121,6 +1123,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, so, sol, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buff, sizeof buff); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); @@ -1215,6 +1218,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, s->session->master_key, s->session->master_key_length, out, buff, olen); + OPENSSL_cleanse(val, vallen); + OPENSSL_cleanse(buff, olen); #ifdef KSSL_DEBUG fprintf(stderr, "tls1_export_keying_material() complete\n"); From matt at openssl.org Wed Mar 11 10:59:15 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 10:59:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426071555.570463.31032.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 35fafc4dbc0b3a717ad1b208fe2867e8c64867de (commit) from 0c14565c5b7683e4bd47cf299b2f6d4bc26d61aa (commit) - Log ----------------------------------------------------------------- commit 35fafc4dbc0b3a717ad1b208fe2867e8c64867de Author: Matt Caswell Date: Mon Mar 9 13:59:58 2015 +0000 Cleanse buffers Cleanse various intermediate buffers used by the PRF (backported version from master). Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_enc.c | 1 + ssl/t1_enc.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index cdbf0f0..cda2d8c 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -877,6 +877,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a563fe4..84f5896 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -976,6 +976,8 @@ int tls1_final_finish_mac(SSL *s, err = 1; EVP_MD_CTX_cleanup(&ctx); + OPENSSL_cleanse(buf, (int)(q - buf)); + OPENSSL_cleanse(buf2, sizeof(buf2)); if (err) return 0; else @@ -1139,6 +1141,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, co, col, s->s3->server_random, SSL3_RANDOM_SIZE, so, sol, p, len, s->session->master_key, buff, sizeof buff); + OPENSSL_cleanse(buff, sizeof buff); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); @@ -1249,6 +1252,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, s->session->master_key, s->session->master_key_length, out, buff, olen); + OPENSSL_cleanse(val, vallen); + OPENSSL_cleanse(buff, olen); #ifdef KSSL_DEBUG fprintf(stderr, "tls1_export_keying_material() complete\n"); From matt at openssl.org Wed Mar 11 10:59:23 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 10:59:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426071563.656680.31254.nullmailer@dev.openssl.org> The branch master has been updated via c9dd49a751d4e73e6d891c006bb1d835ebfb8493 (commit) from 06c6a2b4a3a6e64303caa256398dd2dc16f9c35a (commit) - Log ----------------------------------------------------------------- commit c9dd49a751d4e73e6d891c006bb1d835ebfb8493 Author: Matt Caswell Date: Mon Mar 9 13:59:58 2015 +0000 Cleanse buffers Cleanse various intermediate buffers used by the PRF. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: ssl/s3_enc.c | 1 + ssl/t1_enc.c | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 8dda5d0..83a576a 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -871,6 +871,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif + OPENSSL_cleanse(buf, sizeof buf); return (ret); } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 6fad8be..1833eb7 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -949,6 +949,8 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, s->session->master_key, s->session->master_key_length, out, buf2, sizeof buf2)) return 0; + OPENSSL_cleanse(hash, hashlen); + OPENSSL_cleanse(buf2, sizeof(buf2)); return sizeof buf2; } @@ -1112,6 +1114,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0, p, len, s->session->master_key, buff, sizeof buff); } + OPENSSL_cleanse(buff, sizeof buff); #ifdef SSL_DEBUG fprintf(stderr, "Premaster Secret:\n"); BIO_dump_fp(stderr, (char *)p, len); @@ -1225,6 +1228,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, s->session->master_key, s->session->master_key_length, out, buff, olen); + OPENSSL_cleanse(val, vallen); + OPENSSL_cleanse(buff, olen); #ifdef KSSL_DEBUG fprintf(stderr, "tls1_export_keying_material() complete\n"); From levitte at openssl.org Wed Mar 11 11:08:27 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 11 Mar 2015 11:08:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426072107.629197.2269.nullmailer@dev.openssl.org> The branch master has been updated via 97a0cc52812c6cc075ec7da849dd496f0e6cf5a4 (commit) from c9dd49a751d4e73e6d891c006bb1d835ebfb8493 (commit) - Log ----------------------------------------------------------------- commit 97a0cc52812c6cc075ec7da849dd496f0e6cf5a4 Author: Richard Levitte Date: Wed Mar 11 10:22:50 2015 +0100 Move Configurations* out of the way and rename them. Configure would load the glob "Configurations*". The problem with this is that it also loads all kinds of backups of those configurations that some editors do, like emacs' classic 'Configurations~'. The solution is to give them an extension, such as '.conf', and make sure to end the glob with that. Also, because 'Configurations.conf' makes for a silly name, and because a possibly large number of configurations will become clutter, move them to a subdirectory 'Configurations/', and rename them to something more expressive, as well as something that sets up some form of sorting order. Thus: Configurations -> Configurations/10-main.conf Configurations.team -> Configurations/90-team.conf Finally, make sure that Configure sorts the list of files that 'glob' produces, and adapt Makefile.org. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Configurations => Configurations/10-main.conf | 0 Configurations.team => Configurations/90-team.conf | 0 Configure | 4 ++-- Makefile.org | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename Configurations => Configurations/10-main.conf (100%) rename Configurations.team => Configurations/90-team.conf (100%) diff --git a/Configurations b/Configurations/10-main.conf similarity index 100% rename from Configurations rename to Configurations/10-main.conf diff --git a/Configurations.team b/Configurations/90-team.conf similarity index 100% rename from Configurations.team rename to Configurations/90-team.conf diff --git a/Configure b/Configure index 5dbfa6c..4094c08 100755 --- a/Configure +++ b/Configure @@ -184,8 +184,8 @@ sub read_config { } my ($vol, $dir, $dummy) = File::Spec->splitpath($0); -my $pattern = File::Spec->catpath($vol, $dir, "Configurations*"); -foreach ( glob($pattern) ) { +my $pattern = File::Spec->catpath($vol, $dir, "Configurations/*.conf"); +foreach (sort glob($pattern) ) { &read_config($_); } diff --git a/Makefile.org b/Makefile.org index 4f5bff9..0d09ad4 100644 --- a/Makefile.org +++ b/Makefile.org @@ -500,7 +500,7 @@ crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h -TABLE: Configure Configurations Configurations.team +TABLE: Configure Configurations/*.conf (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE From matt at openssl.org Wed Mar 11 11:33:24 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 11:33:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426073604.099616.9139.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via f5ee5213073870493a8ade98b13ea41a2b20b8d4 (commit) from 58d8a271ab1eb38fc2983519fb3c37a900df41cf (commit) - Log ----------------------------------------------------------------- commit f5ee5213073870493a8ade98b13ea41a2b20b8d4 Author: Matt Caswell Date: Tue Mar 10 23:15:15 2015 +0000 Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf Reviewed-by: Dr. Stephen Henson (cherry picked from commit ac5a110621ca48f0bebd5b4d76d081de403da29e) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_gen.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index b71ae48..11b582d 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -353,6 +353,10 @@ static int asn1_cb(const char *elem, int len, void *bitstr) break; case ASN1_GEN_FLAG_FORMAT: + if(!vstart) { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); + return -1; + } if (!strncmp(vstart, "ASCII", 5)) arg->format = ASN1_GEN_FORMAT_ASCII; else if (!strncmp(vstart, "UTF8", 4)) From matt at openssl.org Wed Mar 11 11:33:34 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 11:33:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426073614.542256.9394.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 9c5c18500bfb58fe0eedfbab71409b6ebc4d2d4c (commit) from 35fafc4dbc0b3a717ad1b208fe2867e8c64867de (commit) - Log ----------------------------------------------------------------- commit 9c5c18500bfb58fe0eedfbab71409b6ebc4d2d4c Author: Matt Caswell Date: Tue Mar 10 23:15:15 2015 +0000 Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf Reviewed-by: Dr. Stephen Henson (cherry picked from commit ac5a110621ca48f0bebd5b4d76d081de403da29e) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_gen.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index b71ae48..11b582d 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -353,6 +353,10 @@ static int asn1_cb(const char *elem, int len, void *bitstr) break; case ASN1_GEN_FLAG_FORMAT: + if(!vstart) { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); + return -1; + } if (!strncmp(vstart, "ASCII", 5)) arg->format = ASN1_GEN_FORMAT_ASCII; else if (!strncmp(vstart, "UTF8", 4)) From matt at openssl.org Wed Mar 11 11:34:38 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 11 Mar 2015 11:34:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426073678.669485.9838.nullmailer@dev.openssl.org> The branch master has been updated via ac5a110621ca48f0bebd5b4d76d081de403da29e (commit) from 97a0cc52812c6cc075ec7da849dd496f0e6cf5a4 (commit) - Log ----------------------------------------------------------------- commit ac5a110621ca48f0bebd5b4d76d081de403da29e Author: Matt Caswell Date: Tue Mar 10 23:15:15 2015 +0000 Fix seg fault in ASN1_generate_v3/ASN1_generate_nconf Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1_gen.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 16a1b5a..0e1cc08 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -353,6 +353,10 @@ static int asn1_cb(const char *elem, int len, void *bitstr) break; case ASN1_GEN_FLAG_FORMAT: + if(!vstart) { + ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); + return -1; + } if (!strncmp(vstart, "ASCII", 5)) arg->format = ASN1_GEN_FORMAT_ASCII; else if (!strncmp(vstart, "UTF8", 4)) From rsalz at openssl.org Wed Mar 11 13:29:59 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 11 Mar 2015 13:29:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426080599.107694.6812.nullmailer@dev.openssl.org> The branch master has been updated via 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff (commit) from ac5a110621ca48f0bebd5b4d76d081de403da29e (commit) - Log ----------------------------------------------------------------- commit 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff Author: Rich Salz Date: Tue Mar 10 19:09:27 2015 -0400 Merge OPENSSL_NO_EC{DH,DSA} into OPENSSL_NO_EC Suggested by John Foley . Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: CHANGES | 37 +++++++++++++---------- apps/req.c | 2 +- apps/s_cb.c | 2 +- apps/s_server.c | 6 ++-- apps/speed.c | 74 ++++++++++++--------------------------------- crypto/ec/ec_pmeth.c | 7 ++--- crypto/ecdh/ecdh.h | 2 +- crypto/ecdh/ecdhtest.c | 4 +-- crypto/ecdsa/ecdsa.h | 2 +- crypto/ecdsa/ecdsatest.c | 4 +-- crypto/engine/eng_fat.c | 8 ++--- crypto/engine/eng_list.c | 4 +-- crypto/engine/eng_openssl.c | 4 +-- crypto/engine/engine.h | 4 +-- crypto/err/err_all.c | 8 +---- crypto/evp/c_alld.c | 2 +- crypto/evp/evp.h | 2 +- crypto/x509/x509.h | 6 ---- ssl/s3_clnt.c | 24 +++++++-------- ssl/s3_lib.c | 39 +++++++++++------------- ssl/s3_srvr.c | 10 +++--- ssl/ssl.h | 2 +- ssl/ssl_algs.c | 2 +- ssl/ssl_cert.c | 8 ++--- ssl/ssl_ciph.c | 9 ++---- ssl/ssl_conf.c | 4 +-- ssl/ssl_lib.c | 18 +++-------- ssl/ssl_locl.h | 10 +++--- ssl/ssltest.c | 12 ++++---- ssl/t1_lib.c | 17 +++++------ util/mk1mf.pl | 6 ---- 31 files changed, 129 insertions(+), 210 deletions(-) diff --git a/CHANGES b/CHANGES index 8fcfcce..8d6fcaf 100644 --- a/CHANGES +++ b/CHANGES @@ -41,28 +41,33 @@ [Rich Salz] *) Remove various unsupported platforms: - Sony NEWS4 - BEOS and BEOS_R5 - NeXT - SUNOS - MPE/iX - Sinix/ReliantUNIX RM400 - DGUX - NCR - Tandem - Cray - 16-bit platforms such as WIN16 + Sony NEWS4 + BEOS and BEOS_R5 + NeXT + SUNOS + MPE/iX + Sinix/ReliantUNIX RM400 + DGUX + NCR + Tandem + Cray + 16-bit platforms such as WIN16 [Rich Salz] - *) Start cleaning up OPENSSL_NO_xxx #define's - OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 - OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO - Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF + *) Clean up OPENSSL_NO_xxx #define's + Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx + OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC + OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160 + OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO + Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY + OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP + OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK + OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY Remove MS_STATIC; it's a relic from platforms <32 bits. [Rich Salz] - *) Start cleaning up dead code + *) Cleaned up dead code Remove all but one '#ifdef undef' which is to be looked at. [Rich Salz] diff --git a/apps/req.c b/apps/req.c index 6d06ed7..231535b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -398,7 +398,7 @@ int MAIN(int argc, char **argv) " -newkey rsa:bits generate a new RSA key of 'bits' in size\n"); BIO_printf(bio_err, " -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n"); -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, " -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index 12f7b8c..8a66c9a 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -521,7 +521,7 @@ int ssl_print_tmp_key(BIO *out, SSL *s) case EVP_PKEY_DH: BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key)); break; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case EVP_PKEY_EC: { EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key); diff --git a/apps/s_server.c b/apps/s_server.c index 42088d0..874b402 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -486,7 +486,7 @@ static void sv_usage(void) " -dhparam arg - DH parameter file to use, in cert file if not specified\n"); BIO_printf(bio_err, " or a default set of parameters is used\n"); -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" " Use \"openssl ecparam -list_curves\" for all names\n" @@ -545,7 +545,7 @@ static void sv_usage(void) #ifndef OPENSSL_NO_DH BIO_printf(bio_err, " -no_dhe - Disable ephemeral DH\n"); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, " -no_ecdhe - Disable ephemeral ECDH\n"); #endif BIO_printf(bio_err, @@ -1677,7 +1677,7 @@ int MAIN(int argc, char *argv[]) bio_s_out = BIO_new_fp(stdout, BIO_NOCLOSE); } } -#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) if (nocert) #endif { diff --git a/apps/speed.c b/apps/speed.c index 57b53ce..44c276a 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -172,10 +172,8 @@ # include # include "./testdsa.h" #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC # include -#endif -#ifndef OPENSSL_NO_ECDH # include #endif #include @@ -242,14 +240,12 @@ static double rsa_results[RSA_NUM][2]; #ifndef OPENSSL_NO_DSA static double dsa_results[DSA_NUM][2]; #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC static double ecdsa_results[EC_NUM][2]; -#endif -#ifndef OPENSSL_NO_ECDH static double ecdh_results[EC_NUM][1]; #endif -#if defined(OPENSSL_NO_DSA) && !(defined(OPENSSL_NO_ECDSA) && defined(OPENSSL_NO_ECDH)) +#if defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_EC) static const char rnd_seed[] = "string to make the random number generator think it has entropy"; static int rnd_fake = 0; @@ -330,7 +326,7 @@ static double Time_F(int s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC static const int KDF1_SHA1_len = 20; static void *KDF1_SHA1(const void *in, size_t inlen, void *out, size_t *outlen) @@ -340,7 +336,7 @@ static void *KDF1_SHA1(const void *in, size_t inlen, void *out, *outlen = SHA_DIGEST_LENGTH; return SHA1(in, inlen, out); } -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ static void multiblock_speed(const EVP_CIPHER *evp_cipher); @@ -595,30 +591,23 @@ int MAIN(int argc, char **argv) #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC unsigned char ecdsasig[256]; unsigned int ecdsasiglen; EC_KEY *ecdsa[EC_NUM]; long ecdsa_c[EC_NUM][2]; -#endif - -#ifndef OPENSSL_NO_ECDH EC_KEY *ecdh_a[EC_NUM], *ecdh_b[EC_NUM]; unsigned char secret_a[MAX_ECDH_SIZE], secret_b[MAX_ECDH_SIZE]; int secret_size_a, secret_size_b; int ecdh_checks = 0; int secret_idx = 0; long ecdh_c[EC_NUM][2]; + int ecdsa_doit[EC_NUM]; + int ecdh_doit[EC_NUM]; #endif int rsa_doit[RSA_NUM]; int dsa_doit[DSA_NUM]; -#ifndef OPENSSL_NO_ECDSA - int ecdsa_doit[EC_NUM]; -#endif -#ifndef OPENSSL_NO_ECDH - int ecdh_doit[EC_NUM]; -#endif int doit[ALGOR_NUM]; int pr_header = 0; const EVP_CIPHER *evp_cipher = NULL; @@ -639,11 +628,9 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA memset(dsa_key, 0, sizeof(dsa_key)); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) ecdsa[i] = NULL; -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) { ecdh_a[i] = NULL; ecdh_b[i] = NULL; @@ -689,11 +676,9 @@ int MAIN(int argc, char **argv) rsa_doit[i] = 0; for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 0; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 0; -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 0; #endif @@ -986,7 +971,7 @@ int MAIN(int argc, char **argv) dsa_doit[R_DSA_2048] = 1; } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (strcmp(*argv, "ecdsap160") == 0) ecdsa_doit[R_EC_P160] = 2; else if (strcmp(*argv, "ecdsap192") == 0) @@ -1022,10 +1007,7 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv, "ecdsa") == 0) { for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 1; - } else -#endif -#ifndef OPENSSL_NO_ECDH - if (strcmp(*argv, "ecdhp160") == 0) + } else if (strcmp(*argv, "ecdhp160") == 0) ecdh_doit[R_EC_P160] = 2; else if (strcmp(*argv, "ecdhp192") == 0) ecdh_doit[R_EC_P192] = 2; @@ -1135,7 +1117,7 @@ int MAIN(int argc, char **argv) #ifndef OPENSSL_NO_DSA BIO_printf(bio_err, "dsa512 dsa1024 dsa2048\n"); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 " "ecdsap256 ecdsap384 ecdsap521\n"); BIO_printf(bio_err, @@ -1143,8 +1125,6 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n"); BIO_printf(bio_err, "ecdsa\n"); -#endif -#ifndef OPENSSL_NO_ECDH BIO_printf(bio_err, "ecdhp160 ecdhp192 ecdhp224 " "ecdhp256 ecdhp384 ecdhp521\n"); BIO_printf(bio_err, @@ -1234,11 +1214,9 @@ int MAIN(int argc, char **argv) rsa_doit[i] = 1; for (i = 0; i < DSA_NUM; i++) dsa_doit[i] = 1; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) ecdsa_doit[i] = 1; -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) ecdh_doit[i] = 1; #endif @@ -1428,7 +1406,7 @@ int MAIN(int argc, char **argv) } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC ecdsa_c[R_EC_P160][0] = count / 1000; ecdsa_c[R_EC_P160][1] = count / 1000 / 2; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -1471,9 +1449,6 @@ int MAIN(int argc, char **argv) } } } -# endif - -# ifndef OPENSSL_NO_ECDH ecdh_c[R_EC_P160][0] = count / 1000; ecdh_c[R_EC_P160][1] = count / 1000; for (i = R_EC_P192; i <= R_EC_P521; i++) { @@ -2144,7 +2119,7 @@ int MAIN(int argc, char **argv) RAND_cleanup(); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2236,9 +2211,6 @@ int MAIN(int argc, char **argv) } if (rnd_fake) RAND_cleanup(); -#endif - -#ifndef OPENSSL_NO_ECDH if (RAND_status() != 1) { RAND_seed(rnd_seed, sizeof rnd_seed); rnd_fake = 1; @@ -2423,7 +2395,7 @@ int MAIN(int argc, char **argv) 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1]); } #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC j = 1; for (k = 0; k < EC_NUM; k++) { if (!ecdsa_doit[k]) @@ -2445,9 +2417,6 @@ int MAIN(int argc, char **argv) ecdsa_results[k][0], ecdsa_results[k][1], 1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1]); } -#endif - -#ifndef OPENSSL_NO_ECDH j = 1; for (k = 0; k < EC_NUM; k++) { if (!ecdh_doit[k]) @@ -2488,12 +2457,10 @@ int MAIN(int argc, char **argv) DSA_free(dsa_key[i]); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC for (i = 0; i < EC_NUM; i++) if (ecdsa[i] != NULL) EC_KEY_free(ecdsa[i]); -#endif -#ifndef OPENSSL_NO_ECDH for (i = 0; i < EC_NUM; i++) { if (ecdh_a[i] != NULL) EC_KEY_free(ecdh_a[i]); @@ -2697,7 +2664,7 @@ static int do_multi(int multi) dsa_results[k][1] = d; } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC else if (!strncmp(buf, "+F4:", 4)) { int k; double d; @@ -2720,9 +2687,6 @@ static int do_multi(int multi) else ecdsa_results[k][1] = d; } -# endif - -# ifndef OPENSSL_NO_ECDH else if (!strncmp(buf, "+F5:", 4)) { int k; double d; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 0437dcf..d789e7e 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -203,7 +203,7 @@ static int pkey_ec_verify(EVP_PKEY_CTX *ctx, return ret; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -302,7 +302,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) EC_GROUP_set_asn1_flag(dctx->gen_group, p1); return 1; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case EVP_PKEY_CTRL_EC_ECDH_COFACTOR: if (p1 == -2) { if (dctx->cofactor_mode != -1) @@ -519,12 +519,11 @@ const EVP_PKEY_METHOD ec_pkey_meth = { 0, 0, 0, -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC pkey_ec_kdf_derive, #else 0, #endif - pkey_ec_ctrl, pkey_ec_ctrl_str }; diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index 0d643a3..25ccdc9 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -71,7 +71,7 @@ # include -# ifdef OPENSSL_NO_ECDH +# ifdef OPENSSL_NO_EC # error ECDH is disabled. # endif diff --git a/crypto/ecdh/ecdhtest.c b/crypto/ecdh/ecdhtest.c index 41725f6..578de31 100644 --- a/crypto/ecdh/ecdhtest.c +++ b/crypto/ecdh/ecdhtest.c @@ -73,7 +73,7 @@ #include "../e_os.h" -#include /* for OPENSSL_NO_ECDH */ +#include /* for OPENSSL_NO_EC */ #include #include #include @@ -82,7 +82,7 @@ #include #include -#ifdef OPENSSL_NO_ECDH +#ifdef OPENSSL_NO_EC int main(int argc, char *argv[]) { printf("No ECDH support\n"); diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 86cafe2..3876004 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -61,7 +61,7 @@ # include -# ifdef OPENSSL_NO_ECDSA +# ifdef OPENSSL_NO_EC # error ECDSA is disabled. # endif diff --git a/crypto/ecdsa/ecdsatest.c b/crypto/ecdsa/ecdsatest.c index d58490f..31d9c84 100644 --- a/crypto/ecdsa/ecdsatest.c +++ b/crypto/ecdsa/ecdsatest.c @@ -73,9 +73,9 @@ #include #include -#include /* To see if OPENSSL_NO_ECDSA is defined */ +#include /* To see if OPENSSL_NO_EC is defined */ -#ifdef OPENSSL_NO_ECDSA +#ifdef OPENSSL_NO_EC int main(int argc, char *argv[]) { puts("Elliptic curves are disabled."); diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index 4279dd9..af353bd 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -79,11 +79,9 @@ int ENGINE_set_default(ENGINE *e, unsigned int flags) if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e)) return 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e)) return 0; -#endif -#ifndef OPENSSL_NO_ECDSA if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e)) return 0; #endif @@ -159,10 +157,8 @@ int ENGINE_register_complete(ENGINE *e) #ifndef OPENSSL_NO_DH ENGINE_register_DH(e); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC ENGINE_register_ECDH(e); -#endif -#ifndef OPENSSL_NO_ECDSA ENGINE_register_ECDSA(e); #endif ENGINE_register_RAND(e); diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c index c69e8a7..9e80eaf 100644 --- a/crypto/engine/eng_list.c +++ b/crypto/engine/eng_list.c @@ -300,10 +300,8 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src) #ifndef OPENSSL_NO_DH dest->dh_meth = src->dh_meth; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC dest->ecdh_meth = src->ecdh_meth; -#endif -#ifndef OPENSSL_NO_ECDSA dest->ecdsa_meth = src->ecdsa_meth; #endif dest->rand_meth = src->rand_meth; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 3e12ecf..78fa3c8 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -149,10 +149,8 @@ static int bind_helper(ENGINE *e) # ifndef OPENSSL_NO_DSA || !ENGINE_set_DSA(e, DSA_get_default_method()) # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC || !ENGINE_set_ECDH(e, ECDH_OpenSSL()) -# endif -# ifndef OPENSSL_NO_ECDSA || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL()) # endif # ifndef OPENSSL_NO_DH diff --git a/crypto/engine/engine.h b/crypto/engine/engine.h index c931907..e2f3e5c 100644 --- a/crypto/engine/engine.h +++ b/crypto/engine/engine.h @@ -82,10 +82,8 @@ # ifndef OPENSSL_NO_DH # include # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC # include -# endif -# ifndef OPENSSL_NO_ECDSA # include # endif # include diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index 1363fb0..b844167 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -76,10 +76,8 @@ #ifndef OPENSSL_NO_DSA # include #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC # include -#endif -#ifndef OPENSSL_NO_ECDH # include #endif #include @@ -138,11 +136,7 @@ void ERR_load_crypto_strings(void) # endif # ifndef OPENSSL_NO_EC ERR_load_EC_strings(); -# endif -# ifndef OPENSSL_NO_ECDSA ERR_load_ECDSA_strings(); -# endif -# ifndef OPENSSL_NO_ECDH ERR_load_ECDH_strings(); # endif /* skip ERR_load_SSL_strings() because it is not in this library */ diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 0d4278b..94039ef 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -80,7 +80,7 @@ void OpenSSL_add_all_digests(void) EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC EVP_add_digest(EVP_ecdsa()); # endif #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 2e9f83f..0d26fd3 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -234,7 +234,7 @@ typedef int evp_verify_method(int type, const unsigned char *m, # define EVP_PKEY_DSA_method EVP_PKEY_NULL_method # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC # define EVP_PKEY_ECDSA_method (evp_sign_method *)ECDSA_sign, \ (evp_verify_method *)ECDSA_verify, \ {EVP_PKEY_EC,0,0,0} diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 1e78e30..9835be5 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -75,13 +75,7 @@ # ifndef OPENSSL_NO_EC # include -# endif - -# ifndef OPENSSL_NO_ECDSA # include -# endif - -# ifndef OPENSSL_NO_ECDH # include # endif diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 750217f..1e611c4 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1321,7 +1321,7 @@ int ssl3_get_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH DH *dh = NULL; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; BN_CTX *bn_ctx = NULL; EC_POINT *srvr_ecpoint = NULL; @@ -1385,7 +1385,7 @@ int ssl3_get_key_exchange(SSL *s) s->session->sess_cert->peer_dh_tmp = NULL; } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->session->sess_cert->peer_ecdh_tmp) { EC_KEY_free(s->session->sess_cert->peer_ecdh_tmp); s->session->sess_cert->peer_ecdh_tmp = NULL; @@ -1724,7 +1724,7 @@ int ssl3_get_key_exchange(SSL *s) } #endif /* !OPENSSL_NO_DH */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (alg_k & SSL_kECDHE) { EC_GROUP *ngroup; const EC_GROUP *group; @@ -1822,7 +1822,7 @@ int ssl3_get_key_exchange(SSL *s) X509_get_pubkey(s->session-> sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC else if (alg_a & SSL_aECDSA) pkey = X509_get_pubkey(s->session-> @@ -1841,7 +1841,7 @@ int ssl3_get_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_UNEXPECTED_MESSAGE); goto f_err; } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ /* p points to the next byte, there are 'n' bytes left */ @@ -1961,7 +1961,7 @@ int ssl3_get_key_exchange(SSL *s) if (dh != NULL) DH_free(dh); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); EC_POINT_free(srvr_ecpoint); if (ecdh != NULL) @@ -2299,7 +2299,7 @@ int ssl3_send_client_key_exchange(SSL *s) #ifndef OPENSSL_NO_KRB5 KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *clnt_ecdh = NULL; const EC_POINT *srvr_ecpoint = NULL; EVP_PKEY *srvr_pub_pkey = NULL; @@ -2597,7 +2597,7 @@ int ssl3_send_client_key_exchange(SSL *s) } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; @@ -2768,7 +2768,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ else if (alg_k & SSL_kGOST) { /* GOST key exchange message creation */ EVP_PKEY_CTX *pkey_ctx; @@ -3054,7 +3054,7 @@ int ssl3_send_client_key_exchange(SSL *s) OPENSSL_free(pms); s->cert->pms = NULL; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); if (encodedPoint != NULL) OPENSSL_free(encodedPoint); @@ -3156,7 +3156,7 @@ int ssl3_send_client_verify(SSL *s) n = j + 2; } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { if (!ECDSA_sign(pkey->save_type, &(data[MD5_DIGEST_LENGTH]), @@ -3365,7 +3365,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) /* This is the passed certificate */ idx = sc->peer_cert_type; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (idx == SSL_PKEY_ECC) { if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509, s) == 0) { /* check failed */ diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 20ce112..f4369eb 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2051,7 +2051,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* Cipher C001 */ { 1, @@ -2451,7 +2451,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_SRP /* Cipher C01A */ @@ -2598,7 +2598,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, }, #endif /* OPENSSL_NO_SRP */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* HMAC based TLS v1.2 ciphersuites from RFC5289 */ @@ -2973,7 +2973,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256}, # endif /* OPENSSL_NO_CAMELLIA */ -#endif /* OPENSSL_NO_ECDH */ +#endif /* OPENSSL_NO_EC */ #ifdef TEMP_GOST_TLS /* Cipher FF00 */ @@ -3138,7 +3138,7 @@ void ssl3_free(SSL *s) if (s->s3->tmp.dh != NULL) DH_free(s->s3->tmp.dh); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) EC_KEY_free(s->s3->tmp.ecdh); #endif @@ -3183,7 +3183,7 @@ void ssl3_clear(SSL *s) s->s3->tmp.dh = NULL; } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (s->s3->tmp.ecdh != NULL) { EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; @@ -3357,7 +3357,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) s->cert->dh_tmp_auto = larg; return 1; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; @@ -3389,7 +3389,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (ret); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { @@ -3558,7 +3558,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_SHARED_CURVE: return tls1_shared_curve(s, larg); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: s->cert->ecdh_tmp_auto = larg; return 1; @@ -3629,7 +3629,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) EVP_PKEY *ptmp; int rv = 0; sc = s->session->sess_cert; -#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDH) +#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DH) && !defined(OPENSSL_NO_EC) if (!sc->peer_rsa_tmp && !sc->peer_dh_tmp && !sc->peer_ecdh_tmp) return 0; #endif @@ -3645,7 +3645,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) else if (sc->peer_dh_tmp) rv = EVP_PKEY_set1_DH(ptmp, sc->peer_dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC else if (sc->peer_ecdh_tmp) rv = EVP_PKEY_set1_EC_KEY(ptmp, sc->peer_ecdh_tmp); #endif @@ -3736,7 +3736,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH_CB: { s->cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; @@ -3847,7 +3847,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->cert->dh_tmp_auto = larg; return 1; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH: { EC_KEY *ecdh = NULL; @@ -3881,7 +3881,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return (0); } -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg = parg; @@ -3955,7 +3955,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; @@ -4059,7 +4059,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_TMP_ECDH_CB: { cert->ecdh_tmp_cb = (EC_KEY *(*)(SSL *, int, int))fp; @@ -4251,14 +4251,12 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC -# ifndef OPENSSL_NO_ECDH /* * if we are considering an ECC cipher suite that uses an ephemeral * EC key check it */ if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); -# endif /* OPENSSL_NO_ECDH */ # endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ @@ -4346,16 +4344,13 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) if (!(alg_a & SSL_aDSS)) p[ret++] = SSL3_CT_DSS_SIGN; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if ((alg_k & (SSL_kECDHr | SSL_kECDHe)) && (s->version >= TLS1_VERSION)) { if (nostrict || !(alg_a & SSL_aRSA)) p[ret++] = TLS_CT_RSA_FIXED_ECDH; if (nostrict || !(alg_a & SSL_aECDSA)) p[ret++] = TLS_CT_ECDSA_FIXED_ECDH; } -#endif - -#ifndef OPENSSL_NO_ECDSA /* * ECDSA certs can be used with RSA cipher suites as well so we don't * need to check for SSL_kECDH or SSL_kECDHE diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 39c1574..ee66a5a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1532,7 +1532,7 @@ int ssl3_send_server_key_exchange(SSL *s) #ifndef OPENSSL_NO_DH DH *dh = NULL, *dhp; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL, *ecdhp; unsigned char *encodedPoint = NULL; int encodedlen = 0; @@ -1654,7 +1654,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[2] = dh->pub_key; } else #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (type & SSL_kECDHE) { const EC_GROUP *group; @@ -1782,7 +1782,7 @@ int ssl3_send_server_key_exchange(SSL *s) r[2] = NULL; r[3] = NULL; } else -#endif /* !OPENSSL_NO_ECDH */ +#endif /* !OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK if (type & SSL_kPSK) { /* @@ -1853,7 +1853,7 @@ int ssl3_send_server_key_exchange(SSL *s) p += nr[i]; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (type & SSL_kECDHE) { /* * XXX: For now, we only support named (not generic) curves. In @@ -3001,7 +3001,7 @@ int ssl3_get_cert_verify(SSL *s) } } else #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { j = ECDSA_verify(pkey->save_type, &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), diff --git a/ssl/ssl.h b/ssl/ssl.h index 160d37c..56eb7ba 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1760,7 +1760,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, int keylength)); # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh) (SSL *ssl, int is_export, int keylength)); diff --git a/ssl/ssl_algs.c b/ssl/ssl_algs.c index 3843aef..504e4d7 100644 --- a/ssl/ssl_algs.c +++ b/ssl/ssl_algs.c @@ -122,7 +122,7 @@ int SSL_library_init(void) EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1"); EVP_add_digest_alias(SN_dsaWithSHA1, "dss1"); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC EVP_add_digest(EVP_ecdsa()); #endif #ifndef OPENSSL_NO_COMP diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 9742599..fa0c693 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -175,7 +175,7 @@ void ssl_cert_set_default_md(CERT *cert) cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); #endif -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); #endif } @@ -261,7 +261,7 @@ CERT *ssl_cert_dup(CERT *cert) ret->dh_tmp_auto = cert->dh_tmp_auto; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (cert->ecdh_tmp) { ret->ecdh_tmp = EC_KEY_dup(cert->ecdh_tmp); if (ret->ecdh_tmp == NULL) { @@ -450,7 +450,7 @@ void ssl_cert_free(CERT *c) if (c->dh_tmp) DH_free(c->dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (c->ecdh_tmp) EC_KEY_free(c->ecdh_tmp); #endif @@ -683,7 +683,7 @@ void ssl_sess_cert_free(SESS_CERT *sc) if (sc->peer_dh_tmp != NULL) DH_free(sc->peer_dh_tmp); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (sc->peer_ecdh_tmp != NULL) EC_KEY_free(sc->peer_ecdh_tmp); #endif diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 12820b6..f220e8e 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -748,12 +748,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mkey |= SSL_kKRB5; *auth |= SSL_aKRB5; #endif -#ifdef OPENSSL_NO_ECDSA - *auth |= SSL_aECDSA; -#endif -#ifdef OPENSSL_NO_ECDH +#ifdef OPENSSL_NO_EC *mkey |= SSL_kECDHe | SSL_kECDHr; - *auth |= SSL_aECDH; + *auth |= SSL_aECDSA | SSL_aECDH; #endif #ifdef OPENSSL_NO_PSK *mkey |= SSL_kPSK; @@ -1437,7 +1434,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); return 0; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC switch (suiteb_flags) { case SSL_CERT_FLAG_SUITEB_128_LOS: if (suiteb_comb2) diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 354f218..cfed40d 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -257,7 +257,7 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC /* ECDH temporary parameters */ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -447,7 +447,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"), SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"), SSL_CONF_CMD_STRING(Curves, "curves"), -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"), #endif SSL_CONF_CMD_STRING(CipherString, "cipher"), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c535a42..3bce4cf 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2153,13 +2153,9 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; unsigned long mask_k, mask_a, emask_k, emask_a; -#ifndef OPENSSL_NO_ECDSA +#ifndef OPENSSL_NO_EC int have_ecc_cert, ecdsa_ok, ecc_pkey_size; -#endif -#ifndef OPENSSL_NO_ECDH int have_ecdh_tmp, ecdh_ok; -#endif -#ifndef OPENSSL_NO_EC X509 *x = NULL; EVP_PKEY *ecc_pkey = NULL; int signature_nid = 0, pk_nid = 0, md_nid = 0; @@ -2185,7 +2181,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) dh_tmp = dh_tmp_export = 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); #endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); @@ -2283,10 +2279,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) x = cpk->x509; /* This call populates extension flags (ex_flags) */ X509_check_purpose(x, -1, 0); -# ifndef OPENSSL_NO_ECDH ecdh_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; -# endif ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; if (!(cpk->valid_flags & CERT_PKEY_SIGN)) @@ -2298,7 +2292,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) signature_nid = OBJ_obj2nid(x->sig_alg->algorithm); OBJ_find_sigid_algs(signature_nid, &md_nid, &pk_nid); } -# ifndef OPENSSL_NO_ECDH if (ecdh_ok) { if (pk_nid == NID_rsaEncryption || pk_nid == NID_rsa) { @@ -2319,17 +2312,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) } } } -# endif -# ifndef OPENSSL_NO_ECDSA if (ecdsa_ok) { mask_a |= SSL_aECDSA; emask_a |= SSL_aECDSA; } -# endif } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (have_ecdh_tmp) { mask_k |= SSL_kECDHE; emask_k |= SSL_kECDHE; @@ -3267,7 +3257,7 @@ void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export, } #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh) (SSL *ssl, int is_export, int keylength)) diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 7a8a303..a16ad08 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1350,7 +1350,7 @@ typedef struct ssl3_state_st { # ifndef OPENSSL_NO_DH DH *dh; # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *ecdh; /* holds short lived ECDH key */ # endif /* used when SSL_ST_FLUSH_DATA is entered */ @@ -1662,7 +1662,7 @@ typedef struct cert_st { DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize); int dh_tmp_auto; # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *ecdh_tmp; /* Callback for generating ephemeral ECDH keys */ EC_KEY *(*ecdh_tmp_cb) (SSL *ssl, int is_export, int keysize); @@ -1760,7 +1760,7 @@ typedef struct sess_cert_st { # ifndef OPENSSL_NO_DH DH *peer_dh_tmp; /* not used for SSL 2 */ # endif -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC EC_KEY *peer_ecdh_tmp; # endif int references; /* actually always 1 at the moment */ @@ -2317,7 +2317,7 @@ int tls1_alert_code(int code); int ssl3_alert_code(int code); int ssl_ok(SSL *s); -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s); # endif @@ -2332,9 +2332,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, int *curves, size_t ncurves); int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, const char *str); -# ifndef OPENSSL_NO_ECDH int tls1_check_ec_tmp_key(SSL *s, unsigned long id); -# endif /* OPENSSL_NO_ECDH */ # endif /* OPENSSL_NO_EC */ # ifndef OPENSSL_NO_TLSEXT diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 89fb44a..7a157a6 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -774,7 +774,7 @@ static void sv_usage(void) " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC fprintf(stderr, " -no_ecdhe - disable ECDHE\n"); #endif #ifndef OPENSSL_NO_PSK @@ -803,7 +803,7 @@ static void sv_usage(void) " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); fprintf(stderr, " -rle - use rle compression\n"); -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" " Use \"openssl ecparam -list_curves\" for all names\n" @@ -967,7 +967,7 @@ int main(int argc, char *argv[]) char *server_key = NULL; char *client_cert = TEST_CLIENT_CERT; char *client_key = NULL; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC char *named_curve = NULL; #endif SSL_CTX *s_ctx = NULL; @@ -980,7 +980,7 @@ int main(int argc, char *argv[]) DH *dh; int dhe1024 = 0, dhe1024dsa = 0; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; #endif #ifndef OPENSSL_NO_SRP @@ -1206,7 +1206,7 @@ int main(int argc, char *argv[]) else if (strcmp(*argv, "-named_curve") == 0) { if (--argc < 1) goto bad; -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC named_curve = *(++argv); #else fprintf(stderr, @@ -1470,7 +1470,7 @@ int main(int argc, char *argv[]) (void)no_dhe; #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (!no_ecdhe) { int nid; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index c91b761..8296ea1 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -798,7 +798,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) return rv; } -# ifndef OPENSSL_NO_ECDH +# ifndef OPENSSL_NO_EC /* Check EC temporary key is compatible with client extensions */ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) { @@ -863,7 +863,7 @@ int tls1_check_ec_tmp_key(SSL *s, unsigned long cid) return tls1_check_ec_key(s, curve_id, NULL); # endif } -# endif /* OPENSSL_NO_ECDH */ +# endif /* OPENSSL_NO_EC */ #else @@ -893,9 +893,8 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) # define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, # endif -# ifdef OPENSSL_NO_ECDSA -# define tlsext_sigalg_ecdsa(md) - /* */ +# ifdef OPENSSL_NO_EC +# define tlsext_sigalg_ecdsa(md) /* */ # else # define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, # endif @@ -913,7 +912,7 @@ static const unsigned char tls12_sigalgs[] = { tlsext_sigalg(TLSEXT_hash_sha1) }; -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC static const unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) @@ -3246,7 +3245,7 @@ static int tls12_get_pkey_idx(unsigned char sig_alg) case TLSEXT_signature_dsa: return SSL_PKEY_DSA_SIGN; # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: return SSL_PKEY_ECC; # endif @@ -3326,7 +3325,7 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) have_dsa = 1; break; # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs)) have_ecdsa = 1; @@ -3521,7 +3520,7 @@ int tls1_process_sigalgs(SSL *s) c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); } # endif -# ifndef OPENSSL_NO_ECDSA +# ifndef OPENSSL_NO_EC if (!c->pkeys[SSL_PKEY_ECC].digest) c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); # endif diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 809e9b3..d3379d2 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -142,8 +142,6 @@ and [options] can be one of no-krb5 - No KRB5 no-srp - No SRP no-ec - No EC - no-ecdsa - No ECDSA - no-ecdh - No ECDH no-engine - No engine no-hw - No hw nasm - Use NASM for x86 asm @@ -298,8 +296,6 @@ $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; -$cflags.=" -DOPENSSL_NO_ECDSA" if $no_ecdsa; -$cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh; $cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; $cflags.=" -DOPENSSL_NO_HW" if $no_hw; @@ -1427,8 +1423,6 @@ sub read_options "no-sock" => \$no_sock, "no-krb5" => \$no_krb5, "no-ec" => \$no_ec, - "no-ecdsa" => \$no_ecdsa, - "no-ecdh" => \$no_ecdh, "no-gost" => \$no_gost, "no-engine" => \$no_engine, "no-hw" => \$no_hw, From appro at openssl.org Thu Mar 12 07:56:07 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 12 Mar 2015 07:56:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426146967.440195.4863.nullmailer@dev.openssl.org> The branch master has been updated via 6b937f8b115d817b00116bc6291d604b16dc4602 (commit) from 10bf4fc2c3da332a54247da1f3c0dcb44944f7ff (commit) - Log ----------------------------------------------------------------- commit 6b937f8b115d817b00116bc6291d604b16dc4602 Author: Andy Polyakov Date: Thu Mar 12 08:54:28 2015 +0100 ssl/s3_clnt.c: fix intermittent failures. [and respect error return value in ssltest.c] Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 1 + ssl/ssltest.c | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 1e611c4..b37a733 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2580,6 +2580,7 @@ int ssl3_send_client_key_exchange(SSL *s) DH_free(dh_clnt); goto err; } + pmslen = n; if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) n = 0; diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 7a157a6..12d3efb 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1707,13 +1707,14 @@ int main(int argc, char *argv[]) ret = doit_biopair(s_ssl, c_ssl, bytes, &s_time, &c_time); else ret = doit(s_ssl, c_ssl, bytes); + if (ret) break; } if (!verbose) { print_details(c_ssl, ""); } - if ((number > 1) || (bytes > 1L)) - BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", number, + if ((i > 1) || (bytes > 1L)) + BIO_printf(bio_stdout, "%d handshakes of %ld bytes done\n", i, bytes); if (print_time) { #ifdef CLOCKS_PER_SEC From appro at openssl.org Thu Mar 12 08:08:55 2015 From: appro at openssl.org (Andy Polyakov) Date: Thu, 12 Mar 2015 08:08:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426147735.240489.8613.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via df57e42baa0c1c8a97035adb9ffb2f335158c440 (commit) from 9c5c18500bfb58fe0eedfbab71409b6ebc4d2d4c (commit) - Log ----------------------------------------------------------------- commit df57e42baa0c1c8a97035adb9ffb2f335158c440 Author: Andy Polyakov Date: Mon Feb 9 11:46:19 2015 +0100 evp/e_aes.c: fix SPARC T4-specific problem: - SIGSEGV/ILL in CCM (RT#3688); Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/evp/e_aes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 41844bc..8161b26 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -790,6 +790,8 @@ static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, default: return 0; } +# else + cctx->str = NULL; # endif cctx->key_set = 1; } From matt at openssl.org Thu Mar 12 09:35:52 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Mar 2015 09:35:52 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426152952.753983.15511.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via f06249f112a37c0caece07e90ebb01b525e62fd7 (commit) via 2407241fb27c5ebd69262024b8abf9486708c7e6 (commit) via 3942e7d9ebc262fa5c5c42aba0167e06d981f004 (commit) via 2679485e69c55b8186bc14d4947fc508c5f55358 (commit) via e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba (commit) via 0c8f4229995bbb51bd29c314e2d71d7edce229de (commit) via cc27bec2b40ca6741125cbeef6a214dfbe1f85f9 (commit) from f5ee5213073870493a8ade98b13ea41a2b20b8d4 (commit) - Log ----------------------------------------------------------------- commit f06249f112a37c0caece07e90ebb01b525e62fd7 Author: Matt Caswell Date: Wed Mar 11 20:50:20 2015 +0000 Fix missing return checks in v3_cpols.c Fixed assorted missing return value checks in c3_cpols.c Reviewed-by: Rich Salz (cherry picked from commit c5f2b5336ab72e40ab91e2ca85639f51fa3178c6) commit 2407241fb27c5ebd69262024b8abf9486708c7e6 Author: Matt Caswell Date: Wed Mar 11 20:19:08 2015 +0000 Fix dsa_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz (cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40) commit 3942e7d9ebc262fa5c5c42aba0167e06d981f004 Author: Matt Caswell Date: Wed Mar 11 20:08:16 2015 +0000 Fix dh_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz (cherry picked from commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2) Conflicts: crypto/dh/dh_ameth.c commit 2679485e69c55b8186bc14d4947fc508c5f55358 Author: Matt Caswell Date: Wed Mar 11 19:41:01 2015 +0000 Fix asn1_item_print_ctx The call to asn1_do_adb can return NULL on error, so we should check the return value before attempting to use it. Reviewed-by: Rich Salz (cherry picked from commit 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00) commit e6dcb08984b2e3f765ab5a2f45aaf0a8cc263bba Author: Matt Caswell Date: Wed Mar 11 16:00:01 2015 +0000 ASN1_primitive_new NULL param handling ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7) commit 0c8f4229995bbb51bd29c314e2d71d7edce229de Author: Matt Caswell Date: Wed Mar 11 15:41:52 2015 +0000 Fix EVP_DigestInit_ex with NULL digest Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: Andy Polyakov (cherry picked from commit a01087027bd0c5ec053d4eabd972bd942bfcd92f) commit cc27bec2b40ca6741125cbeef6a214dfbe1f85f9 Author: Matt Caswell Date: Wed Mar 11 15:31:16 2015 +0000 Fix error handling in bn_exp In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov (cherry picked from commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_new.c | 7 +++++-- crypto/asn1/tasn_prn.c | 2 ++ crypto/bn/bn_exp.c | 4 ++-- crypto/dh/dh_ameth.c | 12 +++++++----- crypto/dsa/dsa_ameth.c | 14 ++++++++------ crypto/evp/digest.c | 9 ++++++--- crypto/x509v3/v3_cpols.c | 16 ++++++++++++---- 7 files changed, 42 insertions(+), 22 deletions(-) diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index d25c68c..7d2964f 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_STRING *str; int utype; - if (it && it->funcs) { + if (!it) + return 0; + + if (it->funcs) { const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_new) return pf->prim_new(pval, it); } - if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + if (it->itype == ASN1_ITYPE_MSTRING) utype = -1; else utype = it->utype; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 11d784c..4866dcd 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -289,6 +289,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(fld, tt, 1); + if(!seqtt) + return 0; tmpfld = asn1_get_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, indent + 2, seqtt, pctx)) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index fca4014..27146c8 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -168,10 +168,10 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } } - ret = 1; - err: if (r != rr) BN_copy(r, rr); + ret = 1; + err: BN_CTX_end(ctx); bn_check_top(r); return (ret); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 680400f..1dec109 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -126,7 +126,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DH *dh; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; @@ -136,12 +135,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); + if(!str) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DHparams(dh, &str->data); if (str->length <= 0) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); @@ -158,14 +160,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DH), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 1b29d81..a2840ea 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -129,21 +129,23 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; + ASN1_STRING *str = NULL; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; str = ASN1_STRING_new(); + if (!str) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; } else ptype = V_ASN1_UNDEF; @@ -158,14 +160,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 386a3f7..2e202c8 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -191,9 +191,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->engine = impl; } else ctx->engine = NULL; - } else if (!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); - return 0; + } else { + if (!ctx->digest) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); + return 0; + } + type = ctx->digest; } #endif if (ctx->digest != type) { diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 476d51c..dca6ab2 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -230,8 +230,12 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = M_ASN1_IA5STRING_new(); + if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } + if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; @@ -290,14 +294,18 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, POLICYQUALINFO *qual; if (!(qual = POLICYQUALINFO_new())) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); + if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } if (!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { - not->exptext = M_ASN1_VISIBLESTRING_new(); + if(!(not->exptext = M_ASN1_VISIBLESTRING_new())) + goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; From matt at openssl.org Thu Mar 12 09:36:07 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Mar 2015 09:36:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426152967.629264.15882.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 327de270d583e716bc0282dd0d59e133f41d7ada (commit) via 8e91b3d99115121765a15dbb685aa772b73b97ad (commit) via 20223855e418e1a4cd5f964e4e504d53b8a00fd4 (commit) via 563fc239d23985f7e7a7300003bd8eb173224354 (commit) via 15919ecadc3ba9fc210472b806e6ac258825ea83 (commit) via 289c06823e52ce0e00b4f19ee260635ac1b02e98 (commit) via ff2459b91877959bc1a3a8a927c6b5f473530f86 (commit) via 8944d10e2d444b7fc5e60d4f13644c6648f49e74 (commit) from df57e42baa0c1c8a97035adb9ffb2f335158c440 (commit) - Log ----------------------------------------------------------------- commit 327de270d583e716bc0282dd0d59e133f41d7ada Author: Matt Caswell Date: Wed Mar 11 17:01:38 2015 +0000 SSL_check_chain fix If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: Dr. Stephen Henson (cherry picked from commit d813f9eb383a93e472e69750cd1edbb170205ad2) commit 8e91b3d99115121765a15dbb685aa772b73b97ad Author: Matt Caswell Date: Wed Mar 11 20:50:20 2015 +0000 Fix missing return checks in v3_cpols.c Fixed assorted missing return value checks in c3_cpols.c Reviewed-by: Rich Salz (cherry picked from commit c5f2b5336ab72e40ab91e2ca85639f51fa3178c6) commit 20223855e418e1a4cd5f964e4e504d53b8a00fd4 Author: Matt Caswell Date: Wed Mar 11 20:19:08 2015 +0000 Fix dsa_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz (cherry picked from commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40) commit 563fc239d23985f7e7a7300003bd8eb173224354 Author: Matt Caswell Date: Wed Mar 11 20:08:16 2015 +0000 Fix dh_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz (cherry picked from commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2) commit 15919ecadc3ba9fc210472b806e6ac258825ea83 Author: Matt Caswell Date: Wed Mar 11 19:41:01 2015 +0000 Fix asn1_item_print_ctx The call to asn1_do_adb can return NULL on error, so we should check the return value before attempting to use it. Reviewed-by: Rich Salz (cherry picked from commit 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00) commit 289c06823e52ce0e00b4f19ee260635ac1b02e98 Author: Matt Caswell Date: Wed Mar 11 16:00:01 2015 +0000 ASN1_primitive_new NULL param handling ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov (cherry picked from commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7) commit ff2459b91877959bc1a3a8a927c6b5f473530f86 Author: Matt Caswell Date: Wed Mar 11 15:41:52 2015 +0000 Fix EVP_DigestInit_ex with NULL digest Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: Andy Polyakov (cherry picked from commit a01087027bd0c5ec053d4eabd972bd942bfcd92f) commit 8944d10e2d444b7fc5e60d4f13644c6648f49e74 Author: Matt Caswell Date: Wed Mar 11 15:31:16 2015 +0000 Fix error handling in bn_exp In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov (cherry picked from commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_new.c | 7 +++++-- crypto/asn1/tasn_prn.c | 2 ++ crypto/bn/bn_exp.c | 4 ++-- crypto/dh/dh_ameth.c | 12 +++++++----- crypto/dsa/dsa_ameth.c | 14 ++++++++------ crypto/evp/digest.c | 9 ++++++--- crypto/x509v3/v3_cpols.c | 16 ++++++++++++---- ssl/t1_lib.c | 4 ++-- 8 files changed, 44 insertions(+), 24 deletions(-) diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index d25c68c..7d2964f 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_STRING *str; int utype; - if (it && it->funcs) { + if (!it) + return 0; + + if (it->funcs) { const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_new) return pf->prim_new(pval, it); } - if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + if (it->itype == ASN1_ITYPE_MSTRING) utype = -1; else utype = it->utype; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 11d784c..4866dcd 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -289,6 +289,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(fld, tt, 1); + if(!seqtt) + return 0; tmpfld = asn1_get_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, indent + 2, seqtt, pctx)) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 28a9fd5..8c46e50 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -185,10 +185,10 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } } - ret = 1; - err: if (r != rr) BN_copy(r, rr); + ret = 1; + err: BN_CTX_end(ctx); bn_check_top(r); return (ret); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 1d573a4..c6bfc2d 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -151,7 +151,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DH *dh; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; @@ -161,12 +160,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); + if(!str) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_dhp(pkey, dh, &str->data); if (str->length <= 0) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); @@ -183,14 +185,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 529efb7..2a5cd71 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -129,21 +129,23 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; + ASN1_STRING *str = NULL; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; str = ASN1_STRING_new(); + if (!str) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; } else ptype = V_ASN1_UNDEF; @@ -158,14 +160,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index bd7760d..f2643f3 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -203,9 +203,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->engine = impl; } else ctx->engine = NULL; - } else if (!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); - return 0; + } else { + if (!ctx->digest) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); + return 0; + } + type = ctx->digest; } #endif if (ctx->digest != type) { diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 476d51c..dca6ab2 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -230,8 +230,12 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = M_ASN1_IA5STRING_new(); + if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } + if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; @@ -290,14 +294,18 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, POLICYQUALINFO *qual; if (!(qual = POLICYQUALINFO_new())) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); + if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } if (!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { - not->exptext = M_ASN1_VISIBLESTRING_new(); + if(!(not->exptext = M_ASN1_VISIBLESTRING_new())) + goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 2c3a1ec..6e991e0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -4126,10 +4126,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, # endif } else { if (!x || !pk) - goto end; + return 0; idx = ssl_cert_type(x, pk); if (idx == -1) - goto end; + return 0; cpk = c->pkeys + idx; if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) check_flags = CERT_PKEY_STRICT_FLAGS; From matt at openssl.org Thu Mar 12 09:36:17 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 12 Mar 2015 09:36:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426152978.002958.16182.nullmailer@dev.openssl.org> The branch master has been updated via 007fd1404fc7a2ed33f6108bc3859d3814b44224 (commit) via d813f9eb383a93e472e69750cd1edbb170205ad2 (commit) via c5f2b5336ab72e40ab91e2ca85639f51fa3178c6 (commit) via 0c7ca4033dcf5398334d4b78a7dfb941c8167a40 (commit) via 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2 (commit) via 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00 (commit) via 9e488fd6ab2c295941e91a47ab7bcd346b7540c7 (commit) via a01087027bd0c5ec053d4eabd972bd942bfcd92f (commit) via 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485 (commit) from 6b937f8b115d817b00116bc6291d604b16dc4602 (commit) - Log ----------------------------------------------------------------- commit 007fd1404fc7a2ed33f6108bc3859d3814b44224 Author: Matt Caswell Date: Wed Mar 11 17:43:38 2015 +0000 Fix RSA_X931_derive_ex In the RSA_X931_derive_ex a call to BN_CTX_new is made. This can return NULL on error. However the return value is not tested until *after* it is derefed! Also at the top of the function a test is made to ensure that |rsa| is not NULL. If it is we go to the "err" label. Unfortunately the error handling code deref's rsa. Reviewed-by: Rich Salz commit d813f9eb383a93e472e69750cd1edbb170205ad2 Author: Matt Caswell Date: Wed Mar 11 17:01:38 2015 +0000 SSL_check_chain fix If SSL_check_chain is called with a NULL X509 object or a NULL EVP_PKEY or the type of the public key is unrecognised then the local variable |cpk| in tls1_check_chain does not get initialised. Subsequently an attempt is made to deref it (after the "end" label), and a seg fault will result. Reviewed-by: Dr. Stephen Henson commit c5f2b5336ab72e40ab91e2ca85639f51fa3178c6 Author: Matt Caswell Date: Wed Mar 11 20:50:20 2015 +0000 Fix missing return checks in v3_cpols.c Fixed assorted missing return value checks in c3_cpols.c Reviewed-by: Rich Salz commit 0c7ca4033dcf5398334d4b78a7dfb941c8167a40 Author: Matt Caswell Date: Wed Mar 11 20:19:08 2015 +0000 Fix dsa_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz commit 6aa8dab2bbfd5ad3cfc0d07fe5d7243635d5b2a2 Author: Matt Caswell Date: Wed Mar 11 20:08:16 2015 +0000 Fix dh_pub_encode The return value from ASN1_STRING_new() was not being checked which could lead to a NULL deref in the event of a malloc failure. Also fixed a mem leak in the error path. Reviewed-by: Rich Salz commit 34a7ed0c39aa3ab67eea1e106577525eaf0d7a00 Author: Matt Caswell Date: Wed Mar 11 19:41:01 2015 +0000 Fix asn1_item_print_ctx The call to asn1_do_adb can return NULL on error, so we should check the return value before attempting to use it. Reviewed-by: Rich Salz commit 9e488fd6ab2c295941e91a47ab7bcd346b7540c7 Author: Matt Caswell Date: Wed Mar 11 16:00:01 2015 +0000 ASN1_primitive_new NULL param handling ASN1_primitive_new takes an ASN1_ITEM * param |it|. There are a couple of conditional code paths that check whether |it| is NULL or not - but later |it| is deref'd unconditionally. If |it| was ever really NULL then this would seg fault. In practice ASN1_primitive_new is marked as an internal function in the public header file. The only places it is ever used internally always pass a non NULL parameter for |it|. Therefore, change the code to sanity check that |it| is not NULL, and remove the conditional checking. Reviewed-by: Rich Salz Reviewed-by: Andy Polyakov commit a01087027bd0c5ec053d4eabd972bd942bfcd92f Author: Matt Caswell Date: Wed Mar 11 15:41:52 2015 +0000 Fix EVP_DigestInit_ex with NULL digest Calling EVP_DigestInit_ex which has already had the digest set up for it should be possible. You are supposed to be able to pass NULL for the type. However currently this seg faults. Reviewed-by: Andy Polyakov commit 8c5a7b33c6269c3bd6bc0df6b4c22e4fba03b485 Author: Matt Caswell Date: Wed Mar 11 15:31:16 2015 +0000 Fix error handling in bn_exp In the event of an error |rr| could be NULL. Therefore don't assume you can use |rr| in the error handling code. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_new.c | 7 +++++-- crypto/asn1/tasn_prn.c | 2 ++ crypto/bn/bn_exp.c | 4 ++-- crypto/dh/dh_ameth.c | 12 +++++++----- crypto/dsa/dsa_ameth.c | 14 ++++++++------ crypto/evp/digest.c | 9 ++++++--- crypto/rsa/rsa_x931g.c | 9 ++++----- crypto/x509v3/v3_cpols.c | 16 ++++++++++++---- ssl/t1_lib.c | 4 ++-- 9 files changed, 48 insertions(+), 29 deletions(-) diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index d25c68c..7d2964f 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -315,13 +315,16 @@ int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_STRING *str; int utype; - if (it && it->funcs) { + if (!it) + return 0; + + if (it->funcs) { const ASN1_PRIMITIVE_FUNCS *pf = it->funcs; if (pf->prim_new) return pf->prim_new(pval, it); } - if (!it || (it->itype == ASN1_ITYPE_MSTRING)) + if (it->itype == ASN1_ITYPE_MSTRING) utype = -1; else utype = it->utype; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 94e220b..2626de9 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -285,6 +285,8 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; seqtt = asn1_do_adb(fld, tt, 1); + if(!seqtt) + return 0; tmpfld = asn1_get_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, indent + 2, seqtt, pctx)) diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 28a9fd5..8c46e50 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -185,10 +185,10 @@ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto err; } } - ret = 1; - err: if (r != rr) BN_copy(r, rr); + ret = 1; + err: BN_CTX_end(ctx); bn_check_top(r); return (ret); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 8dac573..2c77381 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -151,7 +151,6 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DH *dh; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; @@ -161,12 +160,15 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) dh = pkey->pkey.dh; str = ASN1_STRING_new(); + if(!str) { + DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_dhp(pkey, dh, &str->data); if (str->length <= 0) { DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL); @@ -183,14 +185,14 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index c3a85da..d63c417 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -129,21 +129,23 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { DSA *dsa; - void *pval = NULL; int ptype; unsigned char *penc = NULL; int penclen; + ASN1_STRING *str = NULL; dsa = pkey->pkey.dsa; if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) { - ASN1_STRING *str; str = ASN1_STRING_new(); + if (!str) { + DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); + goto err; + } str->length = i2d_DSAparams(dsa, &str->data); if (str->length <= 0) { DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE); goto err; } - pval = str; ptype = V_ASN1_SEQUENCE; } else ptype = V_ASN1_UNDEF; @@ -158,14 +160,14 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) } if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_DSA), - ptype, pval, penc, penclen)) + ptype, str, penc, penclen)) return 1; err: if (penc) OPENSSL_free(penc); - if (pval) - ASN1_STRING_free(pval); + if (str) + ASN1_STRING_free(str); return 0; } diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index db755b1..48c7b00 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -187,9 +187,12 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) ctx->engine = impl; } else ctx->engine = NULL; - } else if (!ctx->digest) { - EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); - return 0; + } else { + if (!ctx->digest) { + EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET); + return 0; + } + type = ctx->digest; } #endif if (ctx->digest != type) { diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 74bf197..5991615 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -72,14 +72,15 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, { BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL; BN_CTX *ctx = NULL, *ctx2 = NULL; + int ret = 0; if (!rsa) goto err; ctx = BN_CTX_new(); - BN_CTX_start(ctx); if (!ctx) goto err; + BN_CTX_start(ctx); r0 = BN_CTX_get(ctx); r1 = BN_CTX_get(ctx); @@ -176,6 +177,7 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, /* calculate inverse of q mod p */ rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2); + ret = 1; err: if (ctx) { BN_CTX_end(ctx); @@ -183,11 +185,8 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, } if (ctx2) BN_CTX_free(ctx2); - /* If this is set all calls successful */ - if (rsa->iqmp != NULL) - return 1; - return 0; + return ret; } diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 139b8f2..9826859 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -230,8 +230,12 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); - qual->d.cpsuri = M_ASN1_IA5STRING_new(); + if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } + if(!(qual->d.cpsuri = M_ASN1_IA5STRING_new())) + goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) goto merr; @@ -290,14 +294,18 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, POLICYQUALINFO *qual; if (!(qual = POLICYQUALINFO_new())) goto merr; - qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice); + if(!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); + goto err; + } if (!(not = USERNOTICE_new())) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (!strcmp(cnf->name, "explicitText")) { - not->exptext = M_ASN1_VISIBLESTRING_new(); + if(!(not->exptext = M_ASN1_VISIBLESTRING_new())) + goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8296ea1..b6e878a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3910,10 +3910,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, # endif } else { if (!x || !pk) - goto end; + return 0; idx = ssl_cert_type(x, pk); if (idx == -1) - goto end; + return 0; cpk = c->pkeys + idx; if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) check_flags = CERT_PKEY_STRICT_FLAGS; From steve at openssl.org Thu Mar 12 13:44:53 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 12 Mar 2015 13:44:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426167893.148912.10275.nullmailer@dev.openssl.org> The branch master has been updated via 5dc1247a7494f50c88ce7492518bbe0ce6f124fa (commit) via 3d764db7a24e3dca1a3ee57202ce3c818d592141 (commit) from 007fd1404fc7a2ed33f6108bc3859d3814b44224 (commit) - Log ----------------------------------------------------------------- commit 5dc1247a7494f50c88ce7492518bbe0ce6f124fa Author: Dr. Stephen Henson Date: Wed Mar 11 23:30:52 2015 +0000 ASN.1 print fix. When printing out an ASN.1 structure if the type is an item template don't fall thru and attempt to interpret as a primitive type. Reviewed-by: Andy Polyakov commit 3d764db7a24e3dca1a3ee57202ce3c818d592141 Author: Dr. Stephen Henson Date: Sun Mar 1 15:25:39 2015 +0000 additional configuration documentation Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_prn.c | 1 + doc/apps/config.pod | 22 ++++++++- doc/crypto/CONF_modules_load_file.pod | 87 +++++++++++++++++++++++++++++++++-- 3 files changed, 103 insertions(+), 7 deletions(-) diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 2626de9..d8450b3 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -220,6 +220,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, if (!asn1_template_print_ctx(out, fld, indent, it->templates, pctx)) return 0; + break; } /* fall thru */ case ASN1_ITYPE_MSTRING: diff --git a/doc/apps/config.pod b/doc/apps/config.pod index 25c5381..d5cce54 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -89,8 +89,7 @@ section containing configuration module specific information. E.g. ... engine stuff here ... -Currently there are two configuration modules. One for ASN1 objects another -for ENGINE configuration. +The features of each configuration module are described below. =head2 ASN1 OBJECT CONFIGURATION MODULE @@ -191,6 +190,25 @@ For example: # Supply all default algorithms default_algorithms = ALL +=head2 EVP CONFIGURATION MODULE + +This modules has the name B which points to a section containing +algorithm commands. + +Currently the only algorithm command supported is B whose +value should be a boolean string such as B or B. If the value is +B this attempt to enter FIPS mode. If the call fails or the library is +not FIPS capable then an error occurs. + +For example: + + alg_section = evp_settings + + [evp_settings] + + fips_mode = on + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index 0c4d926..cc0b537 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -9,9 +9,9 @@ #include int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); + unsigned long flags); int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); + unsigned long flags); =head1 DESCRIPTION @@ -22,7 +22,7 @@ NULL the standard OpenSSL application name B is used. The behaviour can be cutomized using B. CONF_modules_load() is idential to CONF_modules_load_file() except it -read configuration information from B. +reads configuration information from B. =head1 NOTES @@ -30,7 +30,7 @@ The following B are currently recognized: B if set errors returned by individual configuration modules are ignored. If not set the first module error is -considered fatal and no further modules are loads. +considered fatal and no further modules are loaded. Normally any modules errors will add error information to the error queue. If B is set no error information is added. @@ -42,7 +42,84 @@ B if set will make CONF_load_modules_file() ignore missing configuration files. Normally a missing configuration file return an error. -=head1 RETURN VALUE +B if set and B is not NULL will use the +default section pointed to by B if B does not exist. + +Applications should call these functions after loading builtin modules using +OPENSSL_load_builtin_modules(), any ENGINEs for example using +ENGINE_load_builtin_engines(), any algorithms for example +OPENSSL_add_all_algorithms() and (if the application uses libssl) +SSL_library_init(). + +By using CONF_modules_load_file() with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case B would be set. + +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. + +Applications can use the CONF_modules_load() function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. + +=head1 EXAMPLES + +Load a configuration file and print out any errors and exit (missing file +considered fatal): + + if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + +Load default configuration file using the section indicated by "myapp", +tolerate missing files, but exit on other errors: + + if (CONF_modules_load_file(NULL, "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: + + if (CONF_modules_load_file("/something/app.cnf", "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "WARNING: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + } + +Load and parse configuration file manually, custom error handling: + + FILE *fp; + CONF *cnf = NULL; + long eline; + fp = fopen("/somepath/app.cnf", "r"); + if (fp == NULL) { + fprintf(stderr, "Error opening configuration file\n"); + /* Other missing configuration file behaviour */ + } else { + cnf = NCONF_new(NULL); + if (NCONF_load_fp(cnf, fp, &eline) == 0) { + fprintf(stderr, "Error on line %ld of configuration file\n", eline); + ERR_print_errors_fp(stderr); + /* Other malformed configuration file behaviour */ + } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { + fprintf(stderr, "Error configuring application\n"); + ERR_print_errors_fp(stderr); + /* Other configuration error behaviour */ + } + fclose(fp); + NCONF_free(cnf); + } + +=head1 RETURN VALUES These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the From steve at openssl.org Thu Mar 12 13:57:13 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 12 Mar 2015 13:57:13 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1426168633.133109.20909.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 765db5f9e5a6e1ab2d215012036a84aec62de332 (commit) from 683f03e4881ffd19b8671f290387cd4e68fad457 (commit) - Log ----------------------------------------------------------------- commit 765db5f9e5a6e1ab2d215012036a84aec62de332 Author: Dr. Stephen Henson Date: Wed Mar 11 23:30:52 2015 +0000 ASN.1 print fix. When printing out an ASN.1 structure if the type is an item template don't fall thru and attempt to interpret as a primitive type. Reviewed-by: Andy Polyakov (cherry picked from commit 5dc1247a7494f50c88ce7492518bbe0ce6f124fa) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_prn.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 11d784c..060ffe2 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -220,6 +220,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, if (!asn1_template_print_ctx(out, fld, indent, it->templates, pctx)) return 0; + break; } /* fall thru */ case ASN1_ITYPE_MSTRING: From steve at openssl.org Thu Mar 12 13:57:13 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 12 Mar 2015 13:57:13 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426168633.205003.20932.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1a098164354e8e14e0237993cca7a0bffe820ed6 (commit) via 0e978b9a5d2b3a13603244ceea72681ef4317214 (commit) from f06249f112a37c0caece07e90ebb01b525e62fd7 (commit) - Log ----------------------------------------------------------------- commit 1a098164354e8e14e0237993cca7a0bffe820ed6 Author: Dr. Stephen Henson Date: Sun Mar 1 15:25:39 2015 +0000 additional configuration documentation Reviewed-by: Andy Polyakov (cherry picked from commit 3d764db7a24e3dca1a3ee57202ce3c818d592141) commit 0e978b9a5d2b3a13603244ceea72681ef4317214 Author: Dr. Stephen Henson Date: Wed Mar 11 23:30:52 2015 +0000 ASN.1 print fix. When printing out an ASN.1 structure if the type is an item template don't fall thru and attempt to interpret as a primitive type. Reviewed-by: Andy Polyakov (cherry picked from commit 5dc1247a7494f50c88ce7492518bbe0ce6f124fa) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_prn.c | 1 + doc/apps/config.pod | 22 ++++++++- doc/crypto/CONF_modules_load_file.pod | 87 +++++++++++++++++++++++++++++++++-- 3 files changed, 103 insertions(+), 7 deletions(-) diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 4866dcd..7c54f9d 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -220,6 +220,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, if (!asn1_template_print_ctx(out, fld, indent, it->templates, pctx)) return 0; + break; } /* fall thru */ case ASN1_ITYPE_MSTRING: diff --git a/doc/apps/config.pod b/doc/apps/config.pod index 25c5381..d5cce54 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -89,8 +89,7 @@ section containing configuration module specific information. E.g. ... engine stuff here ... -Currently there are two configuration modules. One for ASN1 objects another -for ENGINE configuration. +The features of each configuration module are described below. =head2 ASN1 OBJECT CONFIGURATION MODULE @@ -191,6 +190,25 @@ For example: # Supply all default algorithms default_algorithms = ALL +=head2 EVP CONFIGURATION MODULE + +This modules has the name B which points to a section containing +algorithm commands. + +Currently the only algorithm command supported is B whose +value should be a boolean string such as B or B. If the value is +B this attempt to enter FIPS mode. If the call fails or the library is +not FIPS capable then an error occurs. + +For example: + + alg_section = evp_settings + + [evp_settings] + + fips_mode = on + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index 0c4d926..cc0b537 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -9,9 +9,9 @@ #include int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); + unsigned long flags); int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); + unsigned long flags); =head1 DESCRIPTION @@ -22,7 +22,7 @@ NULL the standard OpenSSL application name B is used. The behaviour can be cutomized using B. CONF_modules_load() is idential to CONF_modules_load_file() except it -read configuration information from B. +reads configuration information from B. =head1 NOTES @@ -30,7 +30,7 @@ The following B are currently recognized: B if set errors returned by individual configuration modules are ignored. If not set the first module error is -considered fatal and no further modules are loads. +considered fatal and no further modules are loaded. Normally any modules errors will add error information to the error queue. If B is set no error information is added. @@ -42,7 +42,84 @@ B if set will make CONF_load_modules_file() ignore missing configuration files. Normally a missing configuration file return an error. -=head1 RETURN VALUE +B if set and B is not NULL will use the +default section pointed to by B if B does not exist. + +Applications should call these functions after loading builtin modules using +OPENSSL_load_builtin_modules(), any ENGINEs for example using +ENGINE_load_builtin_engines(), any algorithms for example +OPENSSL_add_all_algorithms() and (if the application uses libssl) +SSL_library_init(). + +By using CONF_modules_load_file() with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case B would be set. + +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. + +Applications can use the CONF_modules_load() function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. + +=head1 EXAMPLES + +Load a configuration file and print out any errors and exit (missing file +considered fatal): + + if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + +Load default configuration file using the section indicated by "myapp", +tolerate missing files, but exit on other errors: + + if (CONF_modules_load_file(NULL, "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: + + if (CONF_modules_load_file("/something/app.cnf", "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "WARNING: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + } + +Load and parse configuration file manually, custom error handling: + + FILE *fp; + CONF *cnf = NULL; + long eline; + fp = fopen("/somepath/app.cnf", "r"); + if (fp == NULL) { + fprintf(stderr, "Error opening configuration file\n"); + /* Other missing configuration file behaviour */ + } else { + cnf = NCONF_new(NULL); + if (NCONF_load_fp(cnf, fp, &eline) == 0) { + fprintf(stderr, "Error on line %ld of configuration file\n", eline); + ERR_print_errors_fp(stderr); + /* Other malformed configuration file behaviour */ + } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { + fprintf(stderr, "Error configuring application\n"); + ERR_print_errors_fp(stderr); + /* Other configuration error behaviour */ + } + fclose(fp); + NCONF_free(cnf); + } + +=head1 RETURN VALUES These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the From steve at openssl.org Thu Mar 12 13:57:13 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 12 Mar 2015 13:57:13 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426168633.296956.20958.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c0d69ddb3323e45afba7a7f1608fb03f9a7d6fff (commit) via 8cd671408401eff07a53c6051de86077f7a584b1 (commit) from 327de270d583e716bc0282dd0d59e133f41d7ada (commit) - Log ----------------------------------------------------------------- commit c0d69ddb3323e45afba7a7f1608fb03f9a7d6fff Author: Dr. Stephen Henson Date: Sun Mar 1 15:25:39 2015 +0000 additional configuration documentation Reviewed-by: Andy Polyakov (cherry picked from commit 3d764db7a24e3dca1a3ee57202ce3c818d592141) commit 8cd671408401eff07a53c6051de86077f7a584b1 Author: Dr. Stephen Henson Date: Wed Mar 11 23:30:52 2015 +0000 ASN.1 print fix. When printing out an ASN.1 structure if the type is an item template don't fall thru and attempt to interpret as a primitive type. Reviewed-by: Andy Polyakov (cherry picked from commit 5dc1247a7494f50c88ce7492518bbe0ce6f124fa) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_prn.c | 1 + doc/apps/config.pod | 22 ++++++++- doc/crypto/CONF_modules_load_file.pod | 87 +++++++++++++++++++++++++++++++++-- 3 files changed, 103 insertions(+), 7 deletions(-) diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 4866dcd..7c54f9d 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -220,6 +220,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, if (!asn1_template_print_ctx(out, fld, indent, it->templates, pctx)) return 0; + break; } /* fall thru */ case ASN1_ITYPE_MSTRING: diff --git a/doc/apps/config.pod b/doc/apps/config.pod index 25c5381..d5cce54 100644 --- a/doc/apps/config.pod +++ b/doc/apps/config.pod @@ -89,8 +89,7 @@ section containing configuration module specific information. E.g. ... engine stuff here ... -Currently there are two configuration modules. One for ASN1 objects another -for ENGINE configuration. +The features of each configuration module are described below. =head2 ASN1 OBJECT CONFIGURATION MODULE @@ -191,6 +190,25 @@ For example: # Supply all default algorithms default_algorithms = ALL +=head2 EVP CONFIGURATION MODULE + +This modules has the name B which points to a section containing +algorithm commands. + +Currently the only algorithm command supported is B whose +value should be a boolean string such as B or B. If the value is +B this attempt to enter FIPS mode. If the call fails or the library is +not FIPS capable then an error occurs. + +For example: + + alg_section = evp_settings + + [evp_settings] + + fips_mode = on + + =head1 NOTES If a configuration file attempts to expand a variable that doesn't exist diff --git a/doc/crypto/CONF_modules_load_file.pod b/doc/crypto/CONF_modules_load_file.pod index 0c4d926..cc0b537 100644 --- a/doc/crypto/CONF_modules_load_file.pod +++ b/doc/crypto/CONF_modules_load_file.pod @@ -9,9 +9,9 @@ #include int CONF_modules_load_file(const char *filename, const char *appname, - unsigned long flags); + unsigned long flags); int CONF_modules_load(const CONF *cnf, const char *appname, - unsigned long flags); + unsigned long flags); =head1 DESCRIPTION @@ -22,7 +22,7 @@ NULL the standard OpenSSL application name B is used. The behaviour can be cutomized using B. CONF_modules_load() is idential to CONF_modules_load_file() except it -read configuration information from B. +reads configuration information from B. =head1 NOTES @@ -30,7 +30,7 @@ The following B are currently recognized: B if set errors returned by individual configuration modules are ignored. If not set the first module error is -considered fatal and no further modules are loads. +considered fatal and no further modules are loaded. Normally any modules errors will add error information to the error queue. If B is set no error information is added. @@ -42,7 +42,84 @@ B if set will make CONF_load_modules_file() ignore missing configuration files. Normally a missing configuration file return an error. -=head1 RETURN VALUE +B if set and B is not NULL will use the +default section pointed to by B if B does not exist. + +Applications should call these functions after loading builtin modules using +OPENSSL_load_builtin_modules(), any ENGINEs for example using +ENGINE_load_builtin_engines(), any algorithms for example +OPENSSL_add_all_algorithms() and (if the application uses libssl) +SSL_library_init(). + +By using CONF_modules_load_file() with appropriate flags an application can +customise application configuration to best suit its needs. In some cases the +use of a configuration file is optional and its absence is not an error: in +this case B would be set. + +Errors during configuration may also be handled differently by different +applications. For example in some cases an error may simply print out a warning +message and the application continue. In other cases an application might +consider a configuration file error as fatal and exit immediately. + +Applications can use the CONF_modules_load() function if they wish to load a +configuration file themselves and have finer control over how errors are +treated. + +=head1 EXAMPLES + +Load a configuration file and print out any errors and exit (missing file +considered fatal): + + if (CONF_modules_load_file(NULL, NULL, 0) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + +Load default configuration file using the section indicated by "myapp", +tolerate missing files, but exit on other errors: + + if (CONF_modules_load_file(NULL, "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "FATAL: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + +Load custom configuration file and section, only print warnings on error, +missing configuration file ignored: + + if (CONF_modules_load_file("/something/app.cnf", "myapp", + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) { + fprintf(stderr, "WARNING: error loading configuration file\n"); + ERR_print_errors_fp(stderr); + } + +Load and parse configuration file manually, custom error handling: + + FILE *fp; + CONF *cnf = NULL; + long eline; + fp = fopen("/somepath/app.cnf", "r"); + if (fp == NULL) { + fprintf(stderr, "Error opening configuration file\n"); + /* Other missing configuration file behaviour */ + } else { + cnf = NCONF_new(NULL); + if (NCONF_load_fp(cnf, fp, &eline) == 0) { + fprintf(stderr, "Error on line %ld of configuration file\n", eline); + ERR_print_errors_fp(stderr); + /* Other malformed configuration file behaviour */ + } else if (CONF_modules_load(cnf, "appname", 0) <= 0) { + fprintf(stderr, "Error configuring application\n"); + ERR_print_errors_fp(stderr); + /* Other configuration error behaviour */ + } + fclose(fp); + NCONF_free(cnf); + } + +=head1 RETURN VALUES These functions return 1 for success and a zero or negative value for failure. If module errors are not ignored the return code will reflect the From steve at openssl.org Fri Mar 13 02:20:38 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 13 Mar 2015 02:20:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426213238.160117.21484.nullmailer@dev.openssl.org> The branch master has been updated via b5f07d6a66df963e45a5f7fe23329009b12bdf87 (commit) via f9c850c7343e3a492bce3c8bba25123537140b0a (commit) from 5dc1247a7494f50c88ce7492518bbe0ce6f124fa (commit) - Log ----------------------------------------------------------------- commit b5f07d6a66df963e45a5f7fe23329009b12bdf87 Author: Dr. Stephen Henson Date: Thu Mar 12 14:12:17 2015 +0000 Remove obsolete declarations. Remove DECLARE_ASN1_SET_OF and DECLARE_PKCS12_STACK_OF these haven't been used internally in OpenSSL for some time. Reviewed-by: Rich Salz commit f9c850c7343e3a492bce3c8bba25123537140b0a Author: Dr. Stephen Henson Date: Thu Mar 12 14:05:27 2015 +0000 Update mkstack.pl to match safestack.h Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/asn1.h | 5 - crypto/ocsp/ocsp.h | 2 - crypto/ossl_typ.h | 4 - crypto/pkcs12/p12_decr.c | 2 - crypto/pkcs12/pkcs12.h | 2 - crypto/pkcs7/pkcs7.h | 4 - crypto/stack/safestack.h | 231 ----------------------------------------------- crypto/ts/ts.h | 3 - crypto/x509/x509.h | 8 -- crypto/x509v3/x509v3.h | 6 -- util/mkstack.pl | 40 +------- 11 files changed, 2 insertions(+), 305 deletions(-) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 692b81a..66e1fac 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -159,8 +159,6 @@ extern "C" { struct X509_algor_st; DECLARE_STACK_OF(X509_ALGOR) -# define DECLARE_ASN1_SET_OF(type)/* filled in by mkstack.pl */ - /* * We MUST make sure that, except for constness, asn1_ctx_st and * asn1_const_ctx are exactly the same. Fortunately, as soon as the old ASN1 @@ -521,7 +519,6 @@ typedef const ASN1_ITEM *ASN1_ITEM_EXP (void); ASN1_STRFLGS_DUMP_DER) DECLARE_STACK_OF(ASN1_INTEGER) -DECLARE_ASN1_SET_OF(ASN1_INTEGER) DECLARE_STACK_OF(ASN1_GENERALSTRING) @@ -557,7 +554,6 @@ typedef struct asn1_type_st { } ASN1_TYPE; DECLARE_STACK_OF(ASN1_TYPE) -DECLARE_ASN1_SET_OF(ASN1_TYPE) typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; @@ -795,7 +791,6 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, DECLARE_ASN1_ITEM(ASN1_OBJECT) DECLARE_STACK_OF(ASN1_OBJECT) -DECLARE_ASN1_SET_OF(ASN1_OBJECT) ASN1_STRING *ASN1_STRING_new(void); void ASN1_STRING_free(ASN1_STRING *a); diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 6999788..ab45db4 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -100,7 +100,6 @@ DECLARE_STACK_OF(OCSP_CERTID) typedef struct ocsp_one_request_st OCSP_ONEREQ; DECLARE_STACK_OF(OCSP_ONEREQ) -DECLARE_ASN1_SET_OF(OCSP_ONEREQ) typedef struct ocsp_req_info_st OCSP_REQINFO; typedef struct ocsp_signature_st OCSP_SIGNATURE; @@ -131,7 +130,6 @@ typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; typedef struct ocsp_single_response_st OCSP_SINGLERESP; DECLARE_STACK_OF(OCSP_SINGLERESP) -DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) typedef struct ocsp_response_data_st OCSP_RESPDATA; diff --git a/crypto/ossl_typ.h b/crypto/ossl_typ.h index a75f3d7..85fb7b9 100644 --- a/crypto/ossl_typ.h +++ b/crypto/ossl_typ.h @@ -188,10 +188,6 @@ typedef struct DIST_POINT_st DIST_POINT; typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT; typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS; - /* If placed in pkcs12.h, we end up with a circular depency with pkcs7.h */ -# define DECLARE_PKCS12_STACK_OF(type)/* Nothing */ -# define IMPLEMENT_PKCS12_STACK_OF(type)/* Nothing */ - typedef struct crypto_ex_data_st CRYPTO_EX_DATA; /* Callback types for crypto.h */ typedef int CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad, diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index b40ea10..6780b4f 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -198,5 +198,3 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, ASN1_OCTET_STRING_free(oct); return NULL; } - -IMPLEMENT_PKCS12_STACK_OF(PKCS7) diff --git a/crypto/pkcs12/pkcs12.h b/crypto/pkcs12/pkcs12.h index a39adf5..e58e55c 100644 --- a/crypto/pkcs12/pkcs12.h +++ b/crypto/pkcs12/pkcs12.h @@ -124,8 +124,6 @@ typedef struct { } PKCS12_SAFEBAG; DECLARE_STACK_OF(PKCS12_SAFEBAG) -DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) -DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) typedef struct pkcs12_bag_st { ASN1_OBJECT *type; diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h index 65e925a..5d5d5c2 100644 --- a/crypto/pkcs7/pkcs7.h +++ b/crypto/pkcs7/pkcs7.h @@ -101,7 +101,6 @@ typedef struct pkcs7_signer_info_st { } PKCS7_SIGNER_INFO; DECLARE_STACK_OF(PKCS7_SIGNER_INFO) -DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) typedef struct pkcs7_recip_info_st { ASN1_INTEGER *version; /* version 0 */ @@ -112,7 +111,6 @@ typedef struct pkcs7_recip_info_st { } PKCS7_RECIP_INFO; DECLARE_STACK_OF(PKCS7_RECIP_INFO) -DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) typedef struct pkcs7_signed_st { ASN1_INTEGER *version; /* version 1 */ @@ -200,8 +198,6 @@ typedef struct pkcs7_st { } PKCS7; DECLARE_STACK_OF(PKCS7) -DECLARE_ASN1_SET_OF(PKCS7) -DECLARE_PKCS12_STACK_OF(PKCS7) # define PKCS7_OP_SET_DETACHED_SIGNATURE 1 # define PKCS7_OP_GET_DETACHED_SIGNATURE 2 diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index ceb0ba8..ae06a12 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -2327,237 +2327,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) # define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) -# define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ASN1_UTF8STRING, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ASN1_UTF8STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ASN1_UTF8STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ASN1_UTF8STRING(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ASN1_UTF8STRING, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ASN1_UTF8STRING(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ASN1_UTF8STRING, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_ESS_CERT_ID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(ESS_CERT_ID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_ESS_CERT_ID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(ESS_CERT_ID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_ESS_CERT_ID(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(ESS_CERT_ID, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_ESS_CERT_ID(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(ESS_CERT_ID, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_EVP_MD(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(EVP_MD, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_EVP_MD(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(EVP_MD, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_EVP_MD(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(EVP_MD, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_EVP_MD(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(EVP_MD, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) - -# define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ - SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) -# define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ - SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) -# define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ - SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) -# define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ - SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) - -# define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ - SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) - -# define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ - SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) - # define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) # define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) # define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) diff --git a/crypto/ts/ts.h b/crypto/ts/ts.h index 8b6b5f2..c6daed2 100644 --- a/crypto/ts/ts.h +++ b/crypto/ts/ts.h @@ -213,7 +213,6 @@ typedef struct TS_status_info_st { } TS_STATUS_INFO; DECLARE_STACK_OF(ASN1_UTF8STRING) -DECLARE_ASN1_SET_OF(ASN1_UTF8STRING) /*- TimeStampResp ::= SEQUENCE { @@ -254,7 +253,6 @@ typedef struct ESS_cert_id { } ESS_CERT_ID; DECLARE_STACK_OF(ESS_CERT_ID) -DECLARE_ASN1_SET_OF(ESS_CERT_ID) /*- SigningCertificate ::= SEQUENCE { @@ -516,7 +514,6 @@ typedef struct TS_resp_ctx { } TS_RESP_CTX; DECLARE_STACK_OF(EVP_MD) -DECLARE_ASN1_SET_OF(EVP_MD) /* Creates a response context that can be used for generating responses. */ TS_RESP_CTX *TS_RESP_CTX_new(void); diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index 9835be5..afc16a3 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -130,8 +130,6 @@ struct X509_algor_st { ASN1_TYPE *parameter; } /* X509_ALGOR */ ; -DECLARE_ASN1_SET_OF(X509_ALGOR) - typedef STACK_OF(X509_ALGOR) X509_ALGORS; typedef struct X509_val_st { @@ -158,7 +156,6 @@ typedef struct X509_name_entry_st { } X509_NAME_ENTRY; DECLARE_STACK_OF(X509_NAME_ENTRY) -DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) /* we always keep X509_NAMEs in 2 forms. */ struct X509_name_st { @@ -183,7 +180,6 @@ typedef struct X509_extension_st { typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DECLARE_STACK_OF(X509_EXTENSION) -DECLARE_ASN1_SET_OF(X509_EXTENSION) /* a sequence of these are used */ typedef struct x509_attributes_st { @@ -202,7 +198,6 @@ typedef struct x509_attributes_st { } X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) -DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) typedef struct X509_req_info_st { ASN1_ENCODING enc; @@ -276,7 +271,6 @@ struct x509_st { } /* X509 */ ; DECLARE_STACK_OF(X509) -DECLARE_ASN1_SET_OF(X509) /* This is used for a table of trust checking functions */ @@ -408,7 +402,6 @@ struct x509_revoked_st { }; DECLARE_STACK_OF(X509_REVOKED) -DECLARE_ASN1_SET_OF(X509_REVOKED) typedef struct X509_crl_info_st { ASN1_INTEGER *version; @@ -444,7 +437,6 @@ struct X509_crl_st { } /* X509_CRL */ ; DECLARE_STACK_OF(X509_CRL) -DECLARE_ASN1_SET_OF(X509_CRL) typedef struct private_key_st { int version; diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index d1cd6d3..a46ec5d 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -218,10 +218,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; DECLARE_STACK_OF(GENERAL_NAME) -DECLARE_ASN1_SET_OF(GENERAL_NAME) DECLARE_STACK_OF(ACCESS_DESCRIPTION) -DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) typedef struct DIST_POINT_NAME_st { int type; @@ -257,7 +255,6 @@ struct DIST_POINT_st { typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; DECLARE_STACK_OF(DIST_POINT) -DECLARE_ASN1_SET_OF(DIST_POINT) struct AUTHORITY_KEYID_st { ASN1_OCTET_STRING *keyid; @@ -273,7 +270,6 @@ typedef struct SXNET_ID_st { } SXNETID; DECLARE_STACK_OF(SXNETID) -DECLARE_ASN1_SET_OF(SXNETID) typedef struct SXNET_st { ASN1_INTEGER *version; @@ -300,7 +296,6 @@ typedef struct POLICYQUALINFO_st { } POLICYQUALINFO; DECLARE_STACK_OF(POLICYQUALINFO) -DECLARE_ASN1_SET_OF(POLICYQUALINFO) typedef struct POLICYINFO_st { ASN1_OBJECT *policyid; @@ -310,7 +305,6 @@ typedef struct POLICYINFO_st { typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; DECLARE_STACK_OF(POLICYINFO) -DECLARE_ASN1_SET_OF(POLICYINFO) typedef struct POLICY_MAPPING_st { ASN1_OBJECT *issuerDomainPolicy; diff --git a/util/mkstack.pl b/util/mkstack.pl index 5295cdd..6e6741f 100755 --- a/util/mkstack.pl +++ b/util/mkstack.pl @@ -30,12 +30,6 @@ foreach $file (@source) { elsif (/^DECLARE_SPECIAL_STACK_OF$([^,\s]+)\s*,\s*([^>\s]+)$/) { push @sstacklst, [$1, $2]; } - elsif (/^DECLARE_ASN1_SET_OF$([^)]+)$/) { - push @asn1setlst, $1; - } - elsif (/^DECLARE_PKCS12_STACK_OF$([^)]+)$/) { - push @p12stklst, $1; - } elsif (/^DECLARE_LHASH_OF$([^)]+)$/) { push @lhashlst, $1; } @@ -134,16 +128,8 @@ extern "C" { # define STACK_OF(type) struct stack_st_##type # define PREDECLARE_STACK_OF(type) STACK_OF(type); -# define DECLARE_STACK_OF(type) \ -STACK_OF(type) \ - { \ - _STACK stack; \ - }; -# define DECLARE_SPECIAL_STACK_OF(type, type2) \ -STACK_OF(type) \ - { \ - _STACK stack; \ - }; +# define DECLARE_STACK_OF(type) STACK_OF(type); +# define DECLARE_SPECIAL_STACK_OF(type, type2) STACK_OF(type); /*- * Strings are special: normally an lhash entry will point to a single @@ -329,28 +315,6 @@ foreach $type_thing (sort @sstacklst) { EOF } -foreach $type_thing (sort @asn1setlst) { - $new_stackfile .= < The branch master has been updated via ffa75828dd13decb41d075576db676c81c1198f1 (commit) from b5f07d6a66df963e45a5f7fe23329009b12bdf87 (commit) - Log ----------------------------------------------------------------- commit ffa75828dd13decb41d075576db676c81c1198f1 Author: Petr Spacek Date: Mon Jan 26 14:39:50 2015 +0100 Fix key wrapping mode with padding to conform to RFC 5649. According to RFC 5649 section 4.1 step 1) we should not add padding if plaintext length is multiply of 8 ockets. This matches pseudo-code in http://dx.doi.org/10.6028/NIST.SP.800-38F on page 15, section 6.3 KWP, algorithm 5 KWP-AE, step 2. PR#3675 Reviewed-by: Stephen Henson Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/modes/wrap128.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index 2f65314..ccb58c5 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -230,8 +230,13 @@ size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv, const unsigned char *in, size_t inlen, block128_f block) { - /* n: number of 64-bit blocks in the padded key data */ - const size_t blocks_padded = (inlen + 8) / 8; + /* n: number of 64-bit blocks in the padded key data + * + * If length of plain text is not a multiple of 8, pad the plain text octet + * string on the right with octets of zeros, where final length is the + * smallest multiple of 8 that is greater than length of plain text. + * If length of plain text is a multiple of 8, then there is no padding. */ + const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */ const size_t padded_len = blocks_padded * 8; const size_t padding_len = padded_len - inlen; /* RFC 5649 section 3: Alternative Initial Value */ From steve at openssl.org Fri Mar 13 16:54:38 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 13 Mar 2015 16:54:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426265678.717571.14968.nullmailer@dev.openssl.org> The branch master has been updated via 3d6aa6d441fe8124d247dffee5c68c2e5efd8258 (commit) from ffa75828dd13decb41d075576db676c81c1198f1 (commit) - Log ----------------------------------------------------------------- commit 3d6aa6d441fe8124d247dffee5c68c2e5efd8258 Author: Dr. Stephen Henson Date: Tue Feb 24 00:57:51 2015 +0000 Allocate string types directly. Allocate and free ASN.1 string types directly instead of going through the ASN.1 item code. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/tasn_typ.c | 68 +++++++++++++++++++------------------------------- 1 file changed, 26 insertions(+), 42 deletions(-) diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c index 740e86d..1d806dc 100644 --- a/crypto/asn1/tasn_typ.c +++ b/crypto/asn1/tasn_typ.c @@ -62,54 +62,38 @@ /* Declarations for string types */ - -IMPLEMENT_ASN1_TYPE(ASN1_INTEGER) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_INTEGER) - -IMPLEMENT_ASN1_TYPE(ASN1_ENUMERATED) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_ENUMERATED) - -IMPLEMENT_ASN1_TYPE(ASN1_BIT_STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_BIT_STRING) - -IMPLEMENT_ASN1_TYPE(ASN1_OCTET_STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_OCTET_STRING) +#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \ + IMPLEMENT_ASN1_TYPE(sname) \ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \ +sname *sname##_new(void) \ +{ \ + return ASN1_STRING_type_new(V_##sname); \ +} \ +void sname##_free(sname *x) \ +{ \ + ASN1_STRING_free(x); \ +} + +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING) +IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING) IMPLEMENT_ASN1_TYPE(ASN1_NULL) IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL) IMPLEMENT_ASN1_TYPE(ASN1_OBJECT) -IMPLEMENT_ASN1_TYPE(ASN1_UTF8STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTF8STRING) - -IMPLEMENT_ASN1_TYPE(ASN1_PRINTABLESTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) - -IMPLEMENT_ASN1_TYPE(ASN1_T61STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_T61STRING) - -IMPLEMENT_ASN1_TYPE(ASN1_IA5STRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_IA5STRING) - -IMPLEMENT_ASN1_TYPE(ASN1_GENERALSTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALSTRING) - -IMPLEMENT_ASN1_TYPE(ASN1_UTCTIME) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UTCTIME) - -IMPLEMENT_ASN1_TYPE(ASN1_GENERALIZEDTIME) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) - -IMPLEMENT_ASN1_TYPE(ASN1_VISIBLESTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) - -IMPLEMENT_ASN1_TYPE(ASN1_UNIVERSALSTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) - -IMPLEMENT_ASN1_TYPE(ASN1_BMPSTRING) -IMPLEMENT_ASN1_FUNCTIONS(ASN1_BMPSTRING) - IMPLEMENT_ASN1_TYPE(ASN1_ANY) /* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */ From emilia at openssl.org Sat Mar 14 04:15:37 2015 From: emilia at openssl.org (Emilia Kasper) Date: Sat, 14 Mar 2015 04:15:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426306537.886823.9484.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via a2fcab9978a0905c4286051993da63329fda8a19 (commit) from 1a098164354e8e14e0237993cca7a0bffe820ed6 (commit) - Log ----------------------------------------------------------------- commit a2fcab9978a0905c4286051993da63329fda8a19 Author: Emilia Kasper Date: Fri Mar 13 21:10:13 2015 -0700 Fix undefined behaviour in shifts. Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts. If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable in an integer, behaviour is undefined. In other words, you can't shift into the sign bit of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24. (For consistency, cast other shifts, too.) Caught by -fsanitize=shift Submitted by Nick Lewycky (Google) Reviewed-by: Andy Polyakov (cherry picked from commit 8b37e5c14f0eddb10c7f91ef91004622d90ef361) ----------------------------------------------------------------------- Summary of changes: crypto/aes/aes_core.c | 64 +++++++------- crypto/aes/aes_x86core.c | 224 +++++++++++++++++++++++------------------------ 2 files changed, 144 insertions(+), 144 deletions(-) diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index ff0d164..2ddb086 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -1130,31 +1130,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, * map cipher state to byte array block: */ s0 = - (Td4[(t0 >> 24) ] << 24) ^ - (Td4[(t3 >> 16) & 0xff] << 16) ^ - (Td4[(t2 >> 8) & 0xff] << 8) ^ - (Td4[(t1 ) & 0xff]) ^ + ((u32)Td4[(t0 >> 24) ] << 24) ^ + ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t1 ) & 0xff]) ^ rk[0]; PUTU32(out , s0); s1 = - (Td4[(t1 >> 24) ] << 24) ^ - (Td4[(t0 >> 16) & 0xff] << 16) ^ - (Td4[(t3 >> 8) & 0xff] << 8) ^ - (Td4[(t2 ) & 0xff]) ^ + ((u32)Td4[(t1 >> 24) ] << 24) ^ + ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t2 ) & 0xff]) ^ rk[1]; PUTU32(out + 4, s1); s2 = - (Td4[(t2 >> 24) ] << 24) ^ - (Td4[(t1 >> 16) & 0xff] << 16) ^ - (Td4[(t0 >> 8) & 0xff] << 8) ^ - (Td4[(t3 ) & 0xff]) ^ + ((u32)Td4[(t2 >> 24) ] << 24) ^ + ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t3 ) & 0xff]) ^ rk[2]; PUTU32(out + 8, s2); s3 = - (Td4[(t3 >> 24) ] << 24) ^ - (Td4[(t2 >> 16) & 0xff] << 16) ^ - (Td4[(t1 >> 8) & 0xff] << 8) ^ - (Td4[(t0 ) & 0xff]) ^ + ((u32)Td4[(t3 >> 24) ] << 24) ^ + ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t0 ) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } @@ -1233,10 +1233,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -1253,10 +1253,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -1275,10 +1275,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -1288,10 +1288,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] << 24) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp ) & 0xff]); + ((u32)Te4[(temp >> 24) ] << 24) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp ) & 0xff]); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index f651059..1defbb1 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -497,10 +497,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -517,10 +517,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -539,10 +539,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -552,10 +552,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp ) & 0xff] ) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 24) ] << 24); + ((u32)Te4[(temp ) & 0xff] ) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 24) ] << 24); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; @@ -674,22 +674,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Te4); - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; /* now do the linear transform using words */ { int i; @@ -740,22 +740,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -810,28 +810,28 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, prefetch256(Te4); *(u32*)(out+0) = - Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24 ^ + (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24 ^ rk[0]; *(u32*)(out+4) = - Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24 ^ + (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24 ^ rk[1]; *(u32*)(out+8) = - Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24 ^ + (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24 ^ rk[2]; *(u32*)(out+12) = - Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24 ^ + (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24 ^ rk[3]; #else *(u32*)(out+0) = @@ -888,22 +888,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Td4); - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -965,22 +965,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -1044,27 +1044,27 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, prefetch256(Td4); *(u32*)(out+0) = - (Td4[(s0 ) & 0xff]) ^ - (Td4[(s3 >> 8) & 0xff] << 8) ^ - (Td4[(s2 >> 16) & 0xff] << 16) ^ - (Td4[(s1 >> 24) ] << 24) ^ + ((u32)Td4[(s0 ) & 0xff]) ^ + ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s1 >> 24) ] << 24) ^ rk[0]; *(u32*)(out+4) = - (Td4[(s1 ) & 0xff]) ^ - (Td4[(s0 >> 8) & 0xff] << 8) ^ - (Td4[(s3 >> 16) & 0xff] << 16) ^ - (Td4[(s2 >> 24) ] << 24) ^ + ((u32)Td4[(s1 ) & 0xff]) ^ + ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s2 >> 24) ] << 24) ^ rk[1]; *(u32*)(out+8) = - (Td4[(s2 ) & 0xff]) ^ - (Td4[(s1 >> 8) & 0xff] << 8) ^ - (Td4[(s0 >> 16) & 0xff] << 16) ^ - (Td4[(s3 >> 24) ] << 24) ^ + ((u32)Td4[(s2 ) & 0xff]) ^ + ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s3 >> 24) ] << 24) ^ rk[2]; *(u32*)(out+12) = - (Td4[(s3 ) & 0xff]) ^ - (Td4[(s2 >> 8) & 0xff] << 8) ^ - (Td4[(s1 >> 16) & 0xff] << 16) ^ - (Td4[(s0 >> 24) ] << 24) ^ + ((u32)Td4[(s3 ) & 0xff]) ^ + ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s0 >> 24) ] << 24) ^ rk[3]; } From emilia at openssl.org Sat Mar 14 04:15:37 2015 From: emilia at openssl.org (Emilia Kasper) Date: Sat, 14 Mar 2015 04:15:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426306537.953455.9506.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via be109b9eec79a90871e5deb7d6ede8c04f073884 (commit) from c0d69ddb3323e45afba7a7f1608fb03f9a7d6fff (commit) - Log ----------------------------------------------------------------- commit be109b9eec79a90871e5deb7d6ede8c04f073884 Author: Emilia Kasper Date: Fri Mar 13 21:10:13 2015 -0700 Fix undefined behaviour in shifts. Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts. If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable in an integer, behaviour is undefined. In other words, you can't shift into the sign bit of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24. (For consistency, cast other shifts, too.) Caught by -fsanitize=shift Submitted by Nick Lewycky (Google) Reviewed-by: Andy Polyakov (cherry picked from commit 8b37e5c14f0eddb10c7f91ef91004622d90ef361) ----------------------------------------------------------------------- Summary of changes: crypto/aes/aes_core.c | 64 +++++++------- crypto/aes/aes_x86core.c | 224 +++++++++++++++++++++++------------------------ 2 files changed, 144 insertions(+), 144 deletions(-) diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index ff0d164..2ddb086 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -1130,31 +1130,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, * map cipher state to byte array block: */ s0 = - (Td4[(t0 >> 24) ] << 24) ^ - (Td4[(t3 >> 16) & 0xff] << 16) ^ - (Td4[(t2 >> 8) & 0xff] << 8) ^ - (Td4[(t1 ) & 0xff]) ^ + ((u32)Td4[(t0 >> 24) ] << 24) ^ + ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t1 ) & 0xff]) ^ rk[0]; PUTU32(out , s0); s1 = - (Td4[(t1 >> 24) ] << 24) ^ - (Td4[(t0 >> 16) & 0xff] << 16) ^ - (Td4[(t3 >> 8) & 0xff] << 8) ^ - (Td4[(t2 ) & 0xff]) ^ + ((u32)Td4[(t1 >> 24) ] << 24) ^ + ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t2 ) & 0xff]) ^ rk[1]; PUTU32(out + 4, s1); s2 = - (Td4[(t2 >> 24) ] << 24) ^ - (Td4[(t1 >> 16) & 0xff] << 16) ^ - (Td4[(t0 >> 8) & 0xff] << 8) ^ - (Td4[(t3 ) & 0xff]) ^ + ((u32)Td4[(t2 >> 24) ] << 24) ^ + ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t3 ) & 0xff]) ^ rk[2]; PUTU32(out + 8, s2); s3 = - (Td4[(t3 >> 24) ] << 24) ^ - (Td4[(t2 >> 16) & 0xff] << 16) ^ - (Td4[(t1 >> 8) & 0xff] << 8) ^ - (Td4[(t0 ) & 0xff]) ^ + ((u32)Td4[(t3 >> 24) ] << 24) ^ + ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t0 ) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } @@ -1233,10 +1233,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -1253,10 +1253,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -1275,10 +1275,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -1288,10 +1288,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] << 24) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp ) & 0xff]); + ((u32)Te4[(temp >> 24) ] << 24) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp ) & 0xff]); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index 132b09a..c869ed7 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -499,10 +499,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -519,10 +519,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -541,10 +541,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -554,10 +554,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp ) & 0xff] ) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 24) ] << 24); + ((u32)Te4[(temp ) & 0xff] ) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 24) ] << 24); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; @@ -676,22 +676,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Te4); - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; /* now do the linear transform using words */ { int i; @@ -742,22 +742,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -812,28 +812,28 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, prefetch256(Te4); *(u32*)(out+0) = - Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24 ^ + (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24 ^ rk[0]; *(u32*)(out+4) = - Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24 ^ + (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24 ^ rk[1]; *(u32*)(out+8) = - Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24 ^ + (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24 ^ rk[2]; *(u32*)(out+12) = - Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24 ^ + (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24 ^ rk[3]; #else *(u32*)(out+0) = @@ -890,22 +890,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Td4); - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -967,22 +967,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -1046,27 +1046,27 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, prefetch256(Td4); *(u32*)(out+0) = - (Td4[(s0 ) & 0xff]) ^ - (Td4[(s3 >> 8) & 0xff] << 8) ^ - (Td4[(s2 >> 16) & 0xff] << 16) ^ - (Td4[(s1 >> 24) ] << 24) ^ + ((u32)Td4[(s0 ) & 0xff]) ^ + ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s1 >> 24) ] << 24) ^ rk[0]; *(u32*)(out+4) = - (Td4[(s1 ) & 0xff]) ^ - (Td4[(s0 >> 8) & 0xff] << 8) ^ - (Td4[(s3 >> 16) & 0xff] << 16) ^ - (Td4[(s2 >> 24) ] << 24) ^ + ((u32)Td4[(s1 ) & 0xff]) ^ + ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s2 >> 24) ] << 24) ^ rk[1]; *(u32*)(out+8) = - (Td4[(s2 ) & 0xff]) ^ - (Td4[(s1 >> 8) & 0xff] << 8) ^ - (Td4[(s0 >> 16) & 0xff] << 16) ^ - (Td4[(s3 >> 24) ] << 24) ^ + ((u32)Td4[(s2 ) & 0xff]) ^ + ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s3 >> 24) ] << 24) ^ rk[2]; *(u32*)(out+12) = - (Td4[(s3 ) & 0xff]) ^ - (Td4[(s2 >> 8) & 0xff] << 8) ^ - (Td4[(s1 >> 16) & 0xff] << 16) ^ - (Td4[(s0 >> 24) ] << 24) ^ + ((u32)Td4[(s3 ) & 0xff]) ^ + ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s0 >> 24) ] << 24) ^ rk[3]; } From emilia at openssl.org Sat Mar 14 04:15:38 2015 From: emilia at openssl.org (Emilia Kasper) Date: Sat, 14 Mar 2015 04:15:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426306538.061221.9532.nullmailer@dev.openssl.org> The branch master has been updated via 8b37e5c14f0eddb10c7f91ef91004622d90ef361 (commit) from 3d6aa6d441fe8124d247dffee5c68c2e5efd8258 (commit) - Log ----------------------------------------------------------------- commit 8b37e5c14f0eddb10c7f91ef91004622d90ef361 Author: Emilia Kasper Date: Fri Mar 13 21:10:13 2015 -0700 Fix undefined behaviour in shifts. Td4 and Te4 are arrays of u8. A u8 << int promotes the u8 to an int first then shifts. If the mathematical result of a shift (as modelled by lhs * 2^{rhs}) is not representable in an integer, behaviour is undefined. In other words, you can't shift into the sign bit of a signed integer. Fix this by casting to u32 whenever we're shifting left by 24. (For consistency, cast other shifts, too.) Caught by -fsanitize=shift Submitted by Nick Lewycky (Google) Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: crypto/aes/aes_core.c | 64 +++++++------- crypto/aes/aes_x86core.c | 224 +++++++++++++++++++++++------------------------ 2 files changed, 144 insertions(+), 144 deletions(-) diff --git a/crypto/aes/aes_core.c b/crypto/aes/aes_core.c index e8ea369..1e4455a 100644 --- a/crypto/aes/aes_core.c +++ b/crypto/aes/aes_core.c @@ -1131,31 +1131,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, * map cipher state to byte array block: */ s0 = - (Td4[(t0 >> 24) ] << 24) ^ - (Td4[(t3 >> 16) & 0xff] << 16) ^ - (Td4[(t2 >> 8) & 0xff] << 8) ^ - (Td4[(t1 ) & 0xff]) ^ + ((u32)Td4[(t0 >> 24) ] << 24) ^ + ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t1 ) & 0xff]) ^ rk[0]; PUTU32(out , s0); s1 = - (Td4[(t1 >> 24) ] << 24) ^ - (Td4[(t0 >> 16) & 0xff] << 16) ^ - (Td4[(t3 >> 8) & 0xff] << 8) ^ - (Td4[(t2 ) & 0xff]) ^ + ((u32)Td4[(t1 >> 24) ] << 24) ^ + ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t2 ) & 0xff]) ^ rk[1]; PUTU32(out + 4, s1); s2 = - (Td4[(t2 >> 24) ] << 24) ^ - (Td4[(t1 >> 16) & 0xff] << 16) ^ - (Td4[(t0 >> 8) & 0xff] << 8) ^ - (Td4[(t3 ) & 0xff]) ^ + ((u32)Td4[(t2 >> 24) ] << 24) ^ + ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t3 ) & 0xff]) ^ rk[2]; PUTU32(out + 8, s2); s3 = - (Td4[(t3 >> 24) ] << 24) ^ - (Td4[(t2 >> 16) & 0xff] << 16) ^ - (Td4[(t1 >> 8) & 0xff] << 8) ^ - (Td4[(t0 ) & 0xff]) ^ + ((u32)Td4[(t3 >> 24) ] << 24) ^ + ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(t1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(t0 ) & 0xff]) ^ rk[3]; PUTU32(out + 12, s3); } @@ -1234,10 +1234,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -1254,10 +1254,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -1276,10 +1276,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 16) & 0xff] << 24) ^ - (Te4[(temp >> 8) & 0xff] << 16) ^ - (Te4[(temp ) & 0xff] << 8) ^ - (Te4[(temp >> 24) ]) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ]) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -1289,10 +1289,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp >> 24) ] << 24) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp ) & 0xff]); + ((u32)Te4[(temp >> 24) ] << 24) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp ) & 0xff]); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; diff --git a/crypto/aes/aes_x86core.c b/crypto/aes/aes_x86core.c index 132b09a..c869ed7 100644 --- a/crypto/aes/aes_x86core.c +++ b/crypto/aes/aes_x86core.c @@ -499,10 +499,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[3]; rk[4] = rk[0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[5] = rk[1] ^ rk[4]; rk[6] = rk[2] ^ rk[5]; @@ -519,10 +519,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 5]; rk[ 6] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[ 7] = rk[ 1] ^ rk[ 6]; rk[ 8] = rk[ 2] ^ rk[ 7]; @@ -541,10 +541,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, while (1) { temp = rk[ 7]; rk[ 8] = rk[ 0] ^ - (Te4[(temp >> 8) & 0xff] ) ^ - (Te4[(temp >> 16) & 0xff] << 8) ^ - (Te4[(temp >> 24) ] << 16) ^ - (Te4[(temp ) & 0xff] << 24) ^ + ((u32)Te4[(temp >> 8) & 0xff] ) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 24) ] << 16) ^ + ((u32)Te4[(temp ) & 0xff] << 24) ^ rcon[i]; rk[ 9] = rk[ 1] ^ rk[ 8]; rk[10] = rk[ 2] ^ rk[ 9]; @@ -554,10 +554,10 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits, } temp = rk[11]; rk[12] = rk[ 4] ^ - (Te4[(temp ) & 0xff] ) ^ - (Te4[(temp >> 8) & 0xff] << 8) ^ - (Te4[(temp >> 16) & 0xff] << 16) ^ - (Te4[(temp >> 24) ] << 24); + ((u32)Te4[(temp ) & 0xff] ) ^ + ((u32)Te4[(temp >> 8) & 0xff] << 8) ^ + ((u32)Te4[(temp >> 16) & 0xff] << 16) ^ + ((u32)Te4[(temp >> 24) ] << 24); rk[13] = rk[ 5] ^ rk[12]; rk[14] = rk[ 6] ^ rk[13]; rk[15] = rk[ 7] ^ rk[14]; @@ -676,22 +676,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Te4); - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; /* now do the linear transform using words */ { int i; @@ -742,22 +742,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24; - t[1] = Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24; - t[2] = Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24; - t[3] = Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24; + t[0] = (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24; + t[1] = (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24; + t[2] = (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24; + t[3] = (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -812,28 +812,28 @@ void AES_encrypt(const unsigned char *in, unsigned char *out, prefetch256(Te4); *(u32*)(out+0) = - Te4[(s0 ) & 0xff] ^ - Te4[(s1 >> 8) & 0xff] << 8 ^ - Te4[(s2 >> 16) & 0xff] << 16 ^ - Te4[(s3 >> 24) ] << 24 ^ + (u32)Te4[(s0 ) & 0xff] ^ + (u32)Te4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s3 >> 24) ] << 24 ^ rk[0]; *(u32*)(out+4) = - Te4[(s1 ) & 0xff] ^ - Te4[(s2 >> 8) & 0xff] << 8 ^ - Te4[(s3 >> 16) & 0xff] << 16 ^ - Te4[(s0 >> 24) ] << 24 ^ + (u32)Te4[(s1 ) & 0xff] ^ + (u32)Te4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s0 >> 24) ] << 24 ^ rk[1]; *(u32*)(out+8) = - Te4[(s2 ) & 0xff] ^ - Te4[(s3 >> 8) & 0xff] << 8 ^ - Te4[(s0 >> 16) & 0xff] << 16 ^ - Te4[(s1 >> 24) ] << 24 ^ + (u32)Te4[(s2 ) & 0xff] ^ + (u32)Te4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s1 >> 24) ] << 24 ^ rk[2]; *(u32*)(out+12) = - Te4[(s3 ) & 0xff] ^ - Te4[(s0 >> 8) & 0xff] << 8 ^ - Te4[(s1 >> 16) & 0xff] << 16 ^ - Te4[(s2 >> 24) ] << 24 ^ + (u32)Te4[(s3 ) & 0xff] ^ + (u32)Te4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Te4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Te4[(s2 >> 24) ] << 24 ^ rk[3]; #else *(u32*)(out+0) = @@ -890,22 +890,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, #if defined(AES_COMPACT_IN_OUTER_ROUNDS) prefetch256(Td4); - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -967,22 +967,22 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, */ for (rk+=8,r=key->rounds-2; r>0; rk+=4,r--) { #if defined(AES_COMPACT_IN_INNER_ROUNDS) - t[0] = Td4[(s0 ) & 0xff] ^ - Td4[(s3 >> 8) & 0xff] << 8 ^ - Td4[(s2 >> 16) & 0xff] << 16 ^ - Td4[(s1 >> 24) ] << 24; - t[1] = Td4[(s1 ) & 0xff] ^ - Td4[(s0 >> 8) & 0xff] << 8 ^ - Td4[(s3 >> 16) & 0xff] << 16 ^ - Td4[(s2 >> 24) ] << 24; - t[2] = Td4[(s2 ) & 0xff] ^ - Td4[(s1 >> 8) & 0xff] << 8 ^ - Td4[(s0 >> 16) & 0xff] << 16 ^ - Td4[(s3 >> 24) ] << 24; - t[3] = Td4[(s3 ) & 0xff] ^ - Td4[(s2 >> 8) & 0xff] << 8 ^ - Td4[(s1 >> 16) & 0xff] << 16 ^ - Td4[(s0 >> 24) ] << 24; + t[0] = (u32)Td4[(s0 ) & 0xff] ^ + (u32)Td4[(s3 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s2 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s1 >> 24) ] << 24; + t[1] = (u32)Td4[(s1 ) & 0xff] ^ + (u32)Td4[(s0 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s3 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s2 >> 24) ] << 24; + t[2] = (u32)Td4[(s2 ) & 0xff] ^ + (u32)Td4[(s1 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s0 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s3 >> 24) ] << 24; + t[3] = (u32)Td4[(s3 ) & 0xff] ^ + (u32)Td4[(s2 >> 8) & 0xff] << 8 ^ + (u32)Td4[(s1 >> 16) & 0xff] << 16 ^ + (u32)Td4[(s0 >> 24) ] << 24; /* now do the linear transform using words */ { @@ -1046,27 +1046,27 @@ void AES_decrypt(const unsigned char *in, unsigned char *out, prefetch256(Td4); *(u32*)(out+0) = - (Td4[(s0 ) & 0xff]) ^ - (Td4[(s3 >> 8) & 0xff] << 8) ^ - (Td4[(s2 >> 16) & 0xff] << 16) ^ - (Td4[(s1 >> 24) ] << 24) ^ + ((u32)Td4[(s0 ) & 0xff]) ^ + ((u32)Td4[(s3 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s2 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s1 >> 24) ] << 24) ^ rk[0]; *(u32*)(out+4) = - (Td4[(s1 ) & 0xff]) ^ - (Td4[(s0 >> 8) & 0xff] << 8) ^ - (Td4[(s3 >> 16) & 0xff] << 16) ^ - (Td4[(s2 >> 24) ] << 24) ^ + ((u32)Td4[(s1 ) & 0xff]) ^ + ((u32)Td4[(s0 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s3 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s2 >> 24) ] << 24) ^ rk[1]; *(u32*)(out+8) = - (Td4[(s2 ) & 0xff]) ^ - (Td4[(s1 >> 8) & 0xff] << 8) ^ - (Td4[(s0 >> 16) & 0xff] << 16) ^ - (Td4[(s3 >> 24) ] << 24) ^ + ((u32)Td4[(s2 ) & 0xff]) ^ + ((u32)Td4[(s1 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s0 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s3 >> 24) ] << 24) ^ rk[2]; *(u32*)(out+12) = - (Td4[(s3 ) & 0xff]) ^ - (Td4[(s2 >> 8) & 0xff] << 8) ^ - (Td4[(s1 >> 16) & 0xff] << 16) ^ - (Td4[(s0 >> 24) ] << 24) ^ + ((u32)Td4[(s3 ) & 0xff]) ^ + ((u32)Td4[(s2 >> 8) & 0xff] << 8) ^ + ((u32)Td4[(s1 >> 16) & 0xff] << 16) ^ + ((u32)Td4[(s0 >> 24) ] << 24) ^ rk[3]; } From kurt at openssl.org Sat Mar 14 17:24:32 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 14 Mar 2015 17:24:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426353872.957477.20148.nullmailer@dev.openssl.org> The branch master has been updated via 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60 (commit) from 8b37e5c14f0eddb10c7f91ef91004622d90ef361 (commit) - Log ----------------------------------------------------------------- commit 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60 Author: Andy Polyakov Date: Sat Feb 21 13:51:56 2015 +0100 Avoid reading an unused byte after the buffer Other curves don't have this problem. Reviewed-by: Kurt Roeckx Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistp224.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index ffb50d8..a0c7bec 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -316,7 +316,7 @@ static void bin28_to_felem(felem out, const u8 in[28]) out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in + 21))) & 0x00ffffffffffffff; + out[3] = (*((const uint64_t *)(in+20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) From kurt at openssl.org Sat Mar 14 17:31:40 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 14 Mar 2015 17:31:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426354300.897863.22288.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 94be83127b08dc3977d2c14304aa61208db048d0 (commit) from be109b9eec79a90871e5deb7d6ede8c04f073884 (commit) - Log ----------------------------------------------------------------- commit 94be83127b08dc3977d2c14304aa61208db048d0 Author: Andy Polyakov Date: Sat Feb 21 13:51:56 2015 +0100 Avoid reading an unused byte after the buffer Other curves don't have this problem. Reviewed-by: Kurt Roeckx Reviewed-by: Emilia K?sper (cherry picked from commit 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistp224.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 9a59ef0..ed09f97 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -321,7 +321,7 @@ static void bin28_to_felem(felem out, const u8 in[28]) out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in + 21))) & 0x00ffffffffffffff; + out[3] = (*((const uint64_t *)(in+20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) From kurt at openssl.org Sat Mar 14 17:39:34 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 14 Mar 2015 17:39:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426354774.811663.24005.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via eadc81e7dd3fde473a9e38a57b4c29cf6b699110 (commit) from a2fcab9978a0905c4286051993da63329fda8a19 (commit) - Log ----------------------------------------------------------------- commit eadc81e7dd3fde473a9e38a57b4c29cf6b699110 Author: Andy Polyakov Date: Sat Feb 21 13:51:56 2015 +0100 Avoid reading an unused byte after the buffer Other curves don't have this problem. Reviewed-by: Kurt Roeckx Reviewed-by: Emilia K?sper (cherry picked from commit 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistp224.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 9a59ef0..ed09f97 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -321,7 +321,7 @@ static void bin28_to_felem(felem out, const u8 in[28]) out[0] = *((const uint64_t *)(in)) & 0x00ffffffffffffff; out[1] = (*((const uint64_t *)(in + 7))) & 0x00ffffffffffffff; out[2] = (*((const uint64_t *)(in + 14))) & 0x00ffffffffffffff; - out[3] = (*((const uint64_t *)(in + 21))) & 0x00ffffffffffffff; + out[3] = (*((const uint64_t *)(in+20))) >> 8; } static void felem_to_bin28(u8 out[28], const felem in) From kurt at openssl.org Sat Mar 14 17:48:41 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sat, 14 Mar 2015 17:48:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1426355321.674720.26365.