From rsalz at openssl.org Fri May 1 01:37:38 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 01:37:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430444258.585778.9855.nullmailer@dev.openssl.org> The branch master has been updated via 23a1d5e97cd543d2b8e1b01dbf0f619b2e5ce540 (commit) from 34166d41892643a36ad2d1f53cc0025e2edc2a39 (commit) - Log ----------------------------------------------------------------- commit 23a1d5e97cd543d2b8e1b01dbf0f619b2e5ce540 Author: Rich Salz Date: Thu Apr 30 21:37:06 2015 -0400 free NULL cleanup 7 This gets BN_.*free: BN_BLINDING_free BN_CTX_free BN_FLG_FREE BN_GENCB_free BN_MONT_CTX_free BN_RECP_CTX_free BN_clear_free BN_free BUF_MEM_free Also fix a call to DSA_SIG_free to ccgost engine and remove some #ifdef'd dead code in engines/e_ubsec. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 3 +- apps/ca.c | 6 +-- apps/dsaparam.c | 3 +- apps/ecparam.c | 18 +++------ apps/genrsa.c | 6 +-- apps/s_client.c | 12 ++---- apps/s_server.c | 3 +- crypto/asn1/a_object.c | 6 +-- crypto/bn/bn_blind.c | 20 ++++------ crypto/bn/bn_depr.c | 8 ++-- crypto/bn/bn_exp.c | 6 +-- crypto/bn/bn_exp2.c | 2 +- crypto/bn/bn_lib.c | 3 +- crypto/bn/bn_mod.c | 3 +- crypto/bn/bn_prime.c | 8 ++-- crypto/bn/bn_print.c | 3 +- crypto/bn/bn_sqrt.c | 3 +- crypto/dh/dh_ameth.c | 3 +- crypto/dh/dh_check.c | 3 +- crypto/dh/dh_key.c | 13 +++--- crypto/dh/dh_lib.c | 21 ++++------ crypto/dh/dh_pmeth.c | 9 ++--- crypto/dsa/dsa_ameth.c | 9 ++--- crypto/dsa/dsa_gen.c | 37 ++++++----------- crypto/dsa/dsa_key.c | 13 +++--- crypto/dsa/dsa_lib.c | 21 ++++------ crypto/dsa/dsa_ossl.c | 32 ++++++--------- crypto/dsa/dsa_pmeth.c | 6 +-- crypto/ec/ec2_mult.c | 3 +- crypto/ec/ec2_oct.c | 12 ++---- crypto/ec/ec2_smpl.c | 33 ++++++---------- crypto/ec/ec_ameth.c | 9 ++--- crypto/ec/ec_asn1.c | 44 ++++++++------------- crypto/ec/ec_check.c | 3 +- crypto/ec/ec_curve.c | 21 ++++------ crypto/ec/ec_key.c | 20 ++++------ crypto/ec/ec_lib.c | 36 ++++++----------- crypto/ec/ec_mult.c | 6 +-- crypto/ec/eck_prn.c | 21 ++++------ crypto/ec/ecp_mont.c | 60 ++++++++++------------------ crypto/ec/ecp_nist.c | 9 ++--- crypto/ec/ecp_nistp224.c | 9 ++--- crypto/ec/ecp_nistp256.c | 9 ++--- crypto/ec/ecp_nistp521.c | 9 ++--- crypto/ec/ecp_nistz256.c | 6 +-- crypto/ec/ecp_oct.c | 12 ++---- crypto/ec/ecp_smpl.c | 45 +++++++-------------- crypto/ecdh/ech_ossl.c | 3 +- crypto/ecdsa/ecs_ossl.c | 35 ++++++---------- crypto/objects/obj_dat.c | 6 +-- crypto/pem/pvkfmt.c | 3 +- crypto/rsa/rsa_chk.c | 18 +++------ crypto/rsa/rsa_crpt.c | 13 +++--- crypto/rsa/rsa_depr.c | 6 +-- crypto/rsa/rsa_eay.c | 77 +++++++++++++----------------------- crypto/rsa/rsa_gen.c | 14 +++---- crypto/rsa/rsa_lib.c | 30 +++++--------- crypto/rsa/rsa_pmeth.c | 3 +- crypto/rsa/rsa_x931g.c | 13 +++--- crypto/srp/srp_lib.c | 6 +-- demos/engines/zencod/hw_zencod.c | 10 ++--- doc/crypto/BN_BLINDING_new.pod | 1 + doc/crypto/BN_CTX_new.pod | 1 + doc/crypto/BN_generate_prime.pod | 4 +- doc/crypto/BN_mod_mul_montgomery.pod | 1 + doc/crypto/BN_mod_mul_reciprocal.pod | 1 + doc/crypto/BN_new.pod | 1 + engines/ccgost/gost2001.c | 27 ++++++------- engines/ccgost/gost_ameth.c | 20 +++++----- engines/ccgost/gost_sign.c | 30 +++++--------- engines/e_cswift.c | 16 +++----- engines/e_ubsec.c | 40 +------------------ ssl/tls_srp.c | 12 ++---- test/bntest.c | 33 ++++++---------- test/dhtest.c | 3 +- test/dsatest.c | 3 +- test/ecdhtest.c | 18 +++------ test/ecdsatest.c | 12 ++---- test/ectest.c | 6 +-- test/ssltest.c | 6 +-- 80 files changed, 385 insertions(+), 734 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 904629b..d68594a 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1532,6 +1532,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) { BIGNUM *btmp; int ret = 0; + if (b) btmp = b; else @@ -1549,7 +1550,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai) error: - if (!b) + if (btmp != b) BN_free(btmp); return ret; diff --git a/apps/ca.c b/apps/ca.c index bc7c3fd..b703b42 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1289,10 +1289,8 @@ end_of_options: if (!save_serial(crlnumberfile, "new", crlnumber, NULL)) goto end; - if (crlnumber) { - BN_free(crlnumber); - crlnumber = NULL; - } + BN_free(crlnumber); + crlnumber = NULL; if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts)) goto end; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index afc8a82..62d5fe7 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -328,8 +328,7 @@ int dsaparam_main(int argc, char **argv) app_RAND_write_file(NULL); ret = 0; end: - if (cb != NULL) - BN_GENCB_free(cb); + BN_GENCB_free(cb); BIO_free(in); BIO_free_all(out); DSA_free(dsa); diff --git a/apps/ecparam.c b/apps/ecparam.c index 5b39e83..082df26 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -483,18 +483,12 @@ int ecparam_main(int argc, char **argv) ret = 0; end: - if (ec_p) - BN_free(ec_p); - if (ec_a) - BN_free(ec_a); - if (ec_b) - BN_free(ec_b); - if (ec_gen) - BN_free(ec_gen); - if (ec_order) - BN_free(ec_order); - if (ec_cofactor) - BN_free(ec_cofactor); + BN_free(ec_p); + BN_free(ec_a); + BN_free(ec_b); + BN_free(ec_gen); + BN_free(ec_order); + BN_free(ec_cofactor); if (buffer) OPENSSL_free(buffer); BIO_free(in); diff --git a/apps/genrsa.c b/apps/genrsa.c index 7d0466a..a3c00d8 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -214,10 +214,8 @@ int genrsa_main(int argc, char **argv) ret = 0; end: - if (bn) - BN_free(bn); - if (cb) - BN_GENCB_free(cb); + BN_free(bn); + BN_GENCB_free(cb); RSA_free(rsa); BIO_free_all(out); if (passout) diff --git a/apps/s_client.c b/apps/s_client.c index e7e6684..8d8340d 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -241,8 +241,7 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, if (!ret) { BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); + BN_free(bn); return 0; } @@ -320,12 +319,9 @@ static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) BN_mod_exp(r, g, p, N, bn_ctx) && BN_add_word(r, 1) && BN_cmp(r, N) == 0; - if (r) - BN_free(r); - if (p) - BN_free(p); - if (bn_ctx) - BN_CTX_free(bn_ctx); + BN_free(r); + BN_free(p); + BN_CTX_free(bn_ctx); return ret; } diff --git a/apps/s_server.c b/apps/s_server.c index ef32d5a..a616b64 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -315,8 +315,7 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity, if (!ret) { BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", psk_key); - if (bn) - BN_free(bn); + BN_free(bn); return 0; } if (BN_num_bytes(bn) > (int)max_psk_len) { diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 2b5a494..1e76122 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -201,14 +201,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) } if (tmp != ftmp) OPENSSL_free(tmp); - if (bl) - BN_free(bl); + BN_free(bl); return (len); err: if (tmp != ftmp) OPENSSL_free(tmp); - if (bl) - BN_free(bl); + BN_free(bl); return (0); } diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index f045904..659638b 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -166,8 +166,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) CRYPTO_THREADID_current(&ret->tid); return (ret); err: - if (ret != NULL) - BN_BLINDING_free(ret); + BN_BLINDING_free(ret); return (NULL); } @@ -176,14 +175,10 @@ void BN_BLINDING_free(BN_BLINDING *r) if (r == NULL) return; - if (r->A != NULL) - BN_free(r->A); - if (r->Ai != NULL) - BN_free(r->Ai); - if (r->e != NULL) - BN_free(r->e); - if (r->mod != NULL) - BN_free(r->mod); + BN_free(r->A); + BN_free(r->Ai); + BN_free(r->e); + BN_free(r->mod); OPENSSL_free(r); } @@ -331,8 +326,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, goto err; if (e != NULL) { - if (ret->e != NULL) - BN_free(ret->e); + BN_free(ret->e); ret->e = BN_dup(e); } if (ret->e == NULL) @@ -374,7 +368,7 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, return ret; err: - if (b == NULL && ret != NULL) { + if (b == NULL) { BN_BLINDING_free(ret); ret = NULL; } diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index 34895f5..bc15f83 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -73,7 +73,6 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, { BN_GENCB cb; BIGNUM *rnd = NULL; - int found = 0; BN_GENCB_set_old(&cb, callback, cb_arg); @@ -86,11 +85,10 @@ BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, goto err; /* we have a prime :-) */ - found = 1; + return ret; err: - if (!found && (ret == NULL) && (rnd != NULL)) - BN_free(rnd); - return (found ? rnd : NULL); + BN_free(rnd); + return NULL; } int BN_is_prime(const BIGNUM *a, int checks, diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 153a970..28c3693 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -564,7 +564,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); @@ -1127,7 +1127,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); @@ -1277,7 +1277,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, } ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index 43fd204..e36c23b 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -295,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, goto err; ret = 1; err: - if ((in_mont == NULL) && (mont != NULL)) + if (in_mont == NULL) BN_MONT_CTX_free(mont); BN_CTX_end(ctx); bn_check_top(rr); diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 9cffba8..2c5e2b2 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -541,8 +541,7 @@ BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) i = ((n - 1) / BN_BYTES) + 1; m = ((n - 1) % (BN_BYTES)); if (bn_wexpand(ret, (int)i) == NULL) { - if (bn) - BN_free(bn); + BN_free(bn); return NULL; } ret->top = i; diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index e0ed478..e4763ff 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -254,8 +254,7 @@ int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); bn_check_top(r); - if (abs_m) - BN_free(abs_m); + BN_free(abs_m); return ret; } diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index 2a7822e..ebfcd97 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -285,10 +285,9 @@ int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, /* we have a prime :-) */ found = 1; err: - if (ctx != NULL) { + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); bn_check_top(ret); return found; } @@ -397,8 +396,7 @@ int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, if (ctx_passed == NULL) BN_CTX_free(ctx); } - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_MONT_CTX_free(mont); return (ret); } diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 9b03240..8b59e78 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -158,8 +158,7 @@ char *BN_bn2dec(const BIGNUM *a) err: if (bn_data != NULL) OPENSSL_free(bn_data); - if (t != NULL) - BN_free(t); + BN_free(t); if (!ok && buf) { OPENSSL_free(buf); buf = NULL; diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 232af99..ab691b7 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -398,9 +398,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) end: if (err) { - if (ret != NULL && ret != in) { + if (ret != in) BN_clear_free(ret); - } ret = NULL; } BN_CTX_end(ctx); diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index f3abe07..6a4223c 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -463,8 +463,7 @@ static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src) return 0; } else a = NULL; - if (*dst) - BN_free(*dst); + BN_free(*dst); *dst = a; return 1; } diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index 7a8e063..b8b3890 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -159,7 +159,6 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) ok = 1; err: - if (q != NULL) - BN_free(q); + BN_free(q); return (ok); } diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 9e2c8b2..e2f48b1 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -172,12 +172,10 @@ static int generate_key(DH *dh) prk = priv_key; if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) { - if (local_prk) - BN_free(local_prk); + BN_free(local_prk); goto err; } - if (local_prk) - BN_free(local_prk); + BN_free(local_prk); } dh->pub_key = pub_key; @@ -187,9 +185,9 @@ static int generate_key(DH *dh) if (ok != 1) DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB); - if ((pub_key != NULL) && (dh->pub_key == NULL)) + if (pub_key != dh->pub_key) BN_free(pub_key); - if ((priv_key != NULL) && (dh->priv_key == NULL)) + if (priv_key != dh->priv_key) BN_free(priv_key); BN_CTX_free(ctx); return (ok); @@ -273,7 +271,6 @@ static int dh_init(DH *dh) static int dh_finish(DH *dh) { - if (dh->method_mont_p) - BN_MONT_CTX_free(dh->method_mont_p); + BN_MONT_CTX_free(dh->method_mont_p); return (1); } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 68a54a6..74bad4d 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -194,22 +194,15 @@ void DH_free(DH *r) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); - if (r->p != NULL) - BN_clear_free(r->p); - if (r->g != NULL) - BN_clear_free(r->g); - if (r->q != NULL) - BN_clear_free(r->q); - if (r->j != NULL) - BN_clear_free(r->j); + BN_clear_free(r->p); + BN_clear_free(r->g); + BN_clear_free(r->q); + BN_clear_free(r->j); if (r->seed) OPENSSL_free(r->seed); - if (r->counter != NULL) - BN_clear_free(r->counter); - if (r->pub_key != NULL) - BN_clear_free(r->pub_key); - if (r->priv_key != NULL) - BN_clear_free(r->priv_key); + BN_clear_free(r->counter); + BN_clear_free(r->pub_key); + BN_clear_free(r->priv_key); OPENSSL_free(r); } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index e3ebc02..069b855 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -383,8 +383,7 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) if (dctx->use_dsa) { DSA *dsa_dh; dsa_dh = dsa_dh_generate(dctx, pcb); - if (pcb) - BN_GENCB_free(pcb); + BN_GENCB_free(pcb); if (!dsa_dh) return 0; dh = DSA_dup_DH(dsa_dh); @@ -397,14 +396,12 @@ static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) #endif dh = DH_new(); if (!dh) { - if (pcb) - BN_GENCB_free(pcb); + BN_GENCB_free(pcb); return 0; } ret = DH_generate_parameters_ex(dh, dctx->prime_len, dctx->generator, pcb); - if (pcb) - BN_GENCB_free(pcb); + BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DH(pkey, dh); else diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index 76fc2ce..e26ca84 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -366,20 +366,17 @@ static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) if ((a = BN_dup(from->pkey.dsa->p)) == NULL) return 0; - if (to->pkey.dsa->p != NULL) - BN_free(to->pkey.dsa->p); + BN_free(to->pkey.dsa->p); to->pkey.dsa->p = a; if ((a = BN_dup(from->pkey.dsa->q)) == NULL) return 0; - if (to->pkey.dsa->q != NULL) - BN_free(to->pkey.dsa->q); + BN_free(to->pkey.dsa->q); to->pkey.dsa->q = a; if ((a = BN_dup(from->pkey.dsa->g)) == NULL) return 0; - if (to->pkey.dsa->g != NULL) - BN_free(to->pkey.dsa->g); + BN_free(to->pkey.dsa->g); to->pkey.dsa->g = a; return 1; } diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 3506bc3..1827de8 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -326,12 +326,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, ok = 1; err: if (ok) { - if (ret->p) - BN_free(ret->p); - if (ret->q) - BN_free(ret->q); - if (ret->g) - BN_free(ret->g); + BN_free(ret->p); + BN_free(ret->q); + BN_free(ret->g); ret->p = BN_dup(p); ret->q = BN_dup(q); ret->g = BN_dup(g); @@ -346,12 +343,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, if (seed_out) memcpy(seed_out, seed, qsize); } - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_CTX_free(ctx); + BN_MONT_CTX_free(mont); return ok; } @@ -631,17 +626,14 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, err: if (ok == 1) { if (p != ret->p) { - if (ret->p) - BN_free(ret->p); + BN_free(ret->p); ret->p = BN_dup(p); } if (q != ret->q) { - if (ret->q) - BN_free(ret->q); + BN_free(ret->q); ret->q = BN_dup(q); } - if (ret->g) - BN_free(ret->g); + BN_free(ret->g); ret->g = BN_dup(g); if (ret->p == NULL || ret->q == NULL || ret->g == NULL) { ok = -1; @@ -656,12 +648,10 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, OPENSSL_free(seed); if (seed_out != seed_tmp) OPENSSL_free(seed_tmp); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_CTX_free(ctx); + BN_MONT_CTX_free(mont); EVP_MD_CTX_cleanup(&mctx); return ok; } @@ -696,8 +686,7 @@ int dsa_paramgen_check_g(DSA *dsa) rv = 0; err: BN_CTX_end(ctx); - if (mont) - BN_MONT_CTX_free(mont); + BN_MONT_CTX_free(mont); BN_CTX_free(ctx); return rv; diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 1c05b0f..ff01dec 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -111,12 +111,10 @@ static int dsa_builtin_keygen(DSA *dsa) prk = priv_key; if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) { - if (local_prk != NULL) - BN_free(local_prk); + BN_free(local_prk); goto err; } - if (local_prk != NULL) - BN_free(local_prk); + BN_free(local_prk); } dsa->priv_key = priv_key; @@ -124,11 +122,10 @@ static int dsa_builtin_keygen(DSA *dsa) ok = 1; err: - if ((pub_key != NULL) && (dsa->pub_key == NULL)) + if (pub_key != dsa->pub_key) BN_free(pub_key); - if ((priv_key != NULL) && (dsa->priv_key == NULL)) + if (priv_key != dsa->priv_key) BN_free(priv_key); - if (ctx != NULL) - BN_CTX_free(ctx); + BN_CTX_free(ctx); return (ok); } diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 5cf1824..aec1b36 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -202,20 +202,13 @@ void DSA_free(DSA *r) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); - if (r->p != NULL) - BN_clear_free(r->p); - if (r->q != NULL) - BN_clear_free(r->q); - if (r->g != NULL) - BN_clear_free(r->g); - if (r->pub_key != NULL) - BN_clear_free(r->pub_key); - if (r->priv_key != NULL) - BN_clear_free(r->priv_key); - if (r->kinv != NULL) - BN_clear_free(r->kinv); - if (r->r != NULL) - BN_clear_free(r->r); + BN_clear_free(r->p); + BN_clear_free(r->q); + BN_clear_free(r->g); + BN_clear_free(r->pub_key); + BN_clear_free(r->priv_key); + BN_clear_free(r->kinv); + BN_clear_free(r->r); OPENSSL_free(r); } diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 325eac4..cd63211 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -214,12 +214,10 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) BN_free(r); BN_free(s); } - if (ctx != NULL) - BN_CTX_free(ctx); + BN_CTX_free(ctx); BN_clear_free(m); BN_clear_free(xr); - if (kinv != NULL) /* dsa->kinv is NULL now if we used it */ - BN_clear_free(kinv); + BN_clear_free(kinv); return (ret); } @@ -313,21 +311,18 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL) goto err; - if (*kinvp != NULL) - BN_clear_free(*kinvp); + BN_clear_free(*kinvp); *kinvp = kinv; kinv = NULL; - if (*rp != NULL) - BN_clear_free(*rp); + BN_clear_free(*rp); *rp = r; ret = 1; err: if (!ret) { DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB); - if (r != NULL) - BN_clear_free(r); + BN_clear_free(r); } - if (ctx_in == NULL) + if (ctx != ctx_in) BN_CTX_free(ctx); BN_clear_free(k); BN_clear_free(kq); @@ -422,14 +417,10 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, err: if (ret < 0) DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB); - if (ctx != NULL) - BN_CTX_free(ctx); - if (u1) - BN_free(u1); - if (u2) - BN_free(u2); - if (t1) - BN_free(t1); + BN_CTX_free(ctx); + BN_free(u1); + BN_free(u2); + BN_free(t1); return (ret); } @@ -441,7 +432,6 @@ static int dsa_init(DSA *dsa) static int dsa_finish(DSA *dsa) { - if (dsa->method_mont_p) - BN_MONT_CTX_free(dsa->method_mont_p); + BN_MONT_CTX_free(dsa->method_mont_p); return (1); } diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 6a47047..c119209 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -253,14 +253,12 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) pcb = NULL; dsa = DSA_new(); if (!dsa) { - if (pcb) - BN_GENCB_free(pcb); + BN_GENCB_free(pcb); return 0; } ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd, NULL, 0, NULL, NULL, NULL, pcb); - if (pcb) - BN_GENCB_free(pcb); + BN_GENCB_free(pcb); if (ret) EVP_PKEY_assign_DSA(pkey, dsa); else diff --git a/crypto/ec/ec2_mult.c b/crypto/ec/ec2_mult.c index 635c0a5..2049dc5 100644 --- a/crypto/ec/ec2_mult.c +++ b/crypto/ec/ec2_mult.c @@ -439,8 +439,7 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, err: EC_POINT_free(p); EC_POINT_free(acc); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 614c371..821c371 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -160,8 +160,7 @@ int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -278,15 +277,13 @@ size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (used_ctx) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; err: if (used_ctx) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return 0; } @@ -396,8 +393,7 @@ int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } #endif diff --git a/crypto/ec/ec2_smpl.c b/crypto/ec/ec2_smpl.c index c1fb63d..d6a41a4 100644 --- a/crypto/ec/ec2_smpl.c +++ b/crypto/ec/ec2_smpl.c @@ -135,12 +135,9 @@ int ec_GF2m_simple_group_init(EC_GROUP *group) group->b = BN_new(); if (!group->field || !group->a || !group->b) { - if (group->field) - BN_free(group->field); - if (group->a) - BN_free(group->a); - if (group->b) - BN_free(group->b); + BN_free(group->field); + BN_free(group->a); + BN_free(group->b); return 0; } return 1; @@ -318,8 +315,7 @@ int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, err: if (ctx != NULL) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -331,12 +327,9 @@ int ec_GF2m_simple_point_init(EC_POINT *point) point->Z = BN_new(); if (!point->X || !point->Y || !point->Z) { - if (point->X) - BN_free(point->X); - if (point->Y) - BN_free(point->Y); - if (point->Z) - BN_free(point->Z); + BN_free(point->X); + BN_free(point->Y); + BN_free(point->Z); return 0; } return 1; @@ -569,8 +562,7 @@ int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -663,8 +655,7 @@ int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, err: if (ctx) BN_CTX_end(ctx); - if (new_ctx) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -716,8 +707,7 @@ int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, err: if (ctx) BN_CTX_end(ctx); - if (new_ctx) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -758,8 +748,7 @@ int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, err: if (ctx) BN_CTX_end(ctx); - if (new_ctx) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 6b34be3..0554c20 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -500,12 +500,9 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) err: if (!ret) ECerr(EC_F_DO_EC_KEY_PRINT, reason); - if (pub_key) - BN_free(pub_key); - if (order) - BN_free(order); - if (ctx) - BN_CTX_free(ctx); + BN_free(pub_key); + BN_free(order); + BN_CTX_free(ctx); if (buffer != NULL) OPENSSL_free(buffer); return (ret); diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 36dcb96..5976a2f 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -421,8 +421,8 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field) ok = 1; - err:if (tmp) - BN_free(tmp); + err: + BN_free(tmp); return (ok); } @@ -524,21 +524,19 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) ok = 1; - err:if (buffer_1) + err: + if (buffer_1) OPENSSL_free(buffer_1); if (buffer_2) OPENSSL_free(buffer_2); - if (tmp_1) - BN_free(tmp_1); - if (tmp_2) - BN_free(tmp_2); + BN_free(tmp_1); + BN_free(tmp_2); return (ok); } static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, ECPARAMETERS *param) { - int ok = 0; size_t len = 0; ECPARAMETERS *ret = NULL; BIGNUM *tmp = NULL; @@ -624,18 +622,15 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, } } - ok = 1; + return ret; - err:if (!ok) { - if (ret && !param) - ECPARAMETERS_free(ret); - ret = NULL; - } - if (tmp) - BN_free(tmp); + err: + if (!param) + ECPARAMETERS_free(ret); + BN_free(tmp); if (buffer) OPENSSL_free(buffer); - return (ret); + return NULL; } ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, @@ -891,10 +886,8 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) /* extract the cofactor (optional) */ if (params->cofactor == NULL) { - if (b) { - BN_free(b); - b = NULL; - } + BN_free(b); + b = NULL; } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB); goto err; @@ -913,12 +906,9 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) ret = NULL; } - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); + BN_free(p); + BN_free(a); + BN_free(b); EC_POINT_free(point); return (ret); } diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c index 422ca87..1d44ad2 100644 --- a/crypto/ec/ec_check.c +++ b/crypto/ec/ec_check.c @@ -112,8 +112,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx) err: if (ctx != NULL) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); EC_POINT_free(point); return ret; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index d79637d..8bba3bc 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3115,20 +3115,13 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) group = NULL; } EC_POINT_free(P); - if (ctx) - BN_CTX_free(ctx); - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); - if (order) - BN_free(order); - if (x) - BN_free(x); - if (y) - BN_free(y); + BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(order); + BN_free(x); + BN_free(y); return group; } diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index dbd91d6..4c588e8 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -122,8 +122,7 @@ void EC_KEY_free(EC_KEY *r) EC_GROUP_free(r->group); EC_POINT_free(r->pub_key); - if (r->priv_key != NULL) - BN_clear_free(r->priv_key); + BN_clear_free(r->priv_key); EC_EX_DATA_free_all_data(&r->method_data); @@ -266,14 +265,12 @@ int EC_KEY_generate_key(EC_KEY *eckey) ok = 1; err: - if (order) - BN_free(order); + BN_free(order); if (eckey->pub_key == NULL) EC_POINT_free(pub_key); - if (priv_key != NULL && eckey->priv_key == NULL) + if (eckey->priv_key != priv_key) BN_free(priv_key); - if (ctx != NULL) - BN_CTX_free(ctx); + BN_CTX_free(ctx); return (ok); } @@ -339,8 +336,7 @@ int EC_KEY_check_key(const EC_KEY *eckey) } ok = 1; err: - if (ctx != NULL) - BN_CTX_free(ctx); + BN_CTX_free(ctx); EC_POINT_free(point); return (ok); } @@ -413,8 +409,7 @@ int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, ok = 1; err: - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); EC_POINT_free(point); return ok; @@ -439,8 +434,7 @@ const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key) int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) { - if (key->priv_key) - BN_clear_free(key->priv_key); + BN_clear_free(key->priv_key); key->priv_key = BN_dup(priv_key); return (key->priv_key == NULL) ? 0 : 1; } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index b2a5d79..1f51f74 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -117,10 +117,8 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return ret; err: - if (ret->order) - BN_free(ret->order); - if (ret->cofactor) - BN_free(ret->cofactor); + BN_free(ret->order); + BN_free(ret->cofactor); OPENSSL_free(ret); return NULL; } @@ -135,8 +133,7 @@ void EC_GROUP_free(EC_GROUP *group) EC_EX_DATA_free_all_data(&group->extra_data); - if (group->mont_data) - BN_MONT_CTX_free(group->mont_data); + BN_MONT_CTX_free(group->mont_data); EC_POINT_free(group->generator); BN_free(group->order); @@ -160,8 +157,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) EC_EX_DATA_clear_free_all_data(&group->extra_data); - if (group->mont_data) - BN_MONT_CTX_free(group->mont_data); + BN_MONT_CTX_free(group->mont_data); EC_POINT_clear_free(group->generator); BN_clear_free(group->order); @@ -208,10 +204,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; } else { /* src->generator == NULL */ - if (dest->mont_data != NULL) { - BN_MONT_CTX_free(dest->mont_data); - dest->mont_data = NULL; - } + BN_MONT_CTX_free(dest->mont_data); + dest->mont_data = NULL; } if (src->generator != NULL) { @@ -507,8 +501,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) b3 = BN_CTX_get(ctx); if (!b3) { BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); + BN_CTX_free(ctx_new); return -1; } @@ -535,8 +528,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) !EC_GROUP_get_cofactor(a, a2, ctx) || !EC_GROUP_get_cofactor(b, b2, ctx)) { BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); + BN_CTX_free(ctx_new); return -1; } if (BN_cmp(a1, b1) || BN_cmp(a2, b2)) @@ -544,8 +536,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx) } BN_CTX_end(ctx); - if (ctx_new) - BN_CTX_free(ctx); + BN_CTX_free(ctx_new); return r; } @@ -1093,10 +1084,8 @@ int ec_precompute_mont_data(EC_GROUP *group) BN_CTX *ctx = BN_CTX_new(); int ret = 0; - if (group->mont_data) { - BN_MONT_CTX_free(group->mont_data); - group->mont_data = NULL; - } + BN_MONT_CTX_free(group->mont_data); + group->mont_data = NULL; if (ctx == NULL) goto err; @@ -1115,7 +1104,6 @@ int ec_precompute_mont_data(EC_GROUP *group) err: - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); return ret; } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 6dabfc8..b4723fb 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -553,8 +553,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); EC_POINT_free(tmp); if (wsize != NULL) OPENSSL_free(wsize); @@ -746,8 +745,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) err: if (ctx != NULL) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); if (pre_comp) ec_pre_comp_free(pre_comp); if (points) { diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index e1f5b69..6eb5291 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -318,20 +318,13 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) err: if (!ret) ECerr(EC_F_ECPKPARAMETERS_PRINT, reason); - if (p) - BN_free(p); - if (a) - BN_free(a); - if (b) - BN_free(b); - if (gen) - BN_free(gen); - if (order) - BN_free(order); - if (cofactor) - BN_free(cofactor); - if (ctx) - BN_CTX_free(ctx); + BN_free(p); + BN_free(a); + BN_free(b); + BN_free(gen); + BN_free(order); + BN_free(cofactor); + BN_CTX_free(ctx); if (buffer != NULL) OPENSSL_free(buffer); return (ret); diff --git a/crypto/ec/ecp_mont.c b/crypto/ec/ecp_mont.c index bc9fd47..af914aa 100644 --- a/crypto/ec/ecp_mont.c +++ b/crypto/ec/ecp_mont.c @@ -122,40 +122,28 @@ int ec_GFp_mont_group_init(EC_GROUP *group) void ec_GFp_mont_group_finish(EC_GROUP *group) { - if (group->field_data1 != NULL) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) { - BN_free(group->field_data2); - group->field_data2 = NULL; - } + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_free(group->field_data2); + group->field_data2 = NULL; ec_GFp_simple_group_finish(group); } void ec_GFp_mont_group_clear_finish(EC_GROUP *group) { - if (group->field_data1 != NULL) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) { - BN_clear_free(group->field_data2); - group->field_data2 = NULL; - } + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_clear_free(group->field_data2); + group->field_data2 = NULL; ec_GFp_simple_group_clear_finish(group); } int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) { - if (dest->field_data1 != NULL) { - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - } - if (dest->field_data2 != NULL) { - BN_clear_free(dest->field_data2); - dest->field_data2 = NULL; - } + BN_MONT_CTX_free(dest->field_data1); + dest->field_data1 = NULL; + BN_clear_free(dest->field_data2); + dest->field_data2 = NULL; if (!ec_GFp_simple_group_copy(dest, src)) return 0; @@ -176,10 +164,8 @@ int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src) return 1; err: - if (dest->field_data1 != NULL) { - BN_MONT_CTX_free(dest->field_data1); - dest->field_data1 = NULL; - } + BN_MONT_CTX_free(dest->field_data1); + dest->field_data1 = NULL; return 0; } @@ -191,14 +177,10 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, BIGNUM *one = NULL; int ret = 0; - if (group->field_data1 != NULL) { - BN_MONT_CTX_free(group->field_data1); - group->field_data1 = NULL; - } - if (group->field_data2 != NULL) { - BN_free(group->field_data2); - group->field_data2 = NULL; - } + BN_MONT_CTX_free(group->field_data1); + group->field_data1 = NULL; + BN_free(group->field_data2); + group->field_data2 = NULL; if (ctx == NULL) { ctx = new_ctx = BN_CTX_new(); @@ -234,10 +216,8 @@ int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, } err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); - if (mont != NULL) - BN_MONT_CTX_free(mont); + BN_CTX_free(new_ctx); + BN_MONT_CTX_free(mont); return ret; } diff --git a/crypto/ec/ecp_nist.c b/crypto/ec/ecp_nist.c index 8140519..2efb69e 100644 --- a/crypto/ec/ecp_nist.c +++ b/crypto/ec/ecp_nist.c @@ -150,8 +150,7 @@ int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -176,8 +175,7 @@ int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, ret = 1; err: - if (ctx_new) - BN_CTX_free(ctx_new); + BN_CTX_free(ctx_new); return ret; } @@ -202,7 +200,6 @@ int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, ret = 1; err: - if (ctx_new) - BN_CTX_free(ctx_new); + BN_CTX_free(ctx_new); return ret; } diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index a5e76f4..fdcf450 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1291,8 +1291,7 @@ int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1573,8 +1572,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); if (secrets != NULL) OPENSSL_free(secrets); if (pre_comp != NULL) @@ -1709,8 +1707,7 @@ int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx) err: BN_CTX_end(ctx); EC_POINT_free(generator); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); nistp224_pre_comp_free(pre); return ret; } diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 6fce22e..d03bf15 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1906,8 +1906,7 @@ int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -2193,8 +2192,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); if (secrets != NULL) OPENSSL_free(secrets); if (pre_comp != NULL) @@ -2339,8 +2337,7 @@ int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx) err: BN_CTX_end(ctx); EC_POINT_free(generator); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); nistp256_pre_comp_free(pre); return ret; } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 8657a8f..1069214 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1735,8 +1735,7 @@ int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx); err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -2021,8 +2020,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, err: BN_CTX_end(ctx); EC_POINT_free(generator); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); if (secrets != NULL) OPENSSL_free(secrets); if (pre_comp != NULL) @@ -2137,8 +2135,7 @@ int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx) err: BN_CTX_end(ctx); EC_POINT_free(generator); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); nistp521_pre_comp_free(pre); return ret; } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 417c29a..ae1fcdd 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1121,10 +1121,8 @@ __owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *gr ret = EC_POINT_set_affine_coordinates_GFp(group, out, x, y, ctx); - if (x) - BN_free(x); - if (y) - BN_free(y); + BN_free(x); + BN_free(y); return ret; } diff --git a/crypto/ec/ecp_oct.c b/crypto/ec/ecp_oct.c index be309cd..a68b559 100644 --- a/crypto/ec/ecp_oct.c +++ b/crypto/ec/ecp_oct.c @@ -202,8 +202,7 @@ int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -312,15 +311,13 @@ size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, if (used_ctx) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; err: if (used_ctx) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return 0; } @@ -422,7 +419,6 @@ int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } diff --git a/crypto/ec/ecp_smpl.c b/crypto/ec/ecp_smpl.c index 2d42d34..df7314a 100644 --- a/crypto/ec/ecp_smpl.c +++ b/crypto/ec/ecp_smpl.c @@ -225,8 +225,7 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -271,8 +270,7 @@ int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, ret = 1; err: - if (new_ctx) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -350,8 +348,7 @@ int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx) err: if (ctx != NULL) BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -363,12 +360,9 @@ int ec_GFp_simple_point_init(EC_POINT *point) point->Z_is_one = 0; if (!point->X || !point->Y || !point->Z) { - if (point->X) - BN_free(point->X); - if (point->Y) - BN_free(point->Y); - if (point->Z) - BN_free(point->Z); + BN_free(point->X); + BN_free(point->Y); + BN_free(point->Z); return 0; } return 1; @@ -466,8 +460,7 @@ int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -516,8 +509,7 @@ int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, ret = 1; err: - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -649,8 +641,7 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -836,8 +827,7 @@ int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, end: if (ctx) /* otherwise we already called BN_CTX_end */ BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -979,8 +969,7 @@ int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1097,8 +1086,7 @@ int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1206,8 +1194,7 @@ int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, end: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1246,8 +1233,7 @@ int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); return ret; } @@ -1398,8 +1384,7 @@ int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, err: BN_CTX_end(ctx); - if (new_ctx != NULL) - BN_CTX_free(new_ctx); + BN_CTX_free(new_ctx); if (prod_Z != NULL) { for (i = 0; i < num; i++) { if (prod_Z[i] == NULL) diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index b8ccf5a..6297706 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -205,8 +205,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, EC_POINT_free(tmp); if (ctx) BN_CTX_end(ctx); - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); if (buf) OPENSSL_free(buf); return (ret); diff --git a/crypto/ecdsa/ecs_ossl.c b/crypto/ecdsa/ecs_ossl.c index ce2973d..27266e9 100644 --- a/crypto/ecdsa/ecs_ossl.c +++ b/crypto/ecdsa/ecs_ossl.c @@ -223,28 +223,22 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, } /* clear old values if necessary */ - if (*rp != NULL) - BN_clear_free(*rp); - if (*kinvp != NULL) - BN_clear_free(*kinvp); + BN_clear_free(*rp); + BN_clear_free(*kinvp); /* save the pre-computed values */ *rp = r; *kinvp = k; ret = 1; err: if (!ret) { - if (k != NULL) - BN_clear_free(k); - if (r != NULL) - BN_clear_free(r); + BN_clear_free(k); + BN_clear_free(r); } - if (ctx_in == NULL) + if (ctx != ctx_in) BN_CTX_free(ctx); - if (order != NULL) - BN_free(order); + BN_free(order); EC_POINT_free(tmp_point); - if (X) - BN_clear_free(X); + BN_clear_free(X); return (ret); } @@ -351,16 +345,11 @@ static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, ECDSA_SIG_free(ret); ret = NULL; } - if (ctx) - BN_CTX_free(ctx); - if (m) - BN_clear_free(m); - if (tmp) - BN_clear_free(tmp); - if (order) - BN_free(order); - if (kinv) - BN_clear_free(kinv); + BN_CTX_free(ctx); + BN_clear_free(m); + BN_clear_free(tmp); + BN_free(order); + BN_clear_free(kinv); return ret; } diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 376169c..46c4f87 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -589,13 +589,11 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) } } - if (bl) - BN_free(bl); + BN_free(bl); return n; err: - if (bl) - BN_free(bl); + BN_free(bl); return -1; } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 8ac9348..b44912b 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -337,8 +337,7 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE); DSA_free(dsa); EVP_PKEY_free(ret); - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); return NULL; } diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 51c1fa3..fa300a2 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -203,17 +203,11 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb) } err: - if (i != NULL) - BN_free(i); - if (j != NULL) - BN_free(j); - if (k != NULL) - BN_free(k); - if (l != NULL) - BN_free(l); - if (m != NULL) - BN_free(m); - if (ctx != NULL) - BN_CTX_free(ctx); + BN_free(i); + BN_free(j); + BN_free(k); + BN_free(l); + BN_free(m); + BN_CTX_free(ctx); return (ret); } diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index 052f42c..f5f29e0 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -100,10 +100,8 @@ int RSA_flags(const RSA *r) void RSA_blinding_off(RSA *rsa) { - if (rsa->blinding != NULL) { - BN_BLINDING_free(rsa->blinding); - rsa->blinding = NULL; - } + BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; rsa->flags &= ~RSA_FLAG_BLINDING; rsa->flags |= RSA_FLAG_NO_BLINDING; } @@ -213,12 +211,11 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); err: BN_CTX_end(ctx); - if (in_ctx == NULL) + if (ctx != in_ctx) BN_CTX_free(ctx); - if (rsa->e == NULL) + if (e != rsa->e) BN_free(e); - if (local_n) - BN_free(local_n); + BN_free(local_n); return ret; } diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 8da6ec1..042b2b7 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -99,11 +99,9 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, return rsa; } err: - if (e) - BN_free(e); + BN_free(e); RSA_free(rsa); - if (cb) - BN_GENCB_free(cb); + BN_GENCB_free(cb); return 0; } #endif diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 49c157a..5b8e21b 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -239,10 +239,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, r = num; err: - if (ctx != NULL) { + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return (r); } @@ -434,19 +433,16 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) { - if (local_d) - BN_free(local_d); + BN_free(local_d); goto err; } if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) { - if (local_d) - BN_free(local_d); + BN_free(local_d); goto err; } - if (local_d) - BN_free(local_d); + BN_free(local_d); } if (blinding) @@ -473,10 +469,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, r = num; err: - if (ctx != NULL) { + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return (r); } @@ -570,18 +565,15 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) { - if (local_d) - BN_free(local_d); + BN_free(local_d); goto err; } if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) { - if (local_d) - BN_free(local_d); + BN_free(local_d); goto err; } - if (local_d) - BN_free(local_d); + BN_free(local_d); } if (blinding) @@ -612,10 +604,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) { + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return (r); } @@ -712,10 +703,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED); err: - if (ctx != NULL) { + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return (r); } @@ -769,17 +759,13 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx) || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) { - if (local_p) - BN_free(local_p); - if (local_q) - BN_free(local_q); + BN_free(local_p); + BN_free(local_q); goto err; } } - if (local_p) - BN_free(local_p); - if (local_q) - BN_free(local_q); + BN_free(local_p); + BN_free(local_q); } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) @@ -900,25 +886,19 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) d = rsa->d; if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, rsa->_method_mod_n)) { - if (local_d) - BN_free(local_d); + BN_free(local_d); goto err; } - if (local_d) - BN_free(local_d); + BN_free(local_d); } } ret = 1; err: - if (local_dmp1) - BN_free(local_dmp1); - if (local_dmq1) - BN_free(local_dmq1); - if (local_c) - BN_free(local_c); - if (local_r1) - BN_free(local_r1); + BN_free(local_dmp1); + BN_free(local_dmq1); + BN_free(local_c); + BN_free(local_r1); BN_CTX_end(ctx); return (ret); } @@ -931,12 +911,9 @@ static int RSA_eay_init(RSA *rsa) static int RSA_eay_finish(RSA *rsa) { - if (rsa->_method_mod_n != NULL) - BN_MONT_CTX_free(rsa->_method_mod_n); - if (rsa->_method_mod_p != NULL) - BN_MONT_CTX_free(rsa->_method_mod_p); - if (rsa->_method_mod_q != NULL) - BN_MONT_CTX_free(rsa->_method_mod_q); + BN_MONT_CTX_free(rsa->_method_mod_n); + BN_MONT_CTX_free(rsa->_method_mod_p); + BN_MONT_CTX_free(rsa->_method_mod_q); return (1); } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index ae9c2d4..ec2e18e 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -227,20 +227,16 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, ok = 1; err: - if (local_r0) - BN_free(local_r0); - if (local_d) - BN_free(local_d); - if (local_p) - BN_free(local_p); + BN_free(local_r0); + BN_free(local_d); + BN_free(local_p); if (ok == -1) { RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); ok = 0; } - if (ctx != NULL) { + if (ctx != NULL) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); return ok; } diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 1430d5b..d8a9132 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -223,26 +223,16 @@ void RSA_free(RSA *r) CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); - if (r->n != NULL) - BN_clear_free(r->n); - if (r->e != NULL) - BN_clear_free(r->e); - if (r->d != NULL) - BN_clear_free(r->d); - if (r->p != NULL) - BN_clear_free(r->p); - if (r->q != NULL) - BN_clear_free(r->q); - if (r->dmp1 != NULL) - BN_clear_free(r->dmp1); - if (r->dmq1 != NULL) - BN_clear_free(r->dmq1); - if (r->iqmp != NULL) - BN_clear_free(r->iqmp); - if (r->blinding != NULL) - BN_BLINDING_free(r->blinding); - if (r->mt_blinding != NULL) - BN_BLINDING_free(r->mt_blinding); + BN_clear_free(r->n); + BN_clear_free(r->e); + BN_clear_free(r->d); + BN_clear_free(r->p); + BN_clear_free(r->q); + BN_clear_free(r->dmp1); + BN_clear_free(r->dmq1); + BN_clear_free(r->iqmp); + BN_BLINDING_free(r->blinding); + BN_BLINDING_free(r->mt_blinding); OPENSSL_free_locked(r->bignum_data); OPENSSL_free(r); } diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 91dc668..866dd16 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -160,8 +160,7 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) { RSA_PKEY_CTX *rctx = ctx->data; if (rctx) { - if (rctx->pub_exp) - BN_free(rctx->pub_exp); + BN_free(rctx->pub_exp); if (rctx->tbuf) OPENSSL_free(rctx->tbuf); if (rctx->oaep_label) diff --git a/crypto/rsa/rsa_x931g.c b/crypto/rsa/rsa_x931g.c index 5991615..e158c6d 100644 --- a/crypto/rsa/rsa_x931g.c +++ b/crypto/rsa/rsa_x931g.c @@ -179,12 +179,10 @@ int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, ret = 1; err: - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (ctx2) - BN_CTX_free(ctx2); + BN_CTX_free(ctx); + BN_CTX_free(ctx2); return ret; @@ -234,10 +232,9 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, ok = 1; error: - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); if (ok) return 1; diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 9e1de74..7a47acd 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -228,8 +228,7 @@ BIGNUM *SRP_Calc_A(BIGNUM *a, BIGNUM *N, BIGNUM *g) BN_CTX *bn_ctx; BIGNUM *A = NULL; - if (a == NULL || N == NULL || g == NULL || - (bn_ctx = BN_CTX_new()) == NULL) + if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL) return NULL; if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) { @@ -252,7 +251,8 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, if ((tmp = BN_new()) == NULL || (tmp2 = BN_new()) == NULL || - (tmp3 = BN_new()) == NULL || (K = BN_new()) == NULL) + (tmp3 = BN_new()) == NULL || + (K = BN_new()) == NULL) goto err; if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index 1c76284..d675ace 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -946,10 +946,8 @@ static DSA_SIG *DSA_zencod_do_sign(const unsigned char *dgst, int dlen, return sig; FAILED: - if (bn_r) - BN_free(bn_r); - if (bn_s) - BN_free(bn_s); + BN_free(bn_r); + BN_free(bn_s); return NULL; } @@ -1083,9 +1081,9 @@ static int DH_zencod_generate_key(DH *dh) return 1; FAILED: - if (!dh->priv_key && bn_prv) + if (!dh->priv_key) BN_free(bn_prv); - if (!dh->pub_key && bn_pub) + if (!dh->pub_key) BN_free(bn_pub); return 0; diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod index 06d7ea2..f8102ba 100644 --- a/doc/crypto/BN_BLINDING_new.pod +++ b/doc/crypto/BN_BLINDING_new.pod @@ -41,6 +41,7 @@ BN_BLINDING_new() allocates a new B structure and copies the B and B values into the newly created B object. BN_BLINDING_free() frees the B structure. +If B is NULL, nothing is done. BN_BLINDING_update() updates the B parameters by squaring the B and B or, after specific number of uses and if the diff --git a/doc/crypto/BN_CTX_new.pod b/doc/crypto/BN_CTX_new.pod index e86a72a..5da8433 100644 --- a/doc/crypto/BN_CTX_new.pod +++ b/doc/crypto/BN_CTX_new.pod @@ -27,6 +27,7 @@ created by BN_CTX_new(), also the structure itself. If L has been used on the B, L must be called before the B may be freed by BN_CTX_free(). +If B is NULL, nothing is done. =head1 RETURN VALUES diff --git a/doc/crypto/BN_generate_prime.pod b/doc/crypto/BN_generate_prime.pod index f5b05e8..858eb0f 100644 --- a/doc/crypto/BN_generate_prime.pod +++ b/doc/crypto/BN_generate_prime.pod @@ -111,8 +111,8 @@ B structure that are supported: "new" style and "old" style. New programs should prefer the "new" style, whilst the "old" style is provided for backwards compatibility purposes. -A BN_GENCB structure should be created through a call to BN_GENCB_new, and freed -through a call to BN_GENCB_free. +A BN_GENCB structure should be created through a call to BN_GENCB_new(), +and freed through a call to BN_GENCB_free(). For "new" style callbacks a BN_GENCB structure should be initialised with a call to BN_GENCB_set(), where B is a B, B is of diff --git a/doc/crypto/BN_mod_mul_montgomery.pod b/doc/crypto/BN_mod_mul_montgomery.pod index 5168748..d637e17 100644 --- a/doc/crypto/BN_mod_mul_montgomery.pod +++ b/doc/crypto/BN_mod_mul_montgomery.pod @@ -41,6 +41,7 @@ BN_MONT_CTX_copy() copies the B I to I. BN_MONT_CTX_free() frees the components of the B, and, if it was created by BN_MONT_CTX_new(), also the structure itself. +If B is NULL, nothing is done. BN_mod_mul_montgomery() computes Mont(I ,I):=I*I*R^-1 and places the result in I. diff --git a/doc/crypto/BN_mod_mul_reciprocal.pod b/doc/crypto/BN_mod_mul_reciprocal.pod index cd4b728..7a7d503 100644 --- a/doc/crypto/BN_mod_mul_reciprocal.pod +++ b/doc/crypto/BN_mod_mul_reciprocal.pod @@ -34,6 +34,7 @@ BN_RECP_CTX_init() initializes an existing uninitialized B. BN_RECP_CTX_free() frees the components of the B, and, if it was created by BN_RECP_CTX_new(), also the structure itself. +If B is NULL, nothing is done. BN_RECP_CTX_set() stores B in B and sets it up for computing 1/B and shifting it left by BN_num_bits(B)+1 to make it an diff --git a/doc/crypto/BN_new.pod b/doc/crypto/BN_new.pod index 61743e3..fa157d3 100644 --- a/doc/crypto/BN_new.pod +++ b/doc/crypto/BN_new.pod @@ -27,6 +27,7 @@ to the value 0. BN_free() frees the components of the B, and if it was created by BN_new(), also the structure itself. BN_clear_free() additionally overwrites the data before the memory is returned to the system. +If B is NULL, nothing is done. =head1 RETURN VALUES diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c index 83cc693..5490a5d 100644 --- a/engines/ccgost/gost2001.c +++ b/engines/ccgost/gost2001.c @@ -111,10 +111,9 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) err: if (P) EC_POINT_free(P); if (grp) EC_GROUP_free(grp); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); return ok; } @@ -241,15 +240,13 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) ret = newsig; err: - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); if (C) EC_POINT_free(C); - if (md) BN_free(md); - if (!ret && newsig) { + BN_free(md); + if (!ret) DSA_SIG_free(newsig); - } return ret; } @@ -365,11 +362,10 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, } err: if (C) EC_POINT_free(C); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (md) BN_free(md); + BN_CTX_free(ctx); + BN_free(md); return ok; } @@ -418,10 +414,9 @@ int gost2001_compute_public(EC_KEY *ec) ok = 256; err: if (pub_key) EC_POINT_free(pub_key); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); return ok; } diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index b1615bf..0b694f5 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -525,12 +525,14 @@ static int param_copy_gost94(EVP_PKEY *to, const EVP_PKEY *from) dto = DSA_new(); EVP_PKEY_assign(to, EVP_PKEY_base_id(from), dto); } -#define COPYBIGNUM(a,b,x) if (a->x) BN_free(a->x); a->x=BN_dup(b->x); - COPYBIGNUM(dto, dfrom, p) - COPYBIGNUM(dto, dfrom, q) - COPYBIGNUM(dto, dfrom, g) - - if (dto->priv_key) + BN_free(dto->p); + dto->p = BN_dup(dfrom->p); + BN_free(dto->q); + dto->q = BN_dup(dfrom->q); + BN_free(dto->g); + dto->g = BN_dup(dfrom->g); + + if (dto->priv_key) gost94_compute_public(dto); return 1; } @@ -758,10 +760,8 @@ static int pub_encode_gost01(X509_PUBKEY *pub, const EVP_PKEY *pk) Y = BN_new(); if (!X || !Y) { GOSTerr(GOST_F_PUB_ENCODE_GOST01, ERR_R_MALLOC_FAILURE); - if (X) - BN_free(X); - if (Y) - BN_free(Y); + BN_free(X); + BN_free(Y); BN_free(order); return 0; } diff --git a/engines/ccgost/gost_sign.c b/engines/ccgost/gost_sign.c index c2516ea..543c399 100644 --- a/engines/ccgost/gost_sign.c +++ b/engines/ccgost/gost_sign.c @@ -114,13 +114,11 @@ DSA_SIG *gost_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) ret = newsig; err: BN_free(md); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - if (!ret && newsig) { + BN_CTX_free(ctx); + if (!ret) DSA_SIG_free(newsig); - } return ret; } @@ -214,13 +212,11 @@ int gost_do_verify(const unsigned char *dgst, int dgst_len, GOSTerr(GOST_F_GOST_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH); } err: - if (md) - BN_free(md); - if (ctx) { + BN_free(md); + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } - return ok; + BN_CTX_free(ctx); + return (ok == 0); } /* @@ -268,19 +264,13 @@ int fill_GOST94_params(DSA *dsa, int nid) return 0; } #define dump_signature(a,b,c) - if (dsa->p) { - BN_free(dsa->p); - } + BN_free(dsa->p); dsa->p = NULL; BN_dec2bn(&(dsa->p), params->p); - if (dsa->q) { - BN_free(dsa->q); - } + BN_free(dsa->q); dsa->q = NULL; BN_dec2bn(&(dsa->q), params->q); - if (dsa->g) { - BN_free(dsa->g); - } + BN_free(dsa->g); dsa->g = NULL; BN_dec2bn(&(dsa->g), params->a); return 1; diff --git a/engines/e_cswift.c b/engines/e_cswift.c index adab4d4..848d10f 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -717,10 +717,8 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, OPENSSL_free(sw_param.up.crt.dmq1.value); if (sw_param.up.crt.iqmp.value) OPENSSL_free(sw_param.up.crt.iqmp.value); - if (result) - BN_free(result); - if (argument) - BN_free(argument); + BN_free(result); + BN_free(argument); if (acquired) release_context(hac); return to_return; @@ -877,10 +875,9 @@ static DSA_SIG *cswift_dsa_sign(const unsigned char *dgst, int dlen, DSA *dsa) err: if (acquired) release_context(hac); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); return to_return; } @@ -980,10 +977,9 @@ static int cswift_dsa_verify(const unsigned char *dgst, int dgst_len, err: if (acquired) release_context(hac); - if (ctx) { + if (ctx) BN_CTX_end(ctx); - BN_CTX_free(ctx); - } + BN_CTX_free(ctx); return to_return; } # endif diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 6f09ffb..9e2662e 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -680,40 +680,6 @@ static int ubsec_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, } # endif -# ifndef OPENSSL_NO_DSA -# ifdef NOT_USED -static int ubsec_dsa_mod_exp(DSA *dsa, BIGNUM *rr, BIGNUM *a1, - BIGNUM *p1, BIGNUM *a2, BIGNUM *p2, BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) -{ - BIGNUM t; - int to_return = 0; - - BN_init(&t); - /* let rr = a1 ^ p1 mod m */ - if (!ubsec_mod_exp(rr, a1, p1, m, ctx)) - goto end; - /* let t = a2 ^ p2 mod m */ - if (!ubsec_mod_exp(&t, a2, p2, m, ctx)) - goto end; - /* let rr = rr * t mod m */ - if (!BN_mod_mul(rr, rr, &t, m, ctx)) - goto end; - to_return = 1; - end: - BN_free(&t); - return to_return; -} - -static int ubsec_mod_exp_dsa(DSA *dsa, BIGNUM *r, BIGNUM *a, - const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx) -{ - return ubsec_mod_exp(r, a, p, m, ctx); -} -# endif -# endif - # ifndef OPENSSL_NO_RSA /* @@ -825,10 +791,8 @@ static DSA_SIG *ubsec_dsa_do_sign(const unsigned char *dgst, int dlen, err: if (!to_return) { - if (r) - BN_free(r); - if (s) - BN_free(s); + BN_free(r); + BN_free(s); } BN_clear_free(&m); return to_return; diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 5d895cc..5445f3c 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -273,14 +273,10 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, return -1; s->srp_ctx.N = BN_dup(GN->N); s->srp_ctx.g = BN_dup(GN->g); - if (s->srp_ctx.v != NULL) { - BN_clear_free(s->srp_ctx.v); - s->srp_ctx.v = NULL; - } - if (s->srp_ctx.s != NULL) { - BN_clear_free(s->srp_ctx.s); - s->srp_ctx.s = NULL; - } + BN_clear_free(s->srp_ctx.v); + s->srp_ctx.v = NULL; + BN_clear_free(s->srp_ctx.s); + s->srp_ctx.s = NULL; if (!SRP_create_verifier_BN (user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g)) return -1; diff --git a/test/bntest.c b/test/bntest.c index 521858a..7aaefc5 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -761,14 +761,10 @@ int test_sqr(BIO *bp, BN_CTX *ctx) } ret = 1; err: - if (a != NULL) - BN_free(a); - if (c != NULL) - BN_free(c); - if (d != NULL) - BN_free(d); - if (e != NULL) - BN_free(e); + BN_free(a); + BN_free(c); + BN_free(d); + BN_free(e); return ret; } @@ -1669,14 +1665,10 @@ int test_kron(BIO *bp, BN_CTX *ctx) fflush(stderr); ret = 1; err: - if (a != NULL) - BN_free(a); - if (b != NULL) - BN_free(b); - if (r != NULL) - BN_free(r); - if (t != NULL) - BN_free(t); + BN_free(a); + BN_free(b); + BN_free(r); + BN_free(t); return ret; } @@ -1764,12 +1756,9 @@ int test_sqrt(BIO *bp, BN_CTX *ctx) } ret = 1; err: - if (a != NULL) - BN_free(a); - if (p != NULL) - BN_free(p); - if (r != NULL) - BN_free(r); + BN_free(a); + BN_free(p); + BN_free(r); return ret; } diff --git a/test/dhtest.c b/test/dhtest.c index 35bd298..8f71723 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -201,8 +201,7 @@ int main(int argc, char *argv[]) OPENSSL_free(bbuf); DH_free(b); DH_free(a); - if (_cb) - BN_GENCB_free(_cb); + BN_GENCB_free(_cb); BIO_free(out); # ifdef OPENSSL_SYS_NETWARE if (ret) diff --git a/test/dsatest.c b/test/dsatest.c index a5d40f1..e138c64 100644 --- a/test/dsatest.c +++ b/test/dsatest.c @@ -212,8 +212,7 @@ int main(int argc, char **argv) if (!ret) ERR_print_errors(bio_err); DSA_free(dsa); - if (cb != NULL) - BN_GENCB_free(cb); + BN_GENCB_free(cb); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); diff --git a/test/ecdhtest.c b/test/ecdhtest.c index 5c451e5..af12476 100644 --- a/test/ecdhtest.c +++ b/test/ecdhtest.c @@ -282,14 +282,10 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) OPENSSL_free(abuf); if (bbuf != NULL) OPENSSL_free(bbuf); - if (x_a) - BN_free(x_a); - if (y_a) - BN_free(y_a); - if (x_b) - BN_free(x_b); - if (y_b) - BN_free(y_b); + BN_free(x_a); + BN_free(y_a); + BN_free(x_b); + BN_free(y_b); EC_KEY_free(b); EC_KEY_free(a); return (ret); @@ -390,8 +386,7 @@ static EC_KEY *mk_eckey(int nid, const unsigned char *p, size_t plen) goto err; ok = 1; err: - if (priv) - BN_clear_free(priv); + BN_clear_free(priv); EC_POINT_free(pub); if (ok) return k; @@ -526,8 +521,7 @@ int main(int argc, char *argv[]) err: ERR_print_errors_fp(stderr); - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); BIO_free(out); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 3a455b4..1eeaaba 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -243,15 +243,11 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) EC_KEY_free(key); if (signature) ECDSA_SIG_free(signature); - if (r) - BN_free(r); - if (s) - BN_free(s); + BN_free(r); + BN_free(s); EVP_MD_CTX_cleanup(&md_ctx); - if (kinv) - BN_clear_free(kinv); - if (rp) - BN_clear_free(rp); + BN_clear_free(kinv); + BN_clear_free(rp); return ret; } diff --git a/test/ectest.c b/test/ectest.c index 79ec21f..7320d3d 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -851,8 +851,7 @@ static void prime_field_tests(void) BN_free(scalar3); } - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); BN_free(p); BN_free(a); BN_free(b); @@ -1326,8 +1325,7 @@ static void char2_field_tests(void) fprintf(stdout, " ok\n\n"); } - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); BN_free(p); BN_free(a); BN_free(b); diff --git a/test/ssltest.c b/test/ssltest.c index a716c3c..311fbc9 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -2939,8 +2939,7 @@ static RSA *tmp_rsa_cb(SSL *s, int is_export, int keylength) end: printf("\n"); } - if (bn) - BN_free(bn); + BN_free(bn); return (rsa_tmp); } @@ -3106,8 +3105,7 @@ static int psk_key2bn(const char *pskkey, unsigned char *psk, if (!ret) { BIO_printf(bio_err, "Could not convert PSK key '%s' to BIGNUM\n", pskkey); - if (bn) - BN_free(bn); + BN_free(bn); return 0; } if (BN_num_bytes(bn) > (int)max_psk_len) { From rsalz at openssl.org Fri May 1 01:45:01 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 01:45:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430444701.434593.17957.nullmailer@dev.openssl.org> The branch master has been updated via 5a3aa852524c8e388b864c87aade628076a5f4a7 (commit) from 23a1d5e97cd543d2b8e1b01dbf0f619b2e5ce540 (commit) - Log ----------------------------------------------------------------- commit 5a3aa852524c8e388b864c87aade628076a5f4a7 Author: Rich Salz Date: Thu Apr 30 21:44:40 2015 -0400 Rewrite CA.pl.in Reformat CA.pl.in to follow coding style. Also add "use strict" and "use warnings" Also modify it to exit properly and report only when succeeded. And some perl tweaks via Richard. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/CA.pl.in | 347 ++++++++++++++++++++++++++++------------------------------ 1 file changed, 169 insertions(+), 178 deletions(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 44f859e..de5c013 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -1,197 +1,188 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # -# CA - wrapper around ca to make it easier to use -# -# CA -newca ... will setup the right stuff -# CA -newreq[-nodes] ... will generate a certificate request -# CA -sign ... will sign the generated request and output +# Wrapper around the ca to make it easier to use +# Edit CA.pl.in not CA.pl! -# default openssl.cnf file has setup as per the following -# demoCA ... where everything is stored -my $openssl; -if(defined $ENV{OPENSSL}) { - $openssl = $ENV{OPENSSL}; +use strict; +use warnings; + +my $openssl = "openssl"; +if(defined $ENV{'OPENSSL'}) { + $openssl = $ENV{'OPENSSL'}; } else { - $openssl = "openssl"; - $ENV{OPENSSL} = $openssl; + $ENV{'OPENSSL'} = $openssl; } -$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; -$DAYS="-days 365"; # 1 year -$CADAYS="-days 1095"; # 3 years -$REQ="$openssl req $SSLEAY_CONFIG"; -$CA="$openssl ca $SSLEAY_CONFIG"; -$VERIFY="$openssl verify"; -$X509="$openssl x509"; -$PKCS12="$openssl pkcs12"; +my $verbose = 1; -$CATOP="./demoCA"; -$CAKEY="cakey.pem"; -$CAREQ="careq.pem"; -$CACERT="cacert.pem"; -$CACRL="crl.pem"; +my $SSLEAY_CONFIG = $ENV{"SSLEAY_CONFIG"}; +my $DAYS = "-days 365"; +my $CADAYS = "-days 1095"; # 3 years +my $REQ = "$openssl req $SSLEAY_CONFIG"; +my $CA = "$openssl ca $SSLEAY_CONFIG"; +my $VERIFY = "$openssl verify"; +my $X509 = "$openssl x509"; +my $PKCS12 = "$openssl pkcs12"; -$DIRMODE = 0777; - -$RET = 0; +# default openssl.cnf file has setup as per the following +my $CATOP = "./demoCA"; +my $CAKEY = "cakey.pem"; +my $CAREQ = "careq.pem"; +my $CACERT = "cacert.pem"; +my $CACRL = "crl.pem"; +my $DIRMODE = 0777; -foreach (@ARGV) { - if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; - print STDERR " CA -crl|-revoke cert-filename [reason]\n"; - exit 0; - } elsif (/^-newcert$/) { - # create a certificate - system ("$REQ -new -x509 -keyout newkey.pem -out newcert.pem $DAYS"); - $RET=$?; - print "Certificate is in newcert.pem, private key is in newkey.pem\n" - } elsif (/^-newreq$/) { - # create a certificate request - system ("$REQ -new -keyout newkey.pem -out newreq.pem $DAYS"); - $RET=$?; - print "Request is in newreq.pem, private key is in newkey.pem\n"; - } elsif (/^-newreq-nodes$/) { - # create a certificate request - system ("$REQ -new -nodes -keyout newkey.pem -out newreq.pem $DAYS"); - $RET=$?; - print "Request is in newreq.pem, private key is in newkey.pem\n"; - } elsif (/^-newca$/) { - # if explicitly asked for or it doesn't exist then setup the - # directory structure that Eric likes to manage things - $NEW="1"; - if ( "$NEW" || ! -f "${CATOP}/serial" ) { - # create the directory hierarchy - mkdir $CATOP, $DIRMODE; - mkdir "${CATOP}/certs", $DIRMODE; - mkdir "${CATOP}/crl", $DIRMODE ; - mkdir "${CATOP}/newcerts", $DIRMODE; - mkdir "${CATOP}/private", $DIRMODE; - open OUT, ">${CATOP}/index.txt"; - close OUT; - open OUT, ">${CATOP}/crlnumber"; - print OUT "01\n"; - close OUT; - } - if ( ! -f "${CATOP}/private/$CAKEY" ) { - print "CA certificate filename (or enter to create)\n"; - $FILE = ; +my $NEWKEY = "newkey.pem"; +my $NEWREQ = "newreq.pem"; +my $NEWCERT = "newcert.pem"; +my $NEWP12 = "newcert.p12"; +my $RET = 0; +my $WHAT = shift @ARGV; +my $FILE; - chop $FILE; +# See if reason for a CRL entry is valid; exit if not. +sub crl_reason_ok +{ + my $r = shift; - # ask user for existing CA certificate - if ($FILE) { - cp_pem($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); - cp_pem($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); - $RET=$?; - } else { - print "Making CA certificate ...\n"; - system ("$REQ -new -keyout " . - "${CATOP}/private/$CAKEY -out ${CATOP}/$CAREQ"); - system ("$CA -create_serial " . - "-out ${CATOP}/$CACERT $CADAYS -batch " . - "-keyfile ${CATOP}/private/$CAKEY -selfsign " . - "-extensions v3_ca " . - "-infiles ${CATOP}/$CAREQ "); - $RET=$?; - } - } - } elsif (/^-pkcs12$/) { - my $cname = $ARGV[1]; - $cname = "My Certificate" unless defined $cname; - system ("$PKCS12 -in newcert.pem -inkey newkey.pem " . - "-certfile ${CATOP}/$CACERT -out newcert.p12 " . - "-export -name \"$cname\""); - $RET=$?; - print "PKCS #12 file is in newcert.p12\n"; - exit $RET; - } elsif (/^-xsign$/) { - system ("$CA -policy policy_anything -infiles newreq.pem"); - $RET=$?; - } elsif (/^(-sign|-signreq)$/) { - system ("$CA -policy policy_anything -out newcert.pem " . - "-infiles newreq.pem"); - $RET=$?; - print "Signed certificate is in newcert.pem\n"; - } elsif (/^(-signCA)$/) { - system ("$CA -policy policy_anything -out newcert.pem " . - "-extensions v3_ca -infiles newreq.pem"); - $RET=$?; - print "Signed CA certificate is in newcert.pem\n"; - } elsif (/^-signcert$/) { - system ("$X509 -x509toreq -in newreq.pem -signkey newreq.pem " . - "-out tmp.pem"); - system ("$CA -policy policy_anything -out newcert.pem " . - "-infiles tmp.pem"); - $RET = $?; - print "Signed certificate is in newcert.pem\n"; - } elsif (/^-verify$/) { - if (shift) { - foreach $j (@ARGV) { - system ("$VERIFY -CAfile $CATOP/$CACERT $j"); - $RET=$? if ($? != 0); - } - exit $RET; - } else { - system ("$VERIFY -CAfile $CATOP/$CACERT newcert.pem"); - $RET=$?; - exit $RET; - } - } elsif (/^-crl$/) { - system ("$CA -gencrl -out $CATOP/crl/$CACRL"); - $RET=$?; - print "Generated CRL is in $CATOP/crl/$CACRL\n" if (!$RET); - } elsif (/^-revoke$/) { - my $cname = $ARGV[1]; - if (!defined $cname) { - print "Certificate filename is required; reason optional.\n"; - exit 1; - } - my $reason = $ARGV[2]; - $reason = " -crl_reason $reason" - if defined $reason && crl_reason_ok($reason); - my $cmd = "$CA -revoke \"$cname\"".$reason; - system ($cmd); - $RET=$?; - exit $RET; - } else { - print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; - print STDERR " CA -crl|-revoke cert-filename [reason]\n"; - exit 1; - } + if ($r eq 'unspecified' || $r eq 'keyCompromise' + || $r eq 'CACompromise' || $r eq 'affiliationChanged' + || $r eq 'superseded' || $r eq 'cessationOfOperation' + || $r eq 'certificateHold' || $r eq 'removeFromCRL') { + return 1; + } + print STDERR "Invalid CRL reason; must be one of:\n"; + print STDERR " unspecified, keyCompromise, CACompromise,\n"; + print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; + print STDERR " certificateHold, removeFromCRL"; + exit 1; } -exit $RET; +# Copy a PEM-format file; return like exit status (zero means ok) +sub copy_pemfile +{ + my ($infile, $outfile, $bound) = @_; + my $found = 0; -sub crl_reason_ok { - my ($r) = shift; - if ($r eq 'unspecified' || $r eq 'keyCompromise' || - $r eq 'CACompromise' || $r eq 'affiliationChanged' || - $r eq 'superseded' || $r eq 'cessationOfOperation' || - $r eq 'certificateHold' || $r eq 'removeFromCRL') { - return 1; - } - print STDERR "Invalid CRL reason; must be one of:\n"; - print STDERR " unspecified, keyCompromise, CACompromise,\n"; - print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; - print STDERR " certificateHold, removeFromCRL"; - exit 1; + open IN, $infile || die "Cannot open $infile, $!"; + open OUT, ">$outfile" || die "Cannot write to $outfile, $!"; + while () { + $found = 1 if /^-----BEGIN.*$bound/; + print OUT $_ if $found; + $found = 2, last if /^-----END.*$bound/; + } + close IN; + close OUT; + return $found == 2 ? 0 : 1; } -sub cp_pem { -my ($infile, $outfile, $bound) = @_; -open IN, $infile; -open OUT, ">$outfile"; -my $flag = 0; -while () { - $flag = 1 if (/^-----BEGIN.*$bound/) ; - print OUT $_ if ($flag); - if (/^-----END.*$bound/) { - close IN; - close OUT; - return; - } +# Wrapper around system; useful for debugging. Returns just the exit status +sub run +{ + my $cmd = shift; + print "====\n$cmd\n" if $verbose; + my $status = system($cmd); + print "==> $status\n====\n" if $verbose; + return $status >> 8; } + + +if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR " CA -pkcs12 [certname]\n"; + print STDERR " CA -crl|-revoke cert-filename [reason]\n"; + exit 0; +} +if ($WHAT eq '-newcert' ) { + # create a certificate + $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"); + print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-newreq' ) { + # create a certificate request + $RET = run("$REQ -new -keyout $NEWKEY -out $NEWREQ $DAYS"); + print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-newreq-nodes' ) { + # create a certificate request + $RET = run("$REQ -new -nodes -keyout $NEWKEY -out $NEWREQ $DAYS"); + print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-newca' ) { + # create the directory hierarchy + mkdir ${CATOP}, $DIRMODE; + mkdir "${CATOP}/certs", $DIRMODE; + mkdir "${CATOP}/crl", $DIRMODE ; + mkdir "${CATOP}/newcerts", $DIRMODE; + mkdir "${CATOP}/private", $DIRMODE; + open OUT, ">${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + # ask user for existing CA certificate + print "CA certificate filename (or enter to create)\n"; + $FILE = ; + chop $FILE; + if ($FILE) { + copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + } else { + print "Making CA certificate ...