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via c85c1e08ce4148b64a80497525fa5e5efc87d13a (commit) from c2f5de13cd09179169b28179ad1e1cac0e4cd1fb (commit) - Log ----------------------------------------------------------------- commit c85c1e08ce4148b64a80497525fa5e5efc87d13a Author: Kurt Roeckx Date: Sun Mar 8 15:11:33 2015 +0100 Disable export and SSLv2 ciphers by default They are moved to the COMPLEMENTOFDEFAULT instead. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 ++- doc/apps/ciphers.pod | 2 +- ssl/ssl.h | 3 +-- ssl/ssl_ciph.c | 16 +++++++++++++--- ssl/ssl_lib.c | 1 + 5 files changed, 18 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index 71856be..c2a3931 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 0.9.8ze and 0.9.8zf [xx XXX xxxx] - *) + *) Removed the export and SSLv2 ciphers from the DEFAULT ciphers + [Kurt Roeckx] Changes between 0.9.8zd and 0.9.8ze [15 Jan 2015] diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 694e433..01d31dd 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -105,7 +105,7 @@ The following is a list of all permitted cipher strings and their meanings. =item B the default cipher list. This is determined at compile time and is normally -B. This must be the first cipher string +B. This must be the first cipher string specified. =item B diff --git a/ssl/ssl.h b/ssl/ssl.h index 29f8870..ee9944f 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -323,8 +323,7 @@ extern "C" { * The following cipher list is used by default. It also is substituted when * an application-defined cipher list string starts with 'DEFAULT'. */ -/* low priority for RC4 */ -# define SSL_DEFAULT_CIPHER_LIST "AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" +# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:@STRENGTH" /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 33a472e..773a5d1 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -174,12 +174,11 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_ALL, 0, SSL_ALL & ~SSL_eNULL & ~SSL_kECDH & ~SSL_kECDHE, SSL_ALL, 0, 0, 0, SSL_ALL, SSL_ALL}, /* - * TODO: COMPLEMENT OF ALL and COMPLEMENT OF DEFAULT do not have ECC - * cipher suites handled properly. + * TODO: COMPLEMENT OF ALL do not have ECC cipher suites handled properly. */ /* COMPLEMENT OF ALL */ {0, SSL_TXT_CMPALL, 0, SSL_eNULL, 0, 0, 0, 0, SSL_ENC_MASK, 0}, - {0, SSL_TXT_CMPDEF, 0, SSL_ADH, 0, 0, 0, 0, SSL_AUTH_MASK, 0}, + {0, SSL_TXT_CMPDEF, 0, SSL_ADH, SSL_EXP_MASK, 0, 0, 0, SSL_AUTH_MASK, 0}, /* VRS Kerberos5 */ {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, SSL_MKEY_MASK, 0}, {0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, SSL_MKEY_MASK, 0}, @@ -636,6 +635,15 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, curr2 = curr->next; cp = curr->cipher; + /* Special case: only satisfied by COMPLEMENTOFDEFAULT */ + if (algo_strength == SSL_EXP_MASK) { + if ((SSL_C_IS_EXPORT(cp) || cp->algorithms & SSL_SSLV2 + || cp->algorithms & SSL_aNULL) + && !(cp->algorithms & (SSL_kECDHE|SSL_kECDH))) + goto ok; + else + continue; + } /* * If explicit cipher suite, match only that one for its own protocol @@ -675,6 +683,8 @@ static void ssl_cipher_apply_rule(unsigned long cipher_id, } else if (strength_bits != cp->strength_bits) continue; /* does not apply */ + ok: + #ifdef CIPHER_DEBUG printf("Action = %d\n", rule); #endif diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bdbea75..7182bd2 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1562,6 +1562,7 @@ SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) ssl_create_cipher_list(ret->method, &ret->cipher_list, &ret->cipher_list_by_id, + meth->version == SSL2_VERSION ? "SSLv2" : SSL_DEFAULT_CIPHER_LIST); if (ret->cipher_list == NULL || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS); From kurt at openssl.org Sun Mar 15 11:17:49 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Sun, 15 Mar 2015 11:17:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426418269.185591.20390.nullmailer@dev.openssl.org> The branch master has been updated via 2c3823491d8812560922a58677e3ad2db4b2ec8d (commit) from 9fbbdd73c58c29dc46cc314f7165e45e6d43fd60 (commit) - Log ----------------------------------------------------------------- commit 2c3823491d8812560922a58677e3ad2db4b2ec8d Author: Kurt Roeckx Date: Sat Mar 14 18:09:44 2015 +0100 Remove ssl_cert_inst() It created the cert structure in SSL_CTX or SSL if it was NULL, but they can never be NULL as the comments already said. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 32 -------------------------------- ssl/ssl_cert.c | 25 ------------------------- ssl/ssl_err.c | 1 - ssl/ssl_lib.c | 28 ++++++++++++---------------- ssl/ssl_locl.h | 1 - ssl/ssl_rsa.c | 28 ---------------------------- 6 files changed, 12 insertions(+), 103 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index f4369eb..3e6530e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3252,22 +3252,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -# ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA || cmd == SSL_CTRL_SET_TMP_RSA_CB || -# endif -# ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH || cmd == SSL_CTRL_SET_TMP_DH_CB || -# endif - 0) { - if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); - return (0); - } - } -#endif - switch (cmd) { case SSL_CTRL_GET_SESSION_REUSED: ret = s->hit; @@ -3705,22 +3689,6 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) { int ret = 0; -#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) - if ( -# ifndef OPENSSL_NO_RSA - cmd == SSL_CTRL_SET_TMP_RSA_CB || -# endif -# ifndef OPENSSL_NO_DSA - cmd == SSL_CTRL_SET_TMP_DH_CB || -# endif - 0) { - if (!ssl_cert_inst(&s->cert)) { - SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); - return (0); - } - } -#endif - switch (cmd) { #ifndef OPENSSL_NO_RSA case SSL_CTRL_SET_TMP_RSA_CB: diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index fa0c693..a88d211 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -484,31 +484,6 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c); } -int ssl_cert_inst(CERT **o) -{ - /* - * Create a CERT if there isn't already one (which cannot really happen, - * as it is initially created in SSL_CTX_new; but the earlier code - * usually allows for that one being non-existant, so we follow that - * behaviour, as it might turn out that there actually is a reason for it - * -- but I'm not sure that *all* of the existing code could cope with - * s->cert being NULL, otherwise we could do without the initialization - * in SSL_CTX_new). - */ - - if (o == NULL) { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); - return (0); - } - if (*o == NULL) { - if ((*o = ssl_cert_new()) == NULL) { - SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); - return (0); - } - } - return (1); -} - int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain) { int i, r; diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index e7adcf5..f370e9e 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -202,7 +202,6 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST), "ssl_bytes_to_cipher_list"}, {ERR_FUNC(SSL_F_SSL_CERT_ADD0_CHAIN_CERT), "ssl_cert_add0_chain_cert"}, {ERR_FUNC(SSL_F_SSL_CERT_DUP), "ssl_cert_dup"}, - {ERR_FUNC(SSL_F_SSL_CERT_INST), "ssl_cert_inst"}, {ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE), "SSL_CERT_INSTANTIATE"}, {ERR_FUNC(SSL_F_SSL_CERT_NEW), "ssl_cert_new"}, {ERR_FUNC(SSL_F_SSL_CERT_SET0_CHAIN), "ssl_cert_set0_chain"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3bce4cf..a5eb3db 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -288,22 +288,18 @@ SSL *SSL_new(SSL_CTX *ctx) s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; - if (ctx->cert != NULL) { - /* - * Earlier library versions used to copy the pointer to the CERT, not - * its contents; only when setting new parameters for the per-SSL - * copy, ssl_cert_new would be called (and the direct reference to - * the per-SSL_CTX settings would be lost, but those still were - * indirectly accessed for various purposes, and for that reason they - * used to be known as s->ctx->default_cert). Now we don't look at the - * SSL_CTX's CERT after having duplicated it once. - */ - - s->cert = ssl_cert_dup(ctx->cert); - if (s->cert == NULL) - goto err; - } else - s->cert = NULL; /* Cannot really happen (see SSL_CTX_new) */ + /* + * Earlier library versions used to copy the pointer to the CERT, not + * its contents; only when setting new parameters for the per-SSL + * copy, ssl_cert_new would be called (and the direct reference to + * the per-SSL_CTX settings would be lost, but those still were + * indirectly accessed for various purposes, and for that reason they + * used to be known as s->ctx->default_cert). Now we don't look at the + * SSL_CTX's CERT after having duplicated it once. + */ + s->cert = ssl_cert_dup(ctx->cert); + if (s->cert == NULL) + goto err; s->read_ahead = ctx->read_ahead; s->msg_callback = ctx->msg_callback; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index a16ad08..3396572 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -2053,7 +2053,6 @@ int ssl_clear_bad_session(SSL *s); CERT *ssl_cert_new(void); CERT *ssl_cert_dup(CERT *cert); void ssl_cert_set_default_md(CERT *cert); -int ssl_cert_inst(CERT **o); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); SESS_CERT *ssl_sess_cert_new(void); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 723da6e..8799d3d 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -79,10 +79,6 @@ int SSL_use_certificate(SSL *ssl, X509 *x) return 0; } - if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); - return (0); - } return (ssl_set_cert(ssl->cert, x)); } @@ -157,10 +153,6 @@ int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); return (0); @@ -302,10 +294,6 @@ int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ssl->cert)) { - SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } ret = ssl_set_pkey(ssl->cert, pkey); return (ret); } @@ -383,10 +371,6 @@ int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv); return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_MALLOC_FAILURE); - return (0); - } return (ssl_set_cert(ctx->cert, x)); } @@ -519,10 +503,6 @@ int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } if ((pkey = EVP_PKEY_new()) == NULL) { SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB); return (0); @@ -603,10 +583,6 @@ int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER); return (0); } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_MALLOC_FAILURE); - return (0); - } return (ssl_set_pkey(ctx->cert, pkey)); } @@ -900,10 +876,6 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, SSL_R_INVALID_SERVERINFO_DATA); return 0; } - if (!ssl_cert_inst(&ctx->cert)) { - SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_MALLOC_FAILURE); - return 0; - } if (ctx->cert->key == NULL) { SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO, ERR_R_INTERNAL_ERROR); return 0; From levitte at openssl.org Sun Mar 15 12:16:14 2015 From: levitte at openssl.org (Richard Levitte) Date: Sun, 15 Mar 2015 12:16:14 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1426421774.135001.30064.nullmailer@dev.openssl.org> The branch master has been updated via 042b5cd96c9159769c9539aa805849fa93f995f7 (commit) from c1a690a05e888b41ed73cc24a91e471ea47d4fe8 (commit) - Log ----------------------------------------------------------------- commit 042b5cd96c9159769c9539aa805849fa93f995f7 Author: Richard Levitte Date: Sun Mar 15 13:15:33 2015 +0100 Use the file name produced by Makefile ----------------------------------------------------------------------- Summary of changes: support/funding/support-faq.wml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/funding/support-faq.wml b/support/funding/support-faq.wml index 54a0025..88eab91 100644 --- a/support/funding/support-faq.wml +++ b/support/funding/support-faq.wml @@ -4,4 +4,4 @@ Support Contract FAQ

Support Contract FAQ

- + From steve at openssl.org Sun Mar 15 15:56:53 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 15 Mar 2015 15:56:53 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1426435013.395855.12600.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via c58f4f73bdb66355b77cd8749afd5deba3d954c1 (commit) from c85c1e08ce4148b64a80497525fa5e5efc87d13a (commit) - Log ----------------------------------------------------------------- commit c58f4f73bdb66355b77cd8749afd5deba3d954c1 Author: Dr. Stephen Henson Date: Sat Mar 14 14:10:35 2015 +0000 Tolerate test_sqr errors for FIPS builds. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/bn/bntest.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crypto/bn/bntest.c b/crypto/bn/bntest.c index e73f198..6008d15 100644 --- a/crypto/bn/bntest.c +++ b/crypto/bn/bntest.c @@ -722,7 +722,15 @@ int test_sqr(BIO *bp, BN_CTX *ctx) if (BN_cmp(c, d)) { fprintf(stderr, "Square test failed: BN_sqr and BN_mul produce " "different results!\n"); +#ifdef OPENSSL_FIPS + /* + * This test fails if we are linked to the FIPS module. Unfortunately + * that can't be fixed so we print out the error but continue anyway. + */ + fprintf(stderr, " FIPS build: ignoring.\n"); +#else goto err; +#endif } /* Regression test for a BN_sqr overflow bug. */ From steve at openssl.org Sun Mar 15 15:56:53 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 15 Mar 2015 15:56:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426435013.474650.12623.nullmailer@dev.openssl.org> The branch master has been updated via eef53ee50bc6f0a6e74b27b6cfa07df44513074f (commit) from 2c3823491d8812560922a58677e3ad2db4b2ec8d (commit) - Log ----------------------------------------------------------------- commit eef53ee50bc6f0a6e74b27b6cfa07df44513074f Author: Dr. Stephen Henson Date: Sat Mar 14 22:42:55 2015 +0000 Update ordinals, fix error message. Update error messages to say "EC is disabled" these can then be picked up by mkdef.pl. Update ordinals. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/ecdh/ecdh.h | 2 +- crypto/ecdsa/ecdsa.h | 2 +- util/libeay.num | 78 ++++++++++++++++++++++++++-------------------------- util/ssleay.num | 9 ++++-- 4 files changed, 48 insertions(+), 43 deletions(-) diff --git a/crypto/ecdh/ecdh.h b/crypto/ecdh/ecdh.h index 25ccdc9..8a48b12 100644 --- a/crypto/ecdh/ecdh.h +++ b/crypto/ecdh/ecdh.h @@ -72,7 +72,7 @@ # include # ifdef OPENSSL_NO_EC -# error ECDH is disabled. +# error EC is disabled. # endif # include diff --git a/crypto/ecdsa/ecdsa.h b/crypto/ecdsa/ecdsa.h index 3876004..f60c229 100644 --- a/crypto/ecdsa/ecdsa.h +++ b/crypto/ecdsa/ecdsa.h @@ -62,7 +62,7 @@ # include # ifdef OPENSSL_NO_EC -# error ECDSA is disabled. +# error EC is disabled. # endif # include diff --git a/util/libeay.num b/util/libeay.num index a991d77..3ad7e1d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2913,7 +2913,7 @@ STORE_set_method 3348 NOEXIST::FUNCTION: GENERAL_SUBTREE_free 3349 EXIST::FUNCTION: NAME_CONSTRAINTS_it 3350 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: NAME_CONSTRAINTS_it 3350 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -ECDH_get_default_method 3351 EXIST::FUNCTION:ECDH +ECDH_get_default_method 3351 EXIST::FUNCTION:EC PKCS12_add_safe 3352 EXIST::FUNCTION: EC_KEY_new_by_curve_name 3353 EXIST::FUNCTION:EC STORE_meth_get_update_store_fn 3354 NOEXIST::FUNCTION: @@ -2961,7 +2961,7 @@ STORE_get_public_key 3391 NOEXIST::FUNCTION: STORE_modify_arbitrary 3392 NOEXIST::FUNCTION: ENGINE_get_static_state 3393 EXIST::FUNCTION:ENGINE pqueue_iterator 3394 EXIST::FUNCTION: -ECDSA_SIG_new 3395 EXIST::FUNCTION:ECDSA +ECDSA_SIG_new 3395 EXIST::FUNCTION:EC OPENSSL_DIR_end 3396 EXIST::FUNCTION: BN_GF2m_mod_sqr 3397 EXIST::FUNCTION:EC2M EC_POINT_bn2point 3398 EXIST::FUNCTION:EC @@ -2969,7 +2969,7 @@ X509_VERIFY_PARAM_set_depth 3399 EXIST::FUNCTION: EC_KEY_set_asn1_flag 3400 EXIST::FUNCTION:EC STORE_get_method 3401 NOEXIST::FUNCTION: EC_KEY_get_key_method_data 3402 EXIST::FUNCTION:EC -ECDSA_sign_ex 3403 EXIST::FUNCTION:ECDSA +ECDSA_sign_ex 3403 EXIST::FUNCTION:EC STORE_parse_attrs_end 3404 NOEXIST::FUNCTION: EC_GROUP_get_point_conversion_form 3405 EXIST:!VMS:FUNCTION:EC EC_GROUP_get_point_conv_form 3405 EXIST:VMS:FUNCTION:EC @@ -2983,7 +2983,7 @@ X509_VERIFY_PARAM_set1_policies 3412 EXIST::FUNCTION: X509_VERIFY_PARAM_set1_name 3413 EXIST::FUNCTION: X509_VERIFY_PARAM_set_purpose 3414 EXIST::FUNCTION: STORE_get_number 3415 NOEXIST::FUNCTION: -ECDSA_sign_setup 3416 EXIST::FUNCTION:ECDSA +ECDSA_sign_setup 3416 EXIST::FUNCTION:EC BN_GF2m_mod_solve_quad_arr 3417 EXIST::FUNCTION:EC2M EC_KEY_up_ref 3418 EXIST::FUNCTION:EC POLICY_MAPPING_free 3419 EXIST::FUNCTION: @@ -3008,11 +3008,11 @@ X509_policy_level_node_count 3434 EXIST::FUNCTION: STORE_new_engine 3435 NOEXIST::FUNCTION: STORE_list_public_key_start 3436 NOEXIST::FUNCTION: X509_VERIFY_PARAM_new 3437 EXIST::FUNCTION: -ECDH_get_ex_data 3438 EXIST::FUNCTION:ECDH +ECDH_get_ex_data 3438 EXIST::FUNCTION:EC EVP_PKEY_get_attr 3439 EXIST::FUNCTION: -ECDSA_do_sign 3440 EXIST::FUNCTION:ECDSA +ECDSA_do_sign 3440 EXIST::FUNCTION:EC ENGINE_unregister_ECDH 3441 EXIST::FUNCTION:ENGINE -ECDH_OpenSSL 3442 EXIST::FUNCTION:ECDH +ECDH_OpenSSL 3442 EXIST::FUNCTION:EC EC_KEY_set_conv_form 3443 EXIST::FUNCTION:EC EC_POINT_dup 3444 EXIST::FUNCTION:EC GENERAL_SUBTREE_new 3445 EXIST::FUNCTION: @@ -3026,7 +3026,7 @@ BN_GF2m_mod_sqrt_arr 3451 EXIST::FUNCTION:EC2M i2d_ECPrivateKey_bio 3452 EXIST::FUNCTION:EC ECPKParameters_print_fp 3453 EXIST::FUNCTION:EC,STDIO pqueue_find 3454 EXIST::FUNCTION: -ECDSA_SIG_free 3455 EXIST::FUNCTION:ECDSA +ECDSA_SIG_free 3455 EXIST::FUNCTION:EC PEM_write_bio_ECPKParameters 3456 EXIST::FUNCTION:EC STORE_method_set_ctrl_function 3457 NOEXIST::FUNCTION: STORE_list_public_key_end 3458 NOEXIST::FUNCTION: @@ -3084,7 +3084,7 @@ X509_STORE_CTX_get0_param 3505 EXIST::FUNCTION: STORE_delete_arbitrary 3506 NOEXIST::FUNCTION: PEM_read_X509_CERT_PAIR 3507 NOEXIST::FUNCTION: X509_STORE_set_depth 3508 EXIST::FUNCTION: -ECDSA_get_ex_data 3509 EXIST::FUNCTION:ECDSA +ECDSA_get_ex_data 3509 EXIST::FUNCTION:EC SHA224 3510 EXIST::FUNCTION: BIO_dump_indent_fp 3511 EXIST::FUNCTION:STDIO EC_KEY_set_group 3512 EXIST::FUNCTION:EC @@ -3097,7 +3097,7 @@ ERR_load_STORE_strings 3518 NOEXIST::FUNCTION: PEM_read_bio_EC_PUBKEY 3519 EXIST::FUNCTION:EC STORE_list_private_key_end 3520 NOEXIST::FUNCTION: i2d_EC_PUBKEY 3521 EXIST::FUNCTION:EC -ECDSA_get_default_method 3522 EXIST::FUNCTION:ECDSA +ECDSA_get_default_method 3522 EXIST::FUNCTION:EC ASN1_put_eoc 3523 EXIST::FUNCTION: X509_STORE_CTX_get_explicit_policy 3524 EXIST:!VMS:FUNCTION: X509_STORE_CTX_get_expl_policy 3524 EXIST:VMS:FUNCTION: @@ -3128,7 +3128,7 @@ EC_GROUP_set_curve_GF2m 3545 EXIST::FUNCTION:EC,EC2M ENGINE_set_default_ECDSA 3546 EXIST::FUNCTION:ENGINE POLICY_CONSTRAINTS_new 3547 EXIST::FUNCTION: BN_GF2m_mod_sqrt 3548 EXIST::FUNCTION:EC2M -ECDH_set_default_method 3549 EXIST::FUNCTION:ECDH +ECDH_set_default_method 3549 EXIST::FUNCTION:EC EC_KEY_generate_key 3550 EXIST::FUNCTION:EC SHA384_Update 3551 EXIST:!VMSVAX:FUNCTION: BN_GF2m_arr2poly 3552 EXIST::FUNCTION:EC2M @@ -3173,7 +3173,7 @@ BIO_dgram_non_fatal_error 3586 EXIST::FUNCTION: EC_GROUP_get_asn1_flag 3587 EXIST::FUNCTION:EC STORE_ATTR_INFO_in_ex 3588 NOEXIST::FUNCTION: STORE_list_crl_start 3589 NOEXIST::FUNCTION: -ECDH_get_ex_new_index 3590 EXIST::FUNCTION:ECDH +ECDH_get_ex_new_index 3590 EXIST::FUNCTION:EC STORE_meth_get_modify_fn 3591 NOEXIST::FUNCTION: STORE_method_get_modify_function 3591 NOEXIST::FUNCTION: v2i_ASN1_BIT_STRING 3592 EXIST::FUNCTION: @@ -3197,22 +3197,22 @@ ECPKParameters_print 3607 EXIST::FUNCTION:EC EC_KEY_get0_private_key 3608 EXIST::FUNCTION:EC PEM_write_EC_PUBKEY 3609 EXIST::FUNCTION:EC X509_VERIFY_PARAM_set1 3610 EXIST::FUNCTION: -ECDH_set_method 3611 EXIST::FUNCTION:ECDH +ECDH_set_method 3611 EXIST::FUNCTION:EC v2i_GENERAL_NAME_ex 3612 EXIST::FUNCTION: -ECDH_set_ex_data 3613 EXIST::FUNCTION:ECDH +ECDH_set_ex_data 3613 EXIST::FUNCTION:EC STORE_generate_key 3614 NOEXIST::FUNCTION: BN_nist_mod_521 3615 EXIST::FUNCTION: X509_policy_tree_get0_level 3616 EXIST::FUNCTION: EC_GROUP_set_point_conversion_form 3617 EXIST:!VMS:FUNCTION:EC EC_GROUP_set_point_conv_form 3617 EXIST:VMS:FUNCTION:EC PEM_read_EC_PUBKEY 3618 EXIST::FUNCTION:EC -i2d_ECDSA_SIG 3619 EXIST::FUNCTION:ECDSA -ECDSA_OpenSSL 3620 EXIST::FUNCTION:ECDSA +i2d_ECDSA_SIG 3619 EXIST::FUNCTION:EC +ECDSA_OpenSSL 3620 EXIST::FUNCTION:EC STORE_delete_crl 3621 NOEXIST::FUNCTION: EC_KEY_get_enc_flags 3622 EXIST::FUNCTION:EC ASN1_const_check_infinite_end 3623 EXIST::FUNCTION: EVP_PKEY_delete_attr 3624 EXIST::FUNCTION: -ECDSA_set_default_method 3625 EXIST::FUNCTION:ECDSA +ECDSA_set_default_method 3625 EXIST::FUNCTION:EC EC_POINT_set_compressed_coordinates_GF2m 3626 EXIST:!VMS:FUNCTION:EC,EC2M EC_POINT_set_compr_coords_GF2m 3626 EXIST:VMS:FUNCTION:EC,EC2M EC_GROUP_cmp 3627 EXIST::FUNCTION:EC @@ -3225,7 +3225,7 @@ PEM_read_ECPrivateKey 3632 EXIST::FUNCTION:EC SHA512_Init 3633 EXIST:!VMSVAX:FUNCTION: STORE_parse_attrs_endp 3634 NOEXIST::FUNCTION: BN_set_negative 3635 EXIST::FUNCTION: -ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:ECDSA +ERR_load_ECDSA_strings 3636 EXIST::FUNCTION:EC EC_GROUP_get_basis_type 3637 EXIST::FUNCTION:EC STORE_list_public_key_next 3638 NOEXIST::FUNCTION: i2v_ASN1_BIT_STRING 3639 EXIST::FUNCTION: @@ -3233,7 +3233,7 @@ STORE_OBJECT_free 3640 NOEXIST::FUNCTION: BN_nist_mod_384 3641 EXIST::FUNCTION: i2d_X509_CERT_PAIR 3642 NOEXIST::FUNCTION: PEM_write_ECPKParameters 3643 EXIST::FUNCTION:EC -ECDH_compute_key 3644 EXIST::FUNCTION:ECDH +ECDH_compute_key 3644 EXIST::FUNCTION:EC STORE_ATTR_INFO_get0_sha1str 3645 NOEXIST::FUNCTION: ENGINE_register_all_ECDH 3646 EXIST::FUNCTION:ENGINE pqueue_pop 3647 EXIST::FUNCTION: @@ -3258,13 +3258,13 @@ ENGINE_get_default_ECDSA 3662 EXIST::FUNCTION:ENGINE EC_KEY_new 3663 EXIST::FUNCTION:EC SHA256_Transform 3664 EXIST::FUNCTION: EC_KEY_set_enc_flags 3665 EXIST::FUNCTION:EC -ECDSA_verify 3666 EXIST::FUNCTION:ECDSA +ECDSA_verify 3666 EXIST::FUNCTION:EC EC_POINT_point2hex 3667 EXIST::FUNCTION:EC ENGINE_get_STORE 3668 EXIST::FUNCTION:ENGINE SHA512 3669 EXIST:!VMSVAX:FUNCTION: STORE_get_certificate 3670 NOEXIST::FUNCTION: -ECDSA_do_sign_ex 3671 EXIST::FUNCTION:ECDSA -ECDSA_do_verify 3672 EXIST::FUNCTION:ECDSA +ECDSA_do_sign_ex 3671 EXIST::FUNCTION:EC +ECDSA_do_verify 3672 EXIST::FUNCTION:EC d2i_ECPrivateKey_fp 3673 EXIST::FUNCTION:EC,STDIO STORE_delete_certificate 3674 NOEXIST::FUNCTION: SHA512_Transform 3675 EXIST:!VMSVAX:FUNCTION: @@ -3301,7 +3301,7 @@ BN_nist_mod_256 3702 EXIST::FUNCTION: X509_VERIFY_PARAM_add0_table 3703 EXIST::FUNCTION: pqueue_free 3704 EXIST::FUNCTION: BN_BLINDING_create_param 3705 EXIST::FUNCTION: -ECDSA_size 3706 EXIST::FUNCTION:ECDSA +ECDSA_size 3706 EXIST::FUNCTION:EC d2i_EC_PUBKEY_bio 3707 EXIST::FUNCTION:EC BN_get0_nist_prime_521 3708 EXIST::FUNCTION: STORE_ATTR_INFO_modify_sha1str 3709 NOEXIST::FUNCTION: @@ -3313,9 +3313,9 @@ PEM_read_bio_ECPrivateKey 3714 EXIST::FUNCTION:EC STORE_meth_get_cleanup_fn 3715 NOEXIST::FUNCTION: STORE_method_get_cleanup_function 3715 NOEXIST::FUNCTION: ENGINE_get_ECDH 3716 EXIST::FUNCTION:ENGINE -d2i_ECDSA_SIG 3717 EXIST::FUNCTION:ECDSA +d2i_ECDSA_SIG 3717 EXIST::FUNCTION:EC BN_is_prime_fasttest_ex 3718 EXIST::FUNCTION: -ECDSA_sign 3719 EXIST::FUNCTION:ECDSA +ECDSA_sign 3719 EXIST::FUNCTION:EC X509_policy_check 3720 EXIST::FUNCTION: EVP_PKEY_get_attr_by_NID 3721 EXIST::FUNCTION: STORE_set_ex_data 3722 NOEXIST::FUNCTION: @@ -3324,10 +3324,10 @@ EVP_ecdsa 3724 EXIST::FUNCTION: BN_BLINDING_get_flags 3725 EXIST::FUNCTION: PKCS12_add_cert 3726 EXIST::FUNCTION: STORE_OBJECT_new 3727 NOEXIST::FUNCTION: -ERR_load_ECDH_strings 3728 EXIST::FUNCTION:ECDH +ERR_load_ECDH_strings 3728 EXIST::FUNCTION:EC EC_KEY_dup 3729 EXIST::FUNCTION:EC EVP_CIPHER_CTX_rand_key 3730 EXIST::FUNCTION: -ECDSA_set_method 3731 EXIST::FUNCTION:ECDSA +ECDSA_set_method 3731 EXIST::FUNCTION:EC a2i_IPADDRESS_NC 3732 EXIST::FUNCTION: d2i_ECParameters 3733 EXIST::FUNCTION:EC STORE_list_certificate_end 3734 NOEXIST::FUNCTION: @@ -3335,13 +3335,13 @@ STORE_get_crl 3735 NOEXIST::FUNCTION: X509_POLICY_NODE_print 3736 EXIST::FUNCTION: SHA384_Init 3737 EXIST:!VMSVAX:FUNCTION: EC_GF2m_simple_method 3738 EXIST::FUNCTION:EC,EC2M -ECDSA_set_ex_data 3739 EXIST::FUNCTION:ECDSA +ECDSA_set_ex_data 3739 EXIST::FUNCTION:EC SHA384_Final 3740 EXIST:!VMSVAX:FUNCTION: PKCS7_set_digest 3741 EXIST::FUNCTION: EC_KEY_print 3742 EXIST::FUNCTION:EC STORE_meth_set_lock_store_fn 3743 NOEXIST::FUNCTION: STORE_method_set_lock_store_function 3743 NOEXIST::FUNCTION: -ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:ECDSA +ECDSA_get_ex_new_index 3744 EXIST::FUNCTION:EC SHA384 3745 EXIST:!VMSVAX:FUNCTION: POLICY_MAPPING_new 3746 EXIST::FUNCTION: STORE_list_certificate_endp 3747 NOEXIST::FUNCTION: @@ -4354,18 +4354,18 @@ EVP_aes_256_wrap 4719 EXIST::FUNCTION:AES CRYPTO_128_wrap 4720 EXIST::FUNCTION: RSA_OAEP_PARAMS_new 4721 EXIST::FUNCTION:RSA CRYPTO_128_unwrap 4722 EXIST::FUNCTION: -ECDSA_METHOD_set_name 4723 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_set_name 4723 EXIST::FUNCTION:EC CMS_RecipientInfo_kari_decrypt 4724 EXIST::FUNCTION:CMS CMS_SignerInfo_get0_pkey_ctx 4725 EXIST::FUNCTION:CMS -ECDSA_METHOD_set_flags 4726 EXIST::FUNCTION:ECDSA -ECDSA_METHOD_set_sign_setup 4727 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_set_flags 4726 EXIST::FUNCTION:EC +ECDSA_METHOD_set_sign_setup 4727 EXIST::FUNCTION:EC CMS_RecipientInfo_kari_orig_id_cmp 4728 EXIST:!VMS:FUNCTION:CMS CMS_RecipInfo_kari_orig_id_cmp 4728 EXIST:VMS:FUNCTION:CMS CMS_RecipientInfo_kari_get0_alg 4729 EXIST::FUNCTION:CMS EVP_aes_192_wrap 4730 EXIST::FUNCTION:AES EVP_aes_128_cbc_hmac_sha256 4731 EXIST::FUNCTION:AES DH_compute_key_padded 4732 EXIST::FUNCTION:DH -ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_set_sign 4733 EXIST::FUNCTION:EC CMS_RecipientEncryptedKey_cert_cmp 4734 EXIST:!VMS:FUNCTION:CMS CMS_RecipEncryptedKey_cert_cmp 4734 EXIST:VMS:FUNCTION:CMS DH_KDF_X9_42 4735 EXIST::FUNCTION:DH @@ -4385,21 +4385,21 @@ CMS_RecipientInfo_kari_set0_pkey 4746 EXIST:!VMS:FUNCTION:CMS CMS_RecipInfo_kari_set0_pkey 4746 EXIST:VMS:FUNCTION:CMS i2d_RSA_OAEP_PARAMS 4747 EXIST::FUNCTION:RSA d2i_RSA_OAEP_PARAMS 4748 EXIST::FUNCTION:RSA -ECDH_KDF_X9_62 4749 EXIST::FUNCTION:ECDH +ECDH_KDF_X9_62 4749 EXIST::FUNCTION:EC CMS_RecipientInfo_kari_get0_ctx 4750 EXIST::FUNCTION:CMS -ECDSA_METHOD_new 4751 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_new 4751 EXIST::FUNCTION:EC CMS_RecipientInfo_get0_pkey_ctx 4752 EXIST::FUNCTION:CMS CMS_RecipientEncryptedKey_get0_id 4753 EXIST:!VMS:FUNCTION:CMS CMS_RecipEncryptedKey_get0_id 4753 EXIST:VMS:FUNCTION:CMS RSA_pad_check_PKCS1_OAEP_mgf1 4754 NOEXIST::FUNCTION: RSA_padding_check_PKCS1_OAEP_mgf1 4754 EXIST:!VMS:FUNCTION:RSA RSA_padding_chk_PKCS1_OAEP_mgf1 4754 EXIST:VMS:FUNCTION:RSA -ECDSA_METHOD_set_verify 4755 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_set_verify 4755 EXIST::FUNCTION:EC CMS_SharedInfo_encode 4756 EXIST::FUNCTION:CMS RSA_padding_add_PKCS1_OAEP_mgf1 4757 EXIST::FUNCTION:RSA CMS_RecipientInfo_kari_get0_orig_id 4758 EXIST:!VMS:FUNCTION:CMS CMS_RecipInfo_kari_get0_orig_id 4758 EXIST:VMS:FUNCTION:CMS -ECDSA_METHOD_free 4759 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_free 4759 EXIST::FUNCTION:EC X509_VERIFY_PARAM_get_count 4760 EXIST::FUNCTION: X509_VERIFY_PARAM_get0_name 4761 EXIST::FUNCTION: X509_VERIFY_PARAM_get0 4762 EXIST::FUNCTION: @@ -4408,9 +4408,9 @@ BIO_hex_string 4764 EXIST::FUNCTION: X509_VERIFY_PARAM_set_hostflags 4765 EXIST::FUNCTION: BUF_strnlen 4766 EXIST::FUNCTION: X509_VERIFY_PARAM_get0_peername 4767 EXIST::FUNCTION: -ECDSA_METHOD_set_app_data 4768 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_set_app_data 4768 EXIST::FUNCTION:EC sk_deep_copy 4769 EXIST::FUNCTION: -ECDSA_METHOD_get_app_data 4770 EXIST::FUNCTION:ECDSA +ECDSA_METHOD_get_app_data 4770 EXIST::FUNCTION:EC X509_VERIFY_PARAM_add1_host 4771 EXIST::FUNCTION: EC_GROUP_get_mont_data 4772 EXIST::FUNCTION:EC i2d_re_X509_tbs 4773 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index 916318a..7ea4a8a 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -217,8 +217,8 @@ SSL_renegotiate_pending 265 EXIST::FUNCTION: SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: SSL_set_msg_callback 267 EXIST::FUNCTION: DTLSv1_client_method 268 EXIST::FUNCTION: -SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:ECDH -SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:ECDH +SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:EC +SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:EC SSL_COMP_get_name 271 EXIST::FUNCTION:COMP SSL_get_current_compression 272 EXIST::FUNCTION:COMP DTLSv1_method 273 EXIST::FUNCTION: @@ -388,3 +388,8 @@ SSL_CTX_set0_security_ex_data 422 EXIST::FUNCTION: SSL_set_security_callback 423 EXIST::FUNCTION: SSL_CTX_get_security_level 424 EXIST::FUNCTION: SSL_CTX_get0_security_ex_data 425 EXIST::FUNCTION: +SSL_SESSION_has_ticket 426 EXIST::FUNCTION: +SSL_set_wbio 427 EXIST::FUNCTION: +SSL_SESSION_get0_ticket 428 EXIST::FUNCTION: +SSL_SESSION_get_ticket_lifetime_hint 429 EXIST::FUNCTION: +SSL_set_rbio 430 EXIST::FUNCTION: From rsalz at openssl.org Sun Mar 15 18:49:58 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 15 Mar 2015 18:49:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426445398.406560.13846.nullmailer@dev.openssl.org> The branch master has been updated via 556efe7961b300f0fd49c3c8aa47d652caf83c6f (commit) from eef53ee50bc6f0a6e74b27b6cfa07df44513074f (commit) - Log ----------------------------------------------------------------- commit 556efe7961b300f0fd49c3c8aa47d652caf83c6f Author: Rich Salz Date: Sun Mar 15 14:49:15 2015 -0400 OPENSSL_NO_EC* merge; missed one file Missed one file in the #ifdef merge; thanks Kurt. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ee66a5a..e5346b6 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1968,7 +1968,7 @@ int ssl3_send_server_key_exchange(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (encodedPoint != NULL) OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); @@ -2066,7 +2066,7 @@ int ssl3_get_client_key_exchange(SSL *s) KSSL_ERR kssl_err; #endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EC_KEY *srvr_ecdh = NULL; EVP_PKEY *clnt_pub_pkey = NULL; EC_POINT *clnt_ecpoint = NULL; @@ -2495,7 +2495,7 @@ int ssl3_get_client_key_exchange(SSL *s) } else #endif /* OPENSSL_NO_KRB5 */ -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { int ret = 1; int field_size = 0; @@ -2832,10 +2832,10 @@ int ssl3_get_client_key_exchange(SSL *s) return (1); f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); -#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP) +#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SRP) err: #endif -#ifndef OPENSSL_NO_ECDH +#ifndef OPENSSL_NO_EC EVP_PKEY_free(clnt_pub_pkey); EC_POINT_free(clnt_ecpoint); if (srvr_ecdh != NULL) From steve at openssl.org Sun Mar 15 19:46:48 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 15 Mar 2015 19:46:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426448808.668318.25927.nullmailer@dev.openssl.org> The branch master has been updated via da27006df06853a33b132133699a7aa9d4277920 (commit) from 556efe7961b300f0fd49c3c8aa47d652caf83c6f (commit) - Log ----------------------------------------------------------------- commit da27006df06853a33b132133699a7aa9d4277920 Author: Carl Jackson Date: Sat Jan 31 02:22:47 2015 -0800 Fix regression in ASN1_UTCTIME_cmp_time_t Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if s < t, and 0 if s == t. This behavior was broken in a refactor [0], resulting in the opposite time comparison behavior. [0]: 904348a4922333106b613754136305db229475ea PR#3706 Reviewed-by: Stephen Henson Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_utctm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 9b55284..e56cbbc 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -249,7 +249,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) if (!OPENSSL_gmtime(&t, &ttm)) return -2; - if (!OPENSSL_gmtime_diff(&day, &sec, &stm, &ttm)) + if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) return -2; if (day > 0) From steve at openssl.org Sun Mar 15 19:48:13 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 15 Mar 2015 19:48:13 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426448893.049539.26821.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 912c8c92b5e703b19a6508de15b229e9fe788656 (commit) from 94be83127b08dc3977d2c14304aa61208db048d0 (commit) - Log ----------------------------------------------------------------- commit 912c8c92b5e703b19a6508de15b229e9fe788656 Author: Carl Jackson Date: Sat Jan 31 02:22:47 2015 -0800 Fix regression in ASN1_UTCTIME_cmp_time_t Previously, ASN1_UTCTIME_cmp_time_t would return 1 if s > t, -1 if s < t, and 0 if s == t. This behavior was broken in a refactor [0], resulting in the opposite time comparison behavior. [0]: 904348a4922333106b613754136305db229475ea PR#3706 Reviewed-by: Stephen Henson Reviewed-by: Rich Salz (cherry picked from commit da27006df06853a33b132133699a7aa9d4277920) ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_utctm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 0578c88..724a10b 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -297,7 +297,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) if (!OPENSSL_gmtime(&t, &ttm)) return -2; - if (!OPENSSL_gmtime_diff(&day, &sec, &stm, &ttm)) + if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm)) return -2; if (day > 0) From steve at openssl.org Mon Mar 16 15:56:42 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 16 Mar 2015 15:56:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426521402.543998.26746.nullmailer@dev.openssl.org> The branch master has been updated via 9b0a453190efc9b14cc04e74ce2e8e35af45fb39 (commit) from da27006df06853a33b132133699a7aa9d4277920 (commit) - Log ----------------------------------------------------------------- commit 9b0a453190efc9b14cc04e74ce2e8e35af45fb39 Author: Dr. Stephen Henson Date: Sat Mar 14 23:48:47 2015 +0000 Make X509_ATTRIBUTE opaque. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/pkcs12.c | 10 +++++---- crypto/asn1/Makefile | 17 ++------------- crypto/asn1/t_req.c | 23 ++++++++------------ crypto/pkcs12/p12_attr.c | 15 +++----------- crypto/pkcs7/pk7_doit.c | 22 +++++--------------- crypto/x509/Makefile | 4 ++-- crypto/x509/x509.h | 16 +------------- crypto/x509/x509_att.c | 1 + crypto/x509/x509_lcl.h | 16 ++++++++++++++ crypto/x509/x509_req.c | 45 ++++++++++------------------------------ crypto/{asn1 => x509}/x_attrib.c | 1 + 11 files changed, 57 insertions(+), 113 deletions(-) rename crypto/{asn1 => x509}/x_attrib.c (99%) diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 3c06930..e33fe24 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -993,17 +993,19 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst, } BIO_printf(out, "%s\n", name); for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) { + ASN1_OBJECT *attr_obj; attr = sk_X509_ATTRIBUTE_value(attrlst, i); - attr_nid = OBJ_obj2nid(attr->object); + attr_obj = X509_ATTRIBUTE_get0_object(attr); + attr_nid = OBJ_obj2nid(attr_obj); BIO_printf(out, " "); if (attr_nid == NID_undef) { - i2a_ASN1_OBJECT(out, attr->object); + i2a_ASN1_OBJECT(out, attr_obj); BIO_printf(out, ": "); } else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid)); - if (sk_ASN1_TYPE_num(attr->value.set)) { - av = sk_ASN1_TYPE_value(attr->value.set, 0); + if (X509_ATTRIBUTE_count(attr)) { + av = X509_ATTRIBUTE_get0_type(attr, 0); switch (av->type) { case V_ASN1_BMPSTRING: value = OPENSSL_uni2asc(av->value.bmpstring->data, diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index a7b6c35..3009bbf 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -20,7 +20,7 @@ LIB=$(TOP)/libcrypto.a LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c \ a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ - x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c \ + x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \ x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ @@ -34,7 +34,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ - x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o x_bignum.o \ + x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \ x_long.o x_name.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ @@ -759,19 +759,6 @@ x_algor.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_algor.o: ../../include/openssl/x509_vfy.h x_algor.c -x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h -x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -x_attrib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -x_attrib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_attrib.c x_bignum.o: ../../e_os.h ../../include/openssl/asn1.h x_bignum.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_bignum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 58986e1..2a88958 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -161,27 +161,22 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, ASN1_TYPE *at; X509_ATTRIBUTE *a; ASN1_BIT_STRING *bs = NULL; - ASN1_TYPE *t; + ASN1_OBJECT *aobj; int j, type = 0, count = 1, ii = 0; a = sk_X509_ATTRIBUTE_value(sk, i); - if (X509_REQ_extension_nid(OBJ_obj2nid(a->object))) + aobj = X509_ATTRIBUTE_get0_object(a); + if (X509_REQ_extension_nid(OBJ_obj2nid(aobj))) continue; if (BIO_printf(bp, "%12s", "") <= 0) goto err; - if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) { - if (a->single) { - t = a->value.single; - type = t->type; - bs = t->value.bit_string; - } else { - ii = 0; - count = sk_ASN1_TYPE_num(a->value.set); + if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) { + ii = 0; + count = X509_ATTRIBUTE_count(a); get_next: - at = sk_ASN1_TYPE_value(a->value.set, ii); - type = at->type; - bs = at->value.asn1_string; - } + at = X509_ATTRIBUTE_get0_type(a, ii); + type = at->type; + bs = at->value.asn1_string; } for (j = 25 - j; j > 0; j--) if (BIO_write(bp, " ", 1) != 1) diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index fff3ba1..70695b7 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -121,18 +121,9 @@ ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) { X509_ATTRIBUTE *attrib; int i; - if (!attrs) - return NULL; - for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) { - attrib = sk_X509_ATTRIBUTE_value(attrs, i); - if (OBJ_obj2nid(attrib->object) == attr_nid) { - if (sk_ASN1_TYPE_num(attrib->value.set)) - return sk_ASN1_TYPE_value(attrib->value.set, 0); - else - return NULL; - } - } - return NULL; + i = X509at_get_attr_by_NID(attrs, attr_nid, -1); + attrib = X509at_get_attr(attrs, i); + return X509_ATTRIBUTE_get0_type(attrib, 0); } char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 54b7b07..f61d63b 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1067,23 +1067,11 @@ ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) { - int i; + int idx; X509_ATTRIBUTE *xa; - ASN1_OBJECT *o; - - o = OBJ_nid2obj(nid); - if (!o || !sk) - return (NULL); - for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { - xa = sk_X509_ATTRIBUTE_value(sk, i); - if (OBJ_cmp(xa->object, o) == 0) { - if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) - return (sk_ASN1_TYPE_value(xa->value.set, 0)); - else - return (NULL); - } - } - return (NULL); + idx = X509at_get_attr_by_NID(sk, nid, -1); + xa = X509at_get_attr(sk, idx); + return X509_ATTRIBUTE_get0_type(xa, 0); } ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) @@ -1167,7 +1155,7 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { attr = sk_X509_ATTRIBUTE_value(*sk, i); - if (OBJ_obj2nid(attr->object) == nid) { + if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { X509_ATTRIBUTE_free(attr); attr = X509_ATTRIBUTE_create(nid, atrtype, value); if (attr == NULL) diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index f168b47..de96405 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -22,13 +22,13 @@ LIBSRC= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \ x509_set.c x509cset.c x509rset.c x509_err.c \ x509name.c x509_v3.c x509_ext.c x509_att.c \ x509type.c x509_lu.c x_all.c x509_txt.c \ - x509_trs.c by_file.c by_dir.c x509_vpm.c + x509_trs.c by_file.c by_dir.c x509_vpm.c x_attrib.c LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \ x509_obj.o x509_req.o x509spki.o x509_vfy.o \ x509_set.o x509cset.o x509rset.o x509_err.o \ x509name.o x509_v3.o x509_ext.o x509_att.o \ x509type.o x509_lu.o x_all.o x509_txt.o \ - x509_trs.o by_file.o by_dir.o x509_vpm.o + x509_trs.o by_file.o by_dir.o x509_vpm.o x_attrib.o SRC= $(LIBSRC) diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h index afc16a3..64f1283 100644 --- a/crypto/x509/x509.h +++ b/crypto/x509/x509.h @@ -181,21 +181,7 @@ typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS; DECLARE_STACK_OF(X509_EXTENSION) -/* a sequence of these are used */ -typedef struct x509_attributes_st { - ASN1_OBJECT *object; - int single; /* 0 for a set, 1 for a single item (which is - * wrong) */ - union { - char *ptr; - /* - * 0 - */ STACK_OF(ASN1_TYPE) *set; - /* - * 1 - */ ASN1_TYPE *single; - } value; -} X509_ATTRIBUTE; +typedef struct x509_attributes_st X509_ATTRIBUTE; DECLARE_STACK_OF(X509_ATTRIBUTE) diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index bd59281..212c422 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -64,6 +64,7 @@ #include #include #include +#include "x509_lcl.h" int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x) { diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index c7621fd..15b8618 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -70,3 +70,19 @@ struct X509_VERIFY_PARAM_ID_st { }; int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int quiet); + +/* a sequence of these are used */ +struct x509_attributes_st { + ASN1_OBJECT *object; + int single; /* 0 for a set, 1 for a single item (which is + * wrong) */ + union { + char *ptr; + /* + * 0 + */ STACK_OF(ASN1_TYPE) *set; + /* + * 1 + */ ASN1_TYPE *single; + } value; +}; diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index 01795f4..682c2c2 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -201,10 +201,7 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) if (idx == -1) continue; attr = X509_REQ_get_attr(req, idx); - if (attr->single) - ext = attr->value.single; - else if (sk_ASN1_TYPE_num(attr->value.set)) - ext = sk_ASN1_TYPE_value(attr->value.set, 0); + ext = X509_ATTRIBUTE_get0_type(attr, 0); break; } if (!ext || (ext->type != V_ASN1_SEQUENCE)) @@ -223,37 +220,17 @@ STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, int nid) { - ASN1_TYPE *at = NULL; - X509_ATTRIBUTE *attr = NULL; - if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new())) - goto err; - - at->type = V_ASN1_SEQUENCE; + int extlen; + int rv = 0; + unsigned char *ext = NULL; /* Generate encoding of extensions */ - at->value.sequence->length = - ASN1_item_i2d((ASN1_VALUE *)exts, - &at->value.sequence->data, - ASN1_ITEM_rptr(X509_EXTENSIONS)); - if (!(attr = X509_ATTRIBUTE_new())) - goto err; - if (!(attr->value.set = sk_ASN1_TYPE_new_null())) - goto err; - if (!sk_ASN1_TYPE_push(attr->value.set, at)) - goto err; - at = NULL; - attr->single = 0; - attr->object = OBJ_nid2obj(nid); - if (!req->req_info->attributes) { - if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null())) - goto err; - } - if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) - goto err; - return 1; - err: - X509_ATTRIBUTE_free(attr); - ASN1_TYPE_free(at); - return 0; + extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext, + ASN1_ITEM_rptr(X509_EXTENSIONS)); + if (extlen <= 0) + return 0; + rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen); + OPENSSL_free(ext); + return rv; } /* This is the normal usage: use the "official" OID */ diff --git a/crypto/asn1/x_attrib.c b/crypto/x509/x_attrib.c similarity index 99% rename from crypto/asn1/x_attrib.c rename to crypto/x509/x_attrib.c index 93ef53b..335a85b 100644 --- a/crypto/asn1/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -61,6 +61,7 @@ #include #include #include +#include "x509_lcl.h" /*- * X509_ATTRIBUTE: this has the following form: From levitte at openssl.org Mon Mar 16 21:17:48 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 16 Mar 2015 21:17:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426540668.310936.17636.nullmailer@dev.openssl.org> The branch master has been updated via d52dcf8da7f15bf75fbf065bac2c4557470ea2fa (commit) via 7910044064e106073c097a6940d25fe36401266b (commit) via 5e1b23536a95597b537e97d045e3139be3d97cdf (commit) via b124552999b0b05cdccc891191b89bf562ba2b90 (commit) via 70e4f10346da354915c343d37302eadaed40b1dd (commit) via 7d46b9426f6d40634c6d613ed5ce9247acd7b018 (commit) via 09816a2e339642e09c612ec48dde0754fec930d2 (commit) via aaf878cc97478b2f4e1f72f344f5ab6247a8084a (commit) from 9b0a453190efc9b14cc04e74ce2e8e35af45fb39 (commit) - Log ----------------------------------------------------------------- commit d52dcf8da7f15bf75fbf065bac2c4557470ea2fa Author: Richard Levitte Date: Mon Mar 16 22:01:01 2015 +0100 Updated TABLE Reviewed-by: Andy Polyakov commit 7910044064e106073c097a6940d25fe36401266b Author: Richard Levitte Date: Thu Mar 12 14:55:05 2015 +0100 Find debug- targets that can be combined with their non-debug counterparts and do so Reviewed-by: Andy Polyakov commit 5e1b23536a95597b537e97d045e3139be3d97cdf Author: Richard Levitte Date: Wed Mar 11 00:58:50 2015 +0100 Change all the main configurations to the new format. As part of this, remove some levitte examples that never were relevant. Reviewed-by: Andy Polyakov commit b124552999b0b05cdccc891191b89bf562ba2b90 Author: Richard Levitte Date: Tue Mar 10 22:04:44 2015 +0100 Rethink templates. Because base templates express inheritance of values, the attribute is renamed to 'inherit_from', and texts about this talk about 'inheritance(s)' rather than base templates. As they were previously implemented, base templates that were listed together would override one another, the first one acting as defaults for the next and so on. However, it was pointed out that a strength of inheritance would be to base configurations on several templates - for example one for CPU, one for operating system and one for compiler - and that requires a different way of combining those templates. With this change, inherited values from several inheritances are concatenated by default (keep on reading). Also, in-string templates with the double-curly syntax are removed, replaced with the possibility to have a configuration value be a coderef (i.e. a 'sub { /* your code goes here */ }') that gets the list of values from all inheritances as the list @_. The result of executing such a coderef on a list of values is assumed to become a string. ANY OTHER FORM OF VALUE WILL CURRENTLY BREAK. As a matter of fact, an attribute in the current config with no value is assumed to have this coderef as value: sub { join(' ', @_) } While we're at it, rename debug-[cl]flags to debug_[cl]flags and nodebug-[cl]flags to release_[cl]flags. Reviewed-by: Andy Polyakov commit 70e4f10346da354915c343d37302eadaed40b1dd Author: Richard Levitte Date: Fri Mar 6 10:16:05 2015 +0100 Provide a few examples by converting my own strings to hash table configurations Reviewed-by: Andy Polyakov commit 7d46b9426f6d40634c6d613ed5ce9247acd7b018 Author: Richard Levitte Date: Fri Mar 6 10:01:08 2015 +0100 Add base template processing. Base templates are templates that are used to inherit from. They can loosely be compared with parent class inheritance in object orientation. They can be used for the same purpose as the variables with multi-field strings are used in old-style string configurations. Base templates are declared with the base_templates configuration attribute, like so: "example_target" => { base_templates => [ "x86_asm", ... ] ... } Note: The value of base_templates MUST be an array reference (an array enclosed in square brackets). Any configuration target can be used as a base template by another. It is also possible to have a target that's a pure template and not meant to be used directly as a configuration target. Such a target is marked with the template configuration attribute, like so: "example_template" => { template => 1, cc => "mycc", ... }, As part of this commit, all variables with multi-field strings have been translated to pure templates. The variables currently remain since we can't expect people to shift to hash table configurations immediately. Reviewed-by: Andy Polyakov commit 09816a2e339642e09c612ec48dde0754fec930d2 Author: Richard Levitte Date: Fri Mar 6 03:00:53 2015 +0100 Add template reference processing. Template references are words with double brackets, and refer to the same field in the target pointed at the the double bracketed word. For example, if a target's configuration has the following entry: 'cflags' => '-DFOO {{x86_debug}}' ... then {{x86_debug}} will be replaced with the 'cflags' value from target 'x86_debug'. Note: template references are resolved recursively, and circular references are not allowed Reviewed-by: Andy Polyakov commit aaf878cc97478b2f4e1f72f344f5ab6247a8084a Author: Richard Levitte Date: Fri Mar 6 02:00:21 2015 +0100 Rewrite Configure to handle the target values as hash tables. The reasoning is that configuration strings are hard to read and error prone, and that a better way would be for them to be key => value hashes. Configure is made to be able to handle target configuration values as a string as well as a hash. It also does the best it can to combine a "debug-foo" target with a "foo" target, given that they are similar except for the cflags and lflags values. The latter are spliced into options that are common for "debug-foo" and "foo", options that exist only with "debug-foo" and options that exist only with "foo", and make them into combinable attributes that holds common cflags, extra cflags for debuggin and extra cflags for non-debugging configurations. The next step is to make it possible to have template configurations. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 1767 +++++++++++++++++++++++++++++++++++++++---- Configurations/90-team.conf | 367 ++++++++- Configure | 946 ++++++++++++++++++++--- TABLE | 1370 ++++++++++++++++++--------------- 4 files changed, 3520 insertions(+), 930 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 9c64956..eb46789 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -4,18 +4,34 @@ ## make -f Makefile.org TABLE ## This file is interpolated by the Configure script. -# Filler used for when there are no asm files. -my $no_asm_filler="::::::::::::::::void"; - %targets = ( # Basic configs that should work on any (32 and less bit) box -"gcc", "gcc:-O3::(unknown):::BN_LLONG:::", -"cc", "cc:-O::(unknown)::::::", + "gcc" => { + cc => "gcc", + cflags => "-O3", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG", + }, + "cc" => { + cc => "cc", + cflags => "-O", + thread_cflag => "(unknown)", + }, ####VOS Configurations -"vos-gcc","gcc:-O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm_filler}:::::.so:", -"debug-vos-gcc","gcc:-O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm_filler}:::::.so:", + "vos-gcc" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN", + debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG", + release_cflags => "-O3", + thread_cflag => "(unknown)", + sys_id => "VOS", + lflags => "-Wl,-map", + bn_ops => "BN_LLONG", + shared_extension => ".so", + }, #### Solaris x86 with GNU C setups # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it @@ -23,7 +39,19 @@ my $no_asm_filler="::::::::::::::::void"; # surrounds it with #APP #NO_APP comment pair which (at least Solaris # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" # error message. -"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "solaris-x86-gcc" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, # -shared -static-libgcc might appear controversial, but modules taken # from static libgcc do not have relocations and linking them into our # shared objects doesn't have any negative side-effects. On the contrary, @@ -32,46 +60,260 @@ my $no_asm_filler="::::::::::::::::void"; # actually recommend to consider using gcc shared build even with vendor # compiler:-) # -"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + "solaris64-x86_64-gcc" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "-m64 -O3 -Wall -DL_ENDIAN", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64 -shared -static-libgcc", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/64", + }, #### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + "solaris-x86-cc" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "-fast -xarch=generic -O -Xa", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-KPIC", + shared_ldflag => "-G -dy -z text", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "solaris64-x86_64-cc" => { + inherit_from => [ "x86_64_asm" ], + cc => "cc", + cflags => "-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-KPIC", + shared_ldflag => "-xarch=amd64 -G -dy -z text", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/64", + }, #### SPARC Solaris with GNU C setups -"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc -"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + "solaris-sparcv7-gcc" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "solaris-sparcv8-gcc" => { + inherit_from => [ "sparcv8_asm" ], + cc => "gcc", + cflags => "-mv8 -Wall -DB_ENDIAN", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g", + release_cflags => "-O3 -fomit-frame-pointer -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, +# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc + "solaris-sparcv9-gcc" => { + inherit_from => [ "sparcv9_asm" ], + cc => "gcc", + cflags => "-m32 -mcpu=ultrasparc -Wall -DB_ENDIAN -DBN_DIV2W", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__", + release_cflags => "-O3 -fomit-frame-pointer", + thread_cflag => "-D_REENTRANT", + sys_id => "ULTRASPARC", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "solaris64-sparcv9-gcc" => { + inherit_from => [ "sparcv9_asm" ], + cc => "gcc", + cflags => "-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN", + thread_cflag => "-D_REENTRANT", + sys_id => "ULTRASPARC", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64 -shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/64", + }, #### SPARC Solaris with Sun C setups # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2. # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 # SC5.0 note: Compiler common patch 107357-01 or later is required! -"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", + "solaris-sparcv7-cc" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-KPIC", + shared_ldflag => "-G -dy -z text", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### -"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "solaris-sparcv8-cc" => { + inherit_from => [ "sparcv8_asm" ], + cc => "cc", + cflags => "-xarch=v8 -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O", + release_cflags => "-xO5 -xdepend", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-KPIC", + shared_ldflag => "-G -dy -z text", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "solaris-sparcv9-cc" => { + inherit_from => [ "sparcv9_asm" ], + cc => "cc", + cflags => "-xtarget=ultra -xarch=v8plus -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O", + release_cflags => "-xO5 -xdepend", + thread_cflag => "-D_REENTRANT", + sys_id => "ULTRASPARC", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-KPIC", + shared_ldflag => "-G -dy -z text", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "solaris64-sparcv9-cc" => { + inherit_from => [ "sparcv9_asm" ], + cc => "cc", + cflags => "-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN", + thread_cflag => "-D_REENTRANT", + sys_id => "ULTRASPARC", + lflags => "-lsocket -lnsl -ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "solaris-shared", + shared_cflag => "-KPIC", + shared_ldflag => "-xarch=v9 -G -dy -z text", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/64", + }, #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. -"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "irix-gcc" => { + inherit_from => [ "mips32_asm" ], + cc => "gcc", + cflags => "-O3 -DB_ENDIAN", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR", + perlasm_scheme => "o32", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "irix-cc" => { + inherit_from => [ "mips32_asm" ], + cc => "cc", + cflags => "-O2 -use_readonly_const -DB_ENDIAN", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR", + perlasm_scheme => "o32", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### IRIX 6.x configs # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. -"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", + "irix-mips3-gcc" => { + inherit_from => [ "mips64_asm" ], + cc => "gcc", + cflags => "-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W", + thread_cflag => "-D_SGI_MP_SOURCE", + bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT", + perlasm_scheme => "n32", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-mabi=n32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "32", + }, + "irix-mips3-cc" => { + inherit_from => [ "mips64_asm" ], + cc => "cc", + cflags => "-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + thread_cflag => "-D_SGI_MP_SOURCE", + bn_ops => "DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT", + perlasm_scheme => "n32", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-n32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "32", + }, # N64 ABI builds. -"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "irix64-mips4-gcc" => { + inherit_from => [ "mips64_asm" ], + cc => "gcc", + cflags => "-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W", + thread_cflag => "-D_SGI_MP_SOURCE", + bn_ops => "RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "64", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-mabi=64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "irix64-mips4-cc" => { + inherit_from => [ "mips64_asm" ], + cc => "cc", + cflags => "-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + thread_cflag => "-D_SGI_MP_SOURCE", + bn_ops => "RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG", + perlasm_scheme => "64", + dso_scheme => "dlfcn", + shared_target => "irix-shared", + shared_ldflag => "-64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, #### Unified HP-UX ANSI C configs. # Special notes: @@ -102,36 +344,226 @@ my $no_asm_filler="::::::::::::::::void"; # # # Since there is mention of this in shlib/hpux10-cc.sh -"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o:::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + "hpux-parisc-cc-o4" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", + thread_cflag => "-D_REENTRANT", + lflags => "-ldld", + bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "-b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "hpux-parisc-gcc" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-O3 -DB_ENDIAN -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + lflags => "-Wl,+s -ldld", + bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "hpux-parisc1_1-gcc" => { + inherit_from => [ "parisc11_asm" ], + cc => "gcc", + cflags => "-O3 -DB_ENDIAN -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + lflags => "-Wl,+s -ldld", + bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa1.1", + }, + "hpux-parisc2-gcc" => { + inherit_from => [ "parisc20_32_asm" ], + cc => "gcc", + cflags => "-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT", + lflags => "-Wl,+s -ldld", + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa20_32", + }, + "hpux64-parisc2-gcc" => { + cc => "gcc", + cflags => "-O3 -DB_ENDIAN -D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", + bn_obj => "pa-risc2W.o", + perlasm_scheme => "void", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "-fpic", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa20_64", + }, # More attempts at unified 10.X and 11.X targets for HP C compiler. # # Chris Ruemmler # Kevin Steves -"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1", -"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32", -"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64", + "hpux-parisc-cc" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", + thread_cflag => "-D_REENTRANT", + lflags => "-Wl,+s -ldld", + bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "-b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "hpux-parisc1_1-cc" => { + inherit_from => [ "parisc11_asm" ], + cc => "cc", + cflags => "+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", + thread_cflag => "-D_REENTRANT", + lflags => "-Wl,+s -ldld", + bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "-b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa1.1", + }, + "hpux-parisc2-cc" => { + inherit_from => [ "parisc20_32_asm" ], + cc => "cc", + cflags => "+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT", + lflags => "-Wl,+s -ldld", + bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "-b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa20_32", + }, + "hpux64-parisc2-cc" => { + inherit_from => [ "parisc20_64_asm" ], + cc => "cc", + cflags => "+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "+DD64 -b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/pa20_64", + }, # HP/UX IA-64 targets -"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", + "hpux-ia64-cc" => { + inherit_from => [ "ia64_asm" ], + cc => "cc", + cflags => "-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "+DD32 -b", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux32", + }, # Frank Geurts has patiently assisted with # with debugging of the following config. -"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", + "hpux64-ia64-cc" => { + inherit_from => [ "ia64_asm" ], + cc => "cc", + cflags => "-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "+DD64 -b", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux64", + }, # GCC builds... -"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32", -"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux64", + "hpux-ia64-gcc" => { + inherit_from => [ "ia64_asm" ], + cc => "gcc", + cflags => "-O3 -DB_ENDIAN -D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "-fpic", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux32", + }, + "hpux64-ia64-gcc" => { + inherit_from => [ "ia64_asm" ], + cc => "gcc", + cflags => "-mlp64 -O3 -DB_ENDIAN -D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", + dso_scheme => "dlfcn", + shared_target => "hpux-shared", + shared_cflag => "-fpic", + shared_ldflag => "-mlp64 -shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/hpux64", + }, # Legacy HPUX 9.X configs... -"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm_filler}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "hpux-cc" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z", + thread_cflag => "(unknown)", + lflags => "-Wl,+s -ldld", + bn_ops => "DES_PTR DES_UNROLL DES_RISC1", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "+Z", + shared_ldflag => "-b", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "hpux-gcc" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DB_ENDIAN -DBN_DIV2W -O3", + thread_cflag => "(unknown)", + lflags => "-Wl,+s -ldld", + bn_ops => "DES_PTR DES_UNROLL DES_RISC1", + dso_scheme => "dl", + shared_target => "hpux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ -"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", + "MPE/iX-gcc" => { + cc => "gcc", + cflags => "-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB", + thread_cflag => "(unknown)", + sys_id => "MPE", + lflags => "-L/SYSLOG/PUB -lsyslog -lsocket -lcurses", + bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", + }, # DEC Alpha OSF/1/Tru64 targets. # @@ -142,17 +574,70 @@ my $no_asm_filler="::::::::::::::::void"; # # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version # -"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", -"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + "osf1-alpha-gcc" => { + inherit_from => [ "alpha_asm" ], + cc => "gcc", + cflags => "-O3", + thread_cflag => "(unknown)", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1", + dso_scheme => "dlfcn", + shared_target => "alpha-osf1-shared", + shared_extension => ".so", + }, + "osf1-alpha-cc" => { + inherit_from => [ "alpha_asm" ], + cc => "cc", + cflags => "-std1 -tune host -O4 -readonly_strings", + thread_cflag => "(unknown)", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK", + dso_scheme => "dlfcn", + shared_target => "alpha-osf1-shared", + shared_extension => ".so", + }, + "tru64-alpha-cc" => { + inherit_from => [ "alpha_asm" ], + cc => "cc", + cflags => "-std1 -tune host -fast -readonly_strings", + thread_cflag => "-pthread", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK", + dso_scheme => "dlfcn", + shared_target => "alpha-osf1-shared", + shared_ldflag => "-msym", + shared_extension => ".so", + }, #### #### Variety of LINUX:-) #### # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... -"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-generic32" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-Wall", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g", + release_cflags => "-O3 -fomit-frame-pointer", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-ppc" => { + inherit_from => [ "ppc32_asm" ], + cc => "gcc", + cflags => "-DB_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", + perlasm_scheme => "linux32", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, ####################################################################### # Note that -march is not among compiler options in below linux-armv4 @@ -181,30 +666,258 @@ my $no_asm_filler="::::::::::::::::void"; # # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 # -"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aarch64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-armv4" => { + inherit_from => [ "armv4_asm" ], + cc => "gcc", + cflags => "-O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-aarch64" => { + inherit_from => [ "aarch64_asm" ], + cc => "gcc", + cflags => "-O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + perlasm_scheme => "linux64", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, # Configure script adds minimally required -march for assembly support, # if no -march was specified at command line. mips32 and mips64 below # refer to contemporary MIPS Architecture specifications, MIPS32 and # MIPS64, rather than to kernel bitness. -"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32", -"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "linux-mips32" => { + inherit_from => [ "mips32_asm" ], + cc => "gcc", + cflags => "-mabi=32 -O3 -Wall -DBN_DIV3W", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + perlasm_scheme => "o32", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-mips64" => { + inherit_from => [ "mips64_asm" ], + cc => "gcc", + cflags => "-mabi=n32 -O3 -Wall -DBN_DIV3W", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + perlasm_scheme => "n32", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-mabi=n32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "32", + }, + "linux64-mips64" => { + inherit_from => [ "mips64_asm" ], + cc => "gcc", + cflags => "-mabi=64 -O3 -Wall -DBN_DIV3W", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + perlasm_scheme => "64", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-mabi=64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, #### IA-32 targets... -"linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", + "linux-ia32-icc" => { + inherit_from => [ "x86_elf_asm" ], + cc => "icc", + cflags => "-DL_ENDIAN -O2", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl -no_cpprt", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-KPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-elf" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -Wall", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g -march=i486", + release_cflags => "-O3 -fomit-frame-pointer", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + debug_lflags => "-lefence", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-aout" => { + inherit_from => [ "x86_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "a.out", + }, #### -"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-clang", "clang:-m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32:", -"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "linux-generic64" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-Wall", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-ppc64" => { + inherit_from => [ "ppc64_asm" ], + cc => "gcc", + cflags => "-m64 -DB_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", + perlasm_scheme => "linux64", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "linux-ppc64le" => { + inherit_from => [ "ppc64_asm" ], + cc => "gcc", + cflags => "-m64 -DL_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", + perlasm_scheme => "linux64le", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-ia64" => { + inherit_from => [ "ia64_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-ia64-icc" => { + inherit_from => [ "ia64_asm" ], + cc => "icc", + cflags => "-DL_ENDIAN -O2 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl -no_cpprt", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-x86_64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "-m64 -DL_ENDIAN -Wall", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "linux-x86_64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => "-m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "linux-x86_64-icc" => { + inherit_from => [ "x86_64_asm" ], + cc => "icc", + cflags => "-DL_ENDIAN -O2", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl -no_cpprt", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "linux-x32" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "-mx32 -DL_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-mx32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "x32", + }, + "linux64-s390x" => { + inherit_from => [ "s390x_asm" ], + cc => "gcc", + cflags => "-m64 -DB_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "64", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, #### So called "highgprs" target for z/Architecture CPUs # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see # /proc/cpuinfo. The idea is to preserve most significant bits of @@ -218,16 +931,68 @@ my $no_asm_filler="::::::::::::::::void"; # ldconfig and run-time linker to autodiscover. Unfortunately it # doesn't work just yet, because of couple of bugs in glibc # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... -"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs", + "linux32-s390x" => { + inherit_from => [ "s390x_32_asm" ], + cc => "gcc", + cflags => "-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "31", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m31", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "/highgprs", + }, #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-sparcv8" => { + inherit_from => [ "sparcv8_asm" ], + cc => "gcc", + cflags => "-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-sparcv9" => { + inherit_from => [ "sparcv9_asm" ], + cc => "gcc", + cflags => "-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W", + thread_cflag => "-D_REENTRANT", + sys_id => "ULTRASPARC", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, # GCC 3.1 is a requirement -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "linux64-sparcv9" => { + inherit_from => [ "sparcv9_asm" ], + cc => "gcc", + cflags => "-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall", + thread_cflag => "-D_REENTRANT", + sys_id => "ULTRASPARC", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, #### Alpha Linux with GNU C and Compaq C setups # Special notes: # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you @@ -238,44 +1003,270 @@ my $no_asm_filler="::::::::::::::::void"; # compiler is free to issue instructions which gonna make elder CPU # choke. If you wish to build "blended" toolkit, add -arch generic # *after* -fast and invoke './Configure linux-alpha-ccc' manually. -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", -"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", + "linux-alpha-gcc" => { + inherit_from => [ "alpha_asm" ], + cc => "gcc", + cflags => "-O3 -DL_ENDIAN", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-alpha+bwx-gcc" => { + inherit_from => [ "alpha_asm" ], + cc => "gcc", + cflags => "-O3 -DL_ENDIAN", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-alpha-ccc" => { + inherit_from => [ "alpha_asm" ], + cc => "ccc", + cflags => "-fast -readonly_strings -DL_ENDIAN", + thread_cflag => "-D_REENTRANT", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL", + }, + "linux-alpha+bwx-ccc" => { + inherit_from => [ "alpha_asm" ], + cc => "ccc", + cflags => "-fast -readonly_strings -DL_ENDIAN", + thread_cflag => "-D_REENTRANT", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL", + }, # # TI_CGT_C6000_7.3.x is a requirement -"linux-c64xplus","cl6x:--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT::-D_REENTRANT:::BN_LLONG:c64xpluscpuid.o:bn-c64xplus.o c64xplus-gf2m.o:::aes-c64xplus.o aes_cbc.o aes_ctr.o:::sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o::rc4-c64xplus.o:::::ghash-c64xplus.o::void:dlfcn:linux-shared:--pic:-z --sysv --shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):true", + "linux-c64xplus" => { + cc => "cl6x", + cflags => "--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT", + thread_cflag => "-D_REENTRANT", + bn_ops => "BN_LLONG", + cpuid_obj => "c64xpluscpuid.o", + bn_obj => "bn-c64xplus.o c64xplus-gf2m.o", + aes_obj => "aes-c64xplus.o aes_cbc.o aes_ctr.o", + sha1_obj => "sha1-c64xplus.o sha256-c64xplus.o sha512-c64xplus.o", + rc4_obj => "rc4-c64xplus.o", + modes_obj => "ghash-c64xplus.o", + perlasm_scheme => "void", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "--pic", + shared_ldflag => "-z --sysv --shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ranlib => "true", + }, # Android: linux-* but without pointers to headers and libs. -"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "android" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "android-x86" => { + inherit_from => [ "android_x86_elf_asm" ], + cc => "gcc", + cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "android-armv7" => { + inherit_from => [ "armv4_asm" ], + cc => "gcc", + cflags => "-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "android-mips" => { + inherit_from => [ "mips32_asm" ], + cc => "gcc", + cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + perlasm_scheme => "o32", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### *BSD [do see comment about ${BSDthreads} in Configure!] -"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-generic32" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-O3 -fomit-frame-pointer -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "BSD-x86" => { + inherit_from => [ "x86_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "a.out", + dso_scheme => "dlfcn", + shared_target => "bsd-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "BSD-x86-elf" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -Wall", + debug_cflags => "-g", + release_cflags => "-O3 -fomit-frame-pointer", + thread_cflag => "${BSDthreads}", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "bsd-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "BSD-sparcv8" => { + inherit_from => [ "sparcv8_asm" ], + cc => "gcc", + cflags => "-DB_ENDIAN -O3 -mv8 -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, -"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-generic64" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-O3 -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it # simply *happens* to work around a compiler bug in gcc 3.3.3, # triggered by RIPEMD160 code. -"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-sparc64" => { + inherit_from => [ "sparcv9_asm" ], + cc => "gcc", + cflags => "-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "BSD-ia64" => { + inherit_from => [ "ia64_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O3 -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "BSD-x86_64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O3 -Wall", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, -"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "bsdi-elf-gcc" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall", + thread_cflag => "(unknown)", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, -"nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -"nextstep3.3", "cc:-O3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", + "nextstep" => { + cc => "cc", + cflags => "-O -Wall", + unistd => "", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + }, + "nextstep3.3" => { + cc => "cc", + cflags => "-O3 -Wall", + unistd => "", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + }, # QNX -"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"QNX6", "gcc:::::-lsocket::${no_asm_filler}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "qnx4" => { + cc => "cc", + cflags => "-DL_ENDIAN -DTERMIO", + thread_cflag => "(unknown)", + bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", + }, + "QNX6" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + lflags => "-lsocket", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "QNX6-i386" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O2 -Wall", + lflags => "-lsocket", + bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### SCO/Caldera targets. # @@ -289,31 +1280,160 @@ my $no_asm_filler="::::::::::::::::void"; # patiently assisted to debug most of it. # # UnixWare 2.0x fails destest with -O. -"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::", -"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "unixware-2.0" => { + cc => "cc", + cflags => "-DFILIO_H -DNO_STRINGS_H", + thread_cflag => "-Kthread", + lflags => "-lsocket -lnsl -lresolv -lx", + bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", + }, + "unixware-2.1" => { + cc => "cc", + cflags => "-O -DFILIO_H", + thread_cflag => "-Kthread", + lflags => "-lsocket -lnsl -lresolv -lx", + bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", + }, + "unixware-7" => { + inherit_from => [ "x86_elf_asm" ], + cc => "cc", + cflags => "-O -DFILIO_H -Kalloca", + thread_cflag => "-Kthread", + lflags => "-lsocket -lnsl", + bn_ops => "BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "svr5-shared", + shared_cflag => "-Kpic", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "unixware-7-gcc" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-lsocket -lnsl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "gnu-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, # SCO 5 - Ben Laurie says the -O breaks the SCO cc. -"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "sco5-cc" => { + inherit_from => [ "x86_elf_asm" ], + cc => "cc", + cflags => "-belf", + thread_cflag => "(unknown)", + lflags => "-lsocket -lnsl", + bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "svr3-shared", + shared_cflag => "-Kpic", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "sco5-gcc" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-O3 -fomit-frame-pointer", + thread_cflag => "(unknown)", + lflags => "-lsocket -lnsl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "elf-1", + dso_scheme => "dlfcn", + shared_target => "svr3-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, #### IBM's AIX. -"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", + "aix3-cc" => { + cc => "cc", + cflags => "-O -DB_ENDIAN -qmaxmem=16384", + thread_cflag => "(unknown)", + sys_id => "AIX", + bn_ops => "BN_LLONG RC4_CHAR", + }, + "aix-gcc" => { + inherit_from => [ "ppc32_asm" ], + cc => "gcc", + cflags => "-O -DB_ENDIAN", + thread_cflag => "-pthread", + sys_id => "AIX", + bn_ops => "BN_LLONG RC4_CHAR", + perlasm_scheme => "aix32", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-shared -Wl,-G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X32", + }, + "aix64-gcc" => { + inherit_from => [ "ppc64_asm" ], + cc => "gcc", + cflags => "-maix64 -O -DB_ENDIAN", + thread_cflag => "-pthread", + sys_id => "AIX", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "aix64", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-maix64 -shared -Wl,-G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X64", + }, # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:$ppc32_asm:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:$ppc64_asm:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", + "aix-cc" => { + inherit_from => [ "ppc32_asm" ], + cc => "cc", + cflags => "-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + thread_cflag => "-qthreaded -D_THREAD_SAFE", + sys_id => "AIX", + bn_ops => "BN_LLONG RC4_CHAR", + perlasm_scheme => "aix32", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-q32 -G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X 32", + }, + "aix64-cc" => { + inherit_from => [ "ppc64_asm" ], + cc => "cc", + cflags => "-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + thread_cflag => "-qthreaded -D_THREAD_SAFE", + sys_id => "AIX", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", + perlasm_scheme => "aix64", + dso_scheme => "dlfcn", + shared_target => "aix-shared", + shared_ldflag => "-q64 -G", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + arflags => "-X 64", + }, # SIEMENS BS2000/OSD: an EBCDIC-based mainframe -"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + "BS2000-OSD" => { + cc => "c89", + cflags => "-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC", + thread_cflag => "(unknown)", + lflags => "-lsocket -lnsl", + bn_ops => "THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR", + }, # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe # You need to compile using the c89.sh wrapper in the tools directory, because the # IBM compiler does not like the -L switch after any object modules. # -"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::", + "OS390-Unix" => { + cc => "c89.sh", + cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE", + thread_cflag => "(unknown)", + bn_ops => "THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR", + }, # Visual C targets # @@ -323,22 +1443,90 @@ my $no_asm_filler="::::::::::::::::void"; # positives in some situations. Disabling it altogether masks both # legitimate and false cases, but as we compile on multiple platforms, # we rely on other compilers to catch legitimate cases. -"VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", -"debug-VC-WIN64I","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32", -"debug-VC-WIN64A","cl:-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32", + "VC-WIN64I" => { + cc => "cl", + cflags => "-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE", + sys_id => "WIN64I", + bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", + cpuid_obj => "ia64cpuid.o", + bn_obj => "ia64.o ia64-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", + md5_obj => "md5-ia64.o", + sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", + modes_obj => "ghash-ia64.o", + perlasm_scheme => "ias", + dso_scheme => "win32", + }, + "debug-VC-WIN64I" => { + cc => "cl", + cflags => "-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE", + sys_id => "WIN64I", + bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", + cpuid_obj => "ia64cpuid.o", + bn_obj => "ia64.o", + aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", + md5_obj => "md5-ia64.o", + sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", + modes_obj => "ghash-ia64.o", + perlasm_scheme => "ias", + dso_scheme => "win32", + }, + "VC-WIN64A" => { + inherit_from => [ "win_x86_64_asm" ], + cc => "cl", + cflags => "-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE", + debug_cflags => "-Zi", + sys_id => "WIN64A", + bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", + perlasm_scheme => "auto", + dso_scheme => "win32", + }, # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' -"VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", -"debug-VC-WIN32","cl:-W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", + "VC-WIN32" => { + inherit_from => [ "x86_asm" ], + cc => "cl", + cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE", + debug_cflags => "-Zi", + sys_id => "WIN32", + bn_ops => "BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}", + perlasm_scheme => "win32n", + dso_scheme => "win32", + }, # Unified CE target -"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm_filler}:win32", + "VC-CE" => { + inherit_from => [ "no_asm_filler" ], + cc => "cl", + sys_id => "WINCE", + bn_ops => "BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}", + dso_scheme => "win32", + }, # Borland C++ 4.5 -"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm_filler}:win32", + "BC-32" => { + inherit_from => [ "no_asm_filler" ], + cc => "bcc32", + sys_id => "WIN32", + bn_ops => "BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN", + dso_scheme => "win32", + }, # MinGW -"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a", + "mingw" => { + inherit_from => [ "x86_asm" ], + cc => "gcc", + cflags => "-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall", + thread_cflag => "-D_MT", + sys_id => "MINGW32", + lflags => "-lws2_32 -lgdi32 -lcrypt32", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN", + perlasm_scheme => "coff", + dso_scheme => "win32", + shared_target => "cygwin-shared", + shared_cflag => "-D_WINDLL -DOPENSSL_USE_APPLINK", + shared_ldflag => "-mno-cygwin", + shared_extension => ".dll.a", + }, # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll # compiled with one compiler with application compiled with another # compiler. It's possible to engage Applink support in mingw64 build, @@ -346,47 +1534,196 @@ my $no_asm_filler="::::::::::::::::void"; # handling, one can't seriously consider its binaries for using with # non-mingw64 run-time environment. And as mingw64 is always consistent # with itself, Applink is never engaged and can as well be omitted. -"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a", + "mingw64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE", + thread_cflag => "-D_MT", + sys_id => "MINGW64", + lflags => "-lws2_32 -lgdi32 -lcrypt32", + bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", + perlasm_scheme => "mingw64", + dso_scheme => "win32", + shared_target => "cygwin-shared", + shared_cflag => "-D_WINDLL", + shared_ldflag => "-mno-cygwin", + shared_extension => ".dll.a", + }, # UWIN -"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:win32", + "UWIN" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "-DTERMIOS -DL_ENDIAN -O -Wall", + sys_id => "UWIN", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "win32", + }, # Cygwin -"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", + "Cygwin" => { + inherit_from => [ "x86_asm" ], + cc => "gcc", + cflags => "-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall", + sys_id => "CYGWIN", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "coff", + dso_scheme => "dlfcn", + shared_target => "cygwin-shared", + shared_cflag => "-D_WINDLL", + shared_ldflag => "-shared", + shared_extension => ".dll.a", + }, + "Cygwin-x86_64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "-DTERMIOS -DL_ENDIAN -O3 -Wall", + sys_id => "CYGWIN", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "mingw64", + dso_scheme => "dlfcn", + shared_target => "cygwin-shared", + shared_cflag => "-D_WINDLL", + shared_ldflag => "-shared", + shared_extension => ".dll.a", + }, # NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv # NetWare defaults socket bio to WinSock sockets. However, # the builds can be configured to use BSD sockets instead. # netware-clib => legacy CLib c-runtime support -"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", -"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", -"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", + "netware-clib" => { + cc => "mwccnlm", + bn_ops => "${x86_gcc_opts}", + }, + "netware-clib-bsdsock" => { + cc => "mwccnlm", + bn_ops => "${x86_gcc_opts}", + }, + "netware-clib-gcc" => { + cc => "i586-netware-gcc", + cflags => "-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall", + bn_ops => "${x86_gcc_opts}", + }, + "netware-clib-bsdsock-gcc" => { + cc => "i586-netware-gcc", + cflags => "-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall", + bn_ops => "${x86_gcc_opts}", + }, # netware-libc => LibC/NKS support -"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", -"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", + "netware-libc" => { + cc => "mwccnlm", + bn_ops => "BN_LLONG ${x86_gcc_opts}", + }, + "netware-libc-bsdsock" => { + cc => "mwccnlm", + bn_ops => "BN_LLONG ${x86_gcc_opts}", + }, + "netware-libc-gcc" => { + cc => "i586-netware-gcc", + cflags => "-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall", + bn_ops => "BN_LLONG ${x86_gcc_opts}", + }, + "netware-libc-bsdsock-gcc" => { + cc => "i586-netware-gcc", + cflags => "-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall", + bn_ops => "BN_LLONG ${x86_gcc_opts}", + }, # DJGPP -"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:", + "DJGPP" => { + inherit_from => [ "x86_asm" ], + cc => "gcc", + cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", + sys_id => "MSDOS", + lflags => "-L/dev/env/WATT_ROOT/lib -lwatt", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + perlasm_scheme => "a.out", + }, # Ultrix from Bernhard Simon -"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::", -"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::", + "ultrix-cc" => { + cc => "cc", + cflags => "-std1 -O -Olimit 2500 -DL_ENDIAN", + thread_cflag => "(unknown)", + }, + "ultrix-gcc" => { + cc => "gcc", + cflags => "-O3 -DL_ENDIAN", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG", + }, # K&R C is no longer supported; you need gcc on old Ultrix installations ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", ##### MacOS X (a.k.a. Darwin) setup -"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + "darwin-ppc-cc" => { + inherit_from => [ "ppc32_asm" ], + cc => "cc", + cflags => "-arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL", + debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall -O", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", + sys_id => "MACOSX", + lflags => "-Wl,-search_paths_first%", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + perlasm_scheme => "osx32", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch ppc -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, + "darwin64-ppc-cc" => { + inherit_from => [ "ppc64_asm" ], + cc => "cc", + cflags => "-arch ppc64 -O3 -DB_ENDIAN", + thread_cflag => "-D_REENTRANT", + sys_id => "MACOSX", + lflags => "-Wl,-search_paths_first%", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + perlasm_scheme => "osx64", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch ppc64 -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, + "darwin-i386-cc" => { + inherit_from => [ "x86_asm_nocast" ], + cc => "cc", + cflags => "-arch i386 -DL_ENDIAN", + debug_cflags => "-g3", + release_cflags => "-O3 -fomit-frame-pointer", + thread_cflag => "-D_REENTRANT", + sys_id => "MACOSX", + lflags => "-Wl,-search_paths_first%", + bn_ops => "BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR", + perlasm_scheme => "macosx", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch i386 -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, + "darwin64-x86_64-cc" => { + inherit_from => [ "x86_64_asm" ], + cc => "cc", + cflags => "-arch x86_64 -DL_ENDIAN -Wall", + debug_cflags => "-ggdb -g2 -O0", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", + sys_id => "MACOSX", + lflags => "-Wl,-search_paths_first%", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "macosx", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch x86_64 -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, # iPhoneOS/iOS # # It takes three prior-set environment variables to make it work: @@ -402,30 +1739,148 @@ my $no_asm_filler="::::::::::::::::void"; # CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer # CROSS_SDK=iPhoneOS7.0.sdk # -"iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + "iphoneos-cross" => { + inherit_from => [ "no_asm_filler" ], + cc => "cc", + cflags => "-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common", + thread_cflag => "-D_REENTRANT", + sys_id => "iOS", + lflags => "-Wl,-search_paths_first%", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, + "ios64-cross" => { + inherit_from => [ "aarch64_asm" ], + cc => "cc", + cflags => "-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common", + thread_cflag => "-D_REENTRANT", + sys_id => "iOS", + lflags => "-Wl,-search_paths_first%", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + perlasm_scheme => "ios64", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, ##### A/UX -"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", + "aux3-gcc" => { + cc => "gcc", + cflags => "-O2 -DTERMIO", + thread_cflag => "(unknown)", + sys_id => "AUX", + lflags => "-lbsd", + bn_ops => "RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", + }, ##### GNU Hurd -"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC", + "hurd-x86" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + }, ##### OS/2 EMX -"OS2-EMX", "gcc::::::::", + "OS2-EMX" => { + cc => "gcc", + }, ##### VxWorks for various targets -"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", -"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", -"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", -"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", -"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", -"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm_filler}::::::ranlibpentium:", -"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:", + "vxworks-ppc60x" => { + cc => "ccppc", + cflags => "-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip", + sys_id => "VXWORKS", + lflags => "-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common", + }, + "vxworks-ppcgen" => { + cc => "ccppc", + cflags => "-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip", + sys_id => "VXWORKS", + lflags => "-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon", + }, + "vxworks-ppc405" => { + cc => "ccppc", + cflags => "-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-ppc750" => { + cc => "ccppc", + cflags => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG)", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-ppc750-debug" => { + cc => "ccppc", + cflags => "-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-ppc860" => { + cc => "ccppc", + cflags => "-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h", + sys_id => "VXWORKS", + lflags => "-r", + }, + "vxworks-simlinux" => { + inherit_from => [ "no_asm_filler" ], + cc => "ccpentium", + cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK", + sys_id => "VXWORKS", + lflags => "-r", + ranlib => "ranlibpentium", + }, + "vxworks-mips" => { + inherit_from => [ "mips32_asm" ], + cc => "ccmips", + cflags => "-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip", + thread_cflag => "-D_REENTRANT", + sys_id => "VXWORKS", + lflags => "-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon", + perlasm_scheme => "o32", + ranlib => "ranlibmips", + }, # uClinux -"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm_filler}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", -"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm_filler}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::", + "uClinux-dist" => { + inherit_from => [ "no_asm_filler" ], + cc => "$ENV{'CC'}", + cflags => "\$(CFLAGS)", + thread_cflag => "-D_REENTRANT", + lflags => "\$(LDFLAGS) \$(LDLIBS)", + bn_ops => "BN_LLONG", + dso_scheme => "$ENV{'LIBSSL_dlfcn'}", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ranlib => "$ENV{'RANLIB'}", + }, + "uClinux-dist64" => { + inherit_from => [ "no_asm_filler" ], + cc => "$ENV{'CC'}", + cflags => "\$(CFLAGS)", + thread_cflag => "-D_REENTRANT", + lflags => "\$(LDFLAGS) \$(LDLIBS)", + bn_ops => "SIXTY_FOUR_BIT_LONG", + dso_scheme => "$ENV{'LIBSSL_dlfcn'}", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-shared", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ranlib => "$ENV{'RANLIB'}", + }, ); diff --git a/Configurations/90-team.conf b/Configurations/90-team.conf index cfc2b16..66d1eae 100644 --- a/Configurations/90-team.conf +++ b/Configurations/90-team.conf @@ -4,44 +4,333 @@ ## make -f Makefile.org TABLE ## This file is interpolated by the Configure script. -# Filler used for when there are no asm files. -my $no_asm_filler="::::::::::::::::void"; - %targets = ( -"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::", -"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::", -"debug-ben", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::", -"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe::(unknown)::::::", -"debug-ben-debug-64", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-debug-64-noopt", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-ben-macos", "cc:$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::", -"debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3::(unknown)::::::", -"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", -"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:$x86_64_asm:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"debug-rse","cc:-DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-erbridge", "gcc:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", -"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o::des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o:e_padlock-x86.o:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm_filler}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", -"dist", "cc:-O::(unknown)::::::", -"debug-test-64-clang", "clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"darwin64-debug-test-64-clang", "clang:-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:MACOSX::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + "purify" => { + cc => "purify gcc", + cflags => "-g -DPURIFY -Wall", + thread_cflag => "(unknown)", + lflags => "-lsocket -lnsl", + }, + "debug" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror", + thread_cflag => "(unknown)", + lflags => "-lefence", + }, + "debug-ben" => { + cc => "gcc", + cflags => "$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-openbsd" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-openbsd-debug" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-debug" => { + cc => "gcc", + cflags => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-debug-64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-ben-debug-64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-ben-debug-64-noopt" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-ben-macos" => { + cc => "cc", + cflags => "$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-no-opt" => { + cc => "gcc", + cflags => "-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3", + thread_cflag => "(unknown)", + }, + "debug-ben-strict" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-darwin64" => { + inherit_from => [ "x86_64_asm" ], + cc => "cc", + cflags => "$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall", + thread_cflag => "-D_REENTRANT", + sys_id => "MACOSX", + lflags => "-Wl,-search_paths_first%", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "macosx", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch x86_64 -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, + "debug-rse" => { + inherit_from => [ "x86_elf_asm" ], + cc => "cc", + cflags => "-DL_ENDIAN -pipe -O -g -ggdb3 -Wall", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + }, + "debug-bodo" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "debug-erbridge" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, + "debug-steve64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-steve32" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe", + thread_cflag => "-D_REENTRANT", + lflags => "-rdynamic -ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-steve-opt" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + + # Richard Levitte + "debug-levitte-linux-noasm" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-levitte-linux-elf-extreme" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-levitte-linux-noasm-extreme" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + perlasm_scheme => "void", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + + "debug-geoff32" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-geoff64" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-linux-pentium" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + }, + "debug-linux-ppro" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + }, + "debug-linux-elf-noefence" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-linux-ia32-aes" => { + cc => "gcc", + cflags => "-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + cpuid_obj => "x86cpuid.o", + bn_obj => "bn-586.o co-586.o x86-mont.o", + des_obj => "des-586.o crypt586.o", + aes_obj => "aes_x86core.o aes_cbc.o aesni-x86.o", + bf_obj => "bf-586.o", + md5_obj => "md5-586.o", + sha1_obj => "sha1-586.o sha256-586.o sha512-586.o", + cast_obj => "cast-586.o", + rc4_obj => "rc4-586.o", + rmd160_obj => "rmd-586.o", + rc5_obj => "rc5-586.o", + wp_obj => "wp_block.o wp-mmx.o", + modes_obj => "ghash-x86.o", + engines_obj => "e_padlock-x86.o", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "dist" => { + cc => "cc", + cflags => "-O", + thread_cflag => "(unknown)", + }, + "debug-test-64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "darwin64-debug-test-64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => "-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + thread_cflag => "${BSDthreads}", + sys_id => "MACOSX", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "macosx", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch x86_64 -dynamiclib", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, ); diff --git a/Configure b/Configure index 4094c08..705f4c6 100755 --- a/Configure +++ b/Configure @@ -134,10 +134,13 @@ my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:ecp_nistz256.o ecp_nistz256-x86.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o"; +my $x86_asm_nocast=$x86_asm;$x86_asm_nocast=~s/cast\-586\.o//; my $x86_elf_asm="$x86_asm:elf"; +my $android_x86_elf_asm="$x86_asm:android"; my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:e_padlock-x86_64.o"; +my $win_x86_64_asm=$x86_asm;$win_x86_64_asm=~s/x86_64-gcc\.o/bn_asm.o/; my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void"; my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void"; my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void"; @@ -145,10 +148,12 @@ my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash- my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//; my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; +my $s390x_32_asm=$s390x_asm;$s390x_32_asm=~s/bn\-s390x\.o/bn_asm.o/; my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:ecp_nistz256.o ecp_nistz256-armv4.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void"; my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; -my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; +my $parisc20_64_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; +my $parisc20_32_asm=$parisc20_64_asm;$parisc20_32_asm=~s/2W\./2\./;$parisc20_32_asm=~s/:64/:32/; my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:"; my $ppc32_asm=$ppc64_asm; @@ -161,12 +166,444 @@ my $ppc32_asm=$ppc64_asm; # seems to be sufficient? my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; -#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib # table of known configurations, read in from files +# +# The content of each entry can take one of two forms: +# +# - old style config-string, colon seperated fields with exactly the +# following structure.: +# +# $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $perlasm_scheme : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib +# +# We use the stringtohash function - defined below - to combine with the +# fields and form a proper hash table from the string. +# +# - direct transfer of old style config string to hash table, using the names +# of the fields as keys: +# +# { +# cc => $cc, +# cflags => $cflags, +# unistd => $unistd, +# thread_cflag => $thread_cflag, +# sys_id => $sys_id, +# lflags => $lflags, +# bn_ops => $bn_ops, +# cpuid_obj => $cpuid_obj, +# bn_obj => $bn_obj, +# ec_obj => $ec_obj, +# des_obj => $des_obj, +# aes_obj => $aes_obj, +# bf_obj => $bf_obj, +# md5_obj => $md5_obj, +# sha1_obj => $sha1_obj, +# cast_obj => $cast_obj, +# rc4_obj => $rc4_obj, +# rmd160_obj => $rmd160_obj, +# rc5_obj => $rc5_obj, +# wp_obj => $wp_obj, +# cmll_obj => $cmll_obj, +# modes_obj => $modes_obj, +# engines_obj => $engines_obj, +# perlasm_scheme => $perlasm_scheme, +# dso_scheme => $dso_scheme, +# shared_target => $shared_target, +# shared_cflag => $shared_cflag, +# shared_ldflag => $shared_ldflag, +# shared_extension => $shared_extension, +# ranlib => $ranlib, +# arflags => $arflags, +# multilib => $multilib +# } +# +# - new style config hash table, which has additional attributes for debug +# and non-debug flags to be added to the common flags, for cflags and lflags: +# +# { +# cc => $cc, +# cflags => $cflags, +# debug_cflags => $debug_cflags, +# release_cflags => $release_cflags, +# unistd => $unistd, +# thread_cflag => $thread_cflag, +# sys_id => $sys_id, +# lflags => $lflags, +# debug_lflags => $debug_lflags, +# release_lflags => $release_lflags, +# bn_ops => $bn_ops, +# cpuid_obj => $cpuid_obj, +# bn_obj => $bn_obj, +# ec_obj => $ec_obj, +# des_obj => $des_obj, +# aes_obj => $aes_obj, +# bf_obj => $bf_obj, +# md5_obj => $md5_obj, +# sha1_obj => $sha1_obj, +# cast_obj => $cast_obj, +# rc4_obj => $rc4_obj, +# rmd160_obj => $rmd160_obj, +# rc5_obj => $rc5_obj, +# wp_obj => $wp_obj, +# cmll_obj => $cmll_obj, +# modes_obj => $modes_obj, +# engines_obj => $engines_obj, +# dso_scheme => $dso_scheme, +# shared_target => $shared_target, +# shared_cflag => $shared_cflag, +# shared_ldflag => $shared_ldflag, +# shared_extension => $shared_extension, +# ranlib => $ranlib, +# arflags => $arflags, +# multilib => $multilib +# } +# +# The configuration reader will do what it can to translate everything into +# new style config hash tables, including merging $target and debug-$target +# if they are similar enough. +# +# The configuration hashes can refer to templates in two different manners: +# +# - as part of the hash, one can have a key called 'inherit_from' that +# indicate what other configuration hashes to inherit data from. +# These are resolved recursively. +# +# Inheritance works as a set of default values that can be overriden +# by corresponding attribute values in the inheriting configuration. +# +# If several configurations are given in the 'inherit_from' array, the +# values of same attribute are concatenated with space separation. +# With this, it's possible to have several smaller templates for +# different configuration aspects that can be combined into a complete +# configuration. +# +# Example: +# +# "foo" => { +# template => 1, +# haha => "haha", +# hoho => "ho" +# }, +# "bar" => { +# template => 1, +# hoho => "ho", +# hehe => "hehe" +# }, +# "laughter" => { +# inherit_from => [ "foo", "bar" ], +# } +# +# The entry for "foo" will become as follows after processing: +# +# "laughter" => { +# haha => "haha", +# hoho => "ho ho", +# hehe => "hehe" +# } +# +# Note 1: any entry from the table can be used as a template. +# Note 2: pure templates have the attribute 'template => 1' and cannot +# be used as targets. +# +# - instead of a string, one can have a code block of the form +# 'sub { /* your code here */ }', where the arguments are the list of +# inherited values for that key. In fact, the concatenation of strings +# is really done by using 'sub { join(" ", at _) }' on the list of inherited +# values. +# +# Example: +# +# "foo" => { +# template => 1, +# haha => "ha ha", +# hoho => "ho", +# ignored => "This should not appear in the end result", +# }, +# "bar" => { +# template => 1, +# haha => "ah", +# hoho => "haho", +# hehe => "hehe" +# }, +# "laughter" => { +# inherit_from => [ "foo", "bar" ], +# hehe => sub { join(" ",(@_,"!!!")) }, +# ignored => "", +# } +# +# The entry for "foo" will become as follows after processing: +# +# "laughter" => { +# haha => "ha ha ah", +# hoho => "ho haho", +# hehe => "hehe !!!", +# ignored => "" +# } +# + my %table=( + + # All these templates are merely a translation of the corresponding + # variables further up. + # + # Note: as long as someone might use old style configuration strings, + # or we bother supporting that, those variables need to stay + + # Filler used for when there are no asm files. + no_asm_filler => { + template => 1, + cpuid_obj => "", + bn_obj => "", + ec_obj => "", + des_obj => "", + aes_obj => "", + bf_obj => "", + md5_obj => "", + sha1_obj => "", + cast_obj => "", + rc4_obj => "", + rmd160_obj => "", + rc5_obj => "", + wp_obj => "", + cmll_obj => "", + modes_obj => "", + engines_obj => "", + perlasm_scheme => "void" + }, + + x86_asm_nocast => { + template => 1, + cpuid_obj => "x86cpuid.o", + bn_obj => "bn-586.o co-586.o x86-mont.o x86-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-x86.o", + des_obj => "des-586.o crypt586.o", + aes_obj => "aes-586.o vpaes-x86.o aesni-x86.o", + bf_obj => "bf-586.o", + md5_obj => "md5-586.o", + sha1_obj => "sha1-586.o sha256-586.o sha512-586.o", + rc4_obj => "rc4-586.o", + rmd160_obj => "rmd-586.o", + rc5_obj => "rc5-586.o", + wp_obj => "wp_block.o wp-mmx.o", + cmll_obj => "cmll-x86.o", + modes_obj => "ghash-x86.o", + engines_obj => "e_padlock-x86.o" + }, + x86_asm => { + template => 1, + inherit_from => [ "x86_asm_nocast" ], + cast_obj => "cast-586.o", + }, + x86_elf_asm => { + template => 1, + inherit_from => [ "x86_asm" ], + perlasm_scheme => "elf" + }, + android_x86_elf_asm => { + template => 1, + inherit_from => [ "x86_asm" ], + perlasm_scheme => "android" + }, + + _x86_64_asm => { + template => 1, + cpuid_obj => "x86_64cpuid.o", + bn_obj => "x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-x86_64.o", + aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o", + md5_obj => "md5-x86_64.o", + sha1_obj => "sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o", + rc4_obj => "rc4-x86_64.o rc4-md5-x86_64.o", + wp_obj => "wp-x86_64.o", + cmll_obj => "cmll-x86_64.o cmll_misc.o", + modes_obj => "ghash-x86_64.o aesni-gcm-x86_64.o", + engines_obj => "e_padlock-x86_64.o" + }, + x86_64_asm => { + inherit_from => [ "_x86_64_asm" ], + template => 1, + bn_obj => sub { join(" ","x86_64-gcc.o", at _) } + }, + win_x86_64_asm => { + inherit_from => [ "_x86_64_asm" ], + template => 1, + bn_obj => sub { join(" ","bn_asm.o", at _) } + }, + ia64_asm => { + template => 1, + cpuid_obj => "ia64cpuid.o", + bn_obj => "bn-ia64.o ia64-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", + md5_obj => "md5-ia64.o", + sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", + rc4_obj => "rc4-ia64.o rc4_skey.o", + modes_obj => "ghash-ia64.o", + perlasm_scheme => "void" + }, + sparcv9_asm => { + template => 1, + cpuid_obj => "sparcv9cap.o sparccpuid.o", + bn_obj => "bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o", + des_obj => "des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o", + aes_obj => "aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o", + md5_obj => "md5-sparcv9.o", + sha1_obj => "sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o", + cmll_obj => "camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o", + modes_obj => "ghash-sparcv9.o", + perlasm_scheme => "void" + }, + sparcv8_asm => { + template => 1, + cpuid_obj => "", + bn_obj => "sparcv8.o", + des_obj => "des_enc-sparc.o fcrypt_b.o", + perlasm_scheme => "void" + }, + alpha_asm => { + template => 1, + cpuid_obj => "alphacpuid.o", + bn_obj => "bn_asm.o alpha-mont.o", + sha1_obj => "sha1-alpha.o", + modes_obj => "ghash-alpha.o", + perlasm_scheme => "void" + }, + mips32_asm => { + template => 1, + bn_obj => "bn-mips.o mips-mont.o", + aes_obj => "aes_cbc.o aes-mips.o", + sha1_obj => "sha1-mips.o sha256-mips.o", + }, + mips64_asm => { + inherit_from => [ "mips32_asm" ], + template => 1, + sha1_obj => sub { join(" ", @_, "sha512-mips.o") } + }, + _s390x_asm => { + template => 1, + cpuid_obj => "s390xcap.o s390xcpuid.o", + bn_obj => "s390x-mont.o s390x-gf2m.o", + aes_obj => "aes-s390x.o aes-ctr.o aes-xts.o", + sha1_obj => "sha1-s390x.o sha256-s390x.o sha512-s390x.o", + rc4_obj => "rc4-s390x.o", + modes_obj => "ghash-s390x.o", + }, + s390x_asm => { + template => 1, + inherit_from => [ "_s390x_asm" ], + bn_obj => sub { join(" ", "bn-s390x.o", @_) } + }, + s390x_32_asm => { + template => 1, + inherit_from => [ "_s390x_asm" ], + bn_obj => sub { join(" ", "bn_asm.o", @_) } + }, + armv4_asm => { + template => 1, + cpuid_obj => "armcap.o armv4cpuid.o", + bn_obj => "bn_asm.o armv4-mont.o armv4-gf2m.o", + ec_obj => "ecp_nistz256.o ecp_nistz256-armv4.o", + aes_obj => "aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o", + sha1_obj => "sha1-armv4-large.o sha256-armv4.o sha512-armv4.o", + modes_obj => "ghash-armv4.o ghashv8-armx.o", + perlasm_scheme => "void" + }, + aarch64_asm => { + template => 1, + cpuid_obj => "armcap.o arm64cpuid.o mem_clr.o", + aes_obj => "aes_core.o aes_cbc.o aesv8-armx.o", + sha1_obj => "sha1-armv8.o sha256-armv8.o sha512-armv8.o", + modes_obj => "ghashv8-armx.o", + }, + parisc11_asm => { + template => 1, + cpuid_obj => "pariscid.o", + bn_obj => "bn_asm.o parisc-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-parisc.o", + sha1_obj => "sha1-parisc.o sha256-parisc.o sha512-parisc.o", + rc4_obj => "rc4-parisc.o", + modes_obj => "ghash-parisc.o", + perlasm_scheme => "32" + }, + _parisc20_asm => { + template => 1, + cpuid_obj => "pariscid.o", + bn_obj => "parisc-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-parisc.o", + sha1_obj => "sha1-parisc.o sha256-parisc.o sha512-parisc.o", + rc4_obj => "rc4-parisc.o", + modes_obj => "ghash-parisc.o", + perlasm_scheme => "64" + }, + parisc20_32_asm => { + template => 1, + inherit_from => [ "_parisc20_asm" ], + bn_obj => sub { join(" ", "pa-risc2.o", @_) }, + perlasm_scheme => "32", + }, + parisc20_64_asm => { + template => 1, + inherit_from => [ "_parisc20_asm" ], + bn_obj => sub { join(" ", "pa-risc2W.o", @_) }, + perlasm_scheme => "64", + }, + ppc64_asm => { + template => 1, + cpuid_obj => "ppccpuid.o ppccap.o", + bn_obj => "bn-ppc.o ppc-mont.o ppc64-mont.o", + aes_obj => "aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o", + sha1_obj => "sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o", + modes_obj => "ghashp8-ppc.o", + }, + ppc32_asm => { + inherit_from => [ "ppc64_asm" ], + template => 1 + }, ); +sub stringtohash { + my $in = shift @_; + if (ref($in) eq "HASH") { + return $in; + } + my @stringsequence = ( + "cc", + "cflags", + "unistd", + "thread_cflag", + "sys_id", + "lflags", + "bn_ops", + "cpuid_obj", + "bn_obj", + "ec_obj", + "des_obj", + "aes_obj", + "bf_obj", + "md5_obj", + "sha1_obj", + "cast_obj", + "rc4_obj", + "rmd160_obj", + "rc5_obj", + "wp_obj", + "cmll_obj", + "modes_obj", + "engines_obj", + "perlasm_scheme", + "dso_scheme", + "shared_target", + "shared_cflag", + "shared_ldflag", + "shared_extension", + "ranlib", + "arflags", + "multilib", + ); + + # return a ref to a hash, that's what the outer braces are for. + return { map { shift @stringsequence => $_ } split /:/, $in }; +}; + # Read configuration target stanzas from a file, so that people can have # local files with their own definitions sub read_config { @@ -180,7 +617,227 @@ sub read_config { close(CONFFILE); my %targets = (); eval $content; + + # Make sure we have debug- targets first + my @keys = + sort { + my $a_nd = $a =~ m/^debug-/ ? $' :$a; + my $b_nd = $b =~ m/^debug-/ ? $' :$b; + my $res = 0; + + if (($a_nd == $a) == ($b_nd == $b)) { + # they are both debug- or not, compare them as they are + $res = $a cmp $b; + } elsif ($a_nd != $a) { + # $a is debug-, make it lesser + $res = -1; + } else { + # $b is debug-, make $a greater + $res = 1; + } + $res; + } keys %targets; + + foreach (@keys) { + if (ref($targets{$_}) ne "HASH") { + # Value is assumed to be a string. Split it up to + # become a hash table of parameters. Also, try to + # merge debug- variants with the non-debug target. + + # Start with converting the value from a string to a + # standardised hash of fields. Using $tohash is safe, + # if the input is already a hash ref, it's just returned + # back. + $targets{$_} = stringtohash($targets{$_}); + + # If the current target is a debug target, there might + # be a corresponding non-debug target that we can merge + # with. If it isn't a debug- target, we've already done + # as much merging as we can and do not need to bother + # with that any more. + if ($_ =~ m/^debug-/) { + my $debugkey = $_; + my $nondebugkey = $'; + my $debug = $targets{$debugkey}; + my $nondebug; + + if ($targets{$nondebugkey}) { + $nondebug = stringtohash($targets{$nondebugkey}); + } + + if ($nondebug) { + # There's both a debug and non-debug variant of + # this target, so we should try to merge them + # together. + + # First, check that the non-debug variant isn't + # already built up with all it should have. + if ($nondebug->{debug_cflags} + || $nondebug->{release_cflags} + || $nondebug->{debug_lflags} + || $nondebug->{release_lflags}) { + warn "there's a debug target $debugkey to be merged with a target $nondebugkey, but the latter seems to already have both nodebug and debug information. This requires human intervention. Skipping $debugkey..."; + next; + } + + # Now, check similarity. + # For keys they have in common, support that + # cflags and lflags can differ, otherwise they + # must have exactly the same values for them + # to be merged into one. + my $similarenough = 1; + for (keys %{$debug}) { + if ($nondebug->{$_} ne $debug->{$_} + && $_ !~ m/^[cl]flags$/) { + $similarenough = 0; + last; + } + } + + if ($similarenough) { + # Here's where the magic happens, split the + # options in the debug and non-debug variants + # cflags and ldflags into three strings each, + # one with common flags, one with extra debug + # flags and one with extra non-debug flags. + + # The result ends up in %h_nondebug, which + # becomes the merged variant when we're done. + # for each of cflags and lflags, they are + # replaced with cflags, debug_cflags, + # release_cflags and similar for lflags. + # + # The purpose is that 'cflags' should be + # used together with 'debug_cflags' or + # 'release_cflags' depending on what the + # user asks for. + foreach (("cflags", "lflags")) { + my @list_d = split /\s+/, $debug->{$_}; + my @list_nd = split /\s+/, $nondebug->{$_}; + my %presence = (); # bitmap + # 1: present in @list_d + # 2: present in @list_nd + # 3: present in both + map { $presence{$_} += 1; } @list_d; + map { $presence{$_} += 2; } @list_nd; + + delete $nondebug->{$_}; + # Note: we build from the original lists to + # preserve order, it might be important + $nondebug->{"debug-".$_} = + join(" ", + grep { $presence{$_} == 1 } @list_d); + $nondebug->{"nodebug-".$_} = + join(" ", + grep { $presence{$_} == 2 } @list_nd); + $nondebug->{$_} = + join(" ", + grep { $presence{$_} == 3 } @list_d); + } + + $targets{$nondebugkey} = $nondebug; + delete $targets{$debugkey}; + } + } + } + } + } + %table = (%table, %targets); + + # Local function to resolve inheritance + my $resolve_inheritance; + $resolve_inheritance = + sub { + my $target = shift; + my @breadcrumbs = @_; + + if (grep { $_ eq $target } @breadcrumbs) { + die "inherit_from loop! target backtrace:\n " + ,$target,"\n ",join("\n ", @breadcrumbs),"\n"; + } + + # Recurse through all inheritances. They will be resolved on + # the fly, so when this operation is done, they will all just + # be a bunch of attributes with string values. + # What we get here, though, are keys with references to lists + # of the combined values of them all. We will deal with lists + # after this stage is done. + my %combined_inheritance = (); + if ($table{$target}->{inherit_from}) { + foreach (@{$table{$target}->{inherit_from}}) { + my %inherited_config = + $resolve_inheritance->($_, $target, @breadcrumbs); + + # 'template' is a marker that's considered private to + # the config that had it. + delete $inherited_config{template}; + + map { + if (!$combined_inheritance{$_}) { + $combined_inheritance{$_} = []; + } + push @{$combined_inheritance{$_}}, $inherited_config{$_}; + } keys %inherited_config; + } + } + + # We won't need inherit_from in this target any more, since + # we've resolved all the inheritances that lead to this + delete $table{$target}->{inherit_from}; + + # Now is the time to deal with those lists. Here's the place + # to decide what shall be done with those lists, all based on + # the values of the target we're currently dealing with. + # - If a value is a coderef, it will be executed with the list + # of inherited values as arguments. + # - If the corresponding key doesn't have a value at all or is + # the emoty string, the inherited value list will be run + # through the default combiner (below), and the result + # becomes this target's value. + # - Otherwise, this target's value is assumed to be a string + # that will simply override the inherited list of values. + my $default_combiner = sub { join(' ', at _) }; + + my %all_keys = + map { $_ => 1 } (keys %combined_inheritance, + keys %{$table{$target}}); + foreach (sort keys %all_keys) { + + # Current target doesn't have a value for the current key? + # Assign it the default combiner, the rest of this loop + # body will handle it just like any other coderef. + if (!exists $table{$target}->{$_}) { + $table{$target}->{$_} = $default_combiner; + } + + my $valuetype = ref($table{$target}->{$_}); + if ($valuetype eq "CODE") { + # CODE reference, execute it with the inherited values + # as arguments. + $table{$target}->{$_} = + $table{$target}->{$_}->(@{$combined_inheritance{$_}}); + } elsif ($valuetype eq "") { + # Scalar, just leave it as is. + } else { + # Some other type of reference that we don't handle. + # Better to abort at this point. + die "cannot handle reference type $valuetype," + ," found in target $target -> $_\n"; + } + } + + # Finally done, return the result. + %{$table{$target}}; + }; + + # Go through all new targets and resolve inheritance and template + # references. + foreach (keys %targets) { + # We're ignoring the returned values here, they are only valuable + # to the inner recursion of this function. + $resolve_inheritance->($_); + } } my ($vol, $dir, $dummy) = File::Spec->splitpath($0); @@ -196,40 +853,6 @@ my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A netware-clib netware-clib-bsdsock netware-libc netware-libc-bsdsock); -my $idx = 0; -my $idx_cc = $idx++; -my $idx_cflags = $idx++; -my $idx_unistd = $idx++; -my $idx_thread_cflag = $idx++; -my $idx_sys_id = $idx++; -my $idx_lflags = $idx++; -my $idx_bn_ops = $idx++; -my $idx_cpuid_obj = $idx++; -my $idx_bn_obj = $idx++; -my $idx_ec_obj = $idx++; -my $idx_des_obj = $idx++; -my $idx_aes_obj = $idx++; -my $idx_bf_obj = $idx++; -my $idx_md5_obj = $idx++; -my $idx_sha1_obj = $idx++; -my $idx_cast_obj = $idx++; -my $idx_rc4_obj = $idx++; -my $idx_rmd160_obj = $idx++; -my $idx_rc5_obj = $idx++; -my $idx_wp_obj = $idx++; -my $idx_cmll_obj = $idx++; -my $idx_modes_obj = $idx++; -my $idx_engines_obj = $idx++; -my $idx_perlasm_scheme = $idx++; -my $idx_dso_scheme = $idx++; -my $idx_shared_target = $idx++; -my $idx_shared_cflag = $idx++; -my $idx_shared_ldflag = $idx++; -my $idx_shared_extension = $idx++; -my $idx_ranlib = $idx++; -my $idx_arflags = $idx++; -my $idx_multilib = $idx++; - my $prefix=""; my $libdir=""; my $openssldir=""; @@ -584,7 +1207,7 @@ if (defined($disabled{"tlsext"})) if ($target eq "TABLE") { foreach $target (sort keys %table) { - print_table_entry($target); + print_table_entry($target, "TABLE"); } exit 0; } @@ -597,13 +1220,35 @@ if ($target eq "LIST") { exit 0; } +if ($target eq "HASH") { + print "%table = (\n"; + foreach (sort keys %table) { + print_table_entry($_, "HASH"); + } + exit 0; +} + if ($target =~ m/^CygWin32(-.*)$/) { $target = "Cygwin".$1; } print "Configuring for $target\n"; -&usage if (!defined($table{$target})); +my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; +my $debug_prefix = "release_"; +if ($d) { + $debug_prefix = "debug_"; + + # If we do not find debug-foo in the table, the target is set to foo, + # but only if the foo target has a noon-empty debug_cflags or debug_lflags + # attribute. + if (!$table{$target} && ($table{$t}->{debug_cflags} + || $table{$t}->{debug_lflags})) { + $target = $t; + } +} + +&usage if (!defined($table{$target}) || $table{$target}->{template}); if ($fips) { @@ -707,44 +1352,48 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] print "IsMK1MF=$IsMK1MF\n"; -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; # Allow environment CC to override compiler... -if($ENV{CC}) { - $cc = $ENV{CC}; -} -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $cpuid_obj = $fields[$idx_cpuid_obj]; -my $bn_obj = $fields[$idx_bn_obj]; -my $ec_obj = $fields[$idx_ec_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $aes_obj = $fields[$idx_aes_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $wp_obj = $fields[$idx_wp_obj]; -my $cmll_obj = $fields[$idx_cmll_obj]; -my $modes_obj = $fields[$idx_modes_obj]; -my $engines_obj = $fields[$idx_engines_obj]; -my $perlasm_scheme = $fields[$idx_perlasm_scheme]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; +my $cc = $ENV{CC} || $table{$t}->{cc}; + +# For cflags and lflags, add the debug_ or release_ attributes +# Do it in such a way that no spurious space is appended (hence the grep). +my $cflags = join(" ", + grep { $_ } ($table{$t}->{cflags}, + $table{$t}->{$debug_prefix."cflags"})); +my $lflags = join(" ", + grep { $_ } ($table{$t}->{lflags}, + $table{$t}->{$debug_prefix."lflags"})); + +my $unistd = $table{$t}->{unistd}; +my $thread_cflag = $table{$t}->{thread_cflag}; +my $sys_id = $table{$t}->{sys_id}; +my $bn_ops = $table{$t}->{bn_ops}; +my $cpuid_obj = $table{$t}->{cpuid_obj}; +my $bn_obj = $table{$t}->{bn_obj}; +my $ec_obj = $table{$t}->{ec_obj}; +my $des_obj = $table{$t}->{des_obj}; +my $aes_obj = $table{$t}->{aes_obj}; +my $bf_obj = $table{$t}->{bf_obj}; +my $md5_obj = $table{$t}->{md5_obj}; +my $sha1_obj = $table{$t}->{sha1_obj}; +my $cast_obj = $table{$t}->{cast_obj}; +my $rc4_obj = $table{$t}->{rc4_obj}; +my $rmd160_obj = $table{$t}->{rmd160_obj}; +my $rc5_obj = $table{$t}->{rc5_obj}; +my $wp_obj = $table{$t}->{wp_obj}; +my $cmll_obj = $table{$t}->{cmll_obj}; +my $modes_obj = $table{$t}->{modes_obj}; +my $engines_obj = $table{$t}->{engines_obj}; +my $perlasm_scheme = $table{$t}->{perlasm_scheme}; +my $dso_scheme = $table{$t}->{dso_scheme}; +my $shared_target = $table{$t}->{shared_target}; +my $shared_cflag = $table{$t}->{shared_cflag}; +my $shared_ldflag = $table{$t}->{shared_ldflag}; +my $shared_extension = $table{$t}->{shared_extension}; +my $ranlib = $ENV{'RANLIB'} || $table{$t}->{ranlib}; my $ar = $ENV{'AR'} || "ar"; -my $arflags = $fields[$idx_arflags]; -my $multilib = $fields[$idx_multilib]; +my $arflags = $table{$t}->{arflags}; +my $multilib = $table{$t}->{multilib}; # if $prefix/lib$multilib is not an existing directory, then # assume that it's not searched by linker automatically, in @@ -1585,7 +2234,7 @@ BEGIN VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright ? 1998-2005 The OpenSSL Project. Copyright ? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright ?? 1998-2005 The OpenSSL Project. Copyright ?? 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" @@ -1693,51 +2342,101 @@ sub dofile sub print_table_entry { my $target = shift; + my $type = shift; - my ($cc, $cflags, $unistd, $thread_cflag, $sys_id, $lflags, - $bn_ops, $cpuid_obj, $bn_obj, $ec_obj, $des_obj, $aes_obj, $bf_obj, - $md5_obj, $sha1_obj, $cast_obj, $rc4_obj, $rmd160_obj, - $rc5_obj, $wp_obj, $cmll_obj, $modes_obj, $engines_obj, - $perlasm_scheme, $dso_scheme, $shared_target, $shared_cflag, - $shared_ldflag, $shared_extension, $ranlib, $arflags, $multilib)= - split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); + # Don't print the templates + return if $table{$target}->{template}; - print <{cc} +\$cflags = $table{$target}->{cflags} +\$debug_cflags = $table{$target}->{debug_cflags} +\$release_cflags = $table{$target}->{release_cflags} +\$unistd = $table{$target}->{unistd} +\$thread_cflag = $table{$target}->{thread_cflag} +\$sys_id = $table{$target}->{sys_id} +\$lflags = $table{$target}->{lflags} +\$debug_lflags = $table{$target}->{debug_lflags} +\$release_lflags = $table{$target}->{release_lflags} +\$bn_ops = $table{$target}->{bn_ops} +\$cpuid_obj = $table{$target}->{cpuid_obj} +\$bn_obj = $table{$target}->{bn_obj} +\$ec_obj = $table{$target}->{ec_obj} +\$des_obj = $table{$target}->{des_obj} +\$aes_obj = $table{$target}->{aes_obj} +\$bf_obj = $table{$target}->{bf_obj} +\$md5_obj = $table{$target}->{md5_obj} +\$sha1_obj = $table{$target}->{sha1_obj} +\$cast_obj = $table{$target}->{cast_obj} +\$rc4_obj = $table{$target}->{rc4_obj} +\$rmd160_obj = $table{$target}->{rmd160_obj} +\$rc5_obj = $table{$target}->{rc5_obj} +\$wp_obj = $table{$target}->{wp_obj} +\$cmll_obj = $table{$target}->{cmll_obj} +\$modes_obj = $table{$target}->{modes_obj} +\$engines_obj = $table{$target}->{engines_obj} +\$perlasm_scheme = $table{$target}->{perlasm_scheme} +\$dso_scheme = $table{$target}->{dso_scheme} +\$shared_target= $table{$target}->{shared_target} +\$shared_cflag = $table{$target}->{shared_cflag} +\$shared_ldflag = $table{$target}->{shared_ldflag} +\$shared_extension = $table{$target}->{shared_extension} +\$ranlib = $table{$target}->{ranlib} +\$arflags = $table{$target}->{arflags} +\$multilib = $table{$target}->{multilib} EOF + } elsif ($type eq "HASH") { + my @sequence = ( + "cc", + "cflags", + "debug_cflags", + "release_cflags", + "unistd", + "thread_cflag", + "sys_id", + "lflags", + "debug_lflags", + "release_lflags", + "bn_ops", + "cpuid_obj", + "bn_obj", + "ec_obj", + "des_obj", + "aes_obj", + "bf_obj", + "md5_obj", + "sha1_obj", + "cast_obj", + "rc4_obj", + "rmd160_obj", + "rc5_obj", + "wp_obj", + "cmll_obj", + "modes_obj", + "engines_obj", + "perlasm_scheme", + "dso_scheme", + "shared_target", + "shared_cflag", + "shared_ldflag", + "shared_extension", + "ranlib", + "arflags", + "multilib", + ); + my $largest = + length((sort { length($a) <=> length($b) } @sequence)[-1]); + print " '$target' => {\n"; + foreach (@sequence) { + if ($table{$target}->{$_}) { + print " '",$_,"'"," " x ($largest - length($_))," => '",$table{$target}->{$_},"',\n"; + } + } + print " },\n"; + } } sub test_sanity @@ -1751,24 +2450,27 @@ sub test_sanity foreach $target (sort keys %table) { - @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); + my $pre_dso_scheme = "perlasm_scheme"; + my $dso_scheme = "dso_scheme"; + my $post_dso_scheme = "shared_target"; + - if ($fields[$idx_dso_scheme-1] =~ /^(beos|dl|dlfcn|win32|vms)$/) + if ($table{$target}->{$pre_dso_scheme} =~ /^(beos|dl|dlfcn|win32|vms)$/) { $errorcnt++; - print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n"; + print STDERR "SANITY ERROR: '$target' has the dso_scheme values\n"; print STDERR " in the previous field\n"; } - elsif ($fields[$idx_dso_scheme+1] =~ /^(beos|dl|dlfcn|win32|vms)$/) + elsif ($table{$target}->{$post_dso_scheme} =~ /^(beos|dl|dlfcn|win32|vms)$/) { $errorcnt++; - print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n"; + print STDERR "SANITY ERROR: '$target' has the dso_scheme values\n"; print STDERR " in the following field\n"; } - elsif ($fields[$idx_dso_scheme] !~ /^(beos|dl|dlfcn|win32|vms|)$/) + elsif ($table{$target}->{$dso_scheme} !~ /^(beos|dl|dlfcn|win32|vms|)$/) { $errorcnt++; - print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n"; + print STDERR "SANITY ERROR: '$target' has the dso_scheme field = ",$table{$target}->{$dso_scheme},"\n"; print STDERR " valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n"; } } diff --git a/TABLE b/TABLE index f214b7b..dfd39b8 100644 --- a/TABLE +++ b/TABLE @@ -3,10 +3,14 @@ Output of `Configure TABLE': *** BC-32 $cc = bcc32 $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = WIN32 $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN $cpuid_obj = $bn_obj = @@ -37,10 +41,14 @@ $multilib = *** BS2000-OSD $cc = c89 $cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -lsocket -lnsl +$debug_lflags = +$release_lflags = $bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR $cpuid_obj = $bn_obj = @@ -71,10 +79,14 @@ $multilib = *** BSD-generic32 $cc = gcc $cflags = -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL $cpuid_obj = $bn_obj = @@ -105,10 +117,14 @@ $multilib = *** BSD-generic64 $cc = gcc $cflags = -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = $bn_obj = @@ -139,10 +155,14 @@ $multilib = *** BSD-ia64 $cc = gcc $cflags = -DL_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -173,10 +193,14 @@ $multilib = *** BSD-sparc64 $cc = gcc $cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -207,10 +231,14 @@ $multilib = *** BSD-sparcv8 $cc = gcc $cflags = -DB_ENDIAN -O3 -mv8 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL $cpuid_obj = $bn_obj = sparcv8.o @@ -241,10 +269,14 @@ $multilib = *** BSD-x86 $cc = gcc $cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -274,11 +306,15 @@ $multilib = *** BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -Wall +$debug_cflags = -g +$release_cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -309,10 +345,14 @@ $multilib = *** BSD-x86_64 $cc = gcc $cflags = -DL_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -343,10 +383,14 @@ $multilib = *** Cygwin $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = CYGWIN $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -377,10 +421,14 @@ $multilib = *** Cygwin-x86_64 $cc = gcc $cflags = -DTERMIOS -DL_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = CYGWIN $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -411,10 +459,14 @@ $multilib = *** DJGPP $cc = gcc $cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = MSDOS $lflags = -L/dev/env/WATT_ROOT/lib -lwatt +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -445,10 +497,14 @@ $multilib = *** MPE/iX-gcc $cc = gcc $cflags = -D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = MPE $lflags = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = $bn_obj = @@ -479,10 +535,14 @@ $multilib = *** OS2-EMX $cc = gcc $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -513,10 +573,14 @@ $multilib = *** OS390-Unix $cc = c89.sh $cflags = -O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR $cpuid_obj = $bn_obj = @@ -547,10 +611,14 @@ $multilib = *** QNX6 $cc = gcc $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -lsocket +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -581,10 +649,14 @@ $multilib = *** QNX6-i386 $cc = gcc $cflags = -DL_ENDIAN -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -lsocket +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -615,10 +687,14 @@ $multilib = *** UWIN $cc = cc $cflags = -DTERMIOS -DL_ENDIAN -O -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = UWIN $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -649,10 +725,14 @@ $multilib = *** VC-CE $cc = cl $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = WINCE $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -683,10 +763,14 @@ $multilib = *** VC-WIN32 $cc = cl $cflags = -W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE +$debug_cflags = -Zi +$release_cflags = $unistd = $thread_cflag = $sys_id = WIN32 $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -717,10 +801,14 @@ $multilib = *** VC-WIN64A $cc = cl $cflags = -W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$debug_cflags = -Zi +$release_cflags = $unistd = $thread_cflag = $sys_id = WIN64A $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN $cpuid_obj = x86_64cpuid.o $bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -751,10 +839,14 @@ $multilib = *** VC-WIN64I $cc = cl $cflags = -W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = WIN64I $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN $cpuid_obj = ia64cpuid.o $bn_obj = ia64.o ia64-mont.o @@ -785,10 +877,14 @@ $multilib = *** aix-cc $cc = cc $cflags = -q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -qthreaded -D_THREAD_SAFE $sys_id = AIX $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -819,10 +915,14 @@ $multilib = *** aix-gcc $cc = gcc $cflags = -O -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread $sys_id = AIX $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -853,10 +953,14 @@ $multilib = *** aix3-cc $cc = cc $cflags = -O -DB_ENDIAN -qmaxmem=16384 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = AIX $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR $cpuid_obj = $bn_obj = @@ -887,10 +991,14 @@ $multilib = *** aix64-cc $cc = cc $cflags = -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -qthreaded -D_THREAD_SAFE $sys_id = AIX $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -921,10 +1029,14 @@ $multilib = *** aix64-gcc $cc = gcc $cflags = -maix64 -O -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread $sys_id = AIX $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -955,10 +1067,14 @@ $multilib = *** android $cc = gcc $cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -989,10 +1105,14 @@ $multilib = *** android-armv7 $cc = gcc $cflags = -march=armv7-a -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o @@ -1023,10 +1143,14 @@ $multilib = *** android-mips $cc = gcc $cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -1057,10 +1181,14 @@ $multilib = *** android-x86 $cc = gcc $cflags = -mandroid -I$(ANDROID_DEV)/include -B$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -1091,10 +1219,14 @@ $multilib = *** aux3-gcc $cc = gcc $cflags = -O2 -DTERMIO +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = AUX $lflags = -lbsd +$debug_lflags = +$release_lflags = $bn_ops = RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -1125,10 +1257,14 @@ $multilib = *** bsdi-elf-gcc $cc = gcc $cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -1159,10 +1295,14 @@ $multilib = *** cc $cc = cc $cflags = -O +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1192,11 +1332,15 @@ $multilib = *** darwin-i386-cc $cc = cc -$cflags = -arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN +$cflags = -arch i386 -DL_ENDIAN +$debug_cflags = -g3 +$release_cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -1226,11 +1370,15 @@ $multilib = *** darwin-ppc-cc $cc = cc -$cflags = -arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL +$cflags = -arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall -O +$release_cflags = -O3 $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -1261,10 +1409,14 @@ $multilib = *** darwin64-debug-test-64-clang $cc = clang $cflags = -arch x86_64 -DL_ENDIAN -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = MACOSX $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1295,10 +1447,14 @@ $multilib = *** darwin64-ppc-cc $cc = cc $cflags = -arch ppc64 -O3 -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -1328,11 +1484,15 @@ $multilib = *** darwin64-x86_64-cc $cc = cc -$cflags = -arch x86_64 -O3 -DL_ENDIAN -Wall +$cflags = -arch x86_64 -DL_ENDIAN -Wall +$debug_cflags = -ggdb -g2 -O0 +$release_cflags = -O3 $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1363,10 +1523,14 @@ $multilib = *** debug $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -lefence +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1394,115 +1558,17 @@ $ranlib = $arflags = $multilib = -*** debug-BSD-x86-elf -$cc = gcc -$cflags = -DL_ENDIAN -O3 -Wall -g -$unistd = -$thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT -$sys_id = -$lflags = -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= bsd-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-VC-WIN32 -$cc = cl -$cflags = -W3 -wd4090 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN32 -$lflags = -$bn_ops = BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = win32n -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** debug-VC-WIN64A -$cc = cl -$cflags = -W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE -$unistd = -$thread_cflag = -$sys_id = WIN64A -$lflags = -$bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN -$cpuid_obj = x86_64cpuid.o -$bn_obj = bn_asm.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = e_padlock-x86_64.o -$perlasm_scheme = auto -$dso_scheme = win32 -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** debug-VC-WIN64I $cc = cl $cflags = -W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = WIN64I $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN $cpuid_obj = ia64cpuid.o $bn_obj = ia64.o @@ -1533,10 +1599,14 @@ $multilib = *** debug-ben $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1567,10 +1637,14 @@ $multilib = *** debug-ben-darwin64 $cc = cc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = MACOSX $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1601,10 +1675,14 @@ $multilib = *** debug-ben-debug $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1635,10 +1713,14 @@ $multilib = *** debug-ben-debug-64 $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1669,10 +1751,14 @@ $multilib = *** debug-ben-debug-64-clang $cc = clang $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1703,10 +1789,14 @@ $multilib = *** debug-ben-debug-64-noopt $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1737,10 +1827,14 @@ $multilib = *** debug-ben-macos $cc = cc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1771,10 +1865,14 @@ $multilib = *** debug-ben-no-opt $cc = gcc $cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1805,10 +1903,14 @@ $multilib = *** debug-ben-openbsd $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1839,10 +1941,14 @@ $multilib = *** debug-ben-openbsd-debug $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1873,10 +1979,14 @@ $multilib = *** debug-ben-strict $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -1907,10 +2017,14 @@ $multilib = *** debug-bodo $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -1938,115 +2052,17 @@ $ranlib = $arflags = $multilib = 64 -*** debug-darwin-i386-cc -$cc = cc -$cflags = -arch i386 -g3 -DL_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch i386 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug-darwin-ppc-cc -$cc = cc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = ppccpuid.o ppccap.o -$bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashp8-ppc.o -$engines_obj = -$perlasm_scheme = osx32 -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -$shared_ldflag = -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - -*** debug-darwin64-x86_64-cc -$cc = cc -$cflags = -arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = MACOSX -$lflags = -Wl,-search_paths_first% -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = e_padlock-x86_64.o -$perlasm_scheme = macosx -$dso_scheme = dlfcn -$shared_target= darwin-shared -$shared_cflag = -fPIC -fno-common -$shared_ldflag = -arch x86_64 -dynamiclib -$shared_extension = .$(SHLIB_MAJOR).$(SHLIB_MINOR).dylib -$ranlib = -$arflags = -$multilib = - *** debug-erbridge $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DBN_DEBUG -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -2077,10 +2093,14 @@ $multilib = 64 *** debug-geoff32 $cc = gcc $cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG $cpuid_obj = $bn_obj = @@ -2111,198 +2131,32 @@ $multilib = *** debug-geoff64 $cc = gcc $cflags = -DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = $ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-elf -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-elf-extreme -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-noasm -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-levitte-linux-noasm-extreme -$cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-linux-elf -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lefence -ldl -$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT -$cpuid_obj = x86cpuid.o -$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o -$des_obj = des-586.o crypt586.o -$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o -$bf_obj = bf-586.o -$md5_obj = md5-586.o -$sha1_obj = sha1-586.o sha256-586.o sha512-586.o -$cast_obj = cast-586.o -$rc4_obj = rc4-586.o -$rmd160_obj = rmd-586.o -$rc5_obj = rc5-586.o -$wp_obj = wp_block.o wp-mmx.o -$cmll_obj = cmll-x86.o -$modes_obj = ghash-x86.o -$engines_obj = e_padlock-x86.o -$perlasm_scheme = elf +$des_obj = +$aes_obj = +$bf_obj = +$md5_obj = +$sha1_obj = +$cast_obj = +$rc4_obj = +$rmd160_obj = +$rc5_obj = +$wp_obj = +$cmll_obj = +$modes_obj = +$engines_obj = +$perlasm_scheme = void $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC @@ -2312,13 +2166,17 @@ $ranlib = $arflags = $multilib = -*** debug-linux-elf-noefence +*** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -2346,14 +2204,18 @@ $ranlib = $arflags = $multilib = -*** debug-linux-generic32 +*** debug-levitte-linux-noasm $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall +$cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$debug_lflags = +$release_lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = $ec_obj = @@ -2380,14 +2242,18 @@ $ranlib = $arflags = $multilib = -*** debug-linux-generic64 +*** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$debug_lflags = +$release_lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = $ec_obj = @@ -2414,13 +2280,55 @@ $ranlib = $arflags = $multilib = +*** debug-linux-elf-noefence +$cc = gcc +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall +$debug_cflags = +$release_cflags = +$unistd = +$thread_cflag = -D_REENTRANT +$sys_id = +$lflags = -ldl +$debug_lflags = +$release_lflags = +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = e_padlock-x86.o +$perlasm_scheme = elf +$dso_scheme = dlfcn +$shared_target= linux-shared +$shared_cflag = -fPIC +$shared_ldflag = +$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) +$ranlib = +$arflags = +$multilib = + *** debug-linux-ia32-aes $cc = gcc $cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o @@ -2451,10 +2359,14 @@ $multilib = *** debug-linux-pentium $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -2485,10 +2397,14 @@ $multilib = *** debug-linux-ppro $cc = gcc $cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -2516,47 +2432,17 @@ $ranlib = $arflags = $multilib = -*** debug-linux-x86_64 -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldl -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL -$cpuid_obj = x86_64cpuid.o -$bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o -$ec_obj = ecp_nistz256.o ecp_nistz256-x86_64.o -$des_obj = -$aes_obj = aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o -$bf_obj = -$md5_obj = md5-x86_64.o -$sha1_obj = sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o -$cast_obj = -$rc4_obj = rc4-x86_64.o rc4-md5-x86_64.o -$rmd160_obj = -$rc5_obj = -$wp_obj = wp-x86_64.o -$cmll_obj = cmll-x86_64.o cmll_misc.o -$modes_obj = ghash-x86_64.o aesni-gcm-x86_64.o -$engines_obj = e_padlock-x86_64.o -$perlasm_scheme = elf -$dso_scheme = dlfcn -$shared_target= linux-shared -$shared_cflag = -fPIC -$shared_ldflag = -m64 -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = 64 - *** debug-rse $cc = cc $cflags = -DL_ENDIAN -pipe -O -g -ggdb3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -2584,149 +2470,17 @@ $ranlib = $arflags = $multilib = -*** debug-solaris-sparcv8-cc -$cc = cc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv8-gcc -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = sparcv8.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv9-cc -$cc = cc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** debug-solaris-sparcv9-gcc -$cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = ULTRASPARC -$lflags = -lsocket -lnsl -ldl -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = sparcv9cap.o sparccpuid.o -$bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o -$ec_obj = -$des_obj = des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o -$aes_obj = aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o -$bf_obj = -$md5_obj = md5-sparcv9.o -$sha1_obj = sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o -$modes_obj = ghash-sparcv9.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - *** debug-steve-opt $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -2757,10 +2511,14 @@ $multilib = *** debug-steve32 $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -rdynamic -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -2791,10 +2549,14 @@ $multilib = *** debug-steve64 $cc = gcc $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -2825,10 +2587,14 @@ $multilib = *** debug-test-64-clang $cc = clang $cflags = -Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -2856,47 +2622,17 @@ $ranlib = $arflags = $multilib = -*** debug-vos-gcc -$cc = gcc -$cflags = -O0 -g -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -$unistd = -$thread_cflag = (unknown) -$sys_id = VOS -$lflags = -Wl,-map -$bn_ops = BN_LLONG -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = .so -$ranlib = -$arflags = -$multilib = - *** dist $cc = cc $cflags = -O +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -2927,10 +2663,14 @@ $multilib = *** gcc $cc = gcc $cflags = -O3 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG $cpuid_obj = $bn_obj = @@ -2961,10 +2701,14 @@ $multilib = *** hpux-cc $cc = cc $cflags = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = $bn_obj = @@ -2995,10 +2739,14 @@ $multilib = *** hpux-gcc $cc = gcc $cflags = -DB_ENDIAN -DBN_DIV2W -O3 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = $bn_obj = @@ -3029,10 +2777,14 @@ $multilib = *** hpux-ia64-cc $cc = cc $cflags = -Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -3063,10 +2815,14 @@ $multilib = /hpux32 *** hpux-ia64-gcc $cc = gcc $cflags = -O3 -DB_ENDIAN -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -3097,10 +2853,14 @@ $multilib = /hpux32 *** hpux-parisc-cc $cc = cc $cflags = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = $bn_obj = @@ -3131,10 +2891,14 @@ $multilib = *** hpux-parisc-cc-o4 $cc = cc $cflags = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldld +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = $bn_obj = @@ -3165,10 +2929,14 @@ $multilib = *** hpux-parisc-gcc $cc = gcc $cflags = -O3 -DB_ENDIAN -DBN_DIV2W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = $bn_obj = @@ -3199,10 +2967,14 @@ $multilib = *** hpux-parisc1_1-cc $cc = cc $cflags = +DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = pariscid.o $bn_obj = bn_asm.o parisc-mont.o @@ -3233,10 +3005,14 @@ $multilib = /pa1.1 *** hpux-parisc1_1-gcc $cc = gcc $cflags = -O3 -DB_ENDIAN -DBN_DIV2W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = pariscid.o $bn_obj = bn_asm.o parisc-mont.o @@ -3267,10 +3043,14 @@ $multilib = /pa1.1 *** hpux-parisc2-cc $cc = cc $cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = pariscid.o $bn_obj = pa-risc2.o parisc-mont.o @@ -3301,10 +3081,14 @@ $multilib = /pa20_32 *** hpux-parisc2-gcc $cc = gcc $cflags = -march=2.0 -O3 -DB_ENDIAN -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -Wl,+s -ldld +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1 $cpuid_obj = pariscid.o $bn_obj = pa-risc2.o parisc-mont.o @@ -3335,10 +3119,14 @@ $multilib = /pa20_32 *** hpux64-ia64-cc $cc = cc $cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -3369,10 +3157,14 @@ $multilib = /hpux64 *** hpux64-ia64-gcc $cc = gcc $cflags = -mlp64 -O3 -DB_ENDIAN -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -3403,10 +3195,14 @@ $multilib = /hpux64 *** hpux64-parisc2-cc $cc = cc $cflags = +DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = pariscid.o $bn_obj = pa-risc2W.o parisc-mont.o @@ -3437,10 +3233,14 @@ $multilib = /pa20_64 *** hpux64-parisc2-gcc $cc = gcc $cflags = -O3 -DB_ENDIAN -D_REENTRANT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT $cpuid_obj = $bn_obj = pa-risc2W.o @@ -3471,10 +3271,14 @@ $multilib = /pa20_64 *** hurd-x86 $cc = gcc $cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -3505,10 +3309,14 @@ $multilib = *** ios64-cross $cc = cc $cflags = -O3 -arch arm64 -mios-version-min=7.0.0 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fno-common +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = iOS $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o arm64cpuid.o mem_clr.o $bn_obj = @@ -3539,10 +3347,14 @@ $multilib = *** iphoneos-cross $cc = cc $cflags = -O3 -isysroot $(CROSS_TOP)/SDKs/$(CROSS_SDK) -fomit-frame-pointer -fno-common +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = iOS $lflags = -Wl,-search_paths_first% +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -3573,10 +3385,14 @@ $multilib = *** irix-cc $cc = cc $cflags = -O2 -use_readonly_const -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -3607,10 +3423,14 @@ $multilib = *** irix-gcc $cc = gcc $cflags = -O3 -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -3641,10 +3461,14 @@ $multilib = *** irix-mips3-cc $cc = cc $cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -3675,10 +3499,14 @@ $multilib = 32 *** irix-mips3-gcc $cc = gcc $cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -3709,10 +3537,14 @@ $multilib = 32 *** irix64-mips4-cc $cc = cc $cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -3743,10 +3575,14 @@ $multilib = 64 *** irix64-mips4-gcc $cc = gcc $cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -3777,10 +3613,14 @@ $multilib = 64 *** linux-aarch64 $cc = gcc $cflags = -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o arm64cpuid.o mem_clr.o $bn_obj = @@ -3811,10 +3651,14 @@ $multilib = *** linux-alpha+bwx-ccc $cc = ccc $cflags = -fast -readonly_strings -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -3845,10 +3689,14 @@ $multilib = *** linux-alpha+bwx-gcc $cc = gcc $cflags = -O3 -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -3879,10 +3727,14 @@ $multilib = *** linux-alpha-ccc $cc = ccc $cflags = -fast -readonly_strings -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -3913,10 +3765,14 @@ $multilib = *** linux-alpha-gcc $cc = gcc $cflags = -O3 -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -3947,10 +3803,14 @@ $multilib = *** linux-aout $cc = gcc $cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -3981,10 +3841,14 @@ $multilib = *** linux-armv4 $cc = gcc $cflags = -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = armcap.o armv4cpuid.o $bn_obj = bn_asm.o armv4-mont.o armv4-gf2m.o @@ -4015,10 +3879,14 @@ $multilib = *** linux-c64xplus $cc = cl6x $cflags = --linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG $cpuid_obj = c64xpluscpuid.o $bn_obj = bn-c64xplus.o c64xplus-gf2m.o @@ -4048,11 +3916,15 @@ $multilib = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -Wall +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g -march=i486 +$release_cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = -lefence +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -4082,11 +3954,15 @@ $multilib = *** linux-generic32 $cc = gcc -$cflags = -O3 -fomit-frame-pointer -Wall +$cflags = -Wall +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g +$release_cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -4116,11 +3992,15 @@ $multilib = *** linux-generic64 $cc = gcc -$cflags = -O3 -Wall +$cflags = -Wall +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g +$release_cflags = -O3 $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -4151,10 +4031,14 @@ $multilib = *** linux-ia32-icc $cc = icc $cflags = -DL_ENDIAN -O2 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl -no_cpprt +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -4185,10 +4069,14 @@ $multilib = *** linux-ia64 $cc = gcc $cflags = -DL_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -4219,10 +4107,14 @@ $multilib = *** linux-ia64-icc $cc = icc $cflags = -DL_ENDIAN -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl -no_cpprt +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT $cpuid_obj = ia64cpuid.o $bn_obj = bn-ia64.o ia64-mont.o @@ -4253,10 +4145,14 @@ $multilib = *** linux-mips32 $cc = gcc $cflags = -mabi=32 -O3 -Wall -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -4287,10 +4183,14 @@ $multilib = *** linux-mips64 $cc = gcc $cflags = -mabi=n32 -O3 -Wall -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -4321,10 +4221,14 @@ $multilib = 32 *** linux-ppc $cc = gcc $cflags = -DB_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -4355,10 +4259,14 @@ $multilib = *** linux-ppc64 $cc = gcc $cflags = -m64 -DB_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -4389,10 +4297,14 @@ $multilib = 64 *** linux-ppc64le $cc = gcc $cflags = -m64 -DL_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL $cpuid_obj = ppccpuid.o ppccap.o $bn_obj = bn-ppc.o ppc-mont.o ppc64-mont.o @@ -4423,10 +4335,14 @@ $multilib = *** linux-sparcv8 $cc = gcc $cflags = -mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = sparcv8.o @@ -4457,10 +4373,14 @@ $multilib = *** linux-sparcv9 $cc = gcc $cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -4491,10 +4411,14 @@ $multilib = *** linux-x32 $cc = gcc $cflags = -mx32 -DL_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -4524,11 +4448,15 @@ $multilib = x32 *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -O3 -Wall +$cflags = -m64 -DL_ENDIAN -Wall +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g +$release_cflags = -O3 $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -4559,10 +4487,14 @@ $multilib = 64 *** linux-x86_64-clang $cc = clang $cflags = -m64 -DL_ENDIAN -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -4593,10 +4525,14 @@ $multilib = 64 *** linux-x86_64-icc $cc = icc $cflags = -DL_ENDIAN -O2 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl -no_cpprt +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -4627,10 +4563,14 @@ $multilib = 64 *** linux32-s390x $cc = gcc $cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = s390xcap.o s390xcpuid.o $bn_obj = bn_asm.o s390x-mont.o s390x-gf2m.o @@ -4661,10 +4601,14 @@ $multilib = /highgprs *** linux64-mips64 $cc = gcc $cflags = -mabi=64 -O3 -Wall -DBN_DIV3W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -4695,10 +4639,14 @@ $multilib = 64 *** linux64-s390x $cc = gcc $cflags = -m64 -DB_ENDIAN -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = s390xcap.o s390xcpuid.o $bn_obj = bn-s390x.o s390x-mont.o s390x-gf2m.o @@ -4729,10 +4677,14 @@ $multilib = 64 *** linux64-sparcv9 $cc = gcc $cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC $lflags = -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -4763,10 +4715,14 @@ $multilib = 64 *** mingw $cc = gcc $cflags = -mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_MT $sys_id = MINGW32 $lflags = -lws2_32 -lgdi32 -lcrypt32 +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT EXPORT_VAR_AS_FN $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -4797,10 +4753,14 @@ $multilib = *** mingw64 $cc = gcc $cflags = -mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_MT $sys_id = MINGW64 $lflags = -lws2_32 -lgdi32 -lcrypt32 +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -4831,10 +4791,14 @@ $multilib = *** netware-clib $cc = mwccnlm $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -4865,10 +4829,14 @@ $multilib = *** netware-clib-bsdsock $cc = mwccnlm $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -4899,10 +4867,14 @@ $multilib = *** netware-clib-bsdsock-gcc $cc = i586-netware-gcc $cflags = -nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -4933,10 +4905,14 @@ $multilib = *** netware-clib-gcc $cc = i586-netware-gcc $cflags = -nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -4967,10 +4943,14 @@ $multilib = *** netware-libc $cc = mwccnlm $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5001,10 +4981,14 @@ $multilib = *** netware-libc-bsdsock $cc = mwccnlm $cflags = +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5035,10 +5019,14 @@ $multilib = *** netware-libc-bsdsock-gcc $cc = i586-netware-gcc $cflags = -nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5069,10 +5057,14 @@ $multilib = *** netware-libc-gcc $cc = i586-netware-gcc $cflags = -nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYS_NETWARE -DTERMIO -O2 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5103,10 +5095,14 @@ $multilib = *** nextstep $cc = cc $cflags = -O -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5137,10 +5133,14 @@ $multilib = *** nextstep3.3 $cc = cc $cflags = -O3 -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5171,10 +5171,14 @@ $multilib = *** osf1-alpha-cc $cc = cc $cflags = -std1 -tune host -O4 -readonly_strings +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -5205,10 +5209,14 @@ $multilib = *** osf1-alpha-gcc $cc = gcc $cflags = -O3 +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1 $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -5239,10 +5247,14 @@ $multilib = *** purify $cc = purify gcc $cflags = -g -DPURIFY -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -lsocket -lnsl +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -5273,10 +5285,14 @@ $multilib = *** qnx4 $cc = cc $cflags = -DL_ENDIAN -DTERMIO +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5307,10 +5323,14 @@ $multilib = *** sco5-cc $cc = cc $cflags = -belf +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -lsocket -lnsl +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -5341,10 +5361,14 @@ $multilib = *** sco5-gcc $cc = gcc $cflags = -O3 -fomit-frame-pointer +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = -lsocket -lnsl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -5375,10 +5399,14 @@ $multilib = *** solaris-sparcv7-cc $cc = cc $cflags = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -5409,10 +5437,14 @@ $multilib = *** solaris-sparcv7-gcc $cc = gcc $cflags = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -5442,11 +5474,15 @@ $multilib = *** solaris-sparcv8-cc $cc = cc -$cflags = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W +$cflags = -xarch=v8 -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O +$release_cflags = -xO5 -xdepend $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = sparcv8.o @@ -5476,11 +5512,15 @@ $multilib = *** solaris-sparcv8-gcc $cc = gcc -$cflags = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$cflags = -mv8 -Wall -DB_ENDIAN +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g +$release_cflags = -O3 -fomit-frame-pointer -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = sparcv8.o @@ -5510,11 +5550,15 @@ $multilib = *** solaris-sparcv9-cc $cc = cc -$cflags = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W +$cflags = -xtarget=ultra -xarch=v8plus -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O +$release_cflags = -xO5 -xdepend $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -5544,11 +5588,15 @@ $multilib = *** solaris-sparcv9-gcc $cc = gcc -$cflags = -m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$cflags = -m32 -mcpu=ultrasparc -Wall -DB_ENDIAN -DBN_DIV2W +$debug_cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__ +$release_cflags = -O3 -fomit-frame-pointer $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -5579,10 +5627,14 @@ $multilib = *** solaris-x86-cc $cc = cc $cflags = -fast -xarch=generic -O -Xa +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR $cpuid_obj = $bn_obj = @@ -5613,10 +5665,14 @@ $multilib = *** solaris-x86-gcc $cc = gcc $cflags = -O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -5647,10 +5703,14 @@ $multilib = *** solaris64-sparcv9-cc $cc = cc $cflags = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -5681,10 +5741,14 @@ $multilib = /64 *** solaris64-sparcv9-gcc $cc = gcc $cflags = -m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR $cpuid_obj = sparcv9cap.o sparccpuid.o $bn_obj = bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o @@ -5715,10 +5779,14 @@ $multilib = /64 *** solaris64-x86_64-cc $cc = cc $cflags = -fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -5749,10 +5817,14 @@ $multilib = /64 *** solaris64-x86_64-gcc $cc = gcc $cflags = -m64 -O3 -Wall -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl -ldl +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL $cpuid_obj = x86_64cpuid.o $bn_obj = x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o @@ -5783,10 +5855,14 @@ $multilib = /64 *** tru64-alpha-cc $cc = cc $cflags = -std1 -tune host -fast -readonly_strings +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -pthread $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK $cpuid_obj = alphacpuid.o $bn_obj = bn_asm.o alpha-mont.o @@ -5817,10 +5893,14 @@ $multilib = *** uClinux-dist $cc = $cflags = $(CFLAGS) +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = $(LDFLAGS) $(LDLIBS) +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG $cpuid_obj = $bn_obj = @@ -5851,10 +5931,14 @@ $multilib = *** uClinux-dist64 $cc = $cflags = $(CFLAGS) +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = $(LDFLAGS) $(LDLIBS) +$debug_lflags = +$release_lflags = $bn_ops = SIXTY_FOUR_BIT_LONG $cpuid_obj = $bn_obj = @@ -5885,10 +5969,14 @@ $multilib = *** ultrix-cc $cc = cc $cflags = -std1 -O -Olimit 2500 -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -5919,10 +6007,14 @@ $multilib = *** ultrix-gcc $cc = gcc $cflags = -O3 -DL_ENDIAN +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = (unknown) $sys_id = $lflags = +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG $cpuid_obj = $bn_obj = @@ -5953,10 +6045,14 @@ $multilib = *** unixware-2.0 $cc = cc $cflags = -DFILIO_H -DNO_STRINGS_H +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl -lresolv -lx +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -5987,10 +6083,14 @@ $multilib = *** unixware-2.1 $cc = cc $cflags = -O -DFILIO_H +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl -lresolv -lx +$debug_lflags = +$release_lflags = $bn_ops = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = $bn_obj = @@ -6021,10 +6121,14 @@ $multilib = *** unixware-7 $cc = cc $cflags = -O -DFILIO_H -Kalloca +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -Kthread $sys_id = $lflags = -lsocket -lnsl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -6055,10 +6159,14 @@ $multilib = *** unixware-7-gcc $cc = gcc $cflags = -DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = $lflags = -lsocket -lnsl +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT $cpuid_obj = x86cpuid.o $bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o @@ -6088,11 +6196,15 @@ $multilib = *** vos-gcc $cc = gcc -$cflags = -O3 -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN +$cflags = -Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN +$debug_cflags = -O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG +$release_cflags = -O3 $unistd = $thread_cflag = (unknown) $sys_id = VOS $lflags = -Wl,-map +$debug_lflags = +$release_lflags = $bn_ops = BN_LLONG $cpuid_obj = $bn_obj = @@ -6123,10 +6235,14 @@ $multilib = *** vxworks-mips $cc = ccmips $cflags = -mrtp -mips2 -O -G 0 -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/h/wrn/coreip +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = -D_REENTRANT $sys_id = VXWORKS $lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = bn-mips.o mips-mont.o @@ -6157,10 +6273,14 @@ $multilib = *** vxworks-ppc405 $cc = ccppc $cflags = -g -msoft-float -mlongcall -DCPU=PPC405 -I$(WIND_BASE)/target/h +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -r +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -6191,10 +6311,14 @@ $multilib = *** vxworks-ppc60x $cc = ccppc $cflags = -D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/common +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -6225,10 +6349,14 @@ $multilib = *** vxworks-ppc750 $cc = ccppc $cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h $(DEBUG_FLAG) +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -r +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -6259,10 +6387,14 @@ $multilib = *** vxworks-ppc750-debug $cc = ccppc $cflags = -ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -r +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -6293,10 +6425,14 @@ $multilib = *** vxworks-ppc860 $cc = ccppc $cflags = -nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I$(WIND_BASE)/target/h +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -r +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -6327,10 +6463,14 @@ $multilib = *** vxworks-ppcgen $cc = ccppc $cflags = -D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I$(WIND_BASE)/target/usr/h -I$(WIND_BASE)/target/usr/h/wrn/coreip +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -Wl,--defsym,__wrs_rtp_base=0xe0000000 -L $(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = @@ -6361,10 +6501,14 @@ $multilib = *** vxworks-simlinux $cc = ccpentium $cflags = -B$(WIND_BASE)/host/$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE="$(WIND_BASE)/target/lib/h/config/vsbConfig.h" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I$(WIND_BASE)/target/h -I$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK +$debug_cflags = +$release_cflags = $unistd = $thread_cflag = $sys_id = VXWORKS $lflags = -r +$debug_lflags = +$release_lflags = $bn_ops = $cpuid_obj = $bn_obj = From levitte at openssl.org Mon Mar 16 22:30:39 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 16 Mar 2015 22:30:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426545039.141497.30767.nullmailer@dev.openssl.org> The branch master has been updated via e3c159648d19e0396b23dba02b85be2bf12ce24c (commit) via a5250ec02f4d8b27d786c415ae882801972bfccd (commit) from d52dcf8da7f15bf75fbf065bac2c4557470ea2fa (commit) - Log ----------------------------------------------------------------- commit e3c159648d19e0396b23dba02b85be2bf12ce24c Author: Richard Levitte Date: Mon Mar 16 22:36:19 2015 +0100 Do not keep TABLE in version control. TABLE was always a debugging tool, and permitted everyone to see the effect of changes in the string-format configs. The hash-format configs being much more readable, distributing TABLE becomes much less necessary. Being able to produce a TABLE is kept, however, as it still is a useful debugging tool for configs, what with multi-level inheritance and all. Reviewed-by: Andy Polyakov commit a5250ec02f4d8b27d786c415ae882801972bfccd Author: Richard Levitte Date: Thu Mar 12 14:58:07 2015 +0100 Configuration cleanup: personal configs Move obviously personal configurations to personal files. Note: those files should really not be in the main repo at all Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + Configurations/90-team.conf | 214 ------------ Configurations/99-personal-ben.conf | 94 ++++++ Configurations/99-personal-bodo.conf | 23 ++ Configurations/99-personal-geoff.conf | 32 ++ Configurations/99-personal-levitte.conf | 59 ++++ Configurations/99-personal-rse.conf | 15 + Configurations/99-personal-steve.conf | 49 +++ TABLE | 556 ++------------------------------ 9 files changed, 304 insertions(+), 739 deletions(-) create mode 100644 Configurations/99-personal-ben.conf create mode 100644 Configurations/99-personal-bodo.conf create mode 100644 Configurations/99-personal-geoff.conf create mode 100644 Configurations/99-personal-levitte.conf create mode 100644 Configurations/99-personal-rse.conf create mode 100644 Configurations/99-personal-steve.conf diff --git a/.gitignore b/.gitignore index 4a624e8..2f27dc6 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,7 @@ /Makefile.bak /Makefile /MINFO +/TABLE /*.a /include /*.pc diff --git a/Configurations/90-team.conf b/Configurations/90-team.conf index 66d1eae..0e78a14 100644 --- a/Configurations/90-team.conf +++ b/Configurations/90-team.conf @@ -17,114 +17,6 @@ thread_cflag => "(unknown)", lflags => "-lefence", }, - "debug-ben" => { - cc => "gcc", - cflags => "$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe", - thread_cflag => "(unknown)", - }, - "debug-ben-openbsd" => { - cc => "gcc", - cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe", - thread_cflag => "(unknown)", - }, - "debug-ben-openbsd-debug" => { - cc => "gcc", - cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe", - thread_cflag => "(unknown)", - }, - "debug-ben-debug" => { - cc => "gcc", - cflags => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe", - thread_cflag => "(unknown)", - }, - "debug-ben-debug-64" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", - thread_cflag => "${BSDthreads}", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-ben-debug-64-clang" => { - inherit_from => [ "x86_64_asm" ], - cc => "clang", - cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", - thread_cflag => "${BSDthreads}", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-ben-debug-64-noopt" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe", - thread_cflag => "${BSDthreads}", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-ben-macos" => { - cc => "cc", - cflags => "$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe", - thread_cflag => "(unknown)", - }, - "debug-ben-no-opt" => { - cc => "gcc", - cflags => "-Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3", - thread_cflag => "(unknown)", - }, - "debug-ben-strict" => { - cc => "gcc", - cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe", - thread_cflag => "(unknown)", - }, - "debug-ben-darwin64" => { - inherit_from => [ "x86_64_asm" ], - cc => "cc", - cflags => "$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall", - thread_cflag => "-D_REENTRANT", - sys_id => "MACOSX", - lflags => "-Wl,-search_paths_first%", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "macosx", - dso_scheme => "dlfcn", - shared_target => "darwin-shared", - shared_cflag => "-fPIC -fno-common", - shared_ldflag => "-arch x86_64 -dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - }, - "debug-rse" => { - inherit_from => [ "x86_elf_asm" ], - cc => "cc", - cflags => "-DL_ENDIAN -pipe -O -g -ggdb3 -Wall", - thread_cflag => "(unknown)", - bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - }, - "debug-bodo" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - multilib => "64", - }, "debug-erbridge" => { inherit_from => [ "x86_64_asm" ], cc => "gcc", @@ -140,112 +32,6 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "64", }, - "debug-steve64" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-steve32" => { - inherit_from => [ "x86_elf_asm" ], - cc => "gcc", - cflags => "$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe", - thread_cflag => "-D_REENTRANT", - lflags => "-rdynamic -ldl", - bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m32", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-steve-opt" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - - # Richard Levitte - "debug-levitte-linux-noasm" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-levitte-linux-elf-extreme" => { - inherit_from => [ "x86_elf_asm" ], - cc => "gcc", - cflags => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-levitte-linux-noasm-extreme" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", - perlasm_scheme => "void", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - - "debug-geoff32" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "debug-geoff64" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, "debug-linux-pentium" => { inherit_from => [ "x86_elf_asm" ], cc => "gcc", diff --git a/Configurations/99-personal-ben.conf b/Configurations/99-personal-ben.conf new file mode 100644 index 0000000..94ea6d0 --- /dev/null +++ b/Configurations/99-personal-ben.conf @@ -0,0 +1,94 @@ +## Personal configuration targets +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +%targets = ( + "debug-ben" => { + cc => "gcc", + cflags => "$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-openbsd" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-openbsd-debug" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-debug" => { + cc => "gcc", + cflags => "$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DOPENSSL_NO_HW_PADLOCK -g3 -O2 -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-debug-64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-ben-debug-64-clang" => { + inherit_from => [ "x86_64_asm" ], + cc => "clang", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-ben-debug-64-noopt" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -pipe", + thread_cflag => "${BSDthreads}", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "bsd-gcc-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-ben-macos" => { + cc => "cc", + cflags => "$gcc_devteam_warn -DOPENSSL_NO_ASM -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch i386 -O3 -DL_ENDIAN -g3 -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-no-opt" => { + cc => "gcc", + cflags => " -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3", + thread_cflag => "(unknown)", + }, + "debug-ben-strict" => { + cc => "gcc", + cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe", + thread_cflag => "(unknown)", + }, + "debug-ben-darwin64" => { + inherit_from => [ "x86_64_asm" ], + cc => "cc", + cflags => "$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall", + thread_cflag => "-D_REENTRANT", + sys_id => "MACOSX", + lflags => "-Wl,-search_paths_first%", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "macosx", + dso_scheme => "dlfcn", + shared_target => "darwin-shared", + shared_cflag => "-fPIC -fno-common", + shared_ldflag => "-arch x86_64 -dynamiclib", + shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + }, +); diff --git a/Configurations/99-personal-bodo.conf b/Configurations/99-personal-bodo.conf new file mode 100644 index 0000000..c9a7534 --- /dev/null +++ b/Configurations/99-personal-bodo.conf @@ -0,0 +1,23 @@ +## Personal configuration targets +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +%targets = ( + "debug-bodo" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + multilib => "64", + }, +); diff --git a/Configurations/99-personal-geoff.conf b/Configurations/99-personal-geoff.conf new file mode 100644 index 0000000..adf0990 --- /dev/null +++ b/Configurations/99-personal-geoff.conf @@ -0,0 +1,32 @@ +## Personal configuration targets +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +%targets = ( + "debug-geoff32" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-geoff64" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, +); diff --git a/Configurations/99-personal-levitte.conf b/Configurations/99-personal-levitte.conf new file mode 100644 index 0000000..18fbcdc --- /dev/null +++ b/Configurations/99-personal-levitte.conf @@ -0,0 +1,59 @@ +## Personal configuration targets +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +%targets = ( + "levitte-linux-elf" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DL_ENDIAN -Wall", + debug_cflags => "-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG-ggdb -g3", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-levitte-linux-noasm" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-levitte-linux-elf-extreme" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-levitte-linux-noasm-extreme" => { + inherit_from => [ "no_asm_filler" ], + cc => "gcc", + cflags => "-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT", + perlasm_scheme => "void", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, +); diff --git a/Configurations/99-personal-rse.conf b/Configurations/99-personal-rse.conf new file mode 100644 index 0000000..e9318fc --- /dev/null +++ b/Configurations/99-personal-rse.conf @@ -0,0 +1,15 @@ +## Personal configuration targets +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +%targets = ( + "debug-rse" => { + inherit_from => [ "x86_elf_asm" ], + cc => "cc", + cflags => "-DL_ENDIAN -pipe -O -g -ggdb3 -Wall", + thread_cflag => "(unknown)", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + }, +); diff --git a/Configurations/99-personal-steve.conf b/Configurations/99-personal-steve.conf new file mode 100644 index 0000000..454b283 --- /dev/null +++ b/Configurations/99-personal-steve.conf @@ -0,0 +1,49 @@ +## Personal configuration targets +## +## If you edit this file, run this command before committing +## make -f Makefile.org TABLE +## This file is interpolated by the Configure script. + +%targets = ( + "debug-steve64" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-steve32" => { + inherit_from => [ "x86_elf_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe", + thread_cflag => "-D_REENTRANT", + lflags => "-rdynamic -ldl", + bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m32", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "debug-steve-opt" => { + inherit_from => [ "x86_64_asm" ], + cc => "gcc", + cflags => "$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g", + thread_cflag => "-D_REENTRANT", + lflags => "-ldl", + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", + perlasm_scheme => "elf", + dso_scheme => "dlfcn", + shared_target => "linux-shared", + shared_cflag => "-fPIC", + shared_ldflag => "-m64", + shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, +); diff --git a/TABLE b/TABLE index dfd39b8..f0e8b9b 100644 --- a/TABLE +++ b/TABLE @@ -950,44 +950,6 @@ $ranlib = $arflags = -X32 $multilib = -*** aix3-cc -$cc = cc -$cflags = -O -DB_ENDIAN -qmaxmem=16384 -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = (unknown) -$sys_id = AIX -$lflags = -$debug_lflags = -$release_lflags = -$bn_ops = BN_LLONG RC4_CHAR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** aix64-cc $cc = cc $cflags = -q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst @@ -1216,44 +1178,6 @@ $ranlib = $arflags = $multilib = -*** aux3-gcc -$cc = gcc -$cflags = -O2 -DTERMIO -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = (unknown) -$sys_id = AUX -$lflags = -lbsd -$debug_lflags = -$release_lflags = -$bn_ops = RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** bsdi-elf-gcc $cc = gcc $cflags = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall @@ -1864,7 +1788,7 @@ $multilib = *** debug-ben-no-opt $cc = gcc -$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3 +$cflags = -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -Wall -g3 $debug_cflags = $release_cflags = $unistd = @@ -2698,82 +2622,6 @@ $ranlib = $arflags = $multilib = -*** hpux-cc -$cc = cc -$cflags = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -Wl,+s -ldld -$debug_lflags = -$release_lflags = -$bn_ops = DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-gcc -$cc = gcc -$cflags = -DB_ENDIAN -DBN_DIV2W -O3 -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = (unknown) -$sys_id = -$lflags = -Wl,+s -ldld -$debug_lflags = -$release_lflags = -$bn_ops = DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - *** hpux-ia64-cc $cc = cc $cflags = -Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT @@ -2850,120 +2698,6 @@ $ranlib = $arflags = $multilib = /hpux32 -*** hpux-parisc-cc -$cc = cc -$cflags = +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -Wl,+s -ldld -$debug_lflags = -$release_lflags = -$bn_ops = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-parisc-cc-o4 -$cc = cc -$cflags = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -ldld -$debug_lflags = -$release_lflags = -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** hpux-parisc-gcc -$cc = gcc -$cflags = -O3 -DB_ENDIAN -DBN_DIV2W -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -Wl,+s -ldld -$debug_lflags = -$release_lflags = -$bn_ops = BN_LLONG DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - *** hpux-parisc1_1-cc $cc = cc $cflags = +DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY @@ -3040,82 +2774,6 @@ $ranlib = $arflags = $multilib = /pa1.1 -*** hpux-parisc2-cc -$cc = cc -$cflags = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -Wl,+s -ldld -$debug_lflags = -$release_lflags = -$bn_ops = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT -$cpuid_obj = pariscid.o -$bn_obj = pa-risc2.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 32 -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = +Z -$shared_ldflag = -b -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa20_32 - -*** hpux-parisc2-gcc -$cc = gcc -$cflags = -march=2.0 -O3 -DB_ENDIAN -D_REENTRANT -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -$sys_id = -$lflags = -Wl,+s -ldld -$debug_lflags = -$release_lflags = -$bn_ops = SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1 -$cpuid_obj = pariscid.o -$bn_obj = pa-risc2.o parisc-mont.o -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aes-parisc.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-parisc.o sha256-parisc.o sha512-parisc.o -$cast_obj = -$rc4_obj = rc4-parisc.o -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-parisc.o -$engines_obj = -$perlasm_scheme = 32 -$dso_scheme = dl -$shared_target= hpux-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .sl.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = /pa20_32 - *** hpux64-ia64-cc $cc = cc $cflags = -Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT @@ -3610,10 +3268,10 @@ $ranlib = $arflags = $multilib = 64 -*** linux-aarch64 +*** levitte-linux-elf $cc = gcc -$cflags = -O3 -Wall -$debug_cflags = +$cflags = -DL_ENDIAN -Wall +$debug_cflags = -DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG-ggdb -g3 $release_cflags = $unistd = $thread_cflag = -D_REENTRANT @@ -3621,24 +3279,24 @@ $sys_id = $lflags = -ldl $debug_lflags = $release_lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR -$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o -$bf_obj = -$md5_obj = -$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghashv8-armx.o -$engines_obj = -$perlasm_scheme = linux64 +$bn_ops = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT +$cpuid_obj = x86cpuid.o +$bn_obj = bn-586.o co-586.o x86-mont.o x86-gf2m.o +$ec_obj = ecp_nistz256.o ecp_nistz256-x86.o +$des_obj = des-586.o crypt586.o +$aes_obj = aes-586.o vpaes-x86.o aesni-x86.o +$bf_obj = bf-586.o +$md5_obj = md5-586.o +$sha1_obj = sha1-586.o sha256-586.o sha512-586.o +$cast_obj = cast-586.o +$rc4_obj = rc4-586.o +$rmd160_obj = rmd-586.o +$rc5_obj = rc5-586.o +$wp_obj = wp_block.o wp-mmx.o +$cmll_obj = cmll-x86.o +$modes_obj = ghash-x86.o +$engines_obj = e_padlock-x86.o +$perlasm_scheme = elf $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC @@ -3648,47 +3306,9 @@ $ranlib = $arflags = $multilib = -*** linux-alpha+bwx-ccc -$cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -$debug_lflags = -$release_lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - -*** linux-alpha+bwx-gcc +*** linux-aarch64 $cc = gcc -$cflags = -O3 -DL_ENDIAN +$cflags = -O3 -Wall $debug_cflags = $release_cflags = $unistd = @@ -3697,24 +3317,24 @@ $sys_id = $lflags = -ldl $debug_lflags = $release_lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o +$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR +$cpuid_obj = armcap.o arm64cpuid.o mem_clr.o +$bn_obj = $ec_obj = $des_obj = -$aes_obj = +$aes_obj = aes_core.o aes_cbc.o aesv8-armx.o $bf_obj = $md5_obj = -$sha1_obj = sha1-alpha.o +$sha1_obj = sha1-armv8.o sha256-armv8.o sha512-armv8.o $cast_obj = $rc4_obj = $rmd160_obj = $rc5_obj = $wp_obj = $cmll_obj = -$modes_obj = ghash-alpha.o +$modes_obj = ghashv8-armx.o $engines_obj = -$perlasm_scheme = void +$perlasm_scheme = linux64 $dso_scheme = dlfcn $shared_target= linux-shared $shared_cflag = -fPIC @@ -3724,44 +3344,6 @@ $ranlib = $arflags = $multilib = -*** linux-alpha-ccc -$cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -$debug_lflags = -$release_lflags = -$bn_ops = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL -$cpuid_obj = alphacpuid.o -$bn_obj = bn_asm.o alpha-mont.o -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = sha1-alpha.o -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = ghash-alpha.o -$engines_obj = -$perlasm_scheme = void -$dso_scheme = -$shared_target= -$shared_cflag = -$shared_ldflag = -$shared_extension = -$ranlib = -$arflags = -$multilib = - *** linux-alpha-gcc $cc = gcc $cflags = -O3 -DL_ENDIAN @@ -5396,82 +4978,6 @@ $ranlib = $arflags = $multilib = -*** solaris-sparcv7-cc -$cc = cc -$cflags = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$debug_lflags = -$release_lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -KPIC -$shared_ldflag = -G -dy -z text -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - -*** solaris-sparcv7-gcc -$cc = gcc -$cflags = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -$debug_cflags = -$release_cflags = -$unistd = -$thread_cflag = -D_REENTRANT -$sys_id = -$lflags = -lsocket -lnsl -ldl -$debug_lflags = -$release_lflags = -$bn_ops = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR -$cpuid_obj = -$bn_obj = -$ec_obj = -$des_obj = -$aes_obj = -$bf_obj = -$md5_obj = -$sha1_obj = -$cast_obj = -$rc4_obj = -$rmd160_obj = -$rc5_obj = -$wp_obj = -$cmll_obj = -$modes_obj = -$engines_obj = -$perlasm_scheme = void -$dso_scheme = dlfcn -$shared_target= solaris-shared -$shared_cflag = -fPIC -$shared_ldflag = -shared -$shared_extension = .so.$(SHLIB_MAJOR).$(SHLIB_MINOR) -$ranlib = -$arflags = -$multilib = - *** solaris-sparcv8-cc $cc = cc $cflags = -xarch=v8 -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W From matt at openssl.org Tue Mar 17 14:04:35 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Mar 2015 14:04:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426601075.507723.27701.nullmailer@dev.openssl.org> The branch master has been updated via e4676e900f165f5272991443225813002300b09b (commit) via 3475c7a1854977e290ab44deb16551f6d55ad9a7 (commit) via dfef52f6f277327e118fdd0fe34486852c2789b6 (commit) via 668f6f08c62177ab5893fc26ebb67053aafdffc8 (commit) via 7132ac830fa08d9a936e011d7c541b0c52115b33 (commit) via be1477adc97e76f4b83ed8075589f529069bd5d1 (commit) via a561bfe944c0beba73551731cb98af70dfee3549 (commit) from e3c159648d19e0396b23dba02b85be2bf12ce24c (commit) - Log ----------------------------------------------------------------- commit e4676e900f165f5272991443225813002300b09b Author: Matt Caswell Date: Fri Mar 13 12:48:57 2015 +0000 Fix probable_prime over large shift In the probable_prime() function we behave slightly different if the number of bits we are interested in is <= BN_BITS2 (the num of bits in a BN_ULONG). As part of the calculation we work out a size_limit as follows: size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; There is a problem though if bits == BN_BITS2. Shifting by that much causes undefined behaviour. I did some tests. On my system BN_BITS2 == 64. So I set bits to 64 and calculated the result of: (((BN_ULONG)1) << bits) I was expecting to get the result 0. I actually got 1! Strangely this... (((BN_ULONG)0) << BN_BITS2) ...does equal 0! This means that, on my system at least, size_limit will be off by 1 when bits == BN_BITS2. This commit fixes the behaviour so that we always get consistent results. Reviewed-by: Andy Polyakov commit 3475c7a1854977e290ab44deb16551f6d55ad9a7 Author: Matt Caswell Date: Thu Mar 12 15:59:07 2015 +0000 Fix unintended sign extension The function CRYPTO_128_unwrap_pad uses an 8 byte AIV (Alternative Initial Value). The least significant 4 bytes of this is placed into the local variable |ptext_len|. This is done as follows: ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7]; aiv[4] is an unsigned char, but (aiv[4] << 24) is promoted to a *signed* int - therefore we could end up shifting into the sign bit and end up with a negative value. |ptext_len| is a size_t (typically 64-bits). If the result of the shifts is negative then the upper bits of |ptext_len| will all be 1. This commit fixes the issue by explicitly casting to an unsigned int. Reviewed-by: Richard Levitte commit dfef52f6f277327e118fdd0fe34486852c2789b6 Author: Matt Caswell Date: Thu Mar 12 16:42:55 2015 +0000 Fix seg fault in s_time Passing a negative value for the "-time" option to s_time results in a seg fault. This commit fixes it so that time has to be greater than 0. Reviewed-by: Andy Polyakov commit 668f6f08c62177ab5893fc26ebb67053aafdffc8 Author: Matt Caswell Date: Thu Mar 12 14:37:26 2015 +0000 Add sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: Richard Levitte commit 7132ac830fa08d9a936e011d7c541b0c52115b33 Author: Matt Caswell Date: Thu Mar 12 12:54:44 2015 +0000 Fix memset call in stack.c The function sk_zero is supposed to zero the elements held within a stack. It uses memset to do this. However it calculates the size of each element as being sizeof(char **) instead of sizeof(char *). This probably doesn't make much practical difference in most cases, but isn't a portable assumption. Reviewed-by: Richard Levitte commit be1477adc97e76f4b83ed8075589f529069bd5d1 Author: Matt Caswell Date: Thu Mar 12 11:25:03 2015 +0000 Move malloc fail checks closer to malloc Move memory allocation failure checks closer to the site of the malloc in dgst app. Only a problem if the debug flag is set...but still should be fixed. Reviewed-by: Tim Hudson commit a561bfe944c0beba73551731cb98af70dfee3549 Author: Matt Caswell Date: Thu Mar 12 11:10:47 2015 +0000 Add malloc failure checks Add some missing checks for memory allocation failures in ca app. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 13 +++++++++++++ apps/dgst.c | 10 +++++----- apps/s_time.c | 7 ++++++- crypto/bn/bn_prime.c | 12 +++++++++++- crypto/modes/wrap128.c | 5 ++++- crypto/stack/stack.c | 2 +- ssl/t1_enc.c | 5 +++++ 7 files changed, 45 insertions(+), 9 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 814162d..9ef0ce3 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2809,6 +2809,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); + if(!tmp) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } + p = strchr(tmp, ','); rtime_str = tmp; @@ -2826,6 +2831,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); + if(!*prevtm) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); goto err; @@ -2866,6 +2875,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); + if(!comp_time) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) { BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); goto err; diff --git a/apps/dgst.c b/apps/dgst.c index 47c2f69..95e5fa3 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -293,6 +293,11 @@ int MAIN(int argc, char **argv) in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); + if ((in == NULL) || (bmd == NULL)) { + ERR_print_errors(bio_err); + goto end; + } + if (debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ @@ -304,11 +309,6 @@ int MAIN(int argc, char **argv) goto end; } - if ((in == NULL) || (bmd == NULL)) { - ERR_print_errors(bio_err); - goto end; - } - if (out_bin == -1) { if (keyfile) out_bin = 1; diff --git a/apps/s_time.c b/apps/s_time.c index 102ee72..96e39aa 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -283,6 +283,10 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); + if(maxTime <= 0) { + BIO_printf(bio_err, "time must be > 0\n"); + badop = 1; + } } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; @@ -527,7 +531,8 @@ int MAIN(int argc, char **argv) nConn, totalTime, ((double)nConn / totalTime), bytes_read); printf ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn); + nConn, (long)time(NULL) - finishtime + maxTime, + bytes_read / (nConn?nConn:1)); ret = 0; end: diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index b12295e..2a7822e 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -518,7 +518,17 @@ static int probable_prime(BIGNUM *rnd, int bits) * additionally don't want to exceed that many bits. */ if (is_single_word) { - BN_ULONG size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; + BN_ULONG size_limit; + + if (bits == BN_BITS2) { + /* + * Shifting by this much has undefined behaviour so we do it a + * different way + */ + size_limit = ~((BN_ULONG)0) - BN_get_word(rnd); + } else { + size_limit = (((BN_ULONG)1) << bits) - BN_get_word(rnd) - 1; + } if (size_limit < maxdelta) maxdelta = size_limit; } diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index ccb58c5..73718ae 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -350,7 +350,10 @@ size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv, * LSB(32,AIV). */ - ptext_len = (aiv[4] << 24) | (aiv[5] << 16) | (aiv[6] << 8) | aiv[7]; + ptext_len = ((unsigned int)aiv[4] << 24) + | ((unsigned int)aiv[5] << 16) + | ((unsigned int)aiv[6] << 8) + | (unsigned int)aiv[7]; if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) { OPENSSL_cleanse(out, inlen); return 0; diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 1b89f55..7d97c2c 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -299,7 +299,7 @@ void sk_zero(_STACK *st) return; if (st->num <= 0) return; - memset((char *)st->data, 0, sizeof(st->data) * st->num); + memset((char *)st->data, 0, sizeof(*st->data) * st->num); st->num = 0; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 1833eb7..26f8415 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } + if(!count) { + /* Should never happen */ + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + goto err; + } len = slen / count; if (count == 1) slen = 0; From matt at openssl.org Tue Mar 17 14:04:46 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Mar 2015 14:04:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426601086.433587.28441.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 6c4ce00753c5763cf836f6fec9ec07ed7c2e6e03 (commit) via fcb61b6c92ac21c51ad23e4b983600747cdd8db1 (commit) via b2b81639640e84046cdd5d869009eacef22448f5 (commit) via 56490fc26ff9dc2da162e6dc0675762edf607c1d (commit) via f2e95a02b114d824905a5e2642287e060270515c (commit) from 912c8c92b5e703b19a6508de15b229e9fe788656 (commit) - Log ----------------------------------------------------------------- commit 6c4ce00753c5763cf836f6fec9ec07ed7c2e6e03 Author: Matt Caswell Date: Thu Mar 12 16:42:55 2015 +0000 Fix seg fault in s_time Passing a negative value for the "-time" option to s_time results in a seg fault. This commit fixes it so that time has to be greater than 0. Reviewed-by: Andy Polyakov (cherry picked from commit dfef52f6f277327e118fdd0fe34486852c2789b6) commit fcb61b6c92ac21c51ad23e4b983600747cdd8db1 Author: Matt Caswell Date: Thu Mar 12 14:37:26 2015 +0000 Add sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: Richard Levitte (cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8) commit b2b81639640e84046cdd5d869009eacef22448f5 Author: Matt Caswell Date: Thu Mar 12 12:54:44 2015 +0000 Fix memset call in stack.c The function sk_zero is supposed to zero the elements held within a stack. It uses memset to do this. However it calculates the size of each element as being sizeof(char **) instead of sizeof(char *). This probably doesn't make much practical difference in most cases, but isn't a portable assumption. Reviewed-by: Richard Levitte (cherry picked from commit 7132ac830fa08d9a936e011d7c541b0c52115b33) commit 56490fc26ff9dc2da162e6dc0675762edf607c1d Author: Matt Caswell Date: Thu Mar 12 11:25:03 2015 +0000 Move malloc fail checks closer to malloc Move memory allocation failure checks closer to the site of the malloc in dgst app. Only a problem if the debug flag is set...but still should be fixed. Reviewed-by: Tim Hudson (cherry picked from commit be1477adc97e76f4b83ed8075589f529069bd5d1) commit f2e95a02b114d824905a5e2642287e060270515c Author: Matt Caswell Date: Thu Mar 12 11:10:47 2015 +0000 Add malloc failure checks Add some missing checks for memory allocation failures in ca app. Reviewed-by: Tim Hudson (cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 13 +++++++++++++ apps/dgst.c | 10 +++++----- apps/s_time.c | 7 ++++++- crypto/stack/stack.c | 2 +- ssl/t1_enc.c | 5 +++++ 5 files changed, 30 insertions(+), 7 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 3215c56..d64ec4f 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2821,6 +2821,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); + if(!tmp) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } + p = strchr(tmp, ','); rtime_str = tmp; @@ -2838,6 +2843,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); + if(!*prevtm) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); goto err; @@ -2878,6 +2887,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); + if(!comp_time) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) { BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); goto err; diff --git a/apps/dgst.c b/apps/dgst.c index 47c2f69..95e5fa3 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -293,6 +293,11 @@ int MAIN(int argc, char **argv) in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); + if ((in == NULL) || (bmd == NULL)) { + ERR_print_errors(bio_err); + goto end; + } + if (debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ @@ -304,11 +309,6 @@ int MAIN(int argc, char **argv) goto end; } - if ((in == NULL) || (bmd == NULL)) { - ERR_print_errors(bio_err); - goto end; - } - if (out_bin == -1) { if (keyfile) out_bin = 1; diff --git a/apps/s_time.c b/apps/s_time.c index 5846f3a..a40997a 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -302,6 +302,10 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); + if(maxTime <= 0) { + BIO_printf(bio_err, "time must be > 0\n"); + badop = 1; + } } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; @@ -550,7 +554,8 @@ int MAIN(int argc, char **argv) nConn, totalTime, ((double)nConn / totalTime), bytes_read); printf ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn); + nConn, (long)time(NULL) - finishtime + maxTime, + bytes_read / (nConn?nConn:1)); ret = 0; end: diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 47457c7..de437ac 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -312,7 +312,7 @@ void sk_zero(_STACK *st) return; if (st->num <= 0) return; - memset((char *)st->data, 0, sizeof(st->data) * st->num); + memset((char *)st->data, 0, sizeof(*st->data) * st->num); st->num = 0; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 84f5896..577885f 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -260,6 +260,11 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } + if(!count) { + /* Should never happen */ + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + goto err; + } len = slen / count; if (count == 1) slen = 0; From matt at openssl.org Tue Mar 17 14:05:00 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Mar 2015 14:05:00 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426601100.758496.28751.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 6a43243d1d54a8bc4056eab76237e7d474edaafc (commit) via f08731cd82566d14275b7749ca553bdd7f6267f3 (commit) via f4b8760056ebc6d22666652fc34dc9ad8577856c (commit) via d3554bff69d97b15fef063bdb0176a0b68021325 (commit) via 3f9117e161246f2f09754e277f2c986a840c1f74 (commit) from eadc81e7dd3fde473a9e38a57b4c29cf6b699110 (commit) - Log ----------------------------------------------------------------- commit 6a43243d1d54a8bc4056eab76237e7d474edaafc Author: Matt Caswell Date: Thu Mar 12 16:42:55 2015 +0000 Fix seg fault in s_time Passing a negative value for the "-time" option to s_time results in a seg fault. This commit fixes it so that time has to be greater than 0. Reviewed-by: Andy Polyakov (cherry picked from commit dfef52f6f277327e118fdd0fe34486852c2789b6) commit f08731cd82566d14275b7749ca553bdd7f6267f3 Author: Matt Caswell Date: Thu Mar 12 14:37:26 2015 +0000 Add sanity check to PRF The function tls1_PRF counts the number of digests in use and partitions security evenly between them. There always needs to be at least one digest in use, otherwise this is an internal error. Add a sanity check for this. Reviewed-by: Richard Levitte (cherry picked from commit 668f6f08c62177ab5893fc26ebb67053aafdffc8) commit f4b8760056ebc6d22666652fc34dc9ad8577856c Author: Matt Caswell Date: Thu Mar 12 12:54:44 2015 +0000 Fix memset call in stack.c The function sk_zero is supposed to zero the elements held within a stack. It uses memset to do this. However it calculates the size of each element as being sizeof(char **) instead of sizeof(char *). This probably doesn't make much practical difference in most cases, but isn't a portable assumption. Reviewed-by: Richard Levitte (cherry picked from commit 7132ac830fa08d9a936e011d7c541b0c52115b33) commit d3554bff69d97b15fef063bdb0176a0b68021325 Author: Matt Caswell Date: Thu Mar 12 11:25:03 2015 +0000 Move malloc fail checks closer to malloc Move memory allocation failure checks closer to the site of the malloc in dgst app. Only a problem if the debug flag is set...but still should be fixed. Reviewed-by: Tim Hudson (cherry picked from commit be1477adc97e76f4b83ed8075589f529069bd5d1) commit 3f9117e161246f2f09754e277f2c986a840c1f74 Author: Matt Caswell Date: Thu Mar 12 11:10:47 2015 +0000 Add malloc failure checks Add some missing checks for memory allocation failures in ca app. Reviewed-by: Tim Hudson (cherry picked from commit a561bfe944c0beba73551731cb98af70dfee3549) ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 13 +++++++++++++ apps/dgst.c | 10 +++++----- apps/s_time.c | 7 ++++++- crypto/stack/stack.c | 2 +- ssl/t1_enc.c | 5 +++++ 5 files changed, 30 insertions(+), 7 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 055548a..5d29a64 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2803,6 +2803,11 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, ASN1_GENERALIZEDTIME *comp_time = NULL; tmp = BUF_strdup(str); + if(!tmp) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } + p = strchr(tmp, ','); rtime_str = tmp; @@ -2820,6 +2825,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, if (prevtm) { *prevtm = ASN1_UTCTIME_new(); + if(!*prevtm) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) { BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str); goto err; @@ -2860,6 +2869,10 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, goto err; } comp_time = ASN1_GENERALIZEDTIME_new(); + if(!comp_time) { + BIO_printf(bio_err, "memory allocation failure\n"); + goto err; + } if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) { BIO_printf(bio_err, "invalid compromised time %s\n", arg_str); goto err; diff --git a/apps/dgst.c b/apps/dgst.c index 8459c19..ad2f234 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -287,6 +287,11 @@ int MAIN(int argc, char **argv) in = BIO_new(BIO_s_file()); bmd = BIO_new(BIO_f_md()); + if ((in == NULL) || (bmd == NULL)) { + ERR_print_errors(bio_err); + goto end; + } + if (debug) { BIO_set_callback(in, BIO_debug_callback); /* needed for windows 3.1 */ @@ -298,11 +303,6 @@ int MAIN(int argc, char **argv) goto end; } - if ((in == NULL) || (bmd == NULL)) { - ERR_print_errors(bio_err); - goto end; - } - if (out_bin == -1) { if (keyfile) out_bin = 1; diff --git a/apps/s_time.c b/apps/s_time.c index 5846f3a..a40997a 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -302,6 +302,10 @@ static int parseArgs(int argc, char **argv) if (--argc < 1) goto bad; maxTime = atoi(*(++argv)); + if(maxTime <= 0) { + BIO_printf(bio_err, "time must be > 0\n"); + badop = 1; + } } else { BIO_printf(bio_err, "unknown option %s\n", *argv); badop = 1; @@ -550,7 +554,8 @@ int MAIN(int argc, char **argv) nConn, totalTime, ((double)nConn / totalTime), bytes_read); printf ("%d connections in %ld real seconds, %ld bytes read per connection\n", - nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn); + nConn, (long)time(NULL) - finishtime + maxTime, + bytes_read / (nConn?nConn:1)); ret = 0; end: diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index fbe9d6e..331f907 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -278,7 +278,7 @@ void sk_zero(_STACK *st) return; if (st->num <= 0) return; - memset((char *)st->data, 0, sizeof(st->data) * st->num); + memset((char *)st->data, 0, sizeof(*st->data) * st->num); st->num = 0; } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index fa1c002..4e2845f 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -261,6 +261,11 @@ static int tls1_PRF(long digest_mask, if ((m << TLS1_PRF_DGST_SHIFT) & digest_mask) count++; } + if(!count) { + /* Should never happen */ + SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR); + goto err; + } len = slen / count; if (count == 1) slen = 0; From matt at openssl.org Tue Mar 17 14:54:24 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Mar 2015 14:54:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426604064.792268.5779.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 636c42d747deb5cab78b66566e5feb4ffd61d15d (commit) via 28e4f659c5542f1625b5c20c51eab3987914b485 (commit) from 6a43243d1d54a8bc4056eab76237e7d474edaafc (commit) - Log ----------------------------------------------------------------- commit 636c42d747deb5cab78b66566e5feb4ffd61d15d Author: Matt Caswell Date: Thu Mar 12 14:09:00 2015 +0000 Dead code removal from apps Some miscellaneous removal of dead code from apps. Also fix an issue with error handling with pkcs7. Reviewed-by: Richard Levitte (cherry picked from commit 11abf92259e899f4f7da4a3e80781e84b0fb1a64) commit 28e4f659c5542f1625b5c20c51eab3987914b485 Author: Matt Caswell Date: Thu Mar 12 14:08:21 2015 +0000 Remove dead code from crypto Some miscellaneous removal of dead code from lib crypto. Reviewed-by: Richard Levitte (cherry picked from commit b7573c597c1932ef709b2455ffab47348b5c54e5) ----------------------------------------------------------------------- Summary of changes: apps/pkcs7.c | 10 +++++----- apps/s_server.c | 2 +- crypto/bio/b_print.c | 7 ++----- crypto/dso/dso_dlfcn.c | 7 +++---- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 4d80f82..643507f 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -189,11 +189,11 @@ int MAIN(int argc, char **argv) if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, infile) <= 0) - if (in == NULL) { - perror(infile); - goto end; - } + if (BIO_read_filename(in, infile) <= 0) { + BIO_printf(bio_err, "unable to load input file\n"); + ERR_print_errors(bio_err); + goto end; + } } if (informat == FORMAT_ASN1) diff --git a/apps/s_server.c b/apps/s_server.c index caba5b3..bcf5c33 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -334,7 +334,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } if (s_debug) BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", - identity ? (int)strlen(identity) : 0, identity); + (int)strlen(identity), identity); /* here we could lookup the given identity e.g. from a database */ if (strcmp(identity, psk_identity) != 0) { diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index f7940f2..c2cf6e6 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -592,7 +592,6 @@ fmtfp(char **sbuffer, int fplace = 0; int padlen = 0; int zpadlen = 0; - int caps = 0; long intpart; long fracpart; long max10; @@ -630,8 +629,7 @@ fmtfp(char **sbuffer, /* convert integer part */ do { - iconvert[iplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; + iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); if (iplace == sizeof iconvert) @@ -640,8 +638,7 @@ fmtfp(char **sbuffer, /* convert fractional part */ do { - fconvert[fplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10]; + fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); if (fplace == sizeof fconvert) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index c0fcbb1..f629f03 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -314,7 +314,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, return (NULL); } strcpy(merged, filespec2); - } else + } else { /* * This part isn't as trivial as it looks. It assumes that the * second file specification really is a directory, and makes no @@ -322,13 +322,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, * concatenation of filespec2 followed by a slash followed by * filespec1. */ - { int spec2len, len; spec2len = strlen(filespec2); - len = spec2len + (filespec1 ? strlen(filespec1) : 0); + len = spec2len + strlen(filespec1); - if (filespec2 && filespec2[spec2len - 1] == '/') { + if (spec2len && filespec2[spec2len - 1] == '/') { spec2len--; len--; } From matt at openssl.org Tue Mar 17 14:54:34 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Mar 2015 14:54:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426604074.812946.6121.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c1559f5046092b542f8033bb8eec8bd88ce0d8f2 (commit) via d8d2e503593ac429fa04b96c7722dcf1c33bdeb3 (commit) from 6c4ce00753c5763cf836f6fec9ec07ed7c2e6e03 (commit) - Log ----------------------------------------------------------------- commit c1559f5046092b542f8033bb8eec8bd88ce0d8f2 Author: Matt Caswell Date: Thu Mar 12 14:09:00 2015 +0000 Dead code removal from apps Some miscellaneous removal of dead code from apps. Also fix an issue with error handling with pkcs7. Reviewed-by: Richard Levitte (cherry picked from commit 11abf92259e899f4f7da4a3e80781e84b0fb1a64) commit d8d2e503593ac429fa04b96c7722dcf1c33bdeb3 Author: Matt Caswell Date: Thu Mar 12 14:08:21 2015 +0000 Remove dead code from crypto Some miscellaneous removal of dead code from lib crypto. Reviewed-by: Richard Levitte (cherry picked from commit b7573c597c1932ef709b2455ffab47348b5c54e5) ----------------------------------------------------------------------- Summary of changes: apps/pkcs7.c | 10 +++++----- apps/s_server.c | 2 +- crypto/bio/b_print.c | 7 ++----- crypto/dso/dso_dlfcn.c | 7 +++---- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 4d80f82..643507f 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -189,11 +189,11 @@ int MAIN(int argc, char **argv) if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, infile) <= 0) - if (in == NULL) { - perror(infile); - goto end; - } + if (BIO_read_filename(in, infile) <= 0) { + BIO_printf(bio_err, "unable to load input file\n"); + ERR_print_errors(bio_err); + goto end; + } } if (informat == FORMAT_ASN1) diff --git a/apps/s_server.c b/apps/s_server.c index d5d2492..a8491ac 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -347,7 +347,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } if (s_debug) BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", - identity ? (int)strlen(identity) : 0, identity); + (int)strlen(identity), identity); /* here we could lookup the given identity e.g. from a database */ if (strcmp(identity, psk_identity) != 0) { diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index f7940f2..c2cf6e6 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -592,7 +592,6 @@ fmtfp(char **sbuffer, int fplace = 0; int padlen = 0; int zpadlen = 0; - int caps = 0; long intpart; long fracpart; long max10; @@ -630,8 +629,7 @@ fmtfp(char **sbuffer, /* convert integer part */ do { - iconvert[iplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; + iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); if (iplace == sizeof iconvert) @@ -640,8 +638,7 @@ fmtfp(char **sbuffer, /* convert fractional part */ do { - fconvert[fplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10]; + fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); if (fplace == sizeof fconvert) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index c0fcbb1..f629f03 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -314,7 +314,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, return (NULL); } strcpy(merged, filespec2); - } else + } else { /* * This part isn't as trivial as it looks. It assumes that the * second file specification really is a directory, and makes no @@ -322,13 +322,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, * concatenation of filespec2 followed by a slash followed by * filespec1. */ - { int spec2len, len; spec2len = strlen(filespec2); - len = spec2len + (filespec1 ? strlen(filespec1) : 0); + len = spec2len + strlen(filespec1); - if (filespec2 && filespec2[spec2len - 1] == '/') { + if (spec2len && filespec2[spec2len - 1] == '/') { spec2len--; len--; } From matt at openssl.org Tue Mar 17 14:54:42 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 17 Mar 2015 14:54:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426604082.207483.6391.nullmailer@dev.openssl.org> The branch master has been updated via 11abf92259e899f4f7da4a3e80781e84b0fb1a64 (commit) via b7573c597c1932ef709b2455ffab47348b5c54e5 (commit) from e4676e900f165f5272991443225813002300b09b (commit) - Log ----------------------------------------------------------------- commit 11abf92259e899f4f7da4a3e80781e84b0fb1a64 Author: Matt Caswell Date: Thu Mar 12 14:09:00 2015 +0000 Dead code removal from apps Some miscellaneous removal of dead code from apps. Also fix an issue with error handling with pkcs7. Reviewed-by: Richard Levitte commit b7573c597c1932ef709b2455ffab47348b5c54e5 Author: Matt Caswell Date: Thu Mar 12 14:08:21 2015 +0000 Remove dead code from crypto Some miscellaneous removal of dead code from lib crypto. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/pkcs7.c | 10 +++++----- apps/s_server.c | 2 +- crypto/bio/b_print.c | 7 ++----- crypto/dso/dso_dlfcn.c | 7 +++---- 4 files changed, 11 insertions(+), 15 deletions(-) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 4d80f82..643507f 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -189,11 +189,11 @@ int MAIN(int argc, char **argv) if (infile == NULL) BIO_set_fp(in, stdin, BIO_NOCLOSE); else { - if (BIO_read_filename(in, infile) <= 0) - if (in == NULL) { - perror(infile); - goto end; - } + if (BIO_read_filename(in, infile) <= 0) { + BIO_printf(bio_err, "unable to load input file\n"); + ERR_print_errors(bio_err); + goto end; + } } if (informat == FORMAT_ASN1) diff --git a/apps/s_server.c b/apps/s_server.c index 874b402..ec2fe6f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -303,7 +303,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, } if (s_debug) BIO_printf(bio_s_out, "identity_len=%d identity=%s\n", - identity ? (int)strlen(identity) : 0, identity); + (int)strlen(identity), identity); /* here we could lookup the given identity e.g. from a database */ if (strcmp(identity, psk_identity) != 0) { diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index f7940f2..c2cf6e6 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -592,7 +592,6 @@ fmtfp(char **sbuffer, int fplace = 0; int padlen = 0; int zpadlen = 0; - int caps = 0; long intpart; long fracpart; long max10; @@ -630,8 +629,7 @@ fmtfp(char **sbuffer, /* convert integer part */ do { - iconvert[iplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef")[intpart % 10]; + iconvert[iplace++] = "0123456789"[intpart % 10]; intpart = (intpart / 10); } while (intpart && (iplace < (int)sizeof(iconvert))); if (iplace == sizeof iconvert) @@ -640,8 +638,7 @@ fmtfp(char **sbuffer, /* convert fractional part */ do { - fconvert[fplace++] = - (caps ? "0123456789ABCDEF" : "0123456789abcdef")[fracpart % 10]; + fconvert[fplace++] = "0123456789"[fracpart % 10]; fracpart = (fracpart / 10); } while (fplace < max); if (fplace == sizeof fconvert) diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index c9a9a8b..8ebb2b5 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -299,7 +299,7 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, return (NULL); } strcpy(merged, filespec2); - } else + } else { /* * This part isn't as trivial as it looks. It assumes that the * second file specification really is a directory, and makes no @@ -307,13 +307,12 @@ static char *dlfcn_merger(DSO *dso, const char *filespec1, * concatenation of filespec2 followed by a slash followed by * filespec1. */ - { int spec2len, len; spec2len = strlen(filespec2); - len = spec2len + (filespec1 ? strlen(filespec1) : 0); + len = spec2len + strlen(filespec1); - if (filespec2 && filespec2[spec2len - 1] == '/') { + if (spec2len && filespec2[spec2len - 1] == '/') { spec2len--; len--; } From levitte at openssl.org Tue Mar 17 16:04:05 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 17 Mar 2015 16:04:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426608245.990772.20784.nullmailer@dev.openssl.org> The branch master has been updated via 9e43c6b5c28731d13afcb4658dc2fa4dd188cc0b (commit) from 11abf92259e899f4f7da4a3e80781e84b0fb1a64 (commit) - Log ----------------------------------------------------------------- commit 9e43c6b5c28731d13afcb4658dc2fa4dd188cc0b Author: Richard Levitte Date: Tue Mar 17 16:30:54 2015 +0100 Correct the request of debug builds ./config would translate -d into having the target get a 'debug-' prefix, and then run './Configure LIST' to find out if such a debugging target exists or not. With the recent changes, the separate 'debug-foo' targets are disappearing, and we're giving the normal targets debugging capabilities instead. Unfortunately, './config' wasn't changed to match this new behavior. This change introduces the arguments '--debug' and '--release' - the latter just for orthogonality - to ./Configure, and ./config now treats -d by adding '--debug' to the options for ./Configure. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Configure | 25 +++++++++++++++++++------ config | 2 +- 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/Configure b/Configure index 705f4c6..4a34b4e 100755 --- a/Configure +++ b/Configure @@ -946,6 +946,7 @@ my $options; my $symlink; my $make_depend=0; my %withargs=(); +my $build_prefix = "release_"; my @argvcopy=@ARGV; my $argvstring=""; @@ -1020,10 +1021,18 @@ PROCESS_ARGS: { exit(&test_sanity()); } - elsif (/^--strict-warnings/) + elsif (/^--strict-warnings$/) { $strict_warnings = 1; } + elsif (/^--debug$/) + { + $build_prefix = "debug_"; + } + elsif (/^--release$/) + { + $build_prefix = "release_"; + } elsif (/^reconfigure/ || /^reconf/) { if (open(IN,"<$Makefile")) @@ -1234,10 +1243,10 @@ if ($target =~ m/^CygWin32(-.*)$/) { print "Configuring for $target\n"; +# Support for legacy targets having a name starting with 'debug-' my ($d, $t) = $target =~ m/^(debug-)?(.*)$/; -my $debug_prefix = "release_"; if ($d) { - $debug_prefix = "debug_"; + $build_prefix = "debug_"; # If we do not find debug-foo in the table, the target is set to foo, # but only if the foo target has a noon-empty debug_cflags or debug_lflags @@ -1248,7 +1257,11 @@ if ($d) { } } -&usage if (!defined($table{$target}) || $table{$target}->{template}); +&usage if (!defined($table{$target}) + || $table{$target}->{template} + || ($build_prefix eq "debug_" + && !($table{$target}->{debug_cflags} + || $table{$target}->{debug_lflags}))); if ($fips) { @@ -1359,10 +1372,10 @@ my $cc = $ENV{CC} || $table{$t}->{cc}; # Do it in such a way that no spurious space is appended (hence the grep). my $cflags = join(" ", grep { $_ } ($table{$t}->{cflags}, - $table{$t}->{$debug_prefix."cflags"})); + $table{$t}->{$build_prefix."cflags"})); my $lflags = join(" ", grep { $_ } ($table{$t}->{lflags}, - $table{$t}->{$debug_prefix."lflags"})); + $table{$t}->{$build_prefix."lflags"})); my $unistd = $table{$t}->{unistd}; my $thread_cflag = $table{$t}->{thread_cflag}; diff --git a/config b/config index 8644211..44c48c1 100755 --- a/config +++ b/config @@ -29,7 +29,7 @@ EXE="" for i do case "$i" in --d*) PREFIX="debug-";; +-d*) options=$options" --debug";; -t*) TEST="true";; -h*) TEST="true"; cat < The branch OpenSSL_1_0_2-stable has been updated via 8b84495380098592ef7bb2fa9209ccb87803bf1d (commit) from c1559f5046092b542f8033bb8eec8bd88ce0d8f2 (commit) - Log ----------------------------------------------------------------- commit 8b84495380098592ef7bb2fa9209ccb87803bf1d Author: Dr. Stephen Henson Date: Tue Mar 17 15:55:11 2015 +0000 Add support for ServerInfo SSL_CONF option. Add support for ServerInfo SSL_CONF option and update documentation. This was wrongly omitted from the 1.0.2 release. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CONF_cmd.pod | 5 +++++ ssl/ssl_conf.c | 13 +++++++++++++ 2 files changed, 18 insertions(+) diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 6d073cb..2bf1a60 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -195,6 +195,11 @@ context. This option is only supported if certificate operations are permitted. Note: if no B<-key> option is set then a private key is not loaded: it does not currently use the B file. +=item B + +Attempts to use the file B in the "serverinfo" extension using the +function SSL_CTX_use_serverinfo_file. + =item B Attempts to use the file B as the set of temporary DH parameters for diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index d950242..5478840 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -386,6 +386,18 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) return rv > 0; } +static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) +{ + int rv = 1; + if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) + return -2; + if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) + return -2; + if (cctx->ctx) + rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); + return rv > 0; +} + #ifndef OPENSSL_NO_DH static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) { @@ -444,6 +456,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_STRING(Options, NULL), SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), #ifndef OPENSSL_NO_DH SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) #endif From appro at openssl.org Wed Mar 18 15:29:04 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 18 Mar 2015 15:29:04 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426692544.058986.16875.nullmailer@dev.openssl.org> The branch master has been updated via 7ead0c89185c46378e3ed85c0012d083f4b3039b (commit) from 9e43c6b5c28731d13afcb4658dc2fa4dd188cc0b (commit) - Log ----------------------------------------------------------------- commit 7ead0c89185c46378e3ed85c0012d083f4b3039b Author: Andy Polyakov Date: Mon Mar 16 22:33:36 2015 +0100 Configure: fold related configurations more aggressively and clean-up. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 1268 ++++++++++++++----------------------------- Configure | 90 +-- 2 files changed, 418 insertions(+), 940 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index eb46789..9d38554 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -6,10 +6,12 @@ %targets = ( -# Basic configs that should work on any (32 and less bit) box +#### Basic configs that should work on any 32-bit box "gcc" => { cc => "gcc", - cflags => "-O3", + cflags => "", + debug_cflags => "-O0 -g", + release_cflags => "-O3", thread_cflag => "(unknown)", bn_ops => "BN_LLONG", }, @@ -19,9 +21,8 @@ thread_cflag => "(unknown)", }, -####VOS Configurations +#### VOS Configurations "vos-gcc" => { - inherit_from => [ "no_asm_filler" ], cc => "gcc", cflags => "-Wall -DOPENSSL_SYS_VOS -D_POSIX_C_SOURCE=200112L -D_BSD -D_VOS_EXTENDED_NAMES -DB_ENDIAN", debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG", @@ -34,15 +35,17 @@ }, #### Solaris x86 with GNU C setups -# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it -# here because whenever GNU C instantiates an assembler template it -# surrounds it with #APP #NO_APP comment pair which (at least Solaris -# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic" -# error message. "solaris-x86-gcc" => { - inherit_from => [ "x86_elf_asm" ], - cc => "gcc", - cflags => "-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM", + # -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have + # to do it here because whenever GNU C instantiates an assembler + # template it surrounds it with #APP #NO_APP comment pair which + # (at least Solaris 7_x86) /usr/ccs/bin/as fails to assemble + # with "Illegal mnemonic" error message. + inherit_from => [ asm("x86_elf_asm") ], + cc => "gcc", + cflags => "-march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM", + debug_cflags => "-O0 -g", + release_cflags => "-O3 -fomit-frame-pointer", thread_cflag => "-D_REENTRANT", lflags => "-lsocket -lnsl -ldl", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", @@ -52,18 +55,20 @@ shared_ldflag => "-shared", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, -# -shared -static-libgcc might appear controversial, but modules taken -# from static libgcc do not have relocations and linking them into our -# shared objects doesn't have any negative side-effects. On the contrary, -# doing so makes it possible to use gcc shared build with Sun C. Given -# that gcc generates faster code [thanks to inline assembler], I would -# actually recommend to consider using gcc shared build even with vendor -# compiler:-) -# "solaris64-x86_64-gcc" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "-m64 -O3 -Wall -DL_ENDIAN", + # -shared -static-libgcc might appear controversial, but modules + # taken from static libgcc do not have relocations and linking + # them into our shared objects doesn't have any negative side + # effects. On the contrary, doing so makes it possible to use + # gcc shared build with Sun C. Given that gcc generates faster + # code [thanks to inline assembler], I would actually recommend + # to consider using gcc shared build even with vendor compiler:-) + # + inherit_from => [ asm("x86_64_asm") ], + cc => "gcc", + cflags => "-m64 -Wall -DL_ENDIAN", + debug_cflags => "-O0 -g", + release_cflags => "-O3", thread_cflag => "-D_REENTRANT", lflags => "-lsocket -lnsl -ldl", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", @@ -78,9 +83,10 @@ #### Solaris x86 with Sun C setups "solaris-x86-cc" => { - inherit_from => [ "no_asm_filler" ], cc => "cc", - cflags => "-fast -xarch=generic -O -Xa", + cflags => "-xarch=generic -xstrconst -Xa -DL_ENDIAN", + debug_cflags => "-g", + release_cflags => "-xO5 -xregs=frameptr -xdepend -xbuiltin", thread_cflag => "-D_REENTRANT", lflags => "-lsocket -lnsl -ldl", bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR", @@ -91,9 +97,11 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "solaris64-x86_64-cc" => { - inherit_from => [ "x86_64_asm" ], + inherit_from => [ asm("x86_64_asm") ], cc => "cc", - cflags => "-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN", + cflags => "-xarch=generic64 -xstrconst -Xa -DL_ENDIAN", + debug_cflags => "-g", + release_cflags => "-xO5 -xdepend -xbuiltin", thread_cflag => "-D_REENTRANT", lflags => "-lsocket -lnsl -ldl", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", @@ -101,16 +109,17 @@ dso_scheme => "dlfcn", shared_target => "solaris-shared", shared_cflag => "-KPIC", - shared_ldflag => "-xarch=amd64 -G -dy -z text", + shared_ldflag => "-xarch=generic64 -G -dy -z text", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/64", }, #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc" => { - inherit_from => [ "no_asm_filler" ], cc => "gcc", - cflags => "-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W", + cflags => "-Wall -DB_ENDIAN -DBN_DIV2W", + debug_cflags => "-O0 -g", + release_cflags => "-O3", thread_cflag => "-D_REENTRANT", lflags => "-lsocket -lnsl -ldl", bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", @@ -120,52 +129,25 @@ shared_ldflag => "-shared", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, -#### "solaris-sparcv8-gcc" => { - inherit_from => [ "sparcv8_asm" ], - cc => "gcc", - cflags => "-mv8 -Wall -DB_ENDIAN", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g", - release_cflags => "-O3 -fomit-frame-pointer -DBN_DIV2W", - thread_cflag => "-D_REENTRANT", - lflags => "-lsocket -lnsl -ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "solaris-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ], + cflags => sub { join(" ","-mv8", at _); }, }, -# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc "solaris-sparcv9-gcc" => { - inherit_from => [ "sparcv9_asm" ], + # -m32 should be safe to add as long as driver recognizes + # -mcpu=ultrasparc + inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv9_asm") ], cc => "gcc", - cflags => "-m32 -mcpu=ultrasparc -Wall -DB_ENDIAN -DBN_DIV2W", + cflags => sub { join(" ","-m32 -mcpu=ultrasparc", at _); }, debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -pedantic -ansi -Wshadow -Wno-long-long -D__EXTENSIONS__", - release_cflags => "-O3 -fomit-frame-pointer", - thread_cflag => "-D_REENTRANT", - sys_id => "ULTRASPARC", - lflags => "-lsocket -lnsl -ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "solaris-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + release_cflags => "-O3", }, "solaris64-sparcv9-gcc" => { - inherit_from => [ "sparcv9_asm" ], + inherit_from => [ "solaris-sparcv9-gcc" ], cc => "gcc", - cflags => "-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN", - thread_cflag => "-D_REENTRANT", - sys_id => "ULTRASPARC", - lflags => "-lsocket -lnsl -ldl", + cflags => "-m64 -mcpu=ultrasparc -Wall -DB_ENDIAN", bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "solaris-shared", - shared_cflag => "-fPIC", shared_ldflag => "-m64 -shared", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/64", }, @@ -174,9 +156,10 @@ # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8 # SC5.0 note: Compiler common patch 107357-01 or later is required! "solaris-sparcv7-cc" => { - inherit_from => [ "no_asm_filler" ], cc => "cc", - cflags => "-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W", + cflags => "-xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", + debug_cflags => "-g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL", + release_cflags => "-xO5 -xdepend", thread_cflag => "-D_REENTRANT", lflags => "-lsocket -lnsl -ldl", bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR", @@ -188,58 +171,29 @@ }, #### "solaris-sparcv8-cc" => { - inherit_from => [ "sparcv8_asm" ], - cc => "cc", - cflags => "-xarch=v8 -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O", - release_cflags => "-xO5 -xdepend", - thread_cflag => "-D_REENTRANT", - lflags => "-lsocket -lnsl -ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "solaris-shared", - shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "solaris-sparcv7-cc", asm("sparcv8_asm") ], + cflags => sub { join(" ","-xarch=v8", at _); }, }, "solaris-sparcv9-cc" => { - inherit_from => [ "sparcv9_asm" ], - cc => "cc", - cflags => "-xtarget=ultra -xarch=v8plus -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O", - release_cflags => "-xO5 -xdepend", - thread_cflag => "-D_REENTRANT", - sys_id => "ULTRASPARC", - lflags => "-lsocket -lnsl -ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "solaris-shared", - shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ], + cflags => sub { join(" ","-xarch=v8plus -xtarget=ultra", at _); }, }, "solaris64-sparcv9-cc" => { - inherit_from => [ "sparcv9_asm" ], - cc => "cc", - cflags => "-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN", - thread_cflag => "-D_REENTRANT", - sys_id => "ULTRASPARC", - lflags => "-lsocket -lnsl -ldl", + inherit_from => [ "solaris-sparcv7-cc", asm("sparcv9_asm") ], + cflags => sub { join(" ","-xarch=v9 -xtarget=ultra", at _); }, bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "solaris-shared", - shared_cflag => "-KPIC", shared_ldflag => "-xarch=v9 -G -dy -z text", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/64", }, #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. "irix-gcc" => { - inherit_from => [ "mips32_asm" ], + inherit_from => [ asm("mips32_asm") ], cc => "gcc", - cflags => "-O3 -DB_ENDIAN", + cflags => "-DB_ENDIAN", + debug_cflags => "-g -O0", + release_cflags => "-O3", thread_cflag => "(unknown)", bn_ops => "BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR", perlasm_scheme => "o32", @@ -248,9 +202,11 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "irix-cc" => { - inherit_from => [ "mips32_asm" ], + inherit_from => [ asm("mips32_asm") ], cc => "cc", - cflags => "-O2 -use_readonly_const -DB_ENDIAN", + cflags => "-use_readonly_const -DB_ENDIAN", + debug_cflags => "-g -O0", + release_cflags => "-O2", thread_cflag => "(unknown)", bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR", perlasm_scheme => "o32", @@ -262,9 +218,11 @@ # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke # './Configure irix-cc -o32' manually. "irix-mips3-gcc" => { - inherit_from => [ "mips64_asm" ], + inherit_from => [ asm("mips64_asm") ], cc => "gcc", - cflags => "-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W", + cflags => "-mabi=n32 -DB_ENDIAN -DBN_DIV3W", + debug_cflags => "-g -O0", + release_cflags => "-O3", thread_cflag => "-D_SGI_MP_SOURCE", bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT", perlasm_scheme => "n32", @@ -275,9 +233,11 @@ multilib => "32", }, "irix-mips3-cc" => { - inherit_from => [ "mips64_asm" ], + inherit_from => [ asm("mips64_asm") ], cc => "cc", - cflags => "-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + cflags => "-n32 -mips3 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + debug_cflags => "-g -O0", + release_cflags => "-O2", thread_cflag => "-D_SGI_MP_SOURCE", bn_ops => "DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT", perlasm_scheme => "n32", @@ -287,11 +247,13 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "32", }, -# N64 ABI builds. + # N64 ABI builds. "irix64-mips4-gcc" => { - inherit_from => [ "mips64_asm" ], + inherit_from => [ asm("mips64_asm") ], cc => "gcc", - cflags => "-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W", + cflags => "-mabi=64 -mips4 -DB_ENDIAN -DBN_DIV3W", + debug_cflags => "-g -O0", + release_cflags => "-O3", thread_cflag => "-D_SGI_MP_SOURCE", bn_ops => "RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG", perlasm_scheme => "64", @@ -302,9 +264,11 @@ multilib => "64", }, "irix64-mips4-cc" => { - inherit_from => [ "mips64_asm" ], + inherit_from => [ asm("mips64_asm") ], cc => "cc", - cflags => "-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + cflags => "-64 -mips4 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W", + debug_cflags => "-g -O0", + release_cflags => "-O2", thread_cflag => "-D_SGI_MP_SOURCE", bn_ops => "RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG", perlasm_scheme => "64", @@ -331,36 +295,23 @@ # - Keep in mind that the HP compiler by default generates code # suitable for execution on the host you're currently compiling at. # If the toolkit is ment to be used on various PA-RISC processors -# consider './config +DAportable'. -# - +DD64 is chosen in favour of +DA2.0W because it's meant to be -# compatible with *future* releases. -# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to -# pass -D_REENTRANT on HP-UX 10 and later. +# consider './Configure hpux-parisc-[g]cc +DAportable'. # - -DMD32_XARRAY triggers workaround for compiler bug we ran into in # 32-bit message digests. (For the moment of this writing) HP C # doesn't seem to "digest" too many local variables (they make "him" # chew forever:-). For more details look-up MD32_XARRAY comment in # crypto/sha/sha_lcl.h. +# - originally there were 32-bit hpux-parisc2-* targets. They were +# scrapped, because a) they were not interchangable with other 32-bit +# targets; a) when critical 32-bit assembly modules detect if they +# are executed on PA-RISC 2.0 and thus adequate performance is +# provided. # -# -# Since there is mention of this in shlib/hpux10-cc.sh - "hpux-parisc-cc-o4" => { - inherit_from => [ "no_asm_filler" ], - cc => "cc", - cflags => "-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", - thread_cflag => "-D_REENTRANT", - lflags => "-ldld", - bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "+Z", - shared_ldflag => "-b", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, "hpux-parisc-gcc" => { - inherit_from => [ "no_asm_filler" ], cc => "gcc", - cflags => "-O3 -DB_ENDIAN -DBN_DIV2W", + cflags => "-DB_ENDIAN -DBN_DIV2W", + debug_cflags => "-O0 -g", + release_cflags => "-O3", thread_cflag => "-D_REENTRANT", lflags => "-Wl,+s -ldld", bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", @@ -371,39 +322,18 @@ shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "hpux-parisc1_1-gcc" => { - inherit_from => [ "parisc11_asm" ], - cc => "gcc", - cflags => "-O3 -DB_ENDIAN -DBN_DIV2W", - thread_cflag => "-D_REENTRANT", - lflags => "-Wl,+s -ldld", - bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "hpux-parisc-gcc", asm("parisc11_asm") ], multilib => "/pa1.1", }, - "hpux-parisc2-gcc" => { - inherit_from => [ "parisc20_32_asm" ], - cc => "gcc", - cflags => "-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT", - lflags => "-Wl,+s -ldld", - bn_ops => "SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - multilib => "/pa20_32", - }, "hpux64-parisc2-gcc" => { + inherit_from => [ asm("parisc20_64_asm") ], cc => "gcc", - cflags => "-O3 -DB_ENDIAN -D_REENTRANT", + cflags => "-DB_ENDIAN", + debug_cflags => "-O0 -g", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", - bn_obj => "pa-risc2W.o", - perlasm_scheme => "void", dso_scheme => "dlfcn", shared_target => "hpux-shared", shared_cflag => "-fpic", @@ -412,14 +342,15 @@ multilib => "/pa20_64", }, -# More attempts at unified 10.X and 11.X targets for HP C compiler. -# -# Chris Ruemmler -# Kevin Steves + # More attempts at unified 10.X and 11.X targets for HP C compiler. + # + # Chris Ruemmler + # Kevin Steves "hpux-parisc-cc" => { - inherit_from => [ "no_asm_filler" ], cc => "cc", - cflags => "+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", + cflags => "+Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY", + debug_cflags => "+O0 +d -g", + release_cflags => "+O3", thread_cflag => "-D_REENTRANT", lflags => "-Wl,+s -ldld", bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", @@ -430,36 +361,17 @@ shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "hpux-parisc1_1-cc" => { - inherit_from => [ "parisc11_asm" ], - cc => "cc", - cflags => "+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", - thread_cflag => "-D_REENTRANT", - lflags => "-Wl,+s -ldld", - bn_ops => "MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "+Z", - shared_ldflag => "-b", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "hpux-parisc-cc", asm("parisc11_asm") ], + cflags => sub { join(" ","+DA1.1", at _); }, multilib => "/pa1.1", }, - "hpux-parisc2-cc" => { - inherit_from => [ "parisc20_32_asm" ], - cc => "cc", - cflags => "+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT", - lflags => "-Wl,+s -ldld", - bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "+Z", - shared_ldflag => "-b", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - multilib => "/pa20_32", - }, "hpux64-parisc2-cc" => { - inherit_from => [ "parisc20_64_asm" ], + inherit_from => [ asm("parisc20_64_asm") ], cc => "cc", - cflags => "+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT", + cflags => "+DD64 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY", + debug_cflags => "+O0 +d -g", + release_cflags => "+O3", + thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT", dso_scheme => "dlfcn", @@ -470,11 +382,14 @@ multilib => "/pa20_64", }, -# HP/UX IA-64 targets + # HP/UX IA-64 targets "hpux-ia64-cc" => { - inherit_from => [ "ia64_asm" ], + inherit_from => [ asm("ia64_asm") ], cc => "cc", - cflags => "-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT", + cflags => "-Ae +DD32 +Olit=all -z -DB_ENDIAN", + debug_cflags => "+O0 +d -g", + release_cflags => "+O2", + thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", dso_scheme => "dlfcn", @@ -484,12 +399,15 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/hpux32", }, -# Frank Geurts has patiently assisted with -# with debugging of the following config. + # Frank Geurts has patiently assisted + # with debugging of the following config. "hpux64-ia64-cc" => { - inherit_from => [ "ia64_asm" ], + inherit_from => [ asm("ia64_asm") ], cc => "cc", - cflags => "-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT", + cflags => "-Ae +DD64 +Olit=all -z -DB_ENDIAN", + debug_cflags => "+O0 +d -g", + release_cflags => "+O3", + thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", dso_scheme => "dlfcn", @@ -499,11 +417,14 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/hpux64", }, -# GCC builds... + # GCC builds... "hpux-ia64-gcc" => { - inherit_from => [ "ia64_asm" ], + inherit_from => [ asm("ia64_asm") ], cc => "gcc", - cflags => "-O3 -DB_ENDIAN -D_REENTRANT", + cflags => "-DB_ENDIAN", + debug_cflags => "-O0 -g", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", dso_scheme => "dlfcn", @@ -514,9 +435,12 @@ multilib => "/hpux32", }, "hpux64-ia64-gcc" => { - inherit_from => [ "ia64_asm" ], + inherit_from => [ asm("ia64_asm") ], cc => "gcc", - cflags => "-mlp64 -O3 -DB_ENDIAN -D_REENTRANT", + cflags => "-mlp64 -DB_ENDIAN", + debug_cflags => "-O0 -g", + release_cflags => "-O3", + thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT", dso_scheme => "dlfcn", @@ -527,34 +451,6 @@ multilib => "/hpux64", }, -# Legacy HPUX 9.X configs... - "hpux-cc" => { - inherit_from => [ "no_asm_filler" ], - cc => "cc", - cflags => "-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z", - thread_cflag => "(unknown)", - lflags => "-Wl,+s -ldld", - bn_ops => "DES_PTR DES_UNROLL DES_RISC1", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "+Z", - shared_ldflag => "-b", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "hpux-gcc" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-DB_ENDIAN -DBN_DIV2W -O3", - thread_cflag => "(unknown)", - lflags => "-Wl,+s -ldld", - bn_ops => "DES_PTR DES_UNROLL DES_RISC1", - dso_scheme => "dl", - shared_target => "hpux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-shared", - shared_extension => ".sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ "MPE/iX-gcc" => { cc => "gcc", @@ -565,7 +461,7 @@ bn_ops => "BN_LLONG DES_PTR DES_UNROLL DES_RISC1", }, -# DEC Alpha OSF/1/Tru64 targets. +#### DEC Alpha OSF/1/Tru64 targets. # # "What's in a name? That which we call a rose # By any other word would smell as sweet." @@ -575,7 +471,7 @@ # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version # "osf1-alpha-gcc" => { - inherit_from => [ "alpha_asm" ], + inherit_from => [ asm("alpha_asm") ], cc => "gcc", cflags => "-O3", thread_cflag => "(unknown)", @@ -585,7 +481,7 @@ shared_extension => ".so", }, "osf1-alpha-cc" => { - inherit_from => [ "alpha_asm" ], + inherit_from => [ asm("alpha_asm") ], cc => "cc", cflags => "-std1 -tune host -O4 -readonly_strings", thread_cflag => "(unknown)", @@ -595,7 +491,7 @@ shared_extension => ".so", }, "tru64-alpha-cc" => { - inherit_from => [ "alpha_asm" ], + inherit_from => [ asm("alpha_asm") ], cc => "cc", cflags => "-std1 -tune host -fast -readonly_strings", thread_cflag => "-pthread", @@ -612,11 +508,10 @@ # *-generic* is endian-neutral target, but ./config is free to # throw in -D[BL]_ENDIAN, whichever appropriate... "linux-generic32" => { - inherit_from => [ "no_asm_filler" ], cc => "gcc", cflags => "-Wall", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g", - release_cflags => "-O3 -fomit-frame-pointer", + debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG", + release_cflags => "-O3", thread_cflag => "-D_REENTRANT", lflags => "-ldl", bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", @@ -625,425 +520,206 @@ shared_cflag => "-fPIC", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, + "linux-generic64" => { + inherit_from => [ "linux-generic32" ], + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + }, + "linux-ppc" => { - inherit_from => [ "ppc32_asm" ], - cc => "gcc", - cflags => "-DB_ENDIAN -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", + inherit_from => [ "linux-generic32", asm("ppc32_asm") ], perlasm_scheme => "linux32", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + }, + "linux-ppc64" => { + inherit_from => [ "linux-generic64", asm("ppc64_asm") ], + cflags => "-m64 -Wall -DB_ENDIAN", + perlasm_scheme => "linux64", + shared_ldflag => "-m64", + multilib => "64", + }, + "linux-ppc64le" => { + inherit_from => [ "linux-generic64", asm("ppc64_asm") ], + cflags => "-m64 -Wall -DL_ENDIAN", + perlasm_scheme => "linux64le", + shared_ldflag => "-m64", }, -####################################################################### -# Note that -march is not among compiler options in below linux-armv4 -# target line. Not specifying one is intentional to give you choice to: -# -# a) rely on your compiler default by not specifying one; -# b) specify your target platform explicitly for optimal performance, -# e.g. -march=armv6 or -march=armv7-a; -# c) build "universal" binary that targets *range* of platforms by -# specifying minimum and maximum supported architecture; -# -# As for c) option. It actually makes no sense to specify maximum to be -# less than ARMv7, because it's the least requirement for run-time -# switch between platform-specific code paths. And without run-time -# switch performance would be equivalent to one for minimum. Secondly, -# there are some natural limitations that you'd have to accept and -# respect. Most notably you can *not* build "universal" binary for -# big-endian platform. This is because ARMv7 processor always picks -# instructions in little-endian order. Another similar limitation is -# that -mthumb can't "cross" -march=armv6t2 boundary, because that's -# where it became Thumb-2. Well, this limitation is a bit artificial, -# because it's not really impossible, but it's deemed too tricky to -# support. And of course you have to be sure that your binutils are -# actually up to the task of handling maximum target platform. With all -# this in mind here is an example of how to configure "universal" build: -# -# ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 -# "linux-armv4" => { - inherit_from => [ "armv4_asm" ], - cc => "gcc", - cflags => "-O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + ################################################################ + # Note that -march is not among compiler options in linux-armv4 + # target description. Not specifying one is intentional to give + # you choice to: + # + # a) rely on your compiler default by not specifying one; + # b) specify your target platform explicitly for optimal + # performance, e.g. -march=armv6 or -march=armv7-a; + # c) build "universal" binary that targets *range* of platforms + # by specifying minimum and maximum supported architecture; + # + # As for c) option. It actually makes no sense to specify + # maximum to be less than ARMv7, because it's the least + # requirement for run-time switch between platform-specific + # code paths. And without run-time switch performance would be + # equivalent to one for minimum. Secondly, there are some + # natural limitations that you'd have to accept and respect. + # Most notably you can *not* build "universal" binary for + # big-endian platform. This is because ARMv7 processor always + # picks instructions in little-endian order. Another similar + # limitation is that -mthumb can't "cross" -march=armv6t2 + # boundary, because that's where it became Thumb-2. Well, this + # limitation is a bit artificial, because it's not really + # impossible, but it's deemed too tricky to support. And of + # course you have to be sure that your binutils are actually + # up to the task of handling maximum target platform. With all + # this in mind here is an example of how to configure + # "universal" build: + # + # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 + # + inherit_from => [ "linux-generic32", asm("armv4_asm") ], + perlasm_scheme => "linux32", }, "linux-aarch64" => { - inherit_from => [ "aarch64_asm" ], - cc => "gcc", - cflags => "-O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + inherit_from => [ "linux-generic64", asm("aarch64_asm") ], perlasm_scheme => "linux64", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, -# Configure script adds minimally required -march for assembly support, -# if no -march was specified at command line. mips32 and mips64 below -# refer to contemporary MIPS Architecture specifications, MIPS32 and -# MIPS64, rather than to kernel bitness. + "linux-mips32" => { - inherit_from => [ "mips32_asm" ], - cc => "gcc", - cflags => "-mabi=32 -O3 -Wall -DBN_DIV3W", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + # Configure script adds minimally required -march for assembly + # support, if no -march was specified at command line. + inherit_from => [ "linux-generic32", asm("mips32_asm") ], + cflags => "-mabi=32 -Wall -DBN_DIV3W", perlasm_scheme => "o32", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => "-mabi=32", }, + # mips32 and mips64 below refer to contemporary MIPS Architecture + # specifications, MIPS32 and MIPS64, rather than to kernel bitness. "linux-mips64" => { - inherit_from => [ "mips64_asm" ], - cc => "gcc", - cflags => "-mabi=n32 -O3 -Wall -DBN_DIV3W", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", + inherit_from => [ "linux-generic32", asm("mips64_asm") ], + cflags => "-mabi=n32 -Wall -DBN_DIV3W", bn_ops => "SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", perlasm_scheme => "n32", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", shared_ldflag => "-mabi=n32", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "32", }, "linux64-mips64" => { - inherit_from => [ "mips64_asm" ], - cc => "gcc", + inherit_from => [ "linux-generic64", asm("mips64_asm") ], cflags => "-mabi=64 -O3 -Wall -DBN_DIV3W", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", perlasm_scheme => "64", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", shared_ldflag => "-mabi=64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "64", }, -#### IA-32 targets... - "linux-ia32-icc" => { - inherit_from => [ "x86_elf_asm" ], - cc => "icc", - cflags => "-DL_ENDIAN -O2", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl -no_cpprt", - bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-KPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, + + #### IA-32 targets... "linux-elf" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ "linux-generic32", asm("x86_elf_asm") ], cc => "gcc", - cflags => "-DL_ENDIAN -Wall", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -g -march=i486", + cflags => "-march=i486 -DL_ENDIAN -Wall", + debug_cflags => "-O0 -g -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG", release_cflags => "-O3 -fomit-frame-pointer", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", debug_lflags => "-lefence", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "linux-aout" => { - inherit_from => [ "x86_asm" ], + inherit_from => [ asm("x86_asm") ], cc => "gcc", - cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall", + cflags => "-DL_ENDIAN -march=i486 -Wall", + debug_cflags => "-O0 -g", + release_cflags => "-O3 -fomit-frame-pointer", thread_cflag => "(unknown)", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", perlasm_scheme => "a.out", }, -#### - "linux-generic64" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-Wall", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g", - release_cflags => "-O3", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "linux-ppc64" => { - inherit_from => [ "ppc64_asm" ], - cc => "gcc", - cflags => "-m64 -DB_ENDIAN -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", - perlasm_scheme => "linux64", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - multilib => "64", - }, - "linux-ppc64le" => { - inherit_from => [ "ppc64_asm" ], - cc => "gcc", - cflags => "-m64 -DL_ENDIAN -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", - perlasm_scheme => "linux64le", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "linux-ia64" => { - inherit_from => [ "ia64_asm" ], - cc => "gcc", - cflags => "-DL_ENDIAN -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "linux-ia64-icc" => { - inherit_from => [ "ia64_asm" ], - cc => "icc", - cflags => "-DL_ENDIAN -O2 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl -no_cpprt", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, + "linux-x86_64" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", + inherit_from => [ "linux-generic64", asm("x86_64_asm") ], cflags => "-m64 -DL_ENDIAN -Wall", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g", - release_cflags => "-O3", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - multilib => "64", - }, - "linux-x86_64-clang" => { - inherit_from => [ "x86_64_asm" ], - cc => "clang", - cflags => "-m64 -DL_ENDIAN -O3 -Weverything $clang_disabled_warnings -Qunused-arguments", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - multilib => "64", - }, - "linux-x86_64-icc" => { - inherit_from => [ "x86_64_asm" ], - cc => "icc", - cflags => "-DL_ENDIAN -O2", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl -no_cpprt", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + shared_ldflag => "-m64", multilib => "64", }, + "linux-x86_64-clang" => { + inherit_from => [ "linux-x86_64" ], + cc => "clang", + cflags => "-m64 -DL_ENDIAN -Weverything $clang_disabled_warnings -Qunused-arguments", + }, "linux-x32" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "-mx32 -DL_ENDIAN -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", + inherit_from => [ "linux-generic32", asm("x86_64_asm") ], + cflags => "-mx32 -DL_ENDIAN -Wall", bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL", perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", shared_ldflag => "-mx32", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "x32", }, + + "linux-ia64" => { + inherit_from => [ "linux-generic64", asm("ia64_asm") ], + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT", + }, + "linux64-s390x" => { - inherit_from => [ "s390x_asm" ], - cc => "gcc", - cflags => "-m64 -DB_ENDIAN -O3 -Wall", + inherit_from => [ "linux-generic64", asm("s390x_asm") ], + cflags => "-m64 -Wall -DB_ENDIAN", thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL", perlasm_scheme => "64", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "64", }, -#### So called "highgprs" target for z/Architecture CPUs -# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see -# /proc/cpuinfo. The idea is to preserve most significant bits of -# general purpose registers not only upon 32-bit process context -# switch, but even on asynchronous signal delivery to such process. -# This makes it possible to deploy 64-bit instructions even in legacy -# application context and achieve better [or should we say adequate] -# performance. The build is binary compatible with linux-generic32, -# and the idea is to be able to install the resulting libcrypto.so -# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for -# ldconfig and run-time linker to autodiscover. Unfortunately it -# doesn't work just yet, because of couple of bugs in glibc -# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... "linux32-s390x" => { - inherit_from => [ "s390x_32_asm" ], - cc => "gcc", - cflags => "-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL", + #### So called "highgprs" target for z/Architecture CPUs + # "Highgprs" is kernel feature first implemented in Linux + # 2.6.32, see /proc/cpuinfo. The idea is to preserve most + # significant bits of general purpose registers not only + # upon 32-bit process context switch, but even on + # asynchronous signal delivery to such process. This makes + # it possible to deploy 64-bit instructions even in legacy + # application context and achieve better [or should we say + # adequate] performance. The build is binary compatible with + # linux-generic32, and the idea is to be able to install the + # resulting libcrypto.so alongside generic one, e.g. as + # /lib/highgprs/libcrypto.so.x.y, for ldconfig and run-time + # linker to autodiscover. Unfortunately it doesn't work just + # yet, because of couple of bugs in glibc + # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... + # + inherit_from => [ "linux-generic32", asm("s390x_asm") ], + cflags => "-m31 -Wall -Wa,-mzarch -DB_ENDIAN", + bn_obj => sub { my $r=join(" ", at _); $r=~s/bn\-s390x/bn_asm/; $r; }, perlasm_scheme => "31", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", shared_ldflag => "-m31", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "/highgprs", }, -#### SPARC Linux setups -# Ray Miller has patiently -# assisted with debugging of following two configs. + + #### SPARC Linux setups + # Ray Miller has + # patiently assisted with debugging of following two configs. "linux-sparcv8" => { - inherit_from => [ "sparcv8_asm" ], - cc => "gcc", - cflags => "-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "linux-generic32", asm("sparcv8_asm") ], + cflags => "-mv8 -Wall -DB_ENDIAN -DBN_DIV2W", }, -# it's a real mess with -mcpu=ultrasparc option under Linux, but -# -Wa,-Av8plus should do the trick no matter what. "linux-sparcv9" => { - inherit_from => [ "sparcv9_asm" ], - cc => "gcc", - cflags => "-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W", - thread_cflag => "-D_REENTRANT", - sys_id => "ULTRASPARC", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", + # it's a real mess with -mcpu=ultrasparc option under Linux, + # but -Wa,-Av8plus should do the trick no matter what. + inherit_from => [ "linux-generic32", asm("sparcv9_asm") ], + cflags => "-m32 -mcpu=ultrasparc -Wall -Wa,-Av8plus -DB_ENDIAN -DBN_DIV2W", shared_ldflag => "-m32", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, -# GCC 3.1 is a requirement "linux64-sparcv9" => { - inherit_from => [ "sparcv9_asm" ], - cc => "gcc", - cflags => "-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall", - thread_cflag => "-D_REENTRANT", - sys_id => "ULTRASPARC", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", + # GCC 3.1 is a requirement + inherit_from => [ "linux-generic64", asm("sparcv9_asm") ], + cflags => "-m64 -mcpu=ultrasparc -Wall -DB_ENDIAN", + bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", shared_ldflag => "-m64", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", multilib => "64", }, -#### Alpha Linux with GNU C and Compaq C setups -# Special notes: -# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -# ought to run './Configure linux-alpha+bwx-gcc' manually, do -# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever -# which is appropriate. -# - If you use ccc keep in mind that -fast implies -arch host and the -# compiler is free to issue instructions which gonna make elder CPU -# choke. If you wish to build "blended" toolkit, add -arch generic -# *after* -fast and invoke './Configure linux-alpha-ccc' manually. + "linux-alpha-gcc" => { - inherit_from => [ "alpha_asm" ], - cc => "gcc", - cflags => "-O3 -DL_ENDIAN", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", + inherit_from => [ "linux-generic64", asm("alpha_asm") ], + cflags => "-DL_ENDIAN", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "linux-alpha+bwx-gcc" => { - inherit_from => [ "alpha_asm" ], - cc => "gcc", - cflags => "-O3 -DL_ENDIAN", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - }, - "linux-alpha-ccc" => { - inherit_from => [ "alpha_asm" ], - cc => "ccc", - cflags => "-fast -readonly_strings -DL_ENDIAN", - thread_cflag => "-D_REENTRANT", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL", }, - "linux-alpha+bwx-ccc" => { - inherit_from => [ "alpha_asm" ], - cc => "ccc", - cflags => "-fast -readonly_strings -DL_ENDIAN", - thread_cflag => "-D_REENTRANT", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL", - }, -# -# TI_CGT_C6000_7.3.x is a requirement "linux-c64xplus" => { + # TI_CGT_C6000_7.3.x is a requirement cc => "cl6x", cflags => "--linux -ea=.s -eo=.o -mv6400+ -o2 -ox -ms -pden -DOPENSSL_SMALL_FOOTPRINT", thread_cflag => "-D_REENTRANT", @@ -1063,62 +739,33 @@ ranlib => "true", }, -# Android: linux-* but without pointers to headers and libs. +#### Android: linux-* but without pointers to headers and libs. "android" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "linux-generic32" ], + cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -Wall", + debug_cflags => "-O0 -g", }, "android-x86" => { - inherit_from => [ "android_x86_elf_asm" ], - cc => "gcc", - cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", + inherit_from => [ "android", asm("x86_asm") ], + release_cflags => "-O3 -fomit-frame-pointer", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + perlasm_scheme => "android", }, "android-armv7" => { - inherit_from => [ "armv4_asm" ], - cc => "gcc", - cflags => "-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + inherit_from => [ "android", asm("armv4_asm") ], + cflags => sub { join (" ","-march=armv7-a", at _); }, }, "android-mips" => { - inherit_from => [ "mips32_asm" ], - cc => "gcc", - cflags => "-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall", - thread_cflag => "-D_REENTRANT", - lflags => "-ldl", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", + inherit_from => [ "android", asm("mips32_asm") ], perlasm_scheme => "o32", - dso_scheme => "dlfcn", - shared_target => "linux-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, #### *BSD [do see comment about ${BSDthreads} in Configure!] "BSD-generic32" => { - inherit_from => [ "no_asm_filler" ], cc => "gcc", - cflags => "-O3 -fomit-frame-pointer -Wall", + cflags => "-Wall", + debug_cflags => "-O0 -g", + release_cflags => "-O3", thread_cflag => "${BSDthreads}", bn_ops => "BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL", dso_scheme => "dlfcn", @@ -1126,94 +773,52 @@ shared_cflag => "-fPIC", shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, - "BSD-x86" => { - inherit_from => [ "x86_asm" ], - cc => "gcc", - cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -Wall", - thread_cflag => "${BSDthreads}", - bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - perlasm_scheme => "a.out", - dso_scheme => "dlfcn", - shared_target => "bsd-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-generic64" => { + inherit_from => [ "BSD-generic32" ], + bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", }, - "BSD-x86-elf" => { - inherit_from => [ "x86_elf_asm" ], - cc => "gcc", + + "BSD-x86" => { + inherit_from => [ "BSD-generic32", asm("x86_asm") ], cflags => "-DL_ENDIAN -Wall", - debug_cflags => "-g", release_cflags => "-O3 -fomit-frame-pointer", - thread_cflag => "${BSDthreads}", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", - dso_scheme => "dlfcn", shared_target => "bsd-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + perlasm_scheme => "a.out", }, - "BSD-sparcv8" => { - inherit_from => [ "sparcv8_asm" ], - cc => "gcc", - cflags => "-DB_ENDIAN -O3 -mv8 -Wall", - thread_cflag => "${BSDthreads}", - bn_ops => "BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-x86-elf" => { + inherit_from => [ "BSD-x86" ], + perlasm_scheme => "elf", }, - "BSD-generic64" => { - inherit_from => [ "no_asm_filler" ], - cc => "gcc", - cflags => "-O3 -Wall", - thread_cflag => "${BSDthreads}", - bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-sparcv8" => { + inherit_from => [ "BSD-generic32", asm("sparcv8_asm") ], + cflags => "-mv8 -Wall -DB_ENDIAN", }, -# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it -# simply *happens* to work around a compiler bug in gcc 3.3.3, -# triggered by RIPEMD160 code. "BSD-sparc64" => { - inherit_from => [ "sparcv9_asm" ], - cc => "gcc", - cflags => "-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall", - thread_cflag => "${BSDthreads}", + # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it + # simply *happens* to work around a compiler bug in gcc 3.3.3, + # triggered by RIPEMD160 code. + inherit_from => [ "BSD-generic64", asm("sparcv9_asm") ], + cflags => "-DB_ENDIAN -DMD32_REG_T=int -Wall", bn_ops => "BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, + "BSD-ia64" => { - inherit_from => [ "ia64_asm" ], - cc => "gcc", - cflags => "-DL_ENDIAN -O3 -Wall", - thread_cflag => "${BSDthreads}", + inherit_from => [ "BSD-generic64", asm("ia64_asm") ], + cflags => "-DL_ENDIAN -Wall", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, + "BSD-x86_64" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "-DL_ENDIAN -O3 -Wall", - thread_cflag => "${BSDthreads}", + inherit_from => [ "BSD-generic64", asm("x86_64_asm") ], + cflags => "-DL_ENDIAN -Wall", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", perlasm_scheme => "elf", - dso_scheme => "dlfcn", - shared_target => "bsd-gcc-shared", - shared_cflag => "-fPIC", - shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "bsdi-elf-gcc" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "gcc", cflags => "-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall", thread_cflag => "(unknown)", @@ -1248,7 +853,6 @@ bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", }, "QNX6" => { - inherit_from => [ "no_asm_filler" ], cc => "gcc", lflags => "-lsocket", dso_scheme => "dlfcn", @@ -1257,7 +861,7 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "QNX6-i386" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "gcc", cflags => "-DL_ENDIAN -O2 -Wall", lflags => "-lsocket", @@ -1295,7 +899,7 @@ bn_ops => "${x86_gcc_des} ${x86_gcc_opts}", }, "unixware-7" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "cc", cflags => "-O -DFILIO_H -Kalloca", thread_cflag => "-Kthread", @@ -1308,7 +912,7 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "unixware-7-gcc" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "gcc", cflags => "-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall", thread_cflag => "-D_REENTRANT", @@ -1322,7 +926,7 @@ }, # SCO 5 - Ben Laurie says the -O breaks the SCO cc. "sco5-cc" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "cc", cflags => "-belf", thread_cflag => "(unknown)", @@ -1335,7 +939,7 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", }, "sco5-gcc" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "gcc", cflags => "-O3 -fomit-frame-pointer", thread_cflag => "(unknown)", @@ -1349,17 +953,12 @@ }, #### IBM's AIX. - "aix3-cc" => { - cc => "cc", - cflags => "-O -DB_ENDIAN -qmaxmem=16384", - thread_cflag => "(unknown)", - sys_id => "AIX", - bn_ops => "BN_LLONG RC4_CHAR", - }, "aix-gcc" => { - inherit_from => [ "ppc32_asm" ], + inherit_from => [ asm("ppc32_asm") ], cc => "gcc", - cflags => "-O -DB_ENDIAN", + cflags => "-DB_ENDIAN", + debug_cflags => "-O0 -g", + release_cflags => "-O", thread_cflag => "-pthread", sys_id => "AIX", bn_ops => "BN_LLONG RC4_CHAR", @@ -1371,9 +970,11 @@ arflags => "-X32", }, "aix64-gcc" => { - inherit_from => [ "ppc64_asm" ], + inherit_from => [ asm("ppc64_asm") ], cc => "gcc", - cflags => "-maix64 -O -DB_ENDIAN", + cflags => "-maix64 -DB_ENDIAN", + debug_cflags => "-O0 -g", + release_cflags => "-O", thread_cflag => "-pthread", sys_id => "AIX", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", @@ -1384,12 +985,15 @@ shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", arflags => "-X64", }, -# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE -# at build time. $OBJECT_MODE is respected at ./config stage! + # Below targets assume AIX 5. Idea is to effectively disregard + # $OBJECT_MODE at build time. $OBJECT_MODE is respected at + # ./config stage! "aix-cc" => { - inherit_from => [ "ppc32_asm" ], + inherit_from => [ asm("ppc32_asm") ], cc => "cc", - cflags => "-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + cflags => "-q32 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + debug_cflags => "", + release_cflags => "-O", thread_cflag => "-qthreaded -D_THREAD_SAFE", sys_id => "AIX", bn_ops => "BN_LLONG RC4_CHAR", @@ -1401,9 +1005,11 @@ arflags => "-X 32", }, "aix64-cc" => { - inherit_from => [ "ppc64_asm" ], + inherit_from => [ asm("ppc64_asm") ], cc => "cc", - cflags => "-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + cflags => "-q64 -DB_ENDIAN -qmaxmem=16384 -qro -qroconst", + debug_cflags => "", + release_cflags => "-O", thread_cflag => "-qthreaded -D_THREAD_SAFE", sys_id => "AIX", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR", @@ -1435,7 +1041,7 @@ bn_ops => "THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR", }, -# Visual C targets +#### Visual C targets # # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64 # @@ -1443,79 +1049,59 @@ # positives in some situations. Disabling it altogether masks both # legitimate and false cases, but as we compile on multiple platforms, # we rely on other compilers to catch legitimate cases. - "VC-WIN64I" => { + "VC-common" => { + template => 1, cc => "cl", - cflags => "-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE", - sys_id => "WIN64I", - bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", - cpuid_obj => "ia64cpuid.o", - bn_obj => "ia64.o ia64-mont.o", - aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", - md5_obj => "md5-ia64.o", - sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", - modes_obj => "ghash-ia64.o", - perlasm_scheme => "ias", + cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE", dso_scheme => "win32", }, - "debug-VC-WIN64I" => { - cc => "cl", - cflags => "-W3 -wd4090 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE", + "VC-WIN64I" => { + inherit_from => [ "VC-common", asm("ia64_asm") ], + cflags => sub { join(" ", at _,"-DUNICODE -D_UNICODE"); }, sys_id => "WIN64I", bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", - cpuid_obj => "ia64cpuid.o", - bn_obj => "ia64.o", - aes_obj => "aes_core.o aes_cbc.o aes-ia64.o", - md5_obj => "md5-ia64.o", - sha1_obj => "sha1-ia64.o sha256-ia64.o sha512-ia64.o", - modes_obj => "ghash-ia64.o", + bn_obj => sub { my $r=join(" ", at _); $r=~s/bn\-//; $r; }, + rc4_obj => "", perlasm_scheme => "ias", - dso_scheme => "win32", }, "VC-WIN64A" => { - inherit_from => [ "win_x86_64_asm" ], - cc => "cl", - cflags => "-W3 -wd4090 -Gs0 -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE", - debug_cflags => "-Zi", + inherit_from => [ "VC-common", asm("x86_64_asm") ], + cflags => sub { join(" ", at _,"-DUNICODE -D_UNICODE"); }, sys_id => "WIN64A", bn_ops => "SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN", + bn_obj => sub { my $r=join(" ", at _); $r=~s/x86_64\-gcc/bn_asm/; $r; }, perlasm_scheme => "auto", - dso_scheme => "win32", }, -# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement -# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' "VC-WIN32" => { - inherit_from => [ "x86_asm" ], - cc => "cl", - cflags => "-W3 -wd4090 -Gs0 -GF -Gy -nologo -DOPENSSL_SYS_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE", - debug_cflags => "-Zi", + # x86 Win32 target defaults to ANSI API, if you want UNICODE, + # configure with 'perl Configure VC-WIN32 -DUNICODE -D_UNICODE' + inherit_from => [ "VC-common", asm("x86_asm") ], sys_id => "WIN32", bn_ops => "BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}", perlasm_scheme => "win32n", - dso_scheme => "win32", }, -# Unified CE target "VC-CE" => { - inherit_from => [ "no_asm_filler" ], cc => "cl", sys_id => "WINCE", bn_ops => "BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}", dso_scheme => "win32", }, -# Borland C++ 4.5 +#### Borland C++ 4.5 "BC-32" => { - inherit_from => [ "no_asm_filler" ], cc => "bcc32", sys_id => "WIN32", bn_ops => "BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN", dso_scheme => "win32", }, -# MinGW +#### MinGW "mingw" => { - inherit_from => [ "x86_asm" ], + inherit_from => [ asm("x86_asm") ], cc => "gcc", - cflags => "-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall", + cflags => "-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -march=i486 -Wall", + debug_cflags => "-g -O0", + release_clags => "-O3 -fomit-frame-pointer", thread_cflag => "-D_MT", sys_id => "MINGW32", lflags => "-lws2_32 -lgdi32 -lcrypt32", @@ -1527,17 +1113,20 @@ shared_ldflag => "-mno-cygwin", shared_extension => ".dll.a", }, -# As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll -# compiled with one compiler with application compiled with another -# compiler. It's possible to engage Applink support in mingw64 build, -# but it's not done, because till mingw64 supports structured exception -# handling, one can't seriously consider its binaries for using with -# non-mingw64 run-time environment. And as mingw64 is always consistent -# with itself, Applink is never engaged and can as well be omitted. "mingw64" => { - inherit_from => [ "x86_64_asm" ], - cc => "gcc", - cflags => "-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE", + # As for OPENSSL_USE_APPLINK. Applink makes it possible to use + # .dll compiled with one compiler with application compiled with + # another compiler. It's possible to engage Applink support in + # mingw64 build, but it's not done, because till mingw64 + # supports structured exception handling, one can't seriously + # consider its binaries for using with non-mingw64 run-time + # environment. And as mingw64 is always consistent with itself, + # Applink is never engaged and can as well be omitted. + inherit_from => [ asm("x86_64_asm") ], + cc => "gcc", + cflags => "-mno-cygwin -DL_ENDIAN -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE", + debug_cflags => "-g -O0", + release_clags => "-O3", thread_cflag => "-D_MT", sys_id => "MINGW64", lflags => "-lws2_32 -lgdi32 -lcrypt32", @@ -1550,9 +1139,8 @@ shared_extension => ".dll.a", }, -# UWIN +#### UWIN "UWIN" => { - inherit_from => [ "no_asm_filler" ], cc => "cc", cflags => "-DTERMIOS -DL_ENDIAN -O -Wall", sys_id => "UWIN", @@ -1560,11 +1148,13 @@ dso_scheme => "win32", }, -# Cygwin +#### Cygwin "Cygwin" => { - inherit_from => [ "x86_asm" ], + inherit_from => [ asm("x86_asm") ], cc => "gcc", - cflags => "-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall", + cflags => "-DTERMIOS -DL_ENDIAN -march=i486 -Wall", + debug_cflags => "-g -O0", + release_clags => "-O3 -fomit-frame-pointer", sys_id => "CYGWIN", bn_ops => "BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}", perlasm_scheme => "coff", @@ -1575,9 +1165,11 @@ shared_extension => ".dll.a", }, "Cygwin-x86_64" => { - inherit_from => [ "x86_64_asm" ], + inherit_from => [ asm("x86_64_asm") ], cc => "gcc", - cflags => "-DTERMIOS -DL_ENDIAN -O3 -Wall", + cflags => "-DTERMIOS -DL_ENDIAN -Wall", + debug_cflags => "-g -O0", + release_clags => "-O3", sys_id => "CYGWIN", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", perlasm_scheme => "mingw64", @@ -1588,7 +1180,7 @@ shared_extension => ".dll.a", }, -# NetWare from David Ward (dsward at novell.com) +#### NetWare from David Ward (dsward at novell.com) # requires either MetroWerks NLM development tools, or gcc / nlmconv # NetWare defaults socket bio to WinSock sockets. However, # the builds can be configured to use BSD sockets instead. @@ -1611,7 +1203,7 @@ cflags => "-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYS_NETWARE -O2 -Wall", bn_ops => "${x86_gcc_opts}", }, -# netware-libc => LibC/NKS support + # netware-libc => LibC/NKS support "netware-libc" => { cc => "mwccnlm", bn_ops => "BN_LLONG ${x86_gcc_opts}", @@ -1631,9 +1223,9 @@ bn_ops => "BN_LLONG ${x86_gcc_opts}", }, -# DJGPP +#### DJGPP "DJGPP" => { - inherit_from => [ "x86_asm" ], + inherit_from => [ asm("x86_asm") ], cc => "gcc", cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall", sys_id => "MSDOS", @@ -1642,7 +1234,7 @@ perlasm_scheme => "a.out", }, -# Ultrix from Bernhard Simon +#### Ultrix from Bernhard Simon "ultrix-cc" => { cc => "cc", cflags => "-std1 -O -Olimit 2500 -DL_ENDIAN", @@ -1658,11 +1250,11 @@ ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::", ##### MacOS X (a.k.a. Darwin) setup - "darwin-ppc-cc" => { - inherit_from => [ "ppc32_asm" ], + "darwin-common" => { + template => 1, cc => "cc", - cflags => "-arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL", - debug_cflags => "-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall -O", + cflags => "", + debug_cflags => "-g -O0", release_cflags => "-O3", thread_cflag => "-D_REENTRANT", sys_id => "MACOSX", @@ -1672,59 +1264,39 @@ dso_scheme => "dlfcn", shared_target => "darwin-shared", shared_cflag => "-fPIC -fno-common", - shared_ldflag => "-arch ppc -dynamiclib", + shared_ldflag => "-dynamiclib", shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", }, + "darwin-ppc-cc" => { + inherit_from => [ "darwin-common", asm("ppc32_asm") ], + cflags => "-arch ppc -DB_ENDIAN -Wa,-force_cpusubtype_ALL", + perlasm_scheme => "osx32", + shared_ldflag => "-arch ppc -dynamiclib", + }, "darwin64-ppc-cc" => { - inherit_from => [ "ppc64_asm" ], - cc => "cc", - cflags => "-arch ppc64 -O3 -DB_ENDIAN", - thread_cflag => "-D_REENTRANT", - sys_id => "MACOSX", - lflags => "-Wl,-search_paths_first%", + inherit_from => [ "darwin-common", asm("ppc64_asm") ], + cflags => "-arch ppc64 -DB_ENDIAN", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", perlasm_scheme => "osx64", - dso_scheme => "dlfcn", - shared_target => "darwin-shared", - shared_cflag => "-fPIC -fno-common", shared_ldflag => "-arch ppc64 -dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", }, "darwin-i386-cc" => { - inherit_from => [ "x86_asm_nocast" ], - cc => "cc", + inherit_from => [ "darwin-common", asm("x86_asm") ], cflags => "-arch i386 -DL_ENDIAN", - debug_cflags => "-g3", release_cflags => "-O3 -fomit-frame-pointer", - thread_cflag => "-D_REENTRANT", - sys_id => "MACOSX", - lflags => "-Wl,-search_paths_first%", bn_ops => "BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR", perlasm_scheme => "macosx", - dso_scheme => "dlfcn", - shared_target => "darwin-shared", - shared_cflag => "-fPIC -fno-common", shared_ldflag => "-arch i386 -dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", }, "darwin64-x86_64-cc" => { - inherit_from => [ "x86_64_asm" ], - cc => "cc", + inherit_from => [ "darwin-common", asm("x86_64_asm") ], cflags => "-arch x86_64 -DL_ENDIAN -Wall", - debug_cflags => "-ggdb -g2 -O0", - release_cflags => "-O3", - thread_cflag => "-D_REENTRANT", - sys_id => "MACOSX", - lflags => "-Wl,-search_paths_first%", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL", perlasm_scheme => "macosx", - dso_scheme => "dlfcn", - shared_target => "darwin-shared", - shared_cflag => "-fPIC -fno-common", shared_ldflag => "-arch x86_64 -dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", }, -# iPhoneOS/iOS + +#### iPhoneOS/iOS # # It takes three prior-set environment variables to make it work: # @@ -1737,51 +1309,24 @@ # # CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/ # CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer -# CROSS_SDK=iPhoneOS7.0.sdk +# CROSS_SDK=iPhoneOS.sdk # "iphoneos-cross" => { - inherit_from => [ "no_asm_filler" ], - cc => "cc", - cflags => "-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common", - thread_cflag => "-D_REENTRANT", + inherit_from => [ "darwin-common" ], + cflags => "-isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common", sys_id => "iOS", - lflags => "-Wl,-search_paths_first%", - bn_ops => "BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", - dso_scheme => "dlfcn", - shared_target => "darwin-shared", - shared_cflag => "-fPIC -fno-common", - shared_ldflag => "-dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", }, "ios64-cross" => { - inherit_from => [ "aarch64_asm" ], - cc => "cc", - cflags => "-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common", - thread_cflag => "-D_REENTRANT", + inherit_from => [ "darwin-common", asm("aarch64_asm") ], + cflags => "-arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common", sys_id => "iOS", - lflags => "-Wl,-search_paths_first%", bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR", perlasm_scheme => "ios64", - dso_scheme => "dlfcn", - shared_target => "darwin-shared", - shared_cflag => "-fPIC -fno-common", - shared_ldflag => "-dynamiclib", - shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", - }, - -##### A/UX - "aux3-gcc" => { - cc => "gcc", - cflags => "-O2 -DTERMIO", - thread_cflag => "(unknown)", - sys_id => "AUX", - lflags => "-lbsd", - bn_ops => "RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR", }, ##### GNU Hurd "hurd-x86" => { - inherit_from => [ "x86_elf_asm" ], + inherit_from => [ asm("x86_elf_asm") ], cc => "gcc", cflags => "-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall", thread_cflag => "-D_REENTRANT", @@ -1835,7 +1380,6 @@ lflags => "-r", }, "vxworks-simlinux" => { - inherit_from => [ "no_asm_filler" ], cc => "ccpentium", cflags => "-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK", sys_id => "VXWORKS", @@ -1843,7 +1387,7 @@ ranlib => "ranlibpentium", }, "vxworks-mips" => { - inherit_from => [ "mips32_asm" ], + inherit_from => [ asm("mips32_asm") ], cc => "ccmips", cflags => "-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip", thread_cflag => "-D_REENTRANT", @@ -1853,9 +1397,8 @@ ranlib => "ranlibmips", }, -# uClinux +#### uClinux "uClinux-dist" => { - inherit_from => [ "no_asm_filler" ], cc => "$ENV{'CC'}", cflags => "\$(CFLAGS)", thread_cflag => "-D_REENTRANT", @@ -1869,7 +1412,6 @@ ranlib => "$ENV{'RANLIB'}", }, "uClinux-dist64" => { - inherit_from => [ "no_asm_filler" ], cc => "$ENV{'CC'}", cflags => "\$(CFLAGS)", thread_cflag => "-D_REENTRANT", diff --git a/Configure b/Configure index 4a34b4e..c038f85 100755 --- a/Configure +++ b/Configure @@ -166,7 +166,6 @@ my $ppc32_asm=$ppc64_asm; # seems to be sufficient? my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; - # table of known configurations, read in from files # # The content of each entry can take one of two forms: @@ -349,29 +348,7 @@ my %table=( # Note: as long as someone might use old style configuration strings, # or we bother supporting that, those variables need to stay - # Filler used for when there are no asm files. - no_asm_filler => { - template => 1, - cpuid_obj => "", - bn_obj => "", - ec_obj => "", - des_obj => "", - aes_obj => "", - bf_obj => "", - md5_obj => "", - sha1_obj => "", - cast_obj => "", - rc4_obj => "", - rmd160_obj => "", - rc5_obj => "", - wp_obj => "", - cmll_obj => "", - modes_obj => "", - engines_obj => "", - perlasm_scheme => "void" - }, - - x86_asm_nocast => { + x86_asm => { template => 1, cpuid_obj => "x86cpuid.o", bn_obj => "bn-586.o co-586.o x86-mont.o x86-gf2m.o", @@ -389,26 +366,15 @@ my %table=( modes_obj => "ghash-x86.o", engines_obj => "e_padlock-x86.o" }, - x86_asm => { - template => 1, - inherit_from => [ "x86_asm_nocast" ], - cast_obj => "cast-586.o", - }, x86_elf_asm => { template => 1, inherit_from => [ "x86_asm" ], perlasm_scheme => "elf" }, - android_x86_elf_asm => { - template => 1, - inherit_from => [ "x86_asm" ], - perlasm_scheme => "android" - }, - - _x86_64_asm => { + x86_64_asm => { template => 1, cpuid_obj => "x86_64cpuid.o", - bn_obj => "x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o", + bn_obj => "x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o", ec_obj => "ecp_nistz256.o ecp_nistz256-x86_64.o", aes_obj => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o", md5_obj => "md5-x86_64.o", @@ -419,16 +385,6 @@ my %table=( modes_obj => "ghash-x86_64.o aesni-gcm-x86_64.o", engines_obj => "e_padlock-x86_64.o" }, - x86_64_asm => { - inherit_from => [ "_x86_64_asm" ], - template => 1, - bn_obj => sub { join(" ","x86_64-gcc.o", at _) } - }, - win_x86_64_asm => { - inherit_from => [ "_x86_64_asm" ], - template => 1, - bn_obj => sub { join(" ","bn_asm.o", at _) } - }, ia64_asm => { template => 1, cpuid_obj => "ia64cpuid.o", @@ -478,25 +434,15 @@ my %table=( template => 1, sha1_obj => sub { join(" ", @_, "sha512-mips.o") } }, - _s390x_asm => { + s390x_asm => { template => 1, cpuid_obj => "s390xcap.o s390xcpuid.o", - bn_obj => "s390x-mont.o s390x-gf2m.o", + bn_obj => "bn-s390x.o s390x-mont.o s390x-gf2m.o", aes_obj => "aes-s390x.o aes-ctr.o aes-xts.o", sha1_obj => "sha1-s390x.o sha256-s390x.o sha512-s390x.o", rc4_obj => "rc4-s390x.o", modes_obj => "ghash-s390x.o", }, - s390x_asm => { - template => 1, - inherit_from => [ "_s390x_asm" ], - bn_obj => sub { join(" ", "bn-s390x.o", @_) } - }, - s390x_32_asm => { - template => 1, - inherit_from => [ "_s390x_asm" ], - bn_obj => sub { join(" ", "bn_asm.o", @_) } - }, armv4_asm => { template => 1, cpuid_obj => "armcap.o armv4cpuid.o", @@ -524,26 +470,10 @@ my %table=( modes_obj => "ghash-parisc.o", perlasm_scheme => "32" }, - _parisc20_asm => { - template => 1, - cpuid_obj => "pariscid.o", - bn_obj => "parisc-mont.o", - aes_obj => "aes_core.o aes_cbc.o aes-parisc.o", - sha1_obj => "sha1-parisc.o sha256-parisc.o sha512-parisc.o", - rc4_obj => "rc4-parisc.o", - modes_obj => "ghash-parisc.o", - perlasm_scheme => "64" - }, - parisc20_32_asm => { - template => 1, - inherit_from => [ "_parisc20_asm" ], - bn_obj => sub { join(" ", "pa-risc2.o", @_) }, - perlasm_scheme => "32", - }, parisc20_64_asm => { template => 1, - inherit_from => [ "_parisc20_asm" ], - bn_obj => sub { join(" ", "pa-risc2W.o", @_) }, + inherit_from => [ "parisc11_asm" ], + bn_obj => sub { my $r=join(" ", at _); $r=~s/bn_asm/pa-risc2W/; $r; }, perlasm_scheme => "64", }, ppc64_asm => { @@ -560,6 +490,12 @@ my %table=( }, ); +{ my $no_asm_templates=0; + foreach (@ARGV) { $no_asm_templates=1 if (/^\-?no\-asm$/); } + sub asm { $no_asm_templates?():@_; } +} + + sub stringtohash { my $in = shift @_; if (ref($in) eq "HASH") { From mark at openssl.org Thu Mar 19 08:22:41 2015 From: mark at openssl.org (Mark J. Cox) Date: Thu, 19 Mar 2015 08:22:41 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1426753361.561122.9712.nullmailer@dev.openssl.org> The branch master has been updated via 3235f836e9c03d9d38b1e7aad30b4f6406ac096e (commit) from 042b5cd96c9159769c9539aa805849fa93f995f7 (commit) - Log ----------------------------------------------------------------- commit 3235f836e9c03d9d38b1e7aad30b4f6406ac096e Author: Mark J. Cox Date: Thu Mar 19 08:22:09 2015 +0000 Display the severity rating on the vulnerabilities page (if one exists) ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xsl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/news/vulnerabilities.xsl b/news/vulnerabilities.xsl index 008532e..717325b 100644 --- a/news/vulnerabilities.xsl +++ b/news/vulnerabilities.xsl @@ -63,6 +63,9 @@ receive security updates

+ + [ severity] +

From levitte at openssl.org Thu Mar 19 08:45:11 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 19 Mar 2015 08:45:11 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1426754711.181894.22647.nullmailer@dev.openssl.org> The branch master has been updated via 0eae3397eac95c6b243a822668c6e8a2c24d5be8 (commit) from 3235f836e9c03d9d38b1e7aad30b4f6406ac096e (commit) - Log ----------------------------------------------------------------- commit 0eae3397eac95c6b243a822668c6e8a2c24d5be8 Author: Richard Levitte Date: Thu Mar 19 09:45:04 2015 +0100 source/license.inc is generated, ignore it ----------------------------------------------------------------------- Summary of changes: .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 953a4cc..f6bef20 100644 --- a/.gitignore +++ b/.gitignore @@ -6,6 +6,7 @@ pod2htmi.tmp blog news/changelog.inc news/vulnerabilities.wml +source/license.inc support/faq.inc support/funding/support-faq.inc .ssh From matt at openssl.org Thu Mar 19 13:57:31 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 19 Mar 2015 13:57:31 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1426773451.699285.3187.nullmailer@dev.openssl.org> The branch master has been updated via 6c8d1f82eb0d6b290cca7daed4e0095b462b04af (commit) from 0eae3397eac95c6b243a822668c6e8a2c24d5be8 (commit) - Log ----------------------------------------------------------------- commit 6c8d1f82eb0d6b290cca7daed4e0095b462b04af Author: Matt Caswell Date: Thu Mar 19 13:49:38 2015 +0000 Updates for new release ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 4 + news/secadv_20150319.txt | 332 +++++++++++++++++++++++++ news/vulnerabilities.xml | 633 ++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 958 insertions(+), 11 deletions(-) create mode 100644 news/secadv_20150319.txt diff --git a/news/newsflash.txt b/news/newsflash.txt index b429a49..b596da0 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,3 +1,7 @@ +19-Mar-2015: Security Advisory: twelve security fixes +19-Mar-2015: OpenSSL 1.0.1m is now available, including bug and security fixes +19-Mar-2015: OpenSSL 1.0.0r is now available, including bug and security fixes +19-Mar-2015: OpenSSL 0.9.8zf is now available, including bug and security fixes 22-Jan-2015: OpenSSL 1.0.2 is now available, a major release 15-Jan-2015: New releases to resolve Windows/OpenVMS compilation problems: 15-Jan-2015: OpenSSL 1.0.1l is now available, including bug fixes diff --git a/news/secadv_20150319.txt b/news/secadv_20150319.txt new file mode 100644 index 0000000..002736d --- /dev/null +++ b/news/secadv_20150319.txt @@ -0,0 +1,332 @@ +OpenSSL Security Advisory [19 Mar 2015] +======================================= + +OpenSSL 1.0.2 ClientHello sigalgs DoS (CVE-2015-0291) +===================================================== + +Severity: High + +If a client connects to an OpenSSL 1.0.2 server and renegotiates with an +invalid signature algorithms extension a NULL pointer dereference will occur. +This can be exploited in a DoS attack against the server. + +This issue affects OpenSSL version: 1.0.2 + +OpenSSL 1.0.2 users should upgrade to 1.0.2a. + +This issue was was reported to OpenSSL on 26th February 2015 by David Ramos +of Stanford University. The fix was developed by Stephen Henson and Matt +Caswell of the OpenSSL development team. + +Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204) +============================================================================ + +Severity: High + +This security issue was previously announced by the OpenSSL project and +classified as "low" severity. This severity rating has now been changed to +"high". + +This was classified low because it was originally thought that server RSA +export ciphersuite support was rare: a client was only vulnerable to a MITM +attack against a server which supports an RSA export ciphersuite. Recent +studies have shown that RSA export ciphersuites support is far more common. + +This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1k. +OpenSSL 1.0.0 users should upgrade to 1.0.0p. +OpenSSL 0.9.8 users should upgrade to 0.9.8zd. + +This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan +Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen +Henson of the OpenSSL core team. It was previously announced in the OpenSSL +security advisory on 8th January 2015. + +Multiblock corrupted pointer (CVE-2015-0290) +============================================ + +Severity: Moderate + +OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature +only applies on 64 bit x86 architecture platforms that support AES NI +instructions. A defect in the implementation of "multiblock" can cause OpenSSL's +internal write buffer to become incorrectly set to NULL when using non-blocking +IO. Typically, when the user application is using a socket BIO for writing, this +will only result in a failed connection. However if some other BIO is used then +it is likely that a segmentation fault will be triggered, thus enabling a +potential DoS attack. + +This issue affects OpenSSL version: 1.0.2 + +OpenSSL 1.0.2 users should upgrade to 1.0.2a. + +This issue was reported to OpenSSL on 13th February 2015 by Daniel Danner and +Rainer Mueller. The fix was developed by Matt Caswell of the OpenSSL development +team. + +Segmentation fault in DTLSv1_listen (CVE-2015-0207) +=================================================== + +Severity: Moderate + +The DTLSv1_listen function is intended to be stateless and processes the initial +ClientHello from many peers. It is common for user code to loop over the call to +DTLSv1_listen until a valid ClientHello is received with an associated cookie. A +defect in the implementation of DTLSv1_listen means that state is preserved in +the SSL object from one invocation to the next that can lead to a segmentation +fault. Errors processing the initial ClientHello can trigger this scenario. An +example of such an error could be that a DTLS1.0 only client is attempting to +connect to a DTLS1.2 only server. + +This issue affects OpenSSL version: 1.0.2 + +OpenSSL 1.0.2 DTLS users should upgrade to 1.0.2a. + +This issue was reported to OpenSSL on 27th January 2015 by Per Allansson. The +fix was developed by Matt Caswell of the OpenSSL development team. + +Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286) +=================================================== + +Severity: Moderate + +The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is +made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check +certificate signature algorithm consistency this can be used to crash any +certificate verification operation and exploited in a DoS attack. Any +application which performs certificate verification is vulnerable including +OpenSSL clients and servers which enable client authentication. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2a +OpenSSL 1.0.1 users should upgrade to 1.0.1m. +OpenSSL 1.0.0 users should upgrade to 1.0.0r. +OpenSSL 0.9.8 users should upgrade to 0.9.8zf. + +This issue was discovered and fixed by Stephen Henson of the OpenSSL +development team. + +Segmentation fault for invalid PSS parameters (CVE-2015-0208) +============================================================= + +Severity: Moderate + +The signature verification routines will crash with a NULL pointer +dereference if presented with an ASN.1 signature using the RSA PSS +algorithm and invalid parameters. Since these routines are used to verify +certificate signature algorithms this can be used to crash any +certificate verification operation and exploited in a DoS attack. Any +application which performs certificate verification is vulnerable including +OpenSSL clients and servers which enable client authentication. + +This issue affects OpenSSL version: 1.0.2 + +OpenSSL 1.0.2 users should upgrade to 1.0.2a + +This issue was was reported to OpenSSL on 31st January 2015 by Brian Carpenter +and a fix developed by Stephen Henson of the OpenSSL development team. + +ASN.1 structure reuse memory corruption (CVE-2015-0287) +======================================================= + +Severity: Moderate + +Reusing a structure in ASN.1 parsing may allow an attacker to cause +memory corruption via an invalid write. Such reuse is and has been +strongly discouraged and is believed to be rare. + +Applications that parse structures containing CHOICE or ANY DEFINED BY +components may be affected. Certificate parsing (d2i_X509 and related +functions) are however not affected. OpenSSL clients and servers are +not affected. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 +and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2a +OpenSSL 1.0.1 users should upgrade to 1.0.1m. +OpenSSL 1.0.0 users should upgrade to 1.0.0r. +OpenSSL 0.9.8 users should upgrade to 0.9.8zf. + +This issue was discovered by Emilia K?sper and a fix developed by +Stephen Henson of the OpenSSL development team. + +PKCS7 NULL pointer dereferences (CVE-2015-0289) +=============================================== + +Severity: Moderate + +The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. +An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with +missing content and trigger a NULL pointer dereference on parsing. + +Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or +otherwise parse PKCS#7 structures from untrusted sources are +affected. OpenSSL clients and servers are not affected. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 +and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2a +OpenSSL 1.0.1 users should upgrade to 1.0.1m. +OpenSSL 1.0.0 users should upgrade to 1.0.0r. +OpenSSL 0.9.8 users should upgrade to 0.9.8zf. + +This issue was reported to OpenSSL on February 16th 2015 by Michal +Zalewski (Google) and a fix developed by Emilia K?sper of the OpenSSL +development team. + +Base64 decode (CVE-2015-0292) +============================= + +Severity: Moderate + +A vulnerability existed in previous versions of OpenSSL related to the +processing of base64 encoded data. Any code path that reads base64 data from an +untrusted source could be affected (such as the PEM processing routines). +Maliciously crafted base 64 data could trigger a segmenation fault or memory +corruption. This was addressed in previous versions of OpenSSL but has not been +included in any security advisory until now. + +This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.1 users should upgrade to 1.0.1h. +OpenSSL 1.0.0 users should upgrade to 1.0.0m. +OpenSSL 0.9.8 users should upgrade to 0.9.8za. + +The fix for this issue can be identified by commits d0666f289a (1.0.1), +84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by +Robert Dugal and subsequently by David Ramos. + +DoS via reachable assert in SSLv2 servers (CVE-2015-0293) +========================================================= + +Severity: Moderate + +A malicious client can trigger an OPENSSL_assert (i.e., an abort) in +servers that both support SSLv2 and enable export cipher suites by sending +a specially crafted SSLv2 CLIENT-MASTER-KEY message. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 +and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2a +OpenSSL 1.0.1 users should upgrade to 1.0.1m. +OpenSSL 1.0.0 users should upgrade to 1.0.0r. +OpenSSL 0.9.8 users should upgrade to 0.9.8zf. + +This issue was discovered by Sean Burford (Google) and Emilia K?sper +(OpenSSL development team) in March 2015 and the fix was developed by +Emilia K?sper. + +Empty CKE with client auth and DHE (CVE-2015-1787) +================================================== + +Severity: Moderate + +If client auth is used then a server can seg fault in the event of a DHE +ciphersuite being selected and a zero length ClientKeyExchange message being +sent by the client. This could be exploited in a DoS attack. + +This issue affects OpenSSL version: 1.0.2 + +OpenSSL 1.0.2 users should upgrade to 1.0.2a. + +This issue was discovered and the fix was developed by Matt Caswell of the +OpenSSL development team. + +Handshake with unseeded PRNG (CVE-2015-0285) +============================================ + +Severity: Low + +Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with +an unseeded PRNG. The conditions are: +- The client is on a platform where the PRNG has not been seeded automatically, +and the user has not seeded manually +- A protocol specific client method version has been used (i.e. not +SSL_client_methodv23) +- A ciphersuite is used that does not require additional random data from the +PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). + +If the handshake succeeds then the client random that has been used will have +been generated from a PRNG with insufficient entropy and therefore the output +may be predictable. + +For example using the following command with an unseeded openssl will succeed on +an unpatched platform: + +openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA + +This issue affects OpenSSL version: 1.0.2 + +OpenSSL 1.0.2 users should upgrade to 1.0.2a. + +This issue was discovered and the fix was developed by Matt Caswell of the +OpenSSL development team. + +Use After Free following d2i_ECPrivatekey error (CVE-2015-0209) +=============================================================== + +Severity: Low + +A malformed EC private key file consumed via the d2i_ECPrivateKey function could +cause a use after free condition. This, in turn, could cause a double +free in several private key parsing functions (such as d2i_PrivateKey +or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption +for applications that receive EC private keys from untrusted +sources. This scenario is considered rare. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2a +OpenSSL 1.0.1 users should upgrade to 1.0.1m. +OpenSSL 1.0.0 users should upgrade to 1.0.0r. +OpenSSL 0.9.8 users should upgrade to 0.9.8zf. + +This issue was discovered by the BoringSSL project and fixed in their commit +517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL +development team. + +X509_to_X509_REQ NULL pointer deref (CVE-2015-0288) +=================================================== + +Severity: Low + +The function X509_to_X509_REQ will crash with a NULL pointer dereference if +the certificate key is invalid. This function is rarely used in practice. + +This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 +and 0.9.8. + +OpenSSL 1.0.2 users should upgrade to 1.0.2a +OpenSSL 1.0.1 users should upgrade to 1.0.1m. +OpenSSL 1.0.0 users should upgrade to 1.0.0r. +OpenSSL 0.9.8 users should upgrade to 0.9.8zf. + +This issue was discovered by Brian Carpenter and a fix developed by Stephen +Henson of the OpenSSL development team. + +Note +==== + +As per our previous announcements and our Release Strategy +(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions +1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these +releases will be provided after that date. Users of these releases are advised +to upgrade. + +References +========== + +URL for this Security Advisory: +https://www.openssl.org/news/secadv_20150319.txt + +Note: the online version of the advisory may be updated with additional +details over time. + +For details of OpenSSL severity classifications please see: +https://www.openssl.org/about/secpolicy.html + diff --git a/news/vulnerabilities.xml b/news/vulnerabilities.xml index f13418b..01d3ce5 100644 --- a/news/vulnerabilities.xml +++ b/news/vulnerabilities.xml @@ -5,9 +5,138 @@ 1.0.0 on 20100329 --> - - - + + + + + + + + +ClientHello sigalgs DoS. If a client connects to an OpenSSL 1.0.2 server and renegotiates with an +invalid signature algorithms extension a NULL pointer dereference will occur. +This can be exploited in a DoS attack against the server. + + + + + + + + + + + + +Multiblock corrupted pointer. +OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature +only applies on 64 bit x86 architecture platforms that support AES NI +instructions. A defect in the implementation of "multiblock" can cause OpenSSL's +internal write buffer to become incorrectly set to NULL when using non-blocking +IO. Typically, when the user application is using a socket BIO for writing, this +will only result in a failed connection. However if some other BIO is used then +it is likely that a segmentation fault will be triggered, thus enabling a +potential DoS attack. + + + + + + + + + + + + +Segmentation fault in DTLSv1_listen. +A defect in the implementation of DTLSv1_listen means that state is preserved in +the SSL object from one invocation to the next that can lead to a segmentation +fault. Errors processing the initial ClientHello can trigger this scenario. An +example of such an error could be that a DTLS1.0 only client is attempting to +connect to a DTLS1.2 only server. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Segmentation fault in ASN1_TYPE_cmp. +The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is +made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check +certificate signature algorithm consistency this can be used to crash any +certificate verification operation and exploited in a DoS attack. Any +application which performs certificate verification is vulnerable including +OpenSSL clients and servers which enable client authentication. + + + + + + + + + + + + +Segmentation fault for invalid PSS parameters. +The signature verification routines will crash with a NULL pointer +dereference if presented with an ASN.1 signature using the RSA PSS +algorithm and invalid parameters. Since these routines are used to verify +certificate signature algorithms this can be used to crash any +certificate verification operation and exploited in a DoS attack. Any +application which performs certificate verification is vulnerable including +OpenSSL clients and servers which enable client authentication. + + + + + + + + @@ -37,6 +166,8 @@ + + @@ -52,6 +183,8 @@ + + @@ -63,17 +196,443 @@ - - - + + + + + + + - A carefully crafted DTLS message can cause a segmentation fault in OpenSSL - due to a NULL pointer dereference. This could lead to a Denial Of Service - attack. +ASN.1 structure reuse memory corruption. +Reusing a structure in ASN.1 parsing may allow an attacker to cause +memory corruption via an invalid write. Such reuse is and has been +strongly discouraged and is believed to be rare. - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +PKCS#7 NULL pointer dereference. +The PKCS#7 parsing code does not handle missing outer ContentInfo correctly. +An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with +missing content and trigger a NULL pointer dereference on parsing. +Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or +otherwise parse PKCS#7 structures from untrusted sources are +affected. OpenSSL clients and servers are not affected. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +A vulnerability existed in previous versions of OpenSSL related to the +processing of base64 encoded data. Any code path that reads base64 data from an +untrusted source could be affected (such as the PEM processing routines). +Maliciously crafted base 64 data could trigger a segmenation fault or memory +corruption. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +DoS via reachable assert in SSLv2 servers. +A malicious client can trigger an OPENSSL_assert in +servers that both support SSLv2 and enable export cipher suites by sending +a specially crafted SSLv2 CLIENT-MASTER-KEY message. + + + + + + + + + + + + +Empty CKE with client auth and DHE. +If client auth is used then a server can seg fault in the event of a DHE +ciphersuite being selected and a zero length ClientKeyExchange message being +sent by the client. This could be exploited in a DoS attack. + + + + + + + + + + + + +Under certain conditions an OpenSSL 1.0.2 client can complete a handshake with +an unseeded PRNG. If the handshake succeeds then the client random that has been used will have +been generated from a PRNG with insufficient entropy and therefore the output +may be predictable. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Use After Free following d2i_ECPrivatekey error. +A malformed EC private key file consumed via the d2i_ECPrivateKey function could +cause a use after free condition. This, in turn, could cause a double +free in several private key parsing functions (such as d2i_PrivateKey +or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption +for applications that receive EC private keys from untrusted +sources. This scenario is considered rare. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +X509_to_X509_REQ NULL pointer deref. +The function X509_to_X509_REQ will crash with a NULL pointer dereference if +the certificate key is invalid. This function is rarely used in practice. + + + @@ -120,8 +679,60 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From matt at openssl.org Thu Mar 19 13:59:30 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 19 Mar 2015 13:59:30 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1426773570.228217.11859.nullmailer@dev.openssl.org> The branch master has been updated via acaa6ccdfffc2e4e3fbeb40e932db2e1bfbb3c3c (commit) from 6c8d1f82eb0d6b290cca7daed4e0095b462b04af (commit) - Log ----------------------------------------------------------------- commit acaa6ccdfffc2e4e3fbeb40e932db2e1bfbb3c3c Author: Matt Caswell Date: Thu Mar 19 13:59:22 2015 +0000 Add missing newsflash line ----------------------------------------------------------------------- Summary of changes: news/newsflash.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/news/newsflash.txt b/news/newsflash.txt index b596da0..889b480 100644 --- a/news/newsflash.txt +++ b/news/newsflash.txt @@ -1,4 +1,5 @@ 19-Mar-2015: Security Advisory: twelve security fixes +19-Mar-2015: OpenSSL 1.0.2a is now available, including bug and security fixes 19-Mar-2015: OpenSSL 1.0.1m is now available, including bug and security fixes 19-Mar-2015: OpenSSL 1.0.0r is now available, including bug and security fixes 19-Mar-2015: OpenSSL 0.9.8zf is now available, including bug and security fixes From matt at openssl.org Thu Mar 19 14:03:36 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 19 Mar 2015 14:03:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1426773816.263811.22026.nullmailer@dev.openssl.org> The branch master has been updated via 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f (commit) via 367eab2f9f1d1131356118507d21534558863365 (commit) via bdc234f3c362b211d9e9384da93f8a0ff212787e (commit) via c225c3cf9bd67297fb0c297768d69cbc03fbdab7 (commit) via e677e8d13595f7b3287f8feef7676feb301b0e8a (commit) via d3cc5e610d1719a35cda52c9152134b490a8c944 (commit) via 34e3edbf3a10953cb407288101fd56a629af22f9 (commit) via 09f06923e636019c39c807cb59c481375e720556 (commit) via 8106d61c354430d6bbbd7f8e7840a39efc0f5829 (commit) via e83ee04bb7de800cdb71d522fa562e99328003a3 (commit) via 1d2a18dc5a3b3363e17db5af8b6b0273856ac077 (commit) from 7ead0c89185c46378e3ed85c0012d083f4b3039b (commit) - Log ----------------------------------------------------------------- commit 5e5d53d341fd9a9b9cc0a58eb3690832ca7a511f Author: Matt Caswell Date: Thu Mar 19 10:16:32 2015 +0000 Fix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte commit 367eab2f9f1d1131356118507d21534558863365 Author: Matt Caswell Date: Wed Mar 18 10:10:01 2015 +0000 Update NEWS Resync NEWS with the latest version from 1.0.2 Reviewed-by: Richard Levitte commit bdc234f3c362b211d9e9384da93f8a0ff212787e Author: Matt Caswell Date: Wed Mar 18 09:35:22 2015 +0000 Update CHANGES Resync CHANGES with the latest version from 1.0.2. Reviewed-by: Richard Levitte commit c225c3cf9bd67297fb0c297768d69cbc03fbdab7 Author: Emilia Kasper Date: Fri Feb 27 16:52:23 2015 +0100 PKCS#7: avoid NULL pointer dereferences with missing content In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson commit e677e8d13595f7b3287f8feef7676feb301b0e8a Author: Dr. Stephen Henson Date: Mon Mar 9 23:11:45 2015 +0000 Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte commit d3cc5e610d1719a35cda52c9152134b490a8c944 Author: Matt Caswell Date: Tue Mar 10 16:38:32 2015 +0000 Fix DHE Null CKE vulnerability If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: Richard Levitte commit 34e3edbf3a10953cb407288101fd56a629af22f9 Author: Dr. Stephen Henson Date: Tue Mar 3 13:20:57 2015 +0000 Fix for CVE-2015-0291 If a client renegotiates using an invalid signature algorithms extension it will crash a server with a NULL pointer dereference. Thanks to David Ramos of Stanford University for reporting this bug. CVE-2015-0291 Reviewed-by: Tim Hudson commit 09f06923e636019c39c807cb59c481375e720556 Author: Dr. Stephen Henson Date: Mon Mar 9 23:16:33 2015 +0000 Reject invalid PSS parameters. Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: Tim Hudson commit 8106d61c354430d6bbbd7f8e7840a39efc0f5829 Author: Dr. Stephen Henson Date: Mon Feb 23 02:32:44 2015 +0000 Free up ADB and CHOICE if already initialised. CVE-2015-0287 Reviewed-by: Tim Hudson Reviewed-by: Emilia K??sper commit e83ee04bb7de800cdb71d522fa562e99328003a3 Author: Matt Caswell Date: Mon Mar 9 16:09:04 2015 +0000 Fix Seg fault in DTLSv1_listen The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next that can lead to a segmentation fault. Erorrs processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server. CVE-2015-0207 Reviewed-by: Richard Levitte commit 1d2a18dc5a3b3363e17db5af8b6b0273856ac077 Author: Matt Caswell Date: Mon Mar 2 09:27:10 2015 +0000 Multiblock corrupted pointer fix OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. CVE-2015-0290 Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: CHANGES | 496 +++++++++++++++++++++--------------------------- NEWS | 117 ++++-------- crypto/asn1/a_type.c | 3 + crypto/asn1/tasn_dec.c | 24 ++- crypto/asn1/x_x509.c | 12 +- crypto/ec/ec_asn1.c | 7 +- crypto/pkcs7/pk7_doit.c | 87 +++++++-- crypto/pkcs7/pk7_lib.c | 3 + crypto/rsa/rsa_ameth.c | 3 +- ssl/d1_lib.c | 3 + ssl/s3_pkt.c | 2 +- ssl/s3_srvr.c | 11 +- ssl/t1_lib.c | 16 +- 13 files changed, 389 insertions(+), 395 deletions(-) diff --git a/CHANGES b/CHANGES index 8d6fcaf..5dd7d8d 100644 --- a/CHANGES +++ b/CHANGES @@ -370,7 +370,170 @@ whose return value is often ignored. [Steve Henson] - Changes between 1.0.1k and 1.0.2 [xx XXX xxxx] + Changes between 1.0.2 and 1.0.2a [xx XXX xxxx] + + *) ClientHello sigalgs DoS fix + + If a client connects to an OpenSSL 1.0.2 server and renegotiates with an + invalid signature algorithms extension a NULL pointer dereference will + occur. This can be exploited in a DoS attack against the server. + + This issue was was reported to OpenSSL by David Ramos of Stanford + University. + (CVE-2015-0291) + [Stephen Henson and Matt Caswell] + + *) Multiblock corrupted pointer fix + + OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This + feature only applies on 64 bit x86 architecture platforms that support AES + NI instructions. A defect in the implementation of "multiblock" can cause + OpenSSL's internal write buffer to become incorrectly set to NULL when + using non-blocking IO. Typically, when the user application is using a + socket BIO for writing, this will only result in a failed connection. + However if some other BIO is used then it is likely that a segmentation + fault will be triggered, thus enabling a potential DoS attack. + + This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller. + (CVE-2015-0290) + [Matt Caswell] + + *) Segmentation fault in DTLSv1_listen fix + + The DTLSv1_listen function is intended to be stateless and processes the + initial ClientHello from many peers. It is common for user code to loop + over the call to DTLSv1_listen until a valid ClientHello is received with + an associated cookie. A defect in the implementation of DTLSv1_listen means + that state is preserved in the SSL object from one invocation to the next + that can lead to a segmentation fault. Errors processing the initial + ClientHello can trigger this scenario. An example of such an error could be + that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only + server. + + This issue was reported to OpenSSL by Per Allansson. + (CVE-2015-0207) + [Matt Caswell] + + *) Segmentation fault in ASN1_TYPE_cmp fix + + The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is + made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check + certificate signature algorithm consistency this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + (CVE-2015-0286) + [Stephen Henson] + + *) Segmentation fault for invalid PSS parameters fix + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and invalid parameters. Since these routines are used to verify + certificate signature algorithms this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + + This issue was was reported to OpenSSL by Brian Carpenter. + (CVE-2015-0208) + [Stephen Henson] + + *) ASN.1 structure reuse memory corruption fix + + Reusing a structure in ASN.1 parsing may allow an attacker to cause + memory corruption via an invalid write. Such reuse is and has been + strongly discouraged and is believed to be rare. + + Applications that parse structures containing CHOICE or ANY DEFINED BY + components may be affected. Certificate parsing (d2i_X509 and related + functions) are however not affected. OpenSSL clients and servers are + not affected. + (CVE-2015-0287) + [Stephen Henson] + + *) PKCS7 NULL pointer dereferences fix + + The PKCS#7 parsing code does not handle missing outer ContentInfo + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with + missing content and trigger a NULL pointer dereference on parsing. + + Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or + otherwise parse PKCS#7 structures from untrusted sources are + affected. OpenSSL clients and servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-0289) + [Emilia K?sper] + + *) DoS via reachable assert in SSLv2 servers fix + + A malicious client can trigger an OPENSSL_assert (i.e., an abort) in + servers that both support SSLv2 and enable export cipher suites by sending + a specially crafted SSLv2 CLIENT-MASTER-KEY message. + + This issue was discovered by Sean Burford (Google) and Emilia K?sper + (OpenSSL development team). + (CVE-2015-0293) + [Emilia K?sper] + + *) Empty CKE with client auth and DHE fix + + If client auth is used then a server can seg fault in the event of a DHE + ciphersuite being selected and a zero length ClientKeyExchange message + being sent by the client. This could be exploited in a DoS attack. + (CVE-2015-1787) + [Matt Caswell] + + *) Handshake with unseeded PRNG fix + + Under certain conditions an OpenSSL 1.0.2 client can complete a handshake + with an unseeded PRNG. The conditions are: + - The client is on a platform where the PRNG has not been seeded + automatically, and the user has not seeded manually + - A protocol specific client method version has been used (i.e. not + SSL_client_methodv23) + - A ciphersuite is used that does not require additional random data from + the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). + + If the handshake succeeds then the client random that has been used will + have been generated from a PRNG with insufficient entropy and therefore the + output may be predictable. + + For example using the following command with an unseeded openssl will + succeed on an unpatched platform: + + openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA + (CVE-2015-0285) + [Matt Caswell] + + *) Use After Free following d2i_ECPrivatekey error fix + + A malformed EC private key file consumed via the d2i_ECPrivateKey function + could cause a use after free condition. This, in turn, could cause a double + free in several private key parsing functions (such as d2i_PrivateKey + or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption + for applications that receive EC private keys from untrusted + sources. This scenario is considered rare. + + This issue was discovered by the BoringSSL project and fixed in their + commit 517073cd4b. + (CVE-2015-0209) + [Matt Caswell] + + *) X509_to_X509_REQ NULL pointer deref fix + + The function X509_to_X509_REQ will crash with a NULL pointer dereference if + the certificate key is invalid. This function is rarely used in practice. + + This issue was discovered by Brian Carpenter. + (CVE-2015-0288) + [Stephen Henson] + + *) Removed the export ciphers from the DEFAULT ciphers + [Kurt Roeckx] + + Changes between 1.0.1l and 1.0.2 [22 Jan 2015] *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. @@ -700,7 +863,35 @@ X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and X509_CINF_get_signature were reverted post internal team review. - Changes between 1.0.1j and 1.0.1k [xx XXX xxxx] + Changes between 1.0.1k and 1.0.1l [15 Jan 2015] + + *) Build fixes for the Windows and OpenVMS platforms + [Matt Caswell and Richard Levitte] + + Changes between 1.0.1j and 1.0.1k [8 Jan 2015] + + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. @@ -719,6 +910,17 @@ (CVE-2015-0204) [Steve Henson] + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. @@ -763,6 +965,17 @@ (CVE-2014-8275) [Steve Henson] + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable @@ -1419,63 +1632,6 @@ Add command line options to s_client/s_server. [Steve Henson] - Changes between 1.0.0j and 1.0.0k [5 Feb 2013] - - *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. - - This addresses the flaw in CBC record processing discovered by - Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ - - Thanks go to Nadhem Alfardan and Kenny Paterson of the Information - Security Group at Royal Holloway, University of London - (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. - (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] - - *) Return an error when checking OCSP signatures when key is NULL. - This fixes a DoS attack. (CVE-2013-0166) - [Steve Henson] - - *) Call OCSP Stapling callback after ciphersuite has been chosen, so - the right response is stapled. Also change SSL_get_certificate() - so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. - (This is a backport) - [Rob Stradling ] - - *) Fix possible deadlock when decoding public keys. - [Steve Henson] - - Changes between 1.0.0i and 1.0.0j [10 May 2012] - - [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after - OpenSSL 1.0.1.] - - *) Sanity check record length before skipping explicit IV in DTLS - to fix DoS attack. - - Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic - fuzzing as a service testing platform. - (CVE-2012-2333) - [Steve Henson] - - *) Initialise tkeylen properly when encrypting CMS messages. - Thanks to Solar Designer of Openwall for reporting this issue. - [Steve Henson] - - Changes between 1.0.0h and 1.0.0i [19 Apr 2012] - - *) Check for potentially exploitable overflows in asn1_d2i_read_bio - BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer - in CRYPTO_realloc_clean. - - Thanks to Tavis Ormandy, Google Security Team, for discovering this - issue and to Adam Langley for fixing it. - (CVE-2012-2110) - [Adam Langley (Google), Tavis Ormandy, Google Security Team] - Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness @@ -2466,228 +2622,6 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8x and 0.9.8y [5 Feb 2013] - - *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. - - This addresses the flaw in CBC record processing discovered by - Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ - - Thanks go to Nadhem Alfardan and Kenny Paterson of the Information - Security Group at Royal Holloway, University of London - (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. - (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] - - *) Return an error when checking OCSP signatures when key is NULL. - This fixes a DoS attack. (CVE-2013-0166) - [Steve Henson] - - *) Call OCSP Stapling callback after ciphersuite has been chosen, so - the right response is stapled. Also change SSL_get_certificate() - so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. - (This is a backport) - [Rob Stradling ] - - *) Fix possible deadlock when decoding public keys. - [Steve Henson] - - Changes between 0.9.8w and 0.9.8x [10 May 2012] - - *) Sanity check record length before skipping explicit IV in DTLS - to fix DoS attack. - - Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic - fuzzing as a service testing platform. - (CVE-2012-2333) - [Steve Henson] - - *) Initialise tkeylen properly when encrypting CMS messages. - Thanks to Solar Designer of Openwall for reporting this issue. - [Steve Henson] - - Changes between 0.9.8v and 0.9.8w [23 Apr 2012] - - *) The fix for CVE-2012-2110 did not take into account that the - 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an - int in OpenSSL 0.9.8, making it still vulnerable. Fix by - rejecting negative len parameter. (CVE-2012-2131) - [Tomas Hoger ] - - Changes between 0.9.8u and 0.9.8v [19 Apr 2012] - - *) Check for potentially exploitable overflows in asn1_d2i_read_bio - BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer - in CRYPTO_realloc_clean. - - Thanks to Tavis Ormandy, Google Security Team, for discovering this - issue and to Adam Langley for fixing it. - (CVE-2012-2110) - [Adam Langley (Google), Tavis Ormandy, Google Security Team] - - Changes between 0.9.8t and 0.9.8u [12 Mar 2012] - - *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness - in CMS and PKCS7 code. When RSA decryption fails use a random key for - content decryption and always return the same error. Note: this attack - needs on average 2^20 messages so it only affects automated senders. The - old behaviour can be reenabled in the CMS code by setting the - CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where - an MMA defence is not necessary. - Thanks to Ivan Nestlerode for discovering - this issue. (CVE-2012-0884) - [Steve Henson] - - *) Fix CVE-2011-4619: make sure we really are receiving a - client hello before rejecting multiple SGC restarts. Thanks to - Ivan Nestlerode for discovering this bug. - [Steve Henson] - - Changes between 0.9.8s and 0.9.8t [18 Jan 2012] - - *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. - Thanks to Antonio Martin, Enterprise Secure Access Research and - Development, Cisco Systems, Inc. for discovering this bug and - preparing a fix. (CVE-2012-0050) - [Antonio Martin] - - Changes between 0.9.8r and 0.9.8s [4 Jan 2012] - - *) Nadhem Alfardan and Kenny Paterson have discovered an extension - of the Vaudenay padding oracle attack on CBC mode encryption - which enables an efficient plaintext recovery attack against - the OpenSSL implementation of DTLS. Their attack exploits timing - differences arising during decryption processing. A research - paper describing this attack can be found at: - http://www.isg.rhul.ac.uk/~kp/dtls.pdf - Thanks go to Nadhem Alfardan and Kenny Paterson of the Information - Security Group at Royal Holloway, University of London - (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann - and Michael Tuexen - for preparing the fix. (CVE-2011-4108) - [Robin Seggelmann, Michael Tuexen] - - *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) - [Ben Laurie, Kasper ] - - *) Clear bytes used for block padding of SSL 3.0 records. - (CVE-2011-4576) - [Adam Langley (Google)] - - *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George - Kadianakis for discovering this issue and - Adam Langley for preparing the fix. (CVE-2011-4619) - [Adam Langley (Google)] - - *) Prevent malformed RFC3779 data triggering an assertion failure. - Thanks to Andrew Chi, BBN Technologies, for discovering the flaw - and Rob Austein for fixing it. (CVE-2011-4577) - [Rob Austein ] - - *) Fix ssl_ciph.c set-up race. - [Adam Langley (Google)] - - *) Fix spurious failures in ecdsatest.c. - [Emilia K?sper (Google)] - - *) Fix the BIO_f_buffer() implementation (which was mixing different - interpretations of the '..._len' fields). - [Adam Langley (Google)] - - *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than - BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent - threads won't reuse the same blinding coefficients. - - This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING - lock to call BN_BLINDING_invert_ex, and avoids one use of - BN_BLINDING_update for each BN_BLINDING structure (previously, - the last update always remained unused). - [Emilia K?sper (Google)] - - *) Fix SSL memory handling for (EC)DH ciphersuites, in particular - for multi-threaded use of ECDH. - [Adam Langley (Google)] - - *) Fix x509_name_ex_d2i memory leak on bad inputs. - [Bodo Moeller] - - *) Add protection against ECDSA timing attacks as mentioned in the paper - by Billy Bob Brumley and Nicola Tuveri, see: - - http://eprint.iacr.org/2011/232.pdf - - [Billy Bob Brumley and Nicola Tuveri] - - Changes between 0.9.8q and 0.9.8r [8 Feb 2011] - - *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 - [Neel Mehta, Adam Langley, Bodo Moeller (Google)] - - *) Fix bug in string printing code: if *any* escaping is enabled we must - escape the escape character (backslash) or the resulting string is - ambiguous. - [Steve Henson] - - Changes between 0.9.8p and 0.9.8q [2 Dec 2010] - - *) Disable code workaround for ancient and obsolete Netscape browsers - and servers: an attacker can use it in a ciphersuite downgrade attack. - Thanks to Martin Rex for discovering this bug. CVE-2010-4180 - [Steve Henson] - - *) Fixed J-PAKE implementation error, originally discovered by - Sebastien Martini, further info and confirmation from Stefan - Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 - [Ben Laurie] - - Changes between 0.9.8o and 0.9.8p [16 Nov 2010] - - *) Fix extension code to avoid race conditions which can result in a buffer - overrun vulnerability: resumed sessions must not be modified as they can - be shared by multiple threads. CVE-2010-3864 - [Steve Henson] - - *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 - [Steve Henson] - - *) Don't reencode certificate when calculating signature: cache and use - the original encoding instead. This makes signature verification of - some broken encodings work correctly. - [Steve Henson] - - *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT - is also one of the inputs. - [Emilia K?sper (Google)] - - *) Don't repeatedly append PBE algorithms to table if they already exist. - Sort table on each new add. This effectively makes the table read only - after all algorithms are added and subsequent calls to PKCS12_pbe_add - etc are non-op. - [Steve Henson] - - Changes between 0.9.8n and 0.9.8o [01 Jun 2010] - - [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after - OpenSSL 1.0.0.] - - *) Correct a typo in the CMS ASN1 module which can result in invalid memory - access or freeing data twice (CVE-2010-0742) - [Steve Henson, Ronald Moesbergen ] - - *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more - common in certificates and some applications which only call - SSL_library_init and not OpenSSL_add_all_algorithms() will fail. - [Steve Henson] - - *) VMS fixes: - Reduce copying into .apps and .test in makevms.com - Don't try to use blank CA certificate in CA.com - Allow use of C files from original directories in maketests.com - [Steven M. Schweda" ] - Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never diff --git a/NEWS b/NEWS index 1aa3ea7..cbf847a 100644 --- a/NEWS +++ b/NEWS @@ -5,7 +5,23 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.2 [in beta]: + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development] + + o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) + o Multiblock corrupted pointer fix (CVE-2015-0290) + o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207) + o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) + o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208) + o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) + o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) + o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) + o Empty CKE with client auth and DHE fix (CVE-2015-1787) + o Handshake with unseeded PRNG fix (CVE-2015-0285) + o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) + o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) + o Removed the export ciphers from the DEFAULT ciphers + + Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: o Suite B support for TLS 1.2 and DTLS 1.2 o Support for DTLS 1.2 @@ -16,6 +32,21 @@ o ALPN support. o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH. + Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] + + o Build fixes for the Windows and OpenVMS platforms + + Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] + + o Fix for CVE-2014-3571 + o Fix for CVE-2015-0206 + o Fix for CVE-2014-3569 + o Fix for CVE-2014-3572 + o Fix for CVE-2015-0204 + o Fix for CVE-2015-0205 + o Fix for CVE-2014-8275 + o Fix for CVE-2014-3570 + Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] o Fix for CVE-2014-3513 @@ -39,6 +70,7 @@ o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 + o Fix for CVE-2014-0198 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 @@ -98,23 +130,6 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. - Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014] - - o Fix for DTLS retransmission bug CVE-2013-6450 - - Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: - - o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 - o Fix OCSP bad key DoS attack CVE-2013-0166 - - Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: - - o Fix DTLS record length checking bug CVE-2012-2333 - - Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: - - o Fix for ASN1 overflow bug CVE-2012-2110 - Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 @@ -187,72 +202,6 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. - Major changes between OpenSSL 0.9.8y and OpenSSL 0.9.8za [5 Jun 2014]: - - o Fix for CVE-2014-0224 - o Fix for CVE-2014-0221 - o Fix for CVE-2014-0195 - o Fix for CVE-2014-3470 - o Fix for CVE-2014-0076 - o Fix for CVE-2010-5298 - o Fix to TLS alert handling. - - Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: - - o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 - o Fix OCSP bad key DoS attack CVE-2013-0166 - - Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: - - o Fix DTLS record length checking bug CVE-2012-2333 - - Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: - - o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) - - Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: - - o Fix for ASN1 overflow bug CVE-2012-2110 - - Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: - - o Fix for CMS/PKCS#7 MMA CVE-2012-0884 - o Corrected fix for CVE-2011-4619 - o Various DTLS fixes. - - Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: - - o Fix for DTLS DoS issue CVE-2012-0050 - - Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: - - o Fix for DTLS plaintext recovery attack CVE-2011-4108 - o Fix policy check double free error CVE-2011-4109 - o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 - o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 - o Check for malformed RFC3779 data CVE-2011-4577 - - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: - - o Fix for security issue CVE-2011-0014 - - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: - - o Fix for security issue CVE-2010-4180 - o Fix for CVE-2010-4252 - - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: - - o Fix for security issue CVE-2010-3864. - - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: - - o Fix for security issue CVE-2010-0742. - o Various DTLS fixes. - o Recognise SHA2 certificates if only SSL algorithms added. - o Fix for no-rc4 compilation. - o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 13ecfcd..e7ec49d 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -115,6 +115,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index abdeba4..3d62284 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -303,9 +303,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, case ASN1_ITYPE_CHOICE: if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; - - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) { + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -385,6 +392,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index f487dbb..36f6ff4 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -168,8 +168,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) { const unsigned char *q; X509 *ret; + int freeret = 0; + /* Save start position */ q = *pp; + + if(!a || *a == NULL) { + freeret = 1; + } ret = d2i_X509(a, pp, length); /* If certificate unreadable then forget it */ if (!ret) @@ -182,7 +188,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) goto err; return ret; err: - X509_free(ret); + if(freeret) { + X509_free(ret); + if (a) + *a = NULL; + } return NULL; } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 6ff94a3..b4b0e9f 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); return NULL; } - if (a) - *a = ret; } else ret = *a; if (!d2i_ECPKParameters(&ret->group, in, len)) { ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + if (a == NULL || *a != ret) + EC_KEY_free(ret); return NULL; } + if (a) + *a = ret; + return ret; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index f61d63b..25ac2df 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -261,6 +261,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) PKCS7_RECIP_INFO *ri = NULL; ASN1_OCTET_STRING *os = NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); + return NULL; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -411,6 +430,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) unsigned char *ek = NULL, *tkey = NULL; int eklen = 0, tkeylen = 0; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + return NULL; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -683,6 +712,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; ASN1_OCTET_STRING *os = NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); + return 0; + } + EVP_MD_CTX_init(&ctx_tmp); i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -722,6 +761,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; @@ -731,6 +771,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.digest->contents->d.data = NULL; } break; @@ -796,22 +837,30 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { - char *cont; - long contlen; - btmp = BIO_find_type(bio, BIO_TYPE_MEM); - if (btmp == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); - goto err; - } - contlen = BIO_get_mem_data(btmp, &cont); + if (!PKCS7_is_detached(p7)) { /* - * Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. + * NOTE(emilia): I think we only reach os == NULL here because detached + * digested data support is broken. */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + if (os == NULL) + goto err; + if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; + } + contlen = BIO_get_mem_data(btmp, &cont); + /* + * Mark the BIO read only then we can use its copy of the data + * instead of making an extra copy. + */ + BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(btmp, 0); + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } } ret = 1; err: @@ -886,6 +935,16 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, STACK_OF(X509) *cert; X509 *x509; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); + return 0; + } + if (PKCS7_type_is_signed(p7)) { cert = p7->d.sign->cert; } else if (PKCS7_type_is_signedAndEnveloped(p7)) { diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index c773812..0c5fcaa 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) nid = OBJ_obj2nid(p7->type); switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { ret = p7->detached = (int)larg; @@ -444,6 +445,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return (p7->d.sign->signer_info); } else if (PKCS7_type_is_signedAndEnveloped(p7)) { diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 5e8701a..6f4c104 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -703,9 +703,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } - if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey)) + if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { /* Carry on */ return 2; + } return -1; } diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 626cecb..e9a2fc5 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -546,6 +546,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 66fa9d1..cf02e49 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -804,7 +804,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = ssl3_write_pending(s, type, &buf[tot], nw); if (i <= 0) { - if (i < 0) { + if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { OPENSSL_free(wb->buf); wb->buf = NULL; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e5346b6..f8c7e37 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2233,10 +2233,17 @@ int ssl3_get_client_key_exchange(SSL *s) if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { int idx = -1; EVP_PKEY *skey = NULL; - if (n) + if (n > 1) { n2s(p, i); - else + } else { + if (alg_k & SSL_kDHE) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto f_err; + } i = 0; + } if (n && n != i + 2) { if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b6e878a..8b75dba 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2693,6 +2693,7 @@ int tls1_set_server_sigalgs(SSL *s) if (s->cert->shared_sigalgs) { OPENSSL_free(s->cert->shared_sigalgs); s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; } /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { @@ -3396,6 +3397,7 @@ static int tls1_set_shared_sigalgs(SSL *s) if (c->shared_sigalgs) { OPENSSL_free(c->shared_sigalgs); c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; } /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs && !is_suiteb) { @@ -3418,12 +3420,14 @@ static int tls1_set_shared_sigalgs(SSL *s) preflen = c->peer_sigalgslen; } nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); - if (!nmatch) - return 1; - salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); - if (!salgs) - return 0; - nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen); + if (nmatch) { + salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); + if (!salgs) + return 0; + nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen); + } else { + salgs = NULL; + } c->shared_sigalgs = salgs; c->shared_sigalgslen = nmatch; return 1; From matt at openssl.org Thu Mar 19 14:04:05 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 19 Mar 2015 14:04:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1426773845.975739.24660.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0d6d10d97d67a30fcfec029a0c90d1ae30c68b0b (commit) via 3df69d3aefde7671053d4e3c242b228e5d79c83f (commit) via 921095d4d3780623bfb0e2115026ceb6b6ef5a67 (commit) via 5cc6509dae697f0e74aaba73e1635f269a9c5e61 (commit) via 18029a3d0739284cadb309ea0fd498379b0bcfdb (commit) via 7b22e8d01f8e84b794fc62ada4c9de8ab2021879 (commit) via da947c9758791f25cc48c1a0ba323d567afd5f03 (commit) via 128b271c8d01eb761d42eae407085fe2e74cddea (commit) via a8b1e52ff45e1dac1c1b1636042dc8008888a7cd (commit) via d6e903d188a541ff2ccc8f3cbe795d312a5a92e5 (commit) via 86f8fb0e344d62454f8daf3e15236b2b59210756 (commit) via c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9 (commit) via c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1 (commit) via b19d8143212ae5fbc9cebfd51c01f802fabccd33 (commit) via 76343947ada960b6269090638f5391068daee88d (commit) via 4b22cce3812052fe64fc3f6d58d8cc884e3cb834 (commit) via b717b083073b6cacc0a5e2397b661678aff7ae7f (commit) via 819418110b6fff4a7b96f01a5d68f71df3e3b736 (commit) via 77c77f0a1b9f15b869ca3342186dfbedd1119d0e (commit) from 8b84495380098592ef7bb2fa9209ccb87803bf1d (commit) - Log ----------------------------------------------------------------- commit 0d6d10d97d67a30fcfec029a0c90d1ae30c68b0b Author: Matt Caswell Date: Thu Mar 19 13:34:56 2015 +0000 Prepare for 1.0.2b-dev Reviewed-by: Richard Levitte commit 3df69d3aefde7671053d4e3c242b228e5d79c83f Author: Matt Caswell Date: Thu Mar 19 13:31:16 2015 +0000 Prepare for 1.0.2a release Reviewed-by: Richard Levitte commit 921095d4d3780623bfb0e2115026ceb6b6ef5a67 Author: Matt Caswell Date: Thu Mar 19 13:31:16 2015 +0000 make update Reviewed-by: Richard Levitte commit 5cc6509dae697f0e74aaba73e1635f269a9c5e61 Author: Matt Caswell Date: Thu Mar 19 11:35:33 2015 +0000 Fix unsigned/signed warnings Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte commit 18029a3d0739284cadb309ea0fd498379b0bcfdb Author: Matt Caswell Date: Thu Mar 19 10:16:32 2015 +0000 Fix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte commit 7b22e8d01f8e84b794fc62ada4c9de8ab2021879 Author: Matt Caswell Date: Tue Mar 17 16:50:16 2015 +0000 Update NEWS file Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte commit da947c9758791f25cc48c1a0ba323d567afd5f03 Author: Matt Caswell Date: Tue Mar 17 16:36:37 2015 +0000 Update CHANGES for release Update CHANGES file with all the latest fixes ready for the release. Reviewed-by: Richard Levitte commit 128b271c8d01eb761d42eae407085fe2e74cddea Author: Matt Caswell Date: Tue Mar 17 16:44:44 2015 +0000 Fix discrepancy in NEWS file There was a discrepancy between the 1.0.2 version of NEWS and the 1.0.1 version. This fixes it. Reviewed-by: Richard Levitte commit a8b1e52ff45e1dac1c1b1636042dc8008888a7cd Author: Matt Caswell Date: Tue Mar 17 15:58:40 2015 +0000 Fix CHANGES discrepancies There were some discrepancies in the CHANGES file between the 1.0.1 version and 1.0.2. This corrects it. Reviewed-by: Richard Levitte commit d6e903d188a541ff2ccc8f3cbe795d312a5a92e5 Author: Matt Caswell Date: Wed Mar 18 09:48:03 2015 +0000 Remove overlapping CHANGES/NEWS entries Remove entries from CHANGES and NEWS from letter releases that occur *after* the next point release. Without this we get duplicate entries for the same issue appearing multiple times. Reviewed-by: Richard Levitte commit 86f8fb0e344d62454f8daf3e15236b2b59210756 Author: Emilia Kasper Date: Wed Mar 4 09:05:02 2015 -0800 Fix reachable assert in SSLv2 servers. This assert is reachable for servers that support SSLv2 and export ciphers. Therefore, such servers can be DoSed by sending a specially crafted SSLv2 CLIENT-MASTER-KEY. Also fix s2_srvr.c to error out early if the key lengths are malformed. These lengths are sent unencrypted, so this does not introduce an oracle. CVE-2015-0293 This issue was discovered by Sean Burford (Google) and Emilia K??sper of the OpenSSL development team. Reviewed-by: Richard Levitte Reviewed-by: Tim Hudson commit c0334c2c92dd1bc3ad8138ba6e74006c3631b0f9 Author: Emilia Kasper Date: Fri Feb 27 16:52:23 2015 +0100 PKCS#7: avoid NULL pointer dereferences with missing content In PKCS#7, the ASN.1 content component is optional. This typically applies to inner content (detached signatures), however we must also handle unexpected missing outer content correctly. This patch only addresses functions reachable from parsing, decryption and verification, and functions otherwise associated with reading potentially untrusted data. Correcting all low-level API calls requires further work. CVE-2015-0289 Thanks to Michal Zalewski (Google) for reporting this issue. Reviewed-by: Steve Henson commit c3c7fb07dc975dc3c9de0eddb7d8fd79fc9c67c1 Author: Dr. Stephen Henson Date: Mon Mar 9 23:11:45 2015 +0000 Fix ASN1_TYPE_cmp Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. CVE-2015-0286 Reviewed-by: Richard Levitte commit b19d8143212ae5fbc9cebfd51c01f802fabccd33 Author: Matt Caswell Date: Tue Mar 10 16:38:32 2015 +0000 Fix DHE Null CKE vulnerability If client auth is used then a server can seg fault in the event of a DHE cipher being used and a zero length ClientKeyExchange message being sent by the client. This could be exploited in a DoS attack. CVE-2015-1787 Reviewed-by: Richard Levitte commit 76343947ada960b6269090638f5391068daee88d Author: Dr. Stephen Henson Date: Tue Mar 3 13:20:57 2015 +0000 Fix for CVE-2015-0291 If a client renegotiates using an invalid signature algorithms extension it will crash a server with a NULL pointer dereference. Thanks to David Ramos of Stanford University for reporting this bug. CVE-2015-0291 Reviewed-by: Tim Hudson Conflicts: ssl/t1_lib.c commit 4b22cce3812052fe64fc3f6d58d8cc884e3cb834 Author: Dr. Stephen Henson Date: Mon Mar 9 23:16:33 2015 +0000 Reject invalid PSS parameters. Fix a bug where invalid PSS parameters are not rejected resulting in a NULL pointer exception. This can be triggered during certificate verification so could be a DoS attack against a client or a server enabling client authentication. Thanks to Brian Carpenter for reporting this issues. CVE-2015-0208 Reviewed-by: Tim Hudson commit b717b083073b6cacc0a5e2397b661678aff7ae7f Author: Dr. Stephen Henson Date: Mon Feb 23 02:32:44 2015 +0000 Free up ADB and CHOICE if already initialised. CVE-2015-0287 Reviewed-by: Tim Hudson Reviewed-by: Emilia K??sper commit 819418110b6fff4a7b96f01a5d68f71df3e3b736 Author: Matt Caswell Date: Mon Mar 9 16:09:04 2015 +0000 Fix Seg fault in DTLSv1_listen The DTLSv1_listen function is intended to be stateless and processes the initial ClientHello from many peers. It is common for user code to loop over the call to DTLSv1_listen until a valid ClientHello is received with an associated cookie. A defect in the implementation of DTLSv1_listen means that state is preserved in the SSL object from one invokation to the next that can lead to a segmentation fault. Erorrs processing the initial ClientHello can trigger this scenario. An example of such an error could be that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only server. CVE-2015-0207 Reviewed-by: Richard Levitte commit 77c77f0a1b9f15b869ca3342186dfbedd1119d0e Author: Matt Caswell Date: Mon Mar 2 09:27:10 2015 +0000 Multiblock corrupted pointer fix OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of "multiblock" can cause OpenSSL's internal write buffer to become incorrectly set to NULL when using non-blocking IO. Typically, when the user application is using a socket BIO for writing, this will only result in a failed connection. However if some other BIO is used then it is likely that a segmentation fault will be triggered, thus enabling a potential DoS attack. CVE-2015-0290 Reviewed-by: Richard Levitte Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: CHANGES | 529 +++++++++++++++++++----------------------------- NEWS | 88 ++------ README | 2 +- crypto/asn1/a_type.c | 3 + crypto/asn1/tasn_dec.c | 24 ++- crypto/asn1/x_x509.c | 12 +- crypto/bio/bio.h | 1 + crypto/bio/bio_err.c | 3 +- crypto/ec/ec_asn1.c | 7 +- crypto/opensslv.h | 6 +- crypto/pkcs7/pk7_doit.c | 87 ++++++-- crypto/pkcs7/pk7_lib.c | 3 + crypto/rsa/rsa_ameth.c | 3 +- openssl.spec | 2 +- ssl/d1_lib.c | 3 + ssl/s2_lib.c | 2 +- ssl/s2_srvr.c | 60 ++++-- ssl/s3_pkt.c | 2 +- ssl/s3_srvr.c | 11 +- ssl/t1_lib.c | 16 +- 20 files changed, 418 insertions(+), 446 deletions(-) diff --git a/CHANGES b/CHANGES index 11d93b6..4723703 100644 --- a/CHANGES +++ b/CHANGES @@ -2,51 +2,174 @@ OpenSSL CHANGES _______________ - Changes between 1.0.2 and 1.0.2a [xx XXX xxxx] + Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] - *) Removed the export ciphers from the DEFAULT ciphers - [Kurt Roeckx] + *) - Changes between 1.0.1l and 1.0.2 [22 Jan 2015] + Changes between 1.0.2 and 1.0.2a [19 Mar 2015] - *) SRTP Memory Leak. + *) ClientHello sigalgs DoS fix - A flaw in the DTLS SRTP extension parsing code allows an attacker, who - sends a carefully crafted handshake message, to cause OpenSSL to fail - to free up to 64k of memory causing a memory leak. This could be - exploited in a Denial Of Service attack. This issue affects OpenSSL - 1.0.1 server implementations for both SSL/TLS and DTLS regardless of - whether SRTP is used or configured. Implementations of OpenSSL that - have been compiled with OPENSSL_NO_SRTP defined are not affected. + If a client connects to an OpenSSL 1.0.2 server and renegotiates with an + invalid signature algorithms extension a NULL pointer dereference will + occur. This can be exploited in a DoS attack against the server. - The fix was developed by the OpenSSL team. - (CVE-2014-3513) - [OpenSSL team] + This issue was was reported to OpenSSL by David Ramos of Stanford + University. + (CVE-2015-0291) + [Stephen Henson and Matt Caswell] - *) Session Ticket Memory Leak. + *) Multiblock corrupted pointer fix - When an OpenSSL SSL/TLS/DTLS server receives a session ticket the - integrity of that ticket is first verified. In the event of a session - ticket integrity check failing, OpenSSL will fail to free memory - causing a memory leak. By sending a large number of invalid session - tickets an attacker could exploit this issue in a Denial Of Service - attack. - (CVE-2014-3567) - [Steve Henson] + OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This + feature only applies on 64 bit x86 architecture platforms that support AES + NI instructions. A defect in the implementation of "multiblock" can cause + OpenSSL's internal write buffer to become incorrectly set to NULL when + using non-blocking IO. Typically, when the user application is using a + socket BIO for writing, this will only result in a failed connection. + However if some other BIO is used then it is likely that a segmentation + fault will be triggered, thus enabling a potential DoS attack. - *) Build option no-ssl3 is incomplete. + This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller. + (CVE-2015-0290) + [Matt Caswell] - When OpenSSL is configured with "no-ssl3" as a build option, servers - could accept and complete a SSL 3.0 handshake, and clients could be - configured to send them. - (CVE-2014-3568) - [Akamai and the OpenSSL team] + *) Segmentation fault in DTLSv1_listen fix - *) Add support for TLS_FALLBACK_SCSV. - Client applications doing fallback retries should call - SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). - (CVE-2014-3566) - [Adam Langley, Bodo Moeller] + The DTLSv1_listen function is intended to be stateless and processes the + initial ClientHello from many peers. It is common for user code to loop + over the call to DTLSv1_listen until a valid ClientHello is received with + an associated cookie. A defect in the implementation of DTLSv1_listen means + that state is preserved in the SSL object from one invocation to the next + that can lead to a segmentation fault. Errors processing the initial + ClientHello can trigger this scenario. An example of such an error could be + that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only + server. + + This issue was reported to OpenSSL by Per Allansson. + (CVE-2015-0207) + [Matt Caswell] + + *) Segmentation fault in ASN1_TYPE_cmp fix + + The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is + made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check + certificate signature algorithm consistency this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + (CVE-2015-0286) + [Stephen Henson] + + *) Segmentation fault for invalid PSS parameters fix + + The signature verification routines will crash with a NULL pointer + dereference if presented with an ASN.1 signature using the RSA PSS + algorithm and invalid parameters. Since these routines are used to verify + certificate signature algorithms this can be used to crash any + certificate verification operation and exploited in a DoS attack. Any + application which performs certificate verification is vulnerable including + OpenSSL clients and servers which enable client authentication. + + This issue was was reported to OpenSSL by Brian Carpenter. + (CVE-2015-0208) + [Stephen Henson] + + *) ASN.1 structure reuse memory corruption fix + + Reusing a structure in ASN.1 parsing may allow an attacker to cause + memory corruption via an invalid write. Such reuse is and has been + strongly discouraged and is believed to be rare. + + Applications that parse structures containing CHOICE or ANY DEFINED BY + components may be affected. Certificate parsing (d2i_X509 and related + functions) are however not affected. OpenSSL clients and servers are + not affected. + (CVE-2015-0287) + [Stephen Henson] + + *) PKCS7 NULL pointer dereferences fix + + The PKCS#7 parsing code does not handle missing outer ContentInfo + correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with + missing content and trigger a NULL pointer dereference on parsing. + + Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or + otherwise parse PKCS#7 structures from untrusted sources are + affected. OpenSSL clients and servers are not affected. + + This issue was reported to OpenSSL by Michal Zalewski (Google). + (CVE-2015-0289) + [Emilia K?sper] + + *) DoS via reachable assert in SSLv2 servers fix + + A malicious client can trigger an OPENSSL_assert (i.e., an abort) in + servers that both support SSLv2 and enable export cipher suites by sending + a specially crafted SSLv2 CLIENT-MASTER-KEY message. + + This issue was discovered by Sean Burford (Google) and Emilia K?sper + (OpenSSL development team). + (CVE-2015-0293) + [Emilia K?sper] + + *) Empty CKE with client auth and DHE fix + + If client auth is used then a server can seg fault in the event of a DHE + ciphersuite being selected and a zero length ClientKeyExchange message + being sent by the client. This could be exploited in a DoS attack. + (CVE-2015-1787) + [Matt Caswell] + + *) Handshake with unseeded PRNG fix + + Under certain conditions an OpenSSL 1.0.2 client can complete a handshake + with an unseeded PRNG. The conditions are: + - The client is on a platform where the PRNG has not been seeded + automatically, and the user has not seeded manually + - A protocol specific client method version has been used (i.e. not + SSL_client_methodv23) + - A ciphersuite is used that does not require additional random data from + the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA). + + If the handshake succeeds then the client random that has been used will + have been generated from a PRNG with insufficient entropy and therefore the + output may be predictable. + + For example using the following command with an unseeded openssl will + succeed on an unpatched platform: + + openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA + (CVE-2015-0285) + [Matt Caswell] + + *) Use After Free following d2i_ECPrivatekey error fix + + A malformed EC private key file consumed via the d2i_ECPrivateKey function + could cause a use after free condition. This, in turn, could cause a double + free in several private key parsing functions (such as d2i_PrivateKey + or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption + for applications that receive EC private keys from untrusted + sources. This scenario is considered rare. + + This issue was discovered by the BoringSSL project and fixed in their + commit 517073cd4b. + (CVE-2015-0209) + [Matt Caswell] + + *) X509_to_X509_REQ NULL pointer deref fix + + The function X509_to_X509_REQ will crash with a NULL pointer dereference if + the certificate key is invalid. This function is rarely used in practice. + + This issue was discovered by Brian Carpenter. + (CVE-2015-0288) + [Stephen Henson] + + *) Removed the export ciphers from the DEFAULT ciphers + [Kurt Roeckx] + + Changes between 1.0.1l and 1.0.2 [22 Jan 2015] *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g. ARMv5 through ARMv8, as opposite to "locking" it to single one. @@ -383,6 +506,29 @@ Changes between 1.0.1j and 1.0.1k [8 Jan 2015] + *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS + message can cause a segmentation fault in OpenSSL due to a NULL pointer + dereference. This could lead to a Denial Of Service attack. Thanks to + Markus Stenberg of Cisco Systems, Inc. for reporting this issue. + (CVE-2014-3571) + [Steve Henson] + + *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the + dtls1_buffer_record function under certain conditions. In particular this + could occur if an attacker sent repeated DTLS records with the same + sequence number but for the next epoch. The memory leak could be exploited + by an attacker in a Denial of Service attack through memory exhaustion. + Thanks to Chris Mueller for reporting this issue. + (CVE-2015-0206) + [Matt Caswell] + + *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is + built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl + method would be set to NULL which could later result in a NULL pointer + dereference. Thanks to Frank Schmirler for reporting this issue. + (CVE-2014-3569) + [Kurt Roeckx] + *) Abort handshake if server key exchange message is omitted for ephemeral ECDH ciphersuites. @@ -400,6 +546,17 @@ (CVE-2015-0204) [Steve Henson] + *) Fixed issue where DH client certificates are accepted without verification. + An OpenSSL server will accept a DH certificate for client authentication + without the certificate verify message. This effectively allows a client to + authenticate without the use of a private key. This only affects servers + which trust a client certificate authority which issues certificates + containing DH keys: these are extremely rare and hardly ever encountered. + Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting + this issue. + (CVE-2015-0205) + [Steve Henson] + *) Ensure that the session ID context of an SSL is updated when its SSL_CTX is updated via SSL_set_SSL_CTX. @@ -444,6 +601,17 @@ (CVE-2014-8275) [Steve Henson] + *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect + results on some platforms, including x86_64. This bug occurs at random + with a very low probability, and is not known to be exploitable in any + way, though its exact impact is difficult to determine. Thanks to Pieter + Wuille (Blockstream) who reported this issue and also suggested an initial + fix. Further analysis was conducted by the OpenSSL development team and + Adam Langley of Google. The final fix was developed by Andy Polyakov of + the OpenSSL core team. + (CVE-2014-3570) + [Andy Polyakov] + *) Do not resume sessions on the server if the negotiated protocol version does not match the session's version. Resuming with a different version, while not strictly forbidden by the RFC, is of questionable @@ -603,18 +771,6 @@ bogus results, with non-infinity inputs mapped to infinity too.) [Bodo Moeller] - Changes between 1.0.1i and 1.0.1j [xx XXX xxxx] - - *) Add additional DigestInfo checks. - - Reencode DigestInto in DER and check against the original when - verifying RSA signature: this will reject any improperly encoded - DigestInfo structures. - - Note: this is a precautionary measure and no attacks are currently known. - - [Steve Henson] - Changes between 1.0.1g and 1.0.1h [5 Jun 2014] *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted @@ -1112,63 +1268,6 @@ Add command line options to s_client/s_server. [Steve Henson] - Changes between 1.0.0j and 1.0.0k [5 Feb 2013] - - *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. - - This addresses the flaw in CBC record processing discovered by - Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ - - Thanks go to Nadhem Alfardan and Kenny Paterson of the Information - Security Group at Royal Holloway, University of London - (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. - (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] - - *) Return an error when checking OCSP signatures when key is NULL. - This fixes a DoS attack. (CVE-2013-0166) - [Steve Henson] - - *) Call OCSP Stapling callback after ciphersuite has been chosen, so - the right response is stapled. Also change SSL_get_certificate() - so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. - (This is a backport) - [Rob Stradling ] - - *) Fix possible deadlock when decoding public keys. - [Steve Henson] - - Changes between 1.0.0i and 1.0.0j [10 May 2012] - - [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after - OpenSSL 1.0.1.] - - *) Sanity check record length before skipping explicit IV in DTLS - to fix DoS attack. - - Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic - fuzzing as a service testing platform. - (CVE-2012-2333) - [Steve Henson] - - *) Initialise tkeylen properly when encrypting CMS messages. - Thanks to Solar Designer of Openwall for reporting this issue. - [Steve Henson] - - Changes between 1.0.0h and 1.0.0i [19 Apr 2012] - - *) Check for potentially exploitable overflows in asn1_d2i_read_bio - BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer - in CRYPTO_realloc_clean. - - Thanks to Tavis Ormandy, Google Security Team, for discovering this - issue and to Adam Langley for fixing it. - (CVE-2012-2110) - [Adam Langley (Google), Tavis Ormandy, Google Security Team] - Changes between 1.0.0g and 1.0.0h [12 Mar 2012] *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness @@ -2159,228 +2258,6 @@ *) Change 'Configure' script to enable Camellia by default. [NTT] - Changes between 0.9.8x and 0.9.8y [5 Feb 2013] - - *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. - - This addresses the flaw in CBC record processing discovered by - Nadhem Alfardan and Kenny Paterson. Details of this attack can be found - at: http://www.isg.rhul.ac.uk/tls/ - - Thanks go to Nadhem Alfardan and Kenny Paterson of the Information - Security Group at Royal Holloway, University of London - (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and - Emilia K?sper for the initial patch. - (CVE-2013-0169) - [Emilia K?sper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] - - *) Return an error when checking OCSP signatures when key is NULL. - This fixes a DoS attack. (CVE-2013-0166) - [Steve Henson] - - *) Call OCSP Stapling callback after ciphersuite has been chosen, so - the right response is stapled. Also change SSL_get_certificate() - so it returns the certificate actually sent. - See http://rt.openssl.org/Ticket/Display.html?id=2836. - (This is a backport) - [Rob Stradling ] - - *) Fix possible deadlock when decoding public keys. - [Steve Henson] - - Changes between 0.9.8w and 0.9.8x [10 May 2012] - - *) Sanity check record length before skipping explicit IV in DTLS - to fix DoS attack. - - Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic - fuzzing as a service testing platform. - (CVE-2012-2333) - [Steve Henson] - - *) Initialise tkeylen properly when encrypting CMS messages. - Thanks to Solar Designer of Openwall for reporting this issue. - [Steve Henson] - - Changes between 0.9.8v and 0.9.8w [23 Apr 2012] - - *) The fix for CVE-2012-2110 did not take into account that the - 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an - int in OpenSSL 0.9.8, making it still vulnerable. Fix by - rejecting negative len parameter. (CVE-2012-2131) - [Tomas Hoger ] - - Changes between 0.9.8u and 0.9.8v [19 Apr 2012] - - *) Check for potentially exploitable overflows in asn1_d2i_read_bio - BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer - in CRYPTO_realloc_clean. - - Thanks to Tavis Ormandy, Google Security Team, for discovering this - issue and to Adam Langley for fixing it. - (CVE-2012-2110) - [Adam Langley (Google), Tavis Ormandy, Google Security Team] - - Changes between 0.9.8t and 0.9.8u [12 Mar 2012] - - *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness - in CMS and PKCS7 code. When RSA decryption fails use a random key for - content decryption and always return the same error. Note: this attack - needs on average 2^20 messages so it only affects automated senders. The - old behaviour can be reenabled in the CMS code by setting the - CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where - an MMA defence is not necessary. - Thanks to Ivan Nestlerode for discovering - this issue. (CVE-2012-0884) - [Steve Henson] - - *) Fix CVE-2011-4619: make sure we really are receiving a - client hello before rejecting multiple SGC restarts. Thanks to - Ivan Nestlerode for discovering this bug. - [Steve Henson] - - Changes between 0.9.8s and 0.9.8t [18 Jan 2012] - - *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. - Thanks to Antonio Martin, Enterprise Secure Access Research and - Development, Cisco Systems, Inc. for discovering this bug and - preparing a fix. (CVE-2012-0050) - [Antonio Martin] - - Changes between 0.9.8r and 0.9.8s [4 Jan 2012] - - *) Nadhem Alfardan and Kenny Paterson have discovered an extension - of the Vaudenay padding oracle attack on CBC mode encryption - which enables an efficient plaintext recovery attack against - the OpenSSL implementation of DTLS. Their attack exploits timing - differences arising during decryption processing. A research - paper describing this attack can be found at: - http://www.isg.rhul.ac.uk/~kp/dtls.pdf - Thanks go to Nadhem Alfardan and Kenny Paterson of the Information - Security Group at Royal Holloway, University of London - (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann - and Michael Tuexen - for preparing the fix. (CVE-2011-4108) - [Robin Seggelmann, Michael Tuexen] - - *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109) - [Ben Laurie, Kasper ] - - *) Clear bytes used for block padding of SSL 3.0 records. - (CVE-2011-4576) - [Adam Langley (Google)] - - *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George - Kadianakis for discovering this issue and - Adam Langley for preparing the fix. (CVE-2011-4619) - [Adam Langley (Google)] - - *) Prevent malformed RFC3779 data triggering an assertion failure. - Thanks to Andrew Chi, BBN Technologies, for discovering the flaw - and Rob Austein for fixing it. (CVE-2011-4577) - [Rob Austein ] - - *) Fix ssl_ciph.c set-up race. - [Adam Langley (Google)] - - *) Fix spurious failures in ecdsatest.c. - [Emilia K?sper (Google)] - - *) Fix the BIO_f_buffer() implementation (which was mixing different - interpretations of the '..._len' fields). - [Adam Langley (Google)] - - *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than - BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent - threads won't reuse the same blinding coefficients. - - This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING - lock to call BN_BLINDING_invert_ex, and avoids one use of - BN_BLINDING_update for each BN_BLINDING structure (previously, - the last update always remained unused). - [Emilia K?sper (Google)] - - *) Fix SSL memory handling for (EC)DH ciphersuites, in particular - for multi-threaded use of ECDH. - [Adam Langley (Google)] - - *) Fix x509_name_ex_d2i memory leak on bad inputs. - [Bodo Moeller] - - *) Add protection against ECDSA timing attacks as mentioned in the paper - by Billy Bob Brumley and Nicola Tuveri, see: - - http://eprint.iacr.org/2011/232.pdf - - [Billy Bob Brumley and Nicola Tuveri] - - Changes between 0.9.8q and 0.9.8r [8 Feb 2011] - - *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014 - [Neel Mehta, Adam Langley, Bodo Moeller (Google)] - - *) Fix bug in string printing code: if *any* escaping is enabled we must - escape the escape character (backslash) or the resulting string is - ambiguous. - [Steve Henson] - - Changes between 0.9.8p and 0.9.8q [2 Dec 2010] - - *) Disable code workaround for ancient and obsolete Netscape browsers - and servers: an attacker can use it in a ciphersuite downgrade attack. - Thanks to Martin Rex for discovering this bug. CVE-2010-4180 - [Steve Henson] - - *) Fixed J-PAKE implementation error, originally discovered by - Sebastien Martini, further info and confirmation from Stefan - Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252 - [Ben Laurie] - - Changes between 0.9.8o and 0.9.8p [16 Nov 2010] - - *) Fix extension code to avoid race conditions which can result in a buffer - overrun vulnerability: resumed sessions must not be modified as they can - be shared by multiple threads. CVE-2010-3864 - [Steve Henson] - - *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 - [Steve Henson] - - *) Don't reencode certificate when calculating signature: cache and use - the original encoding instead. This makes signature verification of - some broken encodings work correctly. - [Steve Henson] - - *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT - is also one of the inputs. - [Emilia K?sper (Google)] - - *) Don't repeatedly append PBE algorithms to table if they already exist. - Sort table on each new add. This effectively makes the table read only - after all algorithms are added and subsequent calls to PKCS12_pbe_add - etc are non-op. - [Steve Henson] - - Changes between 0.9.8n and 0.9.8o [01 Jun 2010] - - [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after - OpenSSL 1.0.0.] - - *) Correct a typo in the CMS ASN1 module which can result in invalid memory - access or freeing data twice (CVE-2010-0742) - [Steve Henson, Ronald Moesbergen ] - - *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more - common in certificates and some applications which only call - SSL_library_init and not OpenSSL_add_all_algorithms() will fail. - [Steve Henson] - - *) VMS fixes: - Reduce copying into .apps and .test in makevms.com - Don't try to use blank CA certificate in CA.com - Allow use of C files from original directories in maketests.com - [Steven M. Schweda" ] - Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never diff --git a/NEWS b/NEWS index 41e5bdb..6eefc32 100644 --- a/NEWS +++ b/NEWS @@ -5,10 +5,26 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. - Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [under development] + Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [under development] o + Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015] + + o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291) + o Multiblock corrupted pointer fix (CVE-2015-0290) + o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207) + o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286) + o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208) + o ASN.1 structure reuse memory corruption fix (CVE-2015-0287) + o PKCS7 NULL pointer dereferences fix (CVE-2015-0289) + o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293) + o Empty CKE with client auth and DHE fix (CVE-2015-1787) + o Handshake with unseeded PRNG fix (CVE-2015-0285) + o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209) + o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288) + o Removed the export ciphers from the DEFAULT ciphers + Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]: o Suite B support for TLS 1.2 and DTLS 1.2 @@ -58,6 +74,7 @@ o Fix for CVE-2014-0224 o Fix for CVE-2014-0221 + o Fix for CVE-2014-0198 o Fix for CVE-2014-0195 o Fix for CVE-2014-3470 o Fix for CVE-2010-5298 @@ -117,19 +134,6 @@ o Preliminary FIPS capability for unvalidated 2.0 FIPS module. o SRP support. - Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: - - o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 - o Fix OCSP bad key DoS attack CVE-2013-0166 - - Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: - - o Fix DTLS record length checking bug CVE-2012-2333 - - Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: - - o Fix for ASN1 overflow bug CVE-2012-2110 - Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: o Fix for CMS/PKCS#7 MMA CVE-2012-0884 @@ -202,62 +206,6 @@ o Opaque PRF Input TLS extension support. o Updated time routines to avoid OS limitations. - Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: - - o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 - o Fix OCSP bad key DoS attack CVE-2013-0166 - - Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: - - o Fix DTLS record length checking bug CVE-2012-2333 - - Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: - - o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) - - Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: - - o Fix for ASN1 overflow bug CVE-2012-2110 - - Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: - - o Fix for CMS/PKCS#7 MMA CVE-2012-0884 - o Corrected fix for CVE-2011-4619 - o Various DTLS fixes. - - Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: - - o Fix for DTLS DoS issue CVE-2012-0050 - - Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: - - o Fix for DTLS plaintext recovery attack CVE-2011-4108 - o Fix policy check double free error CVE-2011-4109 - o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 - o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 - o Check for malformed RFC3779 data CVE-2011-4577 - - Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: - - o Fix for security issue CVE-2011-0014 - - Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: - - o Fix for security issue CVE-2010-4180 - o Fix for CVE-2010-4252 - - Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: - - o Fix for security issue CVE-2010-3864. - - Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: - - o Fix for security issue CVE-2010-0742. - o Various DTLS fixes. - o Recognise SHA2 certificates if only SSL algorithms added. - o Fix for no-rc4 compilation. - o Chil ENGINE unload workaround. - Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: o CFB cipher definition fixes. diff --git a/README b/README index 89b7ac3..ad27d98 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.0.2a-dev + OpenSSL 1.0.2b-dev Copyright (c) 1998-2011 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 4a36aff..af79530 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -119,6 +119,9 @@ int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b) case V_ASN1_OBJECT: result = OBJ_cmp(a->value.object, b->value.object); break; + case V_ASN1_BOOLEAN: + result = a->value.boolean - b->value.boolean; + break; case V_ASN1_NULL: result = 0; /* They do not have content. */ break; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 4595664..7fd336a 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -304,9 +304,16 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, case ASN1_ITYPE_CHOICE: if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; - - /* Allocate structure */ - if (!*pval && !ASN1_item_ex_new(pval, it)) { + if (*pval) { + /* Free up and zero CHOICE value if initialised */ + i = asn1_get_choice_selector(pval, it); + if ((i >= 0) && (i < it->tcount)) { + tt = it->templates + i; + pchptr = asn1_get_field_ptr(pval, tt); + ASN1_template_free(pchptr, tt); + asn1_set_choice_selector(pval, -1, it); + } + } else if (!ASN1_item_ex_new(pval, it)) { ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -386,6 +393,17 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; + /* Free up and zero any ADB found */ + for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { + if (tt->flags & ASN1_TFLG_ADB_MASK) { + const ASN1_TEMPLATE *seqtt; + ASN1_VALUE **pseqval; + seqtt = asn1_do_adb(pval, tt, 1); + pseqval = asn1_get_field_ptr(pval, seqtt); + ASN1_template_free(pseqval, seqtt); + } + } + /* Get each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index cd838e0..55319ac 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -172,8 +172,14 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) { const unsigned char *q; X509 *ret; + int freeret = 0; + /* Save start position */ q = *pp; + + if(!a || *a == NULL) { + freeret = 1; + } ret = d2i_X509(a, pp, length); /* If certificate unreadable then forget it */ if (!ret) @@ -186,7 +192,11 @@ X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length) goto err; return ret; err: - X509_free(ret); + if(freeret) { + X509_free(ret); + if (a) + *a = NULL; + } return NULL; } diff --git a/crypto/bio/bio.h b/crypto/bio/bio.h index 60083bf..7878fb1 100644 --- a/crypto/bio/bio.h +++ b/crypto/bio/bio.h @@ -833,6 +833,7 @@ void ERR_load_BIO_strings(void); # define BIO_F_CONN_CTRL 127 # define BIO_F_CONN_STATE 115 # define BIO_F_DGRAM_SCTP_READ 132 +# define BIO_F_DGRAM_SCTP_WRITE 133 # define BIO_F_FILE_CTRL 116 # define BIO_F_FILE_READ 130 # define BIO_F_LINEBUFFER_CTRL 129 diff --git a/crypto/bio/bio_err.c b/crypto/bio/bio_err.c index e8d3027..d9007aa 100644 --- a/crypto/bio/bio_err.c +++ b/crypto/bio/bio_err.c @@ -1,6 +1,6 @@ /* crypto/bio/bio_err.c */ /* ==================================================================== - * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -96,6 +96,7 @@ static ERR_STRING_DATA BIO_str_functs[] = { {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"}, {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"}, {ERR_FUNC(BIO_F_DGRAM_SCTP_READ), "DGRAM_SCTP_READ"}, + {ERR_FUNC(BIO_F_DGRAM_SCTP_WRITE), "DGRAM_SCTP_WRITE"}, {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"}, {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"}, {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"}, diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 6ff94a3..b4b0e9f 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -1226,16 +1226,19 @@ EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len) ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE); return NULL; } - if (a) - *a = ret; } else ret = *a; if (!d2i_ECPKParameters(&ret->group, in, len)) { ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB); + if (a == NULL || *a != ret) + EC_KEY_free(ret); return NULL; } + if (a) + *a = ret; + return ret; } diff --git a/crypto/opensslv.h b/crypto/opensslv.h index f0a9432..654f72d 100644 --- a/crypto/opensslv.h +++ b/crypto/opensslv.h @@ -30,11 +30,11 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x10002010L +# define OPENSSL_VERSION_NUMBER 0x10002020L # ifdef OPENSSL_FIPS -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-fips-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2b-fips-dev xx XXX xxxx" # else -# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2a-dev xx XXX xxxx" +# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2b-dev xx XXX xxxx" # endif # define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index dd6f675..31a1b98 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -261,6 +261,25 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) PKCS7_RECIP_INFO *ri = NULL; ASN1_OCTET_STRING *os = NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + /* + * The content field in the PKCS7 ContentInfo is optional, but that really + * only applies to inner content (precisely, detached signatures). + * + * When reading content, missing outer content is therefore treated as an + * error. + * + * When creating content, PKCS7_content_new() must be called before + * calling this method, so a NULL p7->d is always an error. + */ + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); + return NULL; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -411,6 +430,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) unsigned char *ek = NULL, *tkey = NULL; int eklen = 0, tkeylen = 0; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER); + return NULL; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT); + return NULL; + } + i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -707,6 +736,16 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; ASN1_OCTET_STRING *os = NULL; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT); + return 0; + } + EVP_MD_CTX_init(&ctx_tmp); i = OBJ_obj2nid(p7->type); p7->state = PKCS7_S_HEADER; @@ -746,6 +785,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.sign->contents->d.data = NULL; } break; @@ -755,6 +795,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) /* If detached data then the content is excluded */ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { M_ASN1_OCTET_STRING_free(os); + os = NULL; p7->d.digest->contents->d.data = NULL; } break; @@ -820,22 +861,30 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); } - if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) { - char *cont; - long contlen; - btmp = BIO_find_type(bio, BIO_TYPE_MEM); - if (btmp == NULL) { - PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); - goto err; - } - contlen = BIO_get_mem_data(btmp, &cont); + if (!PKCS7_is_detached(p7)) { /* - * Mark the BIO read only then we can use its copy of the data - * instead of making an extra copy. + * NOTE(emilia): I think we only reach os == NULL here because detached + * digested data support is broken. */ - BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); - BIO_set_mem_eof_return(btmp, 0); - ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + if (os == NULL) + goto err; + if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { + char *cont; + long contlen; + btmp = BIO_find_type(bio, BIO_TYPE_MEM); + if (btmp == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); + goto err; + } + contlen = BIO_get_mem_data(btmp, &cont); + /* + * Mark the BIO read only then we can use its copy of the data + * instead of making an extra copy. + */ + BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); + BIO_set_mem_eof_return(btmp, 0); + ASN1_STRING_set0(os, (unsigned char *)cont, contlen); + } } ret = 1; err: @@ -910,6 +959,16 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, STACK_OF(X509) *cert; X509 *x509; + if (p7 == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER); + return 0; + } + + if (p7->d.ptr == NULL) { + PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT); + return 0; + } + if (PKCS7_type_is_signed(p7)) { cert = p7->d.sign->cert; } else if (PKCS7_type_is_signedAndEnveloped(p7)) { diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index c773812..0c5fcaa 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -70,6 +70,7 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) nid = OBJ_obj2nid(p7->type); switch (cmd) { + /* NOTE(emilia): does not support detached digested data. */ case PKCS7_OP_SET_DETACHED_SIGNATURE: if (nid == NID_pkcs7_signed) { ret = p7->detached = (int)larg; @@ -444,6 +445,8 @@ int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) { + if (p7 == NULL || p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) { return (p7->d.sign->signer_info); } else if (PKCS7_type_is_signedAndEnveloped(p7)) { diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index c7106a3..ca3922e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -698,9 +698,10 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } - if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey)) + if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) { /* Carry on */ return 2; + } return -1; } diff --git a/openssl.spec b/openssl.spec index 909f2bf..01f0617 100644 --- a/openssl.spec +++ b/openssl.spec @@ -6,7 +6,7 @@ Release: 1 Summary: Secure Sockets Layer and cryptography libraries and tools Name: openssl -Version: 1.0.2a +Version: 1.0.2b Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz License: OpenSSL Group: System Environment/Libraries diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 1f10054..ee78921 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -543,6 +543,9 @@ int dtls1_listen(SSL *s, struct sockaddr *client) { int ret; + /* Ensure there is no state left over from a previous invocation */ + SSL_clear(s); + SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE); s->d1->listen = 1; diff --git a/ssl/s2_lib.c b/ssl/s2_lib.c index f8a9439..d55b93f 100644 --- a/ssl/s2_lib.c +++ b/ssl/s2_lib.c @@ -493,7 +493,7 @@ int ssl2_generate_key_material(SSL *s) OPENSSL_assert(s->session->master_key_length >= 0 && s->session->master_key_length - < (int)sizeof(s->session->master_key)); + <= (int)sizeof(s->session->master_key)); EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length); EVP_DigestUpdate(&ctx, &c, 1); diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c index daba6dd..19bb48c 100644 --- a/ssl/s2_srvr.c +++ b/ssl/s2_srvr.c @@ -371,7 +371,8 @@ int ssl2_accept(SSL *s) static int get_client_master_key(SSL *s) { - int is_export, i, n, keya, ek; + int is_export, i, n, keya; + unsigned int ek; unsigned long len; unsigned char *p; const SSL_CIPHER *cp; @@ -454,11 +455,6 @@ static int get_client_master_key(SSL *s) SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY); return (-1); } - i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, - &(p[s->s2->tmp.clear]), - &(p[s->s2->tmp.clear]), - (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : - RSA_PKCS1_PADDING); is_export = SSL_C_IS_EXPORT(s->session->cipher); @@ -475,23 +471,61 @@ static int get_client_master_key(SSL *s) } else ek = 5; + /* + * The format of the CLIENT-MASTER-KEY message is + * 1 byte message type + * 3 bytes cipher + * 2-byte clear key length (stored in s->s2->tmp.clear) + * 2-byte encrypted key length (stored in s->s2->tmp.enc) + * 2-byte key args length (IV etc) + * clear key + * encrypted key + * key args + * + * If the cipher is an export cipher, then the encrypted key bytes + * are a fixed portion of the total key (5 or 8 bytes). The size of + * this portion is in |ek|. If the cipher is not an export cipher, + * then the entire key material is encrypted (i.e., clear key length + * must be zero). + */ + if ((!is_export && s->s2->tmp.clear != 0) || + (is_export && s->s2->tmp.clear + ek != (unsigned int)EVP_CIPHER_key_length(c))) { + ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH); + return -1; + } + /* + * The encrypted blob must decrypt to the encrypted portion of the key. + * Decryption can't be expanding, so if we don't have enough encrypted + * bytes to fit the key in the buffer, stop now. + */ + if ((is_export && s->s2->tmp.enc < ek) || + (!is_export && s->s2->tmp.enc < (unsigned int)EVP_CIPHER_key_length(c))) { + ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR); + SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT); + return -1; + } + + i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc, + &(p[s->s2->tmp.clear]), + &(p[s->s2->tmp.clear]), + (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING : + RSA_PKCS1_PADDING); + /* bad decrypt */ # if 1 /* * If a bad decrypt, continue with protocol but with a random master * secret (Bleichenbacher attack) */ - if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c))) - || (is_export && ((i != ek) - || (s->s2->tmp.clear + - (unsigned int)i != (unsigned int) - EVP_CIPHER_key_length(c)))))) { + if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c)) + || (is_export && i != (int)ek))) { ERR_clear_error(); if (is_export) i = ek; else i = EVP_CIPHER_key_length(c); - if (RAND_pseudo_bytes(p, i) <= 0) + if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0) return 0; } # else @@ -513,7 +547,7 @@ static int get_client_master_key(SSL *s) # endif if (is_export) - i += s->s2->tmp.clear; + i = EVP_CIPHER_key_length(c); if (i > SSL_MAX_MASTER_KEY_LENGTH) { ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 4e6a41b..221ae03 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -785,7 +785,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) i = ssl3_write_pending(s, type, &buf[tot], nw); if (i <= 0) { - if (i < 0) { + if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) { OPENSSL_free(wb->buf); wb->buf = NULL; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 9e6ab01..c016139 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2251,10 +2251,17 @@ int ssl3_get_client_key_exchange(SSL *s) if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) { int idx = -1; EVP_PKEY *skey = NULL; - if (n) + if (n > 1) { n2s(p, i); - else + } else { + if (alg_k & SSL_kDHE) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, + SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG); + goto f_err; + } i = 0; + } if (n && n != i + 2) { if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 6e991e0..d85d26e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2967,6 +2967,7 @@ int tls1_set_server_sigalgs(SSL *s) if (s->cert->shared_sigalgs) { OPENSSL_free(s->cert->shared_sigalgs); s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; } /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { @@ -3620,6 +3621,7 @@ static int tls1_set_shared_sigalgs(SSL *s) if (c->shared_sigalgs) { OPENSSL_free(c->shared_sigalgs); c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; } /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs && !is_suiteb) { @@ -3642,12 +3644,14 @@ static int tls1_set_shared_sigalgs(SSL *s) preflen = c->peer_sigalgslen; } nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen); - if (!nmatch) - return 1; - salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); - if (!salgs) - return 0; - nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen); + if (nmatch) { + salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS)); + if (!salgs) + return 0; + nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen); + } else { + salgs = NULL; + } c->shared_sigalgs = salgs; c->shared_sigalgslen = nmatch; return 1; From matt at openssl.org Thu Mar 19 14:04:46 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 19 Mar 2015 14:04:46 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1426773886.352596.28636.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via a6a704f448364b0840adefdcd922527b36232804 (commit) via 506c1068801fdeef5cb00f2053854bf56150fb6d (commit) via 686d82a7a22a37a1a9aefa8b4f36ca049921af0b (commit) via 8ca79fcbf45ea2ed505679be20e1a8a4c3df07cf (commit) via a4517be9e348634ac64f9cf093131e13e8c03e38 (commit) via 6e24e1cdd20d568ca11a95943f34c6031c60a1df (commit) via ffc69bd9421068db6161b8201a9a1f3ceaf908d7 (commit) via 82123b5e9415d336a0d15efcaae1b52683fa00e7 (commit) via cd56a08d4e1dcae6a0ad8a5b39512fb80ccd1b73 (commit) via e2acb69c760f681b070a20defe5510272492a7e8 (commit) via c982285ab63adeb473197d54d246d120bf60778b (commit) via b485d976340d3ca080060c3c7dee9102e2200762 (commit) from 636c42d747deb5cab78b66566e5feb4ffd61d15d (commit) - Log ----------------------------------------------------------------- commit a6a704f448364b0840adefdcd922527b36232804 Author: Matt Caswell Date: Thu Mar 19 13:41:07 2015 +0000 Prepare for 1.0.1n-dev Reviewed-by: Richard Levitte commit 506c1068801fdeef5cb00f2053854bf56150fb6d Author: Matt Caswell Date: Thu Mar 19 13:38:37 2015 +0000 Prepare for 1.0.1m release Reviewed-by: Richard Levitte commit 686d82a7a22a37a1a9aefa8b4f36ca049921af0b Author: Matt Caswell Date: Thu Mar 19 13:38:37 2015 +0000 make update Reviewed-by: Richard Levitte commit 8ca79fcbf45ea2ed505679be20e1a8a4c3df07cf Author: Matt Caswell Date: Thu Mar 19 11:35:33 2015 +0000 Fix unsigned/signed warnings Fix some unsigned/signed warnings introduced as part of the fix for CVE-2015-0293 Reviewed-by: Tim Hudson Reviewed-by: Richard Levitte commit a4517be9e348634ac64f9cf093131e13e8c03e38 Author: Matt Caswell Date: Thu Mar 19 10:16:32 2015 +0000 Fix a failure to NULL a pointer freed on error. Reported by the LibreSSL project as a follow on to CVE-2015-0209 Reviewed-by: Richard Levitte commit 6e24e1cdd20d568ca11a95943f34c6031c60a1df Author: Matt Caswell Date: Tue Mar 17 17:01:09 2015 +0000 Update NEWS file Update the NEWS file with the latest entries from CHANGES ready for the release. Reviewed-by: Richard Levitte commit ffc69bd9421068db6161b8201a9a1f3ceaf908d7 Author: Matt Caswell Date: Tue Mar 17 16:56:27 2015 +0000 Update CHANGES for release Update CHANGES fiel with all the latest fixes ready for the release. Reviewed-by: Richard Levitte commit 82123b5e9415d336a0d15efcaae1b52683fa00e7 Author: Matt Caswell