\n"; + $RET = run("$REQ -new -keyout" + . " ${CATOP}/private/$CAKEY" + . " -out ${CATOP}/$CAREQ"); + $RET = run("$CA -create_serial" + . " -out ${CATOP}/$CACERT $CADAYS -batch" + . " -keyfile ${CATOP}/private/$CAKEY -selfsign" + . " -extensions v3_ca" + . " -infiles ${CATOP}/$CAREQ") if $RET == 0; + print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; + } +} elsif ($WHAT eq '-pkcs12' ) { + my $cname = $ARGV[1]; + $cname = "My Certificate" unless defined $cname; + $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY" + . " -certfile ${CATOP}/$CACERT" + . " -out $NEWP12" + . " -export -name \"$cname\""); + print "PKCS #12 file is in $NEWP12\n" if $RET == 0; +} elsif ($WHAT eq '-xsign' ) { + $RET = run("$CA -policy policy_anything -infiles $NEWREQ"); +} elsif ($WHAT eq '-sign' ) { + $RET = run("$CA -policy policy_anything -out $NEWCERT -infiles $NEWREQ"); + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signCA' ) { + $RET = run("$CA -policy policy_anything -out $NEWCERT" + . " -extensions v3_ca -infiles $NEWREQ"); + print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signcert' ) { + $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ" + . " -out tmp.pem"); + $RET = run("$CA -policy policy_anything -out $NEWCERT" + . " -infiles tmp.pem") if $RET == 0; + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-verify' ) { + my @files = @ARGV ? @ARGV : ( $NEWCVERT ); + foreach $file (@files) { + my $status = run("$VERIFY -CAfile ${CATOP}/$CACERT $file"); + $RET = $status if $status != 0; + } +} elsif ($WHAT eq '-crl' ) { + $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL"); + print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; +} elsif ($WHAT eq '-revoke' ) { + my $cname = $ARGV[1]; + if (!defined $cname) { + print "Certificate filename is required; reason optional.\n"; + exit 1; + } + my $reason = $ARGV[2]; + $reason = " -crl_reason $reason" + if defined $reason && crl_reason_ok($reason); + $RET = run("$CA -revoke \"$cname\"" . $reason); +} else { + print STDERR "Unknown arg \"$WHAT\"\n"; + print STDERR "Use -help for help.\n"; + exit 1; } +exit $RET; From rsalz at openssl.org Fri May 1 11:11:53 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 11:11:53 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430478713.525845.4368.nullmailer@dev.openssl.org> The branch master has been updated via 33fbca83dcd05b77f807fab205c4523b8cfe85b5 (commit) from 5a3aa852524c8e388b864c87aade628076a5f4a7 (commit) - Log ----------------------------------------------------------------- commit 33fbca83dcd05b77f807fab205c4523b8cfe85b5 Author: Rich Salz Date: Fri May 1 07:11:17 2015 -0400 Fix some typo's, silence warnings. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/CA.pl.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in index de5c013..9d12a8c 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -161,7 +161,8 @@ if ($WHAT eq '-newcert' ) { . " -infiles tmp.pem") if $RET == 0; print "Signed certificate is in $NEWCERT\n" if $RET == 0; } elsif ($WHAT eq '-verify' ) { - my @files = @ARGV ? @ARGV : ( $NEWCVERT ); + my @files = @ARGV ? @ARGV : ( $NEWCERT ); + my $file; foreach $file (@files) { my $status = run("$VERIFY -CAfile ${CATOP}/$CACERT $file"); $RET = $status if $status != 0; From rsalz at openssl.org Fri May 1 14:02:26 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 14:02:26 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430488946.882250.20908.nullmailer@dev.openssl.org> The branch master has been updated via b548a1f11c06ccdfa4f52a539912d22d77ee309e (commit) from 33fbca83dcd05b77f807fab205c4523b8cfe85b5 (commit) - Log ----------------------------------------------------------------- commit b548a1f11c06ccdfa4f52a539912d22d77ee309e Author: Rich Salz Date: Fri May 1 10:02:07 2015 -0400 free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 8 ++--- apps/asn1pars.c | 8 ++--- apps/ca.c | 12 +++---- apps/cms.c | 12 +++---- apps/dgst.c | 3 +- apps/dsa.c | 6 ++-- apps/ec.c | 6 ++-- apps/ecparam.c | 3 +- apps/enc.c | 9 ++--- apps/engine.c | 12 +++---- apps/gendsa.c | 3 +- apps/genpkey.c | 3 +- apps/genrsa.c | 3 +- apps/ocsp.c | 19 ++++------ apps/openssl.c | 9 ++--- apps/passwd.c | 6 ++-- apps/pkcs12.c | 6 ++-- apps/pkcs8.c | 6 ++-- apps/pkey.c | 6 ++-- apps/pkeyutl.c | 14 +++----- apps/req.c | 9 ++--- apps/rsa.c | 6 ++-- apps/rsautl.c | 9 ++--- apps/s_client.c | 10 ++---- apps/s_server.c | 10 ++---- apps/s_socket.c | 3 +- apps/smime.c | 3 +- apps/speed.c | 6 ++-- apps/spkac.c | 3 +- apps/srp.c | 37 +++++++------------ apps/x509.c | 6 ++-- crypto/asn1/a_bitstr.c | 3 +- crypto/asn1/a_enum.c | 3 +- crypto/asn1/a_gentm.c | 3 +- crypto/asn1/a_int.c | 9 ++--- crypto/asn1/a_mbstr.c | 8 ++--- crypto/asn1/a_object.c | 12 +++---- crypto/asn1/a_sign.c | 6 ++-- crypto/asn1/a_utctm.c | 3 +- crypto/asn1/ameth_lib.c | 6 ++-- crypto/asn1/asn1_gen.c | 9 ++--- crypto/asn1/asn1_lib.c | 5 ++- crypto/asn1/asn_mime.c | 30 ++++++---------- crypto/asn1/asn_pack.c | 6 ++-- crypto/asn1/bio_asn1.c | 3 +- crypto/asn1/bio_ndef.c | 6 ++-- crypto/asn1/f_enum.c | 3 +- crypto/asn1/f_int.c | 3 +- crypto/asn1/f_string.c | 3 +- crypto/asn1/t_x509.c | 6 ++-- crypto/asn1/tasn_dec.c | 5 ++- crypto/asn1/tasn_prn.c | 3 +- crypto/asn1/tasn_scn.c | 3 +- crypto/asn1/tasn_utl.c | 6 ++-- crypto/asn1/x_info.c | 3 +- crypto/asn1/x_pkey.c | 2 +- crypto/asn1/x_pubkey.c | 3 +- crypto/asn1/x_x509.c | 7 ++-- crypto/bio/b_sock.c | 3 +- crypto/bio/bf_buff.c | 9 ++--- crypto/bio/bf_lbuf.c | 3 +- crypto/bio/bf_nbio.c | 3 +- crypto/bio/bss_acpt.c | 9 ++--- crypto/bio/bss_bio.c | 11 ++---- crypto/bio/bss_conn.c | 21 ++++------- crypto/bio/bss_dgram.c | 9 ++--- crypto/bn/bn_exp.c | 3 +- crypto/bn/bn_gf2m.c | 15 +++----- crypto/bn/bn_intern.c | 14 +++----- crypto/bn/bn_lib.c | 5 ++- crypto/bn/bn_print.c | 13 +++---- crypto/bn/bn_rand.c | 3 +- crypto/cms/cms_env.c | 9 +++-- crypto/cms/cms_ess.c | 3 +- crypto/cms/cms_kari.c | 5 ++- crypto/cms/cms_pwri.c | 2 +- crypto/cms/cms_sd.c | 3 +- crypto/comp/c_zlib.c | 15 +++----- crypto/conf/conf_api.c | 3 +- crypto/conf/conf_def.c | 18 ++++------ crypto/conf/conf_mod.c | 6 ++-- crypto/dh/dh_ameth.c | 17 ++++----- crypto/dh/dh_kdf.c | 3 +- crypto/dh/dh_lib.c | 3 +- crypto/dh/dh_pmeth.c | 6 ++-- crypto/dsa/dsa_ameth.c | 12 +++---- crypto/dsa/dsa_gen.c | 3 +- crypto/dsa/dsa_pmeth.c | 3 +- crypto/dso/dso_dl.c | 3 +- crypto/dso/dso_dlfcn.c | 3 +- crypto/dso/dso_lib.c | 10 ++---- crypto/dso/dso_vms.c | 6 ++-- crypto/dso/dso_win32.c | 6 ++-- crypto/ec/ec_ameth.c | 6 ++-- crypto/ec/ec_asn1.c | 15 +++----- crypto/ec/ec_lib.c | 14 +++----- crypto/ec/ec_mult.c | 10 ++---- crypto/ec/ec_pmeth.c | 6 ++-- crypto/ec/eck_prn.c | 3 +- crypto/ec/ecp_nistp224.c | 9 ++--- crypto/ec/ecp_nistp256.c | 9 ++--- crypto/ec/ecp_nistp521.c | 9 ++--- crypto/ec/ecp_nistz256.c | 22 ++++-------- crypto/ecdh/ech_ossl.c | 3 +- crypto/engine/eng_cryptodev.c | 8 ++--- crypto/engine/eng_dyn.c | 19 ++++------ crypto/err/err.c | 3 +- crypto/evp/evp_enc.c | 6 ++-- crypto/ex_data.c | 9 ++--- crypto/mem.c | 3 +- crypto/objects/obj_dat.c | 9 ++--- crypto/objects/obj_lib.c | 12 +++---- crypto/ocsp/ocsp_ext.c | 3 +- crypto/ocsp/ocsp_ht.c | 3 +- crypto/ocsp/ocsp_lib.c | 12 +++---- crypto/pem/pem_info.c | 18 ++++------ crypto/pem/pem_seal.c | 6 ++-- crypto/pem/pem_sign.c | 3 +- crypto/pem/pvkfmt.c | 5 ++- crypto/pkcs7/pk7_doit.c | 8 ++--- crypto/rsa/rsa_ameth.c | 3 +- crypto/rsa/rsa_oaep.c | 6 ++-- crypto/rsa/rsa_pk1.c | 3 +- crypto/rsa/rsa_pmeth.c | 12 +++---- crypto/rsa/rsa_pss.c | 6 ++-- crypto/stack/stack.c | 6 ++-- crypto/store/str_mem.c | 3 +- crypto/threads/th-lock.c | 6 ++-- crypto/txt_db/txt_db.c | 18 ++++------ crypto/ui/ui_lib.c | 12 +++---- crypto/x509/by_dir.c | 3 +- crypto/x509/x509_vpm.c | 26 +++++--------- crypto/x509/x509spki.c | 6 ++-- crypto/x509/x_name.c | 9 ++--- crypto/x509v3/v3_conf.c | 6 ++-- crypto/x509v3/v3_prn.c | 3 +- crypto/x509v3/v3_scts.c | 3 +- crypto/x509v3/v3_utl.c | 24 +++++-------- demos/b64.c | 6 ++-- demos/engines/zencod/hw_zencod.c | 9 ++--- engines/ccgost/gost_ameth.c | 4 +-- engines/ccgost/gost_ctl.c | 16 ++++----- engines/ccgost/gost_pmeth.c | 4 +-- engines/e_4758cca.c | 9 ++--- engines/e_aep.c | 3 +- engines/e_atalla.c | 3 +- engines/e_capi.c | 48 +++++++++---------------- engines/e_chil.c | 3 +- engines/e_cswift.c | 18 ++++------ engines/e_nuron.c | 3 +- engines/e_ubsec.c | 3 +- ssl/bio_ssl.c | 3 +- ssl/d1_both.c | 9 ++--- ssl/record/rec_layer_d1.c | 21 ++++------- ssl/record/ssl3_buffer.c | 15 +++----- ssl/record/ssl3_record.c | 3 +- ssl/s3_clnt.c | 36 +++++++------------ ssl/s3_lib.c | 23 +++++------- ssl/s3_srvr.c | 15 +++----- ssl/ssl_asn1.c | 6 ++-- ssl/ssl_ciph.c | 2 +- ssl/ssl_conf.c | 12 +++---- ssl/ssl_lib.c | 18 ++++------ ssl/ssl_sess.c | 7 ++-- ssl/t1_enc.c | 6 ++-- ssl/t1_ext.c | 3 +- ssl/t1_lib.c | 78 ++++++++++++++-------------------------- test/dhtest.c | 6 ++-- test/ecdhtest.c | 9 ++--- test/ecdsatest.c | 9 ++--- test/evp_extra_test.c | 4 +-- test/evp_test.c | 31 ++++++---------- test/ssltest.c | 13 +++---- 173 files changed, 509 insertions(+), 1012 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index d68594a..46cc5a0 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2165,9 +2165,7 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret) BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - if (psk_key) - OPENSSL_free(psk_key); - + OPENSSL_free(psk_key); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); @@ -2197,9 +2195,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) BIO_puts(out, "JPAKE authentication succeeded, setting PSK\n"); - if (psk_key) - OPENSSL_free(psk_key); - + OPENSSL_free(psk_key); psk_key = BN_bn2hex(JPAKE_get_shared_key(ctx)); BIO_pop(bconn); diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 7e1dfb7..01a50f4 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -321,11 +321,9 @@ int asn1parse_main(int argc, char **argv) ERR_print_errors(bio_err); if (buf != NULL) BUF_MEM_free(buf); - if (name != NULL) - OPENSSL_free(name); - if (header != NULL) - OPENSSL_free(header); - if (strictpem && str != NULL) + OPENSSL_free(name); + OPENSSL_free(header); + if (strictpem) OPENSSL_free(str); ASN1_TYPE_free(at); if (osk != NULL) diff --git a/apps/ca.c b/apps/ca.c index b703b42..ad6b000 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2271,8 +2271,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) ok = 1; end: for (i = 0; i < DB_NUMBER; i++) { - if (row[i] != NULL) - OPENSSL_free(row[i]); + OPENSSL_free(row[i]); } return (ok); } @@ -2339,8 +2338,7 @@ static int get_certificate_status(const char *serial, CA_DB *db) } end: for (i = 0; i < DB_NUMBER; i++) { - if (row[i] != NULL) - OPENSSL_free(row[i]); + OPENSSL_free(row[i]); } return (ok); } @@ -2564,8 +2562,7 @@ int make_revoked(X509_REVOKED *rev, const char *str) end: - if (tmp) - OPENSSL_free(tmp); + OPENSSL_free(tmp); ASN1_OBJECT_free(hold); ASN1_GENERALIZEDTIME_free(comp_time); ASN1_ENUMERATED_free(rtmp); @@ -2719,8 +2716,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, end: - if (tmp) - OPENSSL_free(tmp); + OPENSSL_free(tmp); ASN1_GENERALIZEDTIME_free(comp_time); return ret; diff --git a/apps/cms.c b/apps/cms.c index 907b108..25e3ad6 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1121,12 +1121,9 @@ int cms_main(int argc, char **argv) sk_OPENSSL_STRING_free(sksigners); if (skkeys) sk_OPENSSL_STRING_free(skkeys); - if (secret_key) - OPENSSL_free(secret_key); - if (secret_keyid) - OPENSSL_free(secret_keyid); - if (pwri_tmp) - OPENSSL_free(pwri_tmp); + OPENSSL_free(secret_key); + OPENSSL_free(secret_keyid); + OPENSSL_free(pwri_tmp); ASN1_OBJECT_free(econtent_type); if (rr) CMS_ReceiptRequest_free(rr); @@ -1152,8 +1149,7 @@ int cms_main(int argc, char **argv) BIO_free(in); BIO_free(indata); BIO_free_all(out); - if (passin) - OPENSSL_free(passin); + OPENSSL_free(passin); return (ret); } diff --git a/apps/dgst.c b/apps/dgst.c index 69211d3..a679cb9 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -451,8 +451,7 @@ int dgst_main(int argc, char **argv) sk_OPENSSL_STRING_free(sigopts); if (macopts) sk_OPENSSL_STRING_free(macopts); - if (sigbuf) - OPENSSL_free(sigbuf); + OPENSSL_free(sigbuf); BIO_free(bmd); return (ret); } diff --git a/apps/dsa.c b/apps/dsa.c index c23ed5d..d864c75 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -275,10 +275,8 @@ int dsa_main(int argc, char **argv) end: BIO_free_all(out); DSA_free(dsa); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); return (ret); } #else /* !OPENSSL_NO_DSA */ diff --git a/apps/ec.c b/apps/ec.c index 471de47..c56150c 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -271,10 +271,8 @@ int ec_main(int argc, char **argv) BIO_free(in); BIO_free_all(out); EC_KEY_free(eckey); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); return (ret); } #else /* !OPENSSL_NO_EC */ diff --git a/apps/ecparam.c b/apps/ecparam.c index 082df26..dd0e8f5 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -489,8 +489,7 @@ int ecparam_main(int argc, char **argv) BN_free(ec_gen); BN_free(ec_order); BN_free(ec_cofactor); - if (buffer) - OPENSSL_free(buffer); + OPENSSL_free(buffer); BIO_free(in); BIO_free_all(out); EC_GROUP_free(group); diff --git a/apps/enc.c b/apps/enc.c index 83067b8..8b892cf 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -564,10 +564,8 @@ int enc_main(int argc, char **argv) } end: ERR_print_errors(bio_err); - if (strbuf != NULL) - OPENSSL_free(strbuf); - if (buff != NULL) - OPENSSL_free(buff); + OPENSSL_free(strbuf); + OPENSSL_free(buff); BIO_free(in); BIO_free_all(out); BIO_free(benc); @@ -575,8 +573,7 @@ int enc_main(int argc, char **argv) #ifdef ZLIB BIO_free(bzl); #endif - if (pass) - OPENSSL_free(pass); + OPENSSL_free(pass); return (ret); } diff --git a/apps/engine.c b/apps/engine.c index 448802b..c7c0aaf 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -252,10 +252,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) } OPENSSL_free(name); name = NULL; - if (desc) { - OPENSSL_free(desc); - desc = NULL; - } + OPENSSL_free(desc); + desc = NULL; /* Move to the next command */ num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL); } while (num > 0); @@ -265,10 +263,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) err: if (cmds) sk_OPENSSL_STRING_pop_free(cmds, identity); - if (name) - OPENSSL_free(name); - if (desc) - OPENSSL_free(desc); + OPENSSL_free(name); + OPENSSL_free(desc); return ret; } diff --git a/apps/gendsa.c b/apps/gendsa.c index 21988a0..75bd802 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -182,8 +182,7 @@ int gendsa_main(int argc, char **argv) BIO_free(in); BIO_free_all(out); DSA_free(dsa); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passout); return (ret); } #else /* !OPENSSL_NO_DSA */ diff --git a/apps/genpkey.c b/apps/genpkey.c index ae68e7a..de14bd3 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -235,8 +235,7 @@ int genpkey_main(int argc, char **argv) EVP_PKEY_CTX_free(ctx); BIO_free_all(out); BIO_free(in); - if (pass) - OPENSSL_free(pass); + OPENSSL_free(pass); return ret; } diff --git a/apps/genrsa.c b/apps/genrsa.c index a3c00d8..a5ab658 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -218,8 +218,7 @@ int genrsa_main(int argc, char **argv) BN_GENCB_free(cb); RSA_free(rsa); BIO_free_all(out); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passout); if (ret != 0) ERR_print_errors(bio_err); return (ret); diff --git a/apps/ocsp.c b/apps/ocsp.c index 20dc1ae..d4ea019 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -271,12 +271,9 @@ int ocsp_main(int argc, char **argv) req_timeout = atoi(opt_arg()); break; case OPT_URL: - if (thost) - OPENSSL_free(thost); - if (tport) - OPENSSL_free(tport); - if (tpath) - OPENSSL_free(tpath); + OPENSSL_free(thost); + OPENSSL_free(tport); + OPENSSL_free(tpath); if (!OCSP_parse_url(opt_arg(), &host, &port, &path, &use_ssl)) { BIO_printf(bio_err, "%s Error parsing URL\n", prog); goto end; @@ -753,13 +750,9 @@ int ocsp_main(int argc, char **argv) sk_X509_pop_free(sign_other, X509_free); sk_X509_pop_free(verify_other, X509_free); sk_CONF_VALUE_pop_free(headers, X509V3_conf_free); - - if (thost) - OPENSSL_free(thost); - if (tport) - OPENSSL_free(tport); - if (tpath) - OPENSSL_free(tpath); + OPENSSL_free(thost); + OPENSSL_free(tport); + OPENSSL_free(tpath); return (ret); } diff --git a/apps/openssl.c b/apps/openssl.c index f6013f7..c6b048a 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -509,18 +509,15 @@ int main(int argc, char *argv[]) } ret = 1; end: - if (copied_argv) - OPENSSL_free(copied_argv); - if (to_free) - OPENSSL_free(to_free); + OPENSSL_free(copied_argv); + OPENSSL_free(to_free); if (config != NULL) { NCONF_free(config); config = NULL; } if (prog != NULL) lh_FUNCTION_free(prog); - if (arg.argv != NULL) - OPENSSL_free(arg.argv); + OPENSSL_free(arg.argv); BIO_free(bio_in); BIO_free_all(bio_out); diff --git a/apps/passwd.c b/apps/passwd.c index c529792..8dd8542 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -284,10 +284,8 @@ int passwd_main(int argc, char **argv) end: ERR_print_errors(bio_err); - if (salt_malloc) - OPENSSL_free(salt_malloc); - if (passwd_malloc) - OPENSSL_free(passwd_malloc); + OPENSSL_free(salt_malloc); + OPENSSL_free(passwd_malloc); BIO_free(in); return (ret); } diff --git a/apps/pkcs12.c b/apps/pkcs12.c index b4b3730..4c62392 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -556,10 +556,8 @@ int pkcs12_main(int argc, char **argv) BIO_free_all(out); if (canames) sk_OPENSSL_STRING_free(canames); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); return (ret); } diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 105c1cb..07ebf3b 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -343,10 +343,8 @@ int pkcs8_main(int argc, char **argv) EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); return ret; } diff --git a/apps/pkey.c b/apps/pkey.c index 716d6d0..f0930a7 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -208,10 +208,8 @@ int pkey_main(int argc, char **argv) EVP_PKEY_free(pkey); BIO_free_all(out); BIO_free(in); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); return ret; } diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 3afe0eb..87e4950 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -322,12 +322,9 @@ int pkeyutl_main(int argc, char **argv) EVP_PKEY_CTX_free(ctx); BIO_free(in); BIO_free_all(out); - if (buf_in) - OPENSSL_free(buf_in); - if (buf_out) - OPENSSL_free(buf_out); - if (sig) - OPENSSL_free(sig); + OPENSSL_free(buf_in); + OPENSSL_free(buf_out); + OPENSSL_free(sig); return ret; } @@ -413,10 +410,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize, } end: - - if (passin) - OPENSSL_free(passin); - + OPENSSL_free(passin); return ctx; } diff --git a/apps/req.c b/apps/req.c index 0502a64..4ff3b24 100644 --- a/apps/req.c +++ b/apps/req.c @@ -886,15 +886,12 @@ int req_main(int argc, char **argv) if (gen_eng) ENGINE_free(gen_eng); #endif - if (keyalgstr) - OPENSSL_free(keyalgstr); + OPENSSL_free(keyalgstr); X509_REQ_free(req); X509_free(x509ss); ASN1_INTEGER_free(serial); - if (passargin && passin) - OPENSSL_free(passin); - if (passargout && passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); OBJ_cleanup(); return (ret); } diff --git a/apps/rsa.c b/apps/rsa.c index 0a8e198..858699b 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -388,10 +388,8 @@ int rsa_main(int argc, char **argv) end: BIO_free_all(out); RSA_free(rsa); - if (passin) - OPENSSL_free(passin); - if (passout) - OPENSSL_free(passout); + OPENSSL_free(passin); + OPENSSL_free(passout); return (ret); } #else /* !OPENSSL_NO_RSA */ diff --git a/apps/rsautl.c b/apps/rsautl.c index f138293..0ef6105 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -315,12 +315,9 @@ int rsautl_main(int argc, char **argv) RSA_free(rsa); BIO_free(in); BIO_free_all(out); - if (rsa_in) - OPENSSL_free(rsa_in); - if (rsa_out) - OPENSSL_free(rsa_out); - if (passin) - OPENSSL_free(passin); + OPENSSL_free(rsa_in); + OPENSSL_free(rsa_out); + OPENSSL_free(passin); return ret; } diff --git a/apps/s_client.c b/apps/s_client.c index 8d8340d..a24d2f3 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1985,24 +1985,18 @@ int s_client_main(int argc, char **argv) SSL_free(con); } #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (next_proto.data) - OPENSSL_free(next_proto.data); + OPENSSL_free(next_proto.data); #endif SSL_CTX_free(ctx); X509_free(cert); sk_X509_CRL_pop_free(crls, X509_CRL_free); EVP_PKEY_free(key); sk_X509_pop_free(chain, X509_free); - if (pass) - OPENSSL_free(pass); + OPENSSL_free(pass); X509_VERIFY_PARAM_free(vpm); ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); SSL_CONF_CTX_free(cctx); -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret && psk_key) - OPENSSL_free(psk_key); -#endif OPENSSL_clear_free(cbuf, BUFSIZZ); OPENSSL_clear_free(sbuf, BUFSIZZ); OPENSSL_clear_free(mbuf, BUFSIZZ); diff --git a/apps/s_server.c b/apps/s_server.c index a616b64..5fb275d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1956,10 +1956,6 @@ int s_server_main(int argc, char *argv[]) ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); SSL_CONF_CTX_free(cctx); -#ifndef OPENSSL_NO_JPAKE - if (jpake_secret && psk_key) - OPENSSL_free(psk_key); -#endif BIO_free(bio_s_out); bio_s_out = NULL; BIO_free(bio_s_msg); @@ -2931,8 +2927,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) err: if (ret >= 0) BIO_printf(bio_s_out, "ACCEPT\n"); - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); BIO_free_all(io); return (ret); } @@ -3065,8 +3060,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) err: - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); BIO_free_all(io); return (ret); } diff --git a/apps/s_socket.c b/apps/s_socket.c index caa5b61..29240e8 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -354,8 +354,7 @@ int do_server(int port, int type, int *ret, } else sock = accept_socket; i = (*cb) (name, sock, type, context); - if (name != NULL) - OPENSSL_free(name); + OPENSSL_free(name); if (type == SOCK_STREAM) SHUTDOWN2(sock); if (naccept != -1) diff --git a/apps/smime.c b/apps/smime.c index 0fda865..8b8520b 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -664,8 +664,7 @@ int smime_main(int argc, char **argv) BIO_free(in); BIO_free(indata); BIO_free_all(out); - if (passin) - OPENSSL_free(passin); + OPENSSL_free(passin); return (ret); } diff --git a/apps/speed.c b/apps/speed.c index 08ab9c5..a5bd265 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2529,8 +2529,6 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) fprintf(stdout, "\n"); } - if (inp) - OPENSSL_free(inp); - if (out) - OPENSSL_free(out); + OPENSSL_free(inp); + OPENSSL_free(out); } diff --git a/apps/spkac.c b/apps/spkac.c index 7ceff9f..abae0e1 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -240,7 +240,6 @@ int spkac_main(int argc, char **argv) BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); - if (passin) - OPENSSL_free(passin); + OPENSSL_free(passin); return (ret); } diff --git a/apps/srp.c b/apps/srp.c index b984c14..960ca82 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -384,10 +384,8 @@ int srp_main(int argc, char **argv) errorline, configfile); goto end; } - if (tofree) { - OPENSSL_free(tofree); - tofree = NULL; - } + OPENSSL_free(tofree); + tofree = NULL; /* Lets get the config section we are using */ if (section == NULL) { @@ -519,26 +517,16 @@ int srp_main(int argc, char **argv) row[DB_srpgN] = BUF_strdup(gNid); if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] - || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo - && - (!(row - [DB_srpinfo] - = - BUF_strdup - (userinfo)))) + || !row[DB_srpverifier] || !row[DB_srpsalt] + || (userinfo && + (!(row [DB_srpinfo] = BUF_strdup (userinfo)))) || !update_index(db, row)) { - if (row[DB_srpid]) - OPENSSL_free(row[DB_srpid]); - if (row[DB_srpgN]) - OPENSSL_free(row[DB_srpgN]); - if (row[DB_srpinfo]) - OPENSSL_free(row[DB_srpinfo]); - if (row[DB_srptype]) - OPENSSL_free(row[DB_srptype]); - if (row[DB_srpverifier]) - OPENSSL_free(row[DB_srpverifier]); - if (row[DB_srpsalt]) - OPENSSL_free(row[DB_srpsalt]); + OPENSSL_free(row[DB_srpid]); + OPENSSL_free(row[DB_srpgN]); + OPENSSL_free(row[DB_srpinfo]); + OPENSSL_free(row[DB_srptype]); + OPENSSL_free(row[DB_srpverifier]); + OPENSSL_free(row[DB_srpsalt]); goto end; } doupdatedb = 1; @@ -676,8 +664,7 @@ int srp_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "SRP terminating with code %d.\n", ret); - if (tofree) - OPENSSL_free(tofree); + OPENSSL_free(tofree); if (ret) ERR_print_errors(bio_err); if (randfile) diff --git a/apps/x509.c b/apps/x509.c index 5418cce..31ae38a 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -955,8 +955,7 @@ int x509_main(int argc, char **argv) ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free); - if (passin) - OPENSSL_free(passin); + OPENSSL_free(passin); return (ret); } @@ -996,8 +995,7 @@ static ASN1_INTEGER *x509_load_serial(char *CAfile, char *serialfile, goto end; end: - if (buf) - OPENSSL_free(buf); + OPENSSL_free(buf); BN_free(serial); return bs; } diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index ba243f1..60b6e6d 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -168,8 +168,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, s = NULL; ret->length = (int)len; - if (ret->data != NULL) - OPENSSL_free(ret->data); + OPENSSL_free(ret->data); ret->data = s; ret->type = V_ASN1_BIT_STRING; if (a != NULL) diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 54d6542..4abd80c 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -75,8 +75,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) a->type = V_ASN1_ENUMERATED; if (a->length < (int)(sizeof(long) + 1)) { - if (a->data != NULL) - OPENSSL_free(a->data); + OPENSSL_free(a->data); if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL) memset((char *)a->data, 0, sizeof(long) + 1); } diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index 0e9149a..324496e 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -243,8 +243,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_ADJ, ERR_R_MALLOC_FAILURE); return (NULL); } - if (s->data != NULL) - OPENSSL_free(s->data); + OPENSSL_free(s->data); s->data = (unsigned char *)p; } diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index b5246a6..68a312b 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -258,8 +258,7 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, memcpy(s, p, (int)len); } - if (ret->data != NULL) - OPENSSL_free(ret->data); + OPENSSL_free(ret->data); ret->data = s; ret->length = (int)len; if (a != NULL) @@ -327,8 +326,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, p += len; } - if (ret->data != NULL) - OPENSSL_free(ret->data); + OPENSSL_free(ret->data); ret->data = s; ret->length = (int)len; if (a != NULL) @@ -349,8 +347,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) unsigned char buf[sizeof(long) + 1]; if (a->length < (int)(sizeof(long) + 1)) { - if (a->data != NULL) - OPENSSL_free(a->data); + OPENSSL_free(a->data); if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL) memset((char *)a->data, 0, sizeof(long) + 1); } diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 6935efe..2ff496b 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -190,11 +190,9 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if (*out) { free_out = 0; dest = *out; - if (dest->data) { - dest->length = 0; - OPENSSL_free(dest->data); - dest->data = NULL; - } + OPENSSL_free(dest->data); + dest->data = NULL; + dest->length = 0; dest->type = str_type; } else { free_out = 1; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 1e76122..809e9a4 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -313,8 +313,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, /* once detached we can change it */ if ((data == NULL) || (ret->length < length)) { ret->length = 0; - if (data != NULL) - OPENSSL_free(data); + OPENSSL_free(data); data = OPENSSL_malloc(length); if (data == NULL) { i = ERR_R_MALLOC_FAILURE; @@ -368,16 +367,13 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) #ifndef CONST_STRICT /* disable purely for compile-time strict * const checking. Doing this on a "real" * compile will cause memory leaks */ - if (a->sn != NULL) - OPENSSL_free((void *)a->sn); - if (a->ln != NULL) - OPENSSL_free((void *)a->ln); + OPENSSL_free((void*)a->sn); + OPENSSL_free((void*)a->ln); #endif a->sn = a->ln = NULL; } if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) { - if (a->data != NULL) - OPENSSL_free((void *)a->data); + OPENSSL_free((void*)a->data); a->data = NULL; a->length = 0; } diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index fb7536d..e189958 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -190,8 +190,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); goto err; } - if (signature->data != NULL) - OPENSSL_free(signature->data); + OPENSSL_free(signature->data); signature->data = buf_out; buf_out = NULL; signature->length = outl; @@ -300,8 +299,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); goto err; } - if (signature->data != NULL) - OPENSSL_free(signature->data); + OPENSSL_free(signature->data); signature->data = buf_out; buf_out = NULL; signature->length = outl; diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 0e2f1b0..5fd1a6a 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -218,8 +218,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, ASN1err(ASN1_F_ASN1_UTCTIME_ADJ, ERR_R_MALLOC_FAILURE); goto err; } - if (s->data != NULL) - OPENSSL_free(s->data); + OPENSSL_free(s->data); s->data = (unsigned char *)p; } diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 5c7d6bb..718aa52 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -384,10 +384,8 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) { if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) { - if (ameth->pem_str) - OPENSSL_free(ameth->pem_str); - if (ameth->info) - OPENSSL_free(ameth->info); + OPENSSL_free(ameth->pem_str); + OPENSSL_free(ameth->info); OPENSSL_free(ameth); } } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 3e066bc..6756c67 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -280,10 +280,8 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, ret = d2i_ASN1_TYPE(NULL, &cp, len); err: - if (orig_der) - OPENSSL_free(orig_der); - if (new_der) - OPENSSL_free(new_der); + OPENSSL_free(orig_der); + OPENSSL_free(new_der); return ret; @@ -510,8 +508,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, bad: - if (der) - OPENSSL_free(der); + OPENSSL_free(der); sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); if (sect) diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index a892d7f..e1e509b 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -335,8 +335,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) { - if (str->data) - OPENSSL_free(str->data); + OPENSSL_free(str->data); str->data = data; str->length = len; } @@ -366,7 +365,7 @@ void ASN1_STRING_free(ASN1_STRING *a) { if (a == NULL) return; - if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) + if (!(a->flags & ASN1_STRING_FLAG_NDEF)) OPENSSL_free(a->data); OPENSSL_free(a); } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 9b397ae..e8411a8 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -854,12 +854,9 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) return mhdr; err: - if (tmpname != NULL) - OPENSSL_free(tmpname); - if (tmpval != NULL) - OPENSSL_free(tmpval); - if (mhdr != NULL) - OPENSSL_free(mhdr); + OPENSSL_free(tmpname); + OPENSSL_free(tmpval); + OPENSSL_free(mhdr); return NULL; } @@ -895,12 +892,9 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) goto err; return 1; err: - if (tmpname != NULL) - OPENSSL_free(tmpname); - if (tmpval != NULL) - OPENSSL_free(tmpval); - if (mparam != NULL) - OPENSSL_free(mparam); + OPENSSL_free(tmpname); + OPENSSL_free(tmpval); + OPENSSL_free(mparam); return 0; } @@ -947,10 +941,8 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) static void mime_hdr_free(MIME_HEADER *hdr) { - if (hdr->name) - OPENSSL_free(hdr->name); - if (hdr->value) - OPENSSL_free(hdr->value); + OPENSSL_free(hdr->name); + OPENSSL_free(hdr->value); if (hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); OPENSSL_free(hdr); @@ -958,10 +950,8 @@ static void mime_hdr_free(MIME_HEADER *hdr) static void mime_param_free(MIME_PARAM *param) { - if (param->param_name) - OPENSSL_free(param->param_name); - if (param->param_value) - OPENSSL_free(param->param_value); + OPENSSL_free(param->param_name); + OPENSSL_free(param->param_value); OPENSSL_free(param); } diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c index 8d0f0b0..e358a86 100644 --- a/crypto/asn1/asn_pack.c +++ b/crypto/asn1/asn_pack.c @@ -77,10 +77,8 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) } else octmp = *oct; - if (octmp->data) { - OPENSSL_free(octmp->data); - octmp->data = NULL; - } + OPENSSL_free(octmp->data); + octmp->data = NULL; if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index d4be23c..ba39069 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -183,8 +183,7 @@ static int asn1_bio_free(BIO *b) if (ctx == NULL) return 0; - if (ctx->buf) - OPENSSL_free(ctx->buf); + OPENSSL_free(ctx->buf); OPENSSL_free(ctx); b->init = 0; b->ptr = NULL; diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index 99ab5f6..de517f2 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -143,8 +143,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) err: BIO_free(asn_bio); - if (ndef_aux) - OPENSSL_free(ndef_aux); + OPENSSL_free(ndef_aux); return NULL; } @@ -186,8 +185,7 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, ndef_aux = *(NDEF_SUPPORT **)parg; - if (ndef_aux->derbuf) - OPENSSL_free(ndef_aux->derbuf); + OPENSSL_free(ndef_aux->derbuf); ndef_aux->derbuf = NULL; *pbuf = NULL; diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c index 2ec99a5..338a02e 100644 --- a/crypto/asn1/f_enum.c +++ b/crypto/asn1/f_enum.c @@ -154,8 +154,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); - if (s != NULL) - OPENSSL_free(s); + OPENSSL_free(s); goto err; } s = sp; diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index f74252c..5a2d18b 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -168,8 +168,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) sp = OPENSSL_realloc_clean(s, slen, num + i * 2); if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); - if (s != NULL) - OPENSSL_free(s); + OPENSSL_free(s); goto err; } s = sp; diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index 53f8cf3..e9dcee8 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -160,8 +160,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); - if (s != NULL) - OPENSSL_free(s); + OPENSSL_free(s); goto err; } s = sp; diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index da73b6d..c32f28e 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -249,8 +249,7 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, } ret = 1; err: - if (m != NULL) - OPENSSL_free(m); + OPENSSL_free(m); return (ret); } @@ -299,8 +298,7 @@ int X509_ocspid_print(BIO *bp, X509 *x) return (1); err: - if (der != NULL) - OPENSSL_free(der); + OPENSSL_free(der); return (0); } diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index ef19fcd..c5caff7 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -765,7 +765,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, *in = p; ret = 1; err: - if (free_cont && buf.data) + if (free_cont) OPENSSL_free(buf.data); return ret; } @@ -882,8 +882,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } /* If we've already allocated a buffer use it */ if (*free_cont) { - if (stmp->data) - OPENSSL_free(stmp->data); + OPENSSL_free(stmp->data); stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ stmp->length = len; *free_cont = 0; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 10974eb..76d584b 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -100,8 +100,7 @@ ASN1_PCTX *ASN1_PCTX_new(void) void ASN1_PCTX_free(ASN1_PCTX *p) { - if (p) - OPENSSL_free(p); + OPENSSL_free(p); } unsigned long ASN1_PCTX_get_flags(ASN1_PCTX *p) diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index 8305405..cedea9c 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -86,8 +86,7 @@ ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) void ASN1_SCTX_free(ASN1_SCTX *p) { - if (p) - OPENSSL_free(p); + OPENSSL_free(p); } const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p) diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index 17318ea..76e9605 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -154,8 +154,7 @@ void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) ASN1_ENCODING *enc; enc = asn1_get_enc_ptr(pval, it); if (enc) { - if (enc->enc) - OPENSSL_free(enc->enc); + OPENSSL_free(enc->enc); enc->enc = NULL; enc->len = 0; enc->modified = 1; @@ -170,8 +169,7 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, if (!enc) return 1; - if (enc->enc) - OPENSSL_free(enc->enc); + OPENSSL_free(enc->enc); enc->enc = OPENSSL_malloc(inlen); if (!enc->enc) return 0; diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c index 4783fc4..5b927ef 100644 --- a/crypto/asn1/x_info.c +++ b/crypto/asn1/x_info.c @@ -106,7 +106,6 @@ void X509_INFO_free(X509_INFO *x) X509_free(x->x509); X509_CRL_free(x->crl); X509_PKEY_free(x->x_pkey); - if (x->enc_data != NULL) - OPENSSL_free(x->enc_data); + OPENSSL_free(x->enc_data); OPENSSL_free(x); } diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index fc5de8a..59e002b 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -113,7 +113,7 @@ void X509_PKEY_free(X509_PKEY *x) X509_ALGOR_free(x->enc_algor); ASN1_OCTET_STRING_free(x->enc_pkey); EVP_PKEY_free(x->dec_pkey); - if ((x->key_data != NULL) && (x->key_free)) + if (x->key_free) OPENSSL_free(x->key_data); OPENSSL_free(x); } diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 158c240..2605f07 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -340,8 +340,7 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval)) return 0; if (penc) { - if (pub->public_key->data) - OPENSSL_free(pub->public_key->data); + OPENSSL_free(pub->public_key->data); pub->public_key->data = penc; pub->public_key->length = penclen; /* Set number of unused bits to zero */ diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 08bb4bd..1b353af 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -103,8 +103,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_D2I_POST: - if (ret->name != NULL) - OPENSSL_free(ret->name); + OPENSSL_free(ret->name); ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0); break; @@ -119,9 +118,7 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, NAME_CONSTRAINTS_free(ret->nc); sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free); ASIdentifiers_free(ret->rfc3779_asid); - - if (ret->name != NULL) - OPENSSL_free(ret->name); + OPENSSL_free(ret->name); break; } diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index a4fded5..39499de 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -572,8 +572,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) } ret = 1; err: - if (str != NULL) - OPENSSL_free(str); + OPENSSL_free(str); if ((ret == 0) && (s != INVALID_SOCKET)) { closesocket(s); s = INVALID_SOCKET; diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index d82385a..53a1204 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -127,10 +127,8 @@ static int buffer_free(BIO *a) if (a == NULL) return (0); b = (BIO_F_BUFFER_CTX *)a->ptr; - if (b->ibuf != NULL) - OPENSSL_free(b->ibuf); - if (b->obuf != NULL) - OPENSSL_free(b->obuf); + OPENSSL_free(b->ibuf); + OPENSSL_free(b->obuf); OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; @@ -339,8 +337,7 @@ static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) p1 = OPENSSL_malloc((int)num); if (p1 == NULL) goto malloc_error; - if (ctx->ibuf != NULL) - OPENSSL_free(ctx->ibuf); + OPENSSL_free(ctx->ibuf); ctx->ibuf = p1; } ctx->ibuf_off = 0; diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index ef12820..d7906b4 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -128,8 +128,7 @@ static int linebuffer_free(BIO *a) if (a == NULL) return (0); b = (BIO_LINEBUFFER_CTX *)a->ptr; - if (b->obuf != NULL) - OPENSSL_free(b->obuf); + OPENSSL_free(b->obuf); OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index df547a1..9b9c0c0 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -116,8 +116,7 @@ static int nbiof_free(BIO *a) { if (a == NULL) return (0); - if (a->ptr != NULL) - OPENSSL_free(a->ptr); + OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index d6f6678..6793fe1 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -151,10 +151,8 @@ static void BIO_ACCEPT_free(BIO_ACCEPT *a) if (a == NULL) return; - if (a->param_addr != NULL) - OPENSSL_free(a->param_addr); - if (a->addr != NULL) - OPENSSL_free(a->addr); + OPENSSL_free(a->param_addr); + OPENSSL_free(a->addr); BIO_free(a->bio_chain); OPENSSL_free(a); } @@ -353,8 +351,7 @@ static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) if (ptr != NULL) { if (num == 0) { b->init = 1; - if (data->param_addr != NULL) - OPENSSL_free(data->param_addr); + OPENSSL_free(data->param_addr); data->param_addr = BUF_strdup(ptr); } else if (num == 1) { data->accept_nbio = (ptr != NULL); diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index c6bb3d6..c9b8e7f 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -170,10 +170,7 @@ static int bio_free(BIO *bio) if (b->peer) bio_destroy_pair(bio); - if (b->buf != NULL) { - OPENSSL_free(b->buf); - } - + OPENSSL_free(b->buf); OPENSSL_free(b); return 1; @@ -507,10 +504,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) size_t new_size = num; if (b->size != new_size) { - if (b->buf) { - OPENSSL_free(b->buf); - b->buf = NULL; - } + OPENSSL_free(b->buf); + b->buf = NULL; b->size = new_size; } ret = 1; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index e44bb32..0b82082 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -148,8 +148,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) *q = '\0'; break; } - if (c->param_port != NULL) - OPENSSL_free(c->param_port); + OPENSSL_free(c->param_port); c->param_port = BUF_strdup(p); } } @@ -308,10 +307,8 @@ void BIO_CONNECT_free(BIO_CONNECT *a) if (a == NULL) return; - if (a->param_hostname != NULL) - OPENSSL_free(a->param_hostname); - if (a->param_port != NULL) - OPENSSL_free(a->param_port); + OPENSSL_free(a->param_hostname); + OPENSSL_free(a->param_port); OPENSSL_free(a); } @@ -455,12 +452,10 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) if (ptr != NULL) { b->init = 1; if (num == 0) { - if (data->param_hostname != NULL) - OPENSSL_free(data->param_hostname); + OPENSSL_free(data->param_hostname); data->param_hostname = BUF_strdup(ptr); } else if (num == 1) { - if (data->param_port != NULL) - OPENSSL_free(data->param_port); + OPENSSL_free(data->param_port); data->param_port = BUF_strdup(ptr); } else if (num == 2) { char buf[16]; @@ -468,16 +463,14 @@ static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) BIO_snprintf(buf, sizeof buf, "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); - if (data->param_hostname != NULL) - OPENSSL_free(data->param_hostname); + OPENSSL_free(data->param_hostname); data->param_hostname = BUF_strdup(buf); memcpy(&(data->ip[0]), ptr, 4); } else if (num == 3) { char buf[DECIMAL_SIZE(int) + 1]; BIO_snprintf(buf, sizeof buf, "%d", *(int *)ptr); - if (data->param_port != NULL) - OPENSSL_free(data->param_port); + OPENSSL_free(data->param_port); data->param_port = BUF_strdup(buf); data->port = *(int *)ptr; } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 4fa6279..406d46b 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -245,8 +245,7 @@ static int dgram_free(BIO *a) return 0; data = (bio_dgram_data *)a->ptr; - if (data != NULL) - OPENSSL_free(data); + OPENSSL_free(data); return (1); } @@ -1110,8 +1109,7 @@ static int dgram_sctp_free(BIO *a) data = (bio_dgram_sctp_data *) a->ptr; if (data != NULL) { - if (data->saved_message.data != NULL) - OPENSSL_free(data->saved_message.data); + OPENSSL_free(data->saved_message.data); OPENSSL_free(data); } @@ -1413,8 +1411,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); return -1; } - if (data->saved_message.data) - OPENSSL_free(data->saved_message.data); + OPENSSL_free(data->saved_message.data); data->saved_message.data = tmp; memcpy(data->saved_message.data, in, inl); data->saved_message.length = inl; diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 28c3693..17aa2ba 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -1131,8 +1131,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_MONT_CTX_free(mont); if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); - if (powerbufFree) - OPENSSL_free(powerbufFree); + OPENSSL_free(powerbufFree); } BN_CTX_end(ctx); return (ret); diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index fc7ad24..7c0d4af 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -561,8 +561,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -620,8 +619,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -1037,8 +1035,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -1097,8 +1094,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } @@ -1228,8 +1224,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx); bn_check_top(r); err: - if (arr) - OPENSSL_free(arr); + OPENSSL_free(arr); return ret; } diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 32ad505..139d11b 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -67,7 +67,6 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) { int window_val; - int ok = 0; signed char *r = NULL; int sign = 1; int bit, next_bit, mask; @@ -176,17 +175,12 @@ signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len) BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR); goto err; } - len = j; - ok = 1; + *ret_len = j; + return r; err: - if (!ok) { - OPENSSL_free(r); - r = NULL; - } - if (ok) - *ret_len = len; - return r; + OPENSSL_free(r); + return NULL; } int bn_get_top(const BIGNUM *a) diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 2c5e2b2..3e9ea8e 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -246,7 +246,7 @@ void BN_free(BIGNUM *a) if (a == NULL) return; bn_check_top(a); - if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA))) + if (!BN_get_flags(a, BN_FLG_STATIC_DATA)) OPENSSL_free(a->d); if (a->flags & BN_FLG_MALLOCED) OPENSSL_free(a); @@ -378,8 +378,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words) BN_ULONG *a = bn_expand_internal(b, words); if (!a) return NULL; - if (b->d) - OPENSSL_free(b->d); + OPENSSL_free(b->d); b->d = a; b->dmax = words; } diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 8b59e78..1ef5a87 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -156,15 +156,12 @@ char *BN_bn2dec(const BIGNUM *a) } ok = 1; err: - if (bn_data != NULL) - OPENSSL_free(bn_data); + OPENSSL_free(bn_data); BN_free(t); - if (!ok && buf) { - OPENSSL_free(buf); - buf = NULL; - } - - return (buf); + if (ok) + return buf; + OPENSSL_free(buf); + return NULL; } int BN_hex2bn(BIGNUM **bn, const char *a) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 4681154..ed3c3c5 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -351,7 +351,6 @@ int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range, ret = 1; err: - if (k_bytes) - OPENSSL_free(k_bytes); + OPENSSL_free(k_bytes); return ret; } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index d146f84..e8274be 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -404,8 +404,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, EVP_PKEY_CTX_free(pctx); ktri->pctx = NULL; } - if (ek) - OPENSSL_free(ek); + OPENSSL_free(ek); return ret; } @@ -472,7 +471,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, err: EVP_PKEY_CTX_free(ktri->pctx); ktri->pctx = NULL; - if (!ret && ek) + if (!ret) OPENSSL_free(ek); return ret; @@ -712,7 +711,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, err: - if (!r && wkey) + if (!r) OPENSSL_free(wkey); OPENSSL_cleanse(&actx, sizeof(actx)); @@ -785,7 +784,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, err: - if (!r && ukey) + if (!r) OPENSSL_free(ukey); OPENSSL_cleanse(&actx, sizeof(actx)); diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 6d5fa90..21f41f6 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -154,8 +154,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) if (!r) CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); - if (rrder) - OPENSSL_free(rrder); + OPENSSL_free(rrder); return r; diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index 17b62dd..ea7fb5b 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -268,7 +268,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, err: OPENSSL_cleanse(kek, keklen); - if (!rv && out) + if (!rv) OPENSSL_free(out); EVP_CIPHER_CTX_cleanup(&kari->ctx); EVP_PKEY_CTX_free(kari->pctx); @@ -300,8 +300,7 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, cek = NULL; rv = 1; err: - if (cek) - OPENSSL_free(cek); + OPENSSL_free(cek); return rv; } diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 6416502..1d505e9 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -420,7 +420,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, EVP_CIPHER_CTX_cleanup(&kekctx); - if (!r && key) + if (!r) OPENSSL_free(key); X509_ALGOR_free(kekalg); diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 31398ac..7fb4385 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -728,8 +728,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) return 1; err: - if (abuf) - OPENSSL_free(abuf); + OPENSSL_free(abuf); EVP_MD_CTX_cleanup(mctx); return 0; diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index aa03f8f..4508e7f 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -151,8 +151,7 @@ static int zlib_stateful_init(COMP_CTX *ctx) CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state); return 1; err: - if (state) - OPENSSL_free(state); + OPENSSL_free(state); return 0; } @@ -606,18 +605,14 @@ static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr) } if (ibs != -1) { - if (ctx->ibuf) { - OPENSSL_free(ctx->ibuf); - ctx->ibuf = NULL; - } + OPENSSL_free(ctx->ibuf); + ctx->ibuf = NULL; ctx->ibufsize = ibs; } if (obs != -1) { - if (ctx->obuf) { - OPENSSL_free(ctx->obuf); - ctx->obuf = NULL; - } + OPENSSL_free(ctx->obuf); + ctx->obuf = NULL; ctx->obufsize = obs; } ret = 1; diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index cba2de1..b41564b 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -273,8 +273,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) if (!ok) { if (sk != NULL) sk_CONF_VALUE_free(sk); - if (v != NULL) - OPENSSL_free(v); + OPENSSL_free(v); v = NULL; } return (v); diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index ef3fef4..bd2e8c0 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -393,14 +393,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) } if (buff != NULL) BUF_MEM_free(buff); - if (section != NULL) - OPENSSL_free(section); + OPENSSL_free(section); return (1); err: if (buff != NULL) BUF_MEM_free(buff); - if (section != NULL) - OPENSSL_free(section); + OPENSSL_free(section); if (line != NULL) *line = eline; BIO_snprintf(btmp, sizeof btmp, "%ld", eline); @@ -410,12 +408,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) conf->data = NULL; } if (v != NULL) { - if (v->name != NULL) - OPENSSL_free(v->name); - if (v->value != NULL) - OPENSSL_free(v->value); - if (v != NULL) - OPENSSL_free(v); + OPENSSL_free(v->name); + OPENSSL_free(v->value); + OPENSSL_free(v); } return (0); } @@ -595,8 +590,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) buf->data[to++] = *(from++); } buf->data[to] = '\0'; - if (*pto != NULL) - OPENSSL_free(*pto); + OPENSSL_free(*pto); *pto = buf->data; OPENSSL_free(buf); return (1); diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 9acfca4..ce2b177 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -383,10 +383,8 @@ static int module_init(CONF_MODULE *pmod, char *name, char *value, memerr: if (imod) { - if (imod->name) - OPENSSL_free(imod->name); - if (imod->value) - OPENSSL_free(imod->value); + OPENSSL_free(imod->name); + OPENSSL_free(imod->value); OPENSSL_free(imod); } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 6a4223c..c9374b7 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -187,8 +187,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) return 1; err: - if (penc) - OPENSSL_free(penc); + OPENSSL_free(penc); ASN1_STRING_free(str); return 0; @@ -292,8 +291,7 @@ static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 1; err: - if (dp != NULL) - OPENSSL_free(dp); + OPENSSL_free(dp); ASN1_STRING_free(params); ASN1_STRING_clear_free(prkey); return 0; @@ -422,8 +420,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, err: DHerr(DH_F_DO_DH_PRINT, reason); } - if (m != NULL) - OPENSSL_free(m); + OPENSSL_free(m); return (ret); } @@ -481,11 +478,9 @@ static int int_dh_param_copy(DH *to, const DH *from, int is_x942) return 0; if (!int_dh_bn_cpy(&to->j, from->j)) return 0; - if (to->seed) { - OPENSSL_free(to->seed); - to->seed = NULL; - to->seedlen = 0; - } + OPENSSL_free(to->seed); + to->seed = NULL; + to->seedlen = 0; if (from->seed) { to->seed = BUF_memdup(from->seed, from->seedlen); if (!to->seed) diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index a882cb2..b812d82 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -180,8 +180,7 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, } rv = 1; err: - if (der) - OPENSSL_free(der); + OPENSSL_free(der); EVP_MD_CTX_cleanup(&mctx); return rv; } diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 74bad4d..10e98c6 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -198,8 +198,7 @@ void DH_free(DH *r) BN_clear_free(r->g); BN_clear_free(r->q); BN_clear_free(r->j); - if (r->seed) - OPENSSL_free(r->seed); + OPENSSL_free(r->seed); BN_clear_free(r->counter); BN_clear_free(r->pub_key); BN_clear_free(r->priv_key); diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 069b855..be44c0b 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -153,8 +153,7 @@ static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx) { DH_PKEY_CTX *dctx = ctx->data; if (dctx) { - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); + OPENSSL_free(dctx->kdf_ukm); ASN1_OBJECT_free(dctx->kdf_oid); OPENSSL_free(dctx); } @@ -230,8 +229,7 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_DH_KDF_UKM: - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); + OPENSSL_free(dctx->kdf_ukm); dctx->kdf_ukm = p2; if (p2) dctx->kdf_ukmlen = p1; diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index e26ca84..e5009ec 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -169,8 +169,7 @@ static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) return 1; err: - if (penc) - OPENSSL_free(penc); + OPENSSL_free(penc); ASN1_STRING_free(str); return 0; @@ -329,8 +328,7 @@ static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 1; err: - if (dp != NULL) - OPENSSL_free(dp); + OPENSSL_free(dp); ASN1_STRING_free(params); ASN1_STRING_clear_free(prkey); return 0; @@ -471,8 +469,7 @@ static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype) goto err; ret = 1; err: - if (m != NULL) - OPENSSL_free(m); + OPENSSL_free(m); return (ret); } @@ -562,8 +559,7 @@ static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, goto err; rv = 1; err: - if (m) - OPENSSL_free(m); + OPENSSL_free(m); DSA_SIG_free(dsa_sig); return rv; } diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 1827de8..59946f6 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -644,8 +644,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N, if (h_ret != NULL) *h_ret = h; } - if (seed) - OPENSSL_free(seed); + OPENSSL_free(seed); if (seed_out != seed_tmp) OPENSSL_free(seed_tmp); if (ctx) diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index c119209..7aa1054 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -113,8 +113,7 @@ static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx) { DSA_PKEY_CTX *dctx = ctx->data; - if (dctx) - OPENSSL_free(dctx); + OPENSSL_free(dctx); } static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 989d4d9..5d5ede0 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -143,8 +143,7 @@ static int dl_load(DSO *dso) return (1); err: /* Cleanup! */ - if (filename != NULL) - OPENSSL_free(filename); + OPENSSL_free(filename); if (ptr != NULL) shl_unload(ptr); return (0); diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 8ebb2b5..92d951f 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -182,8 +182,7 @@ static int dlfcn_load(DSO *dso) return (1); err: /* Cleanup! */ - if (filename != NULL) - OPENSSL_free(filename); + OPENSSL_free(filename); if (ptr != NULL) dlclose(ptr); return (0); diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index c1d6d25..a33a8a8 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -162,11 +162,8 @@ int DSO_free(DSO *dso) } sk_void_free(dso->meth_data); - if (dso->filename != NULL) - OPENSSL_free(dso->filename); - if (dso->loaded_filename != NULL) - OPENSSL_free(dso->loaded_filename); - + OPENSSL_free(dso->filename); + OPENSSL_free(dso->loaded_filename); OPENSSL_free(dso); return (1); } @@ -360,8 +357,7 @@ int DSO_set_filename(DSO *dso, const char *filename) return (0); } BUF_strlcpy(copied, filename, strlen(filename) + 1); - if (dso->filename) - OPENSSL_free(dso->filename); + OPENSSL_free(dso->filename); dso->filename = copied; return (1); } diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 79bbd97..821e238 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -267,10 +267,8 @@ static int vms_load(DSO *dso) return (1); err: /* Cleanup! */ - if (p != NULL) - OPENSSL_free(p); - if (filename != NULL) - OPENSSL_free(filename); + OPENSSL_free(p); + OPENSSL_free(filename); return (0); } diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 2499fc1..144d8e6 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -183,10 +183,8 @@ static int win32_load(DSO *dso) return (1); err: /* Cleanup ! */ - if (filename != NULL) - OPENSSL_free(filename); - if (p != NULL) - OPENSSL_free(p); + OPENSSL_free(filename); + OPENSSL_free(p); if (h != NULL) FreeLibrary(h); return (0); diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 0554c20..1cc4d40 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -132,8 +132,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) ASN1_OBJECT_free(pval); else ASN1_STRING_free(pval); - if (penc) - OPENSSL_free(penc); + OPENSSL_free(penc); return 0; } @@ -503,8 +502,7 @@ static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, int ktype) BN_free(pub_key); BN_free(order); BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); + OPENSSL_free(buffer); return (ret); } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 5976a2f..c86f22e 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -525,10 +525,8 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve) ok = 1; err: - if (buffer_1) - OPENSSL_free(buffer_1); - if (buffer_2) - OPENSSL_free(buffer_2); + OPENSSL_free(buffer_1); + OPENSSL_free(buffer_2); BN_free(tmp_1); BN_free(tmp_2); return (ok); @@ -628,8 +626,7 @@ static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group, if (!param) ECPARAMETERS_free(ret); BN_free(tmp); - if (buffer) - OPENSSL_free(buffer); + OPENSSL_free(buffer); return NULL; } @@ -840,8 +837,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) /* extract seed (optional) */ if (params->curve->seed != NULL) { - if (ret->seed != NULL) - OPENSSL_free(ret->seed); + OPENSSL_free(ret->seed); if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); goto err; @@ -1193,8 +1189,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) } ok = 1; err: - if (buffer) - OPENSSL_free(buffer); + OPENSSL_free(buffer); if (priv_key) EC_PRIVATEKEY_free(priv_key); return (ok ? ret : 0); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 1f51f74..02de91d 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -232,8 +232,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) dest->asn1_form = src->asn1_form; if (src->seed) { - if (dest->seed) - OPENSSL_free(dest->seed); + OPENSSL_free(dest->seed); dest->seed = OPENSSL_malloc(src->seed_len); if (dest->seed == NULL) return 0; @@ -241,8 +240,7 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) return 0; dest->seed_len = src->seed_len; } else { - if (dest->seed) - OPENSSL_free(dest->seed); + OPENSSL_free(dest->seed); dest->seed = NULL; dest->seed_len = 0; } @@ -382,11 +380,9 @@ point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len) { - if (group->seed) { - OPENSSL_free(group->seed); - group->seed = NULL; - group->seed_len = 0; - } + OPENSSL_free(group->seed); + group->seed = NULL; + group->seed_len = 0; if (!len || !p) return 1; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index b4723fb..115bc42 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -555,10 +555,8 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, err: BN_CTX_free(new_ctx); EC_POINT_free(tmp); - if (wsize != NULL) - OPENSSL_free(wsize); - if (wNAF_len != NULL) - OPENSSL_free(wNAF_len); + OPENSSL_free(wsize); + OPENSSL_free(wNAF_len); if (wNAF != NULL) { signed char **w; @@ -573,9 +571,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, OPENSSL_free(val); } - if (val_sub != NULL) { - OPENSSL_free(val_sub); - } + OPENSSL_free(val_sub); return ret; } diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 5b3d197..ec27e23 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -148,8 +148,7 @@ static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx) if (dctx) { EC_GROUP_free(dctx->gen_group); EC_KEY_free(dctx->co_key); - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); + OPENSSL_free(dctx->kdf_ukm); OPENSSL_free(dctx); } } @@ -359,8 +358,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_EC_KDF_UKM: - if (dctx->kdf_ukm) - OPENSSL_free(dctx->kdf_ukm); + OPENSSL_free(dctx->kdf_ukm); dctx->kdf_ukm = p2; if (p2) dctx->kdf_ukmlen = p1; diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 6eb5291..7cdc485 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -325,8 +325,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off) BN_free(order); BN_free(cofactor); BN_CTX_free(ctx); - if (buffer != NULL) - OPENSSL_free(buffer); + OPENSSL_free(buffer); return (ret); } diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index fdcf450..60a8d50 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1573,12 +1573,9 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, BN_CTX_end(ctx); EC_POINT_free(generator); BN_CTX_free(new_ctx); - if (secrets != NULL) - OPENSSL_free(secrets); - if (pre_comp != NULL) - OPENSSL_free(pre_comp); - if (tmp_felems != NULL) - OPENSSL_free(tmp_felems); + OPENSSL_free(secrets); + OPENSSL_free(pre_comp); + OPENSSL_free(tmp_felems); return ret; } diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index d03bf15..c9f073b 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -2193,12 +2193,9 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, BN_CTX_end(ctx); EC_POINT_free(generator); BN_CTX_free(new_ctx); - if (secrets != NULL) - OPENSSL_free(secrets); - if (pre_comp != NULL) - OPENSSL_free(pre_comp); - if (tmp_smallfelems != NULL) - OPENSSL_free(tmp_smallfelems); + OPENSSL_free(secrets); + OPENSSL_free(pre_comp); + OPENSSL_free(tmp_smallfelems); return ret; } diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 1069214..bdfd576 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -2021,12 +2021,9 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, BN_CTX_end(ctx); EC_POINT_free(generator); BN_CTX_free(new_ctx); - if (secrets != NULL) - OPENSSL_free(secrets); - if (pre_comp != NULL) - OPENSSL_free(pre_comp); - if (tmp_felems != NULL) - OPENSSL_free(tmp_felems); + OPENSSL_free(secrets); + OPENSSL_free(pre_comp); + OPENSSL_free(tmp_felems); return ret; } diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index ae1fcdd..e73d26c 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -721,12 +721,9 @@ __owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group, ret = 1; err: - if (table_storage) - OPENSSL_free(table_storage); - if (p_str) - OPENSSL_free(p_str); - if (scalars) - OPENSSL_free(scalars); + OPENSSL_free(table_storage); + OPENSSL_free(p_str); + OPENSSL_free(scalars); return ret; } @@ -889,8 +886,7 @@ __owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx) BN_CTX_free(new_ctx); ecp_nistz256_pre_comp_free(pre_comp); - if (precomp_storage) - OPENSSL_free(precomp_storage); + OPENSSL_free(precomp_storage); EC_POINT_free(P); EC_POINT_free(T); return ret; @@ -1356,10 +1352,8 @@ err: if (ctx) BN_CTX_end(ctx); BN_CTX_free(new_ctx); - if (new_points) - OPENSSL_free(new_points); - if (new_scalars) - OPENSSL_free(new_scalars); + OPENSSL_free(new_points); + OPENSSL_free(new_scalars); return ret; } @@ -1451,9 +1445,7 @@ static void ecp_nistz256_pre_comp_free(void *pre_) if (i > 0) return; - if (pre->precomp_storage) - OPENSSL_free(pre->precomp_storage); - + OPENSSL_free(pre->precomp_storage); OPENSSL_free(pre); } diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index 6297706..ad3482f 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -206,7 +206,6 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key, if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx); - if (buf) - OPENSSL_free(buf); + OPENSSL_free(buf); return (ret); } diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index a3be0d7..d801ae8 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -889,11 +889,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx) return (0); } - if (state->mac_data) { - OPENSSL_free(state->mac_data); - state->mac_data = NULL; - state->mac_len = 0; - } + OPENSSL_free(state->mac_data); + state->mac_data = NULL; + state->mac_len = 0; if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) { printf("cryptodev_digest_cleanup: failed to close session\n"); diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 31ec324..7dd3659 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -136,11 +136,11 @@ struct st_dynamic_data_ctx { */ dynamic_bind_engine bind_engine; /* The default name/path for loading the shared library */ - const char *DYNAMIC_LIBNAME; + char *DYNAMIC_LIBNAME; /* Whether to continue loading on a version check failure */ int no_vcheck; /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */ - const char *engine_id; + char *engine_id; /* * If non-zero, a successfully loaded ENGINE should be added to the * internal ENGINE list. If 2, the add must succeed or the entire load @@ -188,10 +188,8 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; if (ctx->dynamic_dso) DSO_free(ctx->dynamic_dso); - if (ctx->DYNAMIC_LIBNAME) - OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); - if (ctx->engine_id) - OPENSSL_free((void *)ctx->engine_id); + OPENSSL_free(ctx->DYNAMIC_LIBNAME); + OPENSSL_free(ctx->engine_id); if (ctx->dirs) sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); OPENSSL_free(ctx); @@ -243,8 +241,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) * If we lost the race to set the context, c is non-NULL and *ctx is the * context of the thread that won. */ - if (c) - OPENSSL_free(c); + OPENSSL_free(c); return 1; } @@ -363,8 +360,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) /* a NULL 'p' or a string of zero-length is the same thing */ if (p && (strlen((const char *)p) < 1)) p = NULL; - if (ctx->DYNAMIC_LIBNAME) - OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME); + OPENSSL_free(ctx->DYNAMIC_LIBNAME); if (p) ctx->DYNAMIC_LIBNAME = BUF_strdup(p); else @@ -377,8 +373,7 @@ static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) /* a NULL 'p' or a string of zero-length is the same thing */ if (p && (strlen((const char *)p) < 1)) p = NULL; - if (ctx->engine_id) - OPENSSL_free((void *)ctx->engine_id); + OPENSSL_free(ctx->engine_id); if (p) ctx->engine_id = BUF_strdup(p); else diff --git a/crypto/err/err.c b/crypto/err/err.c index ec7da22..9d58f38 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -478,8 +478,7 @@ static void build_SYS_str_reasons(void) #define err_clear_data(p,i) \ do { \ - if (((p)->err_data[i] != NULL) && \ - (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ + if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ { \ OPENSSL_free((p)->err_data[i]); \ (p)->err_data[i]=NULL; \ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 3468b6b..c2387b9 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -523,8 +523,7 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) { EVP_CIPHER_CTX_cleanup(ctx); - if (ctx) - OPENSSL_free(ctx); + OPENSSL_free(ctx); } int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) @@ -538,8 +537,7 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) if (c->cipher_data) OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size); } - if (c->cipher_data) - OPENSSL_free(c->cipher_data); + OPENSSL_free(c->cipher_data); #ifndef OPENSSL_NO_ENGINE if (c->engine) /* diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 6a567c9..66070f6 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -444,8 +444,7 @@ static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage[i]->argl, storage[i]->argp); } } - if (storage) - OPENSSL_free(storage); + OPENSSL_free(storage); return 1; } @@ -487,8 +486,7 @@ static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, storage[i]->argl, storage[i]->argp); CRYPTO_set_ex_data(to, i, ptr); } - if (storage) - OPENSSL_free(storage); + OPENSSL_free(storage); return 1; } @@ -525,8 +523,7 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) storage[i]->argl, storage[i]->argp); } } - if (storage) - OPENSSL_free(storage); + OPENSSL_free(storage); if (ad->sk) { sk_void_free(ad->sk); ad->sk = NULL; diff --git a/crypto/mem.c b/crypto/mem.c index 6176b38..14f67a4 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -453,8 +453,7 @@ void CRYPTO_clear_free(void *str, size_t num) void *CRYPTO_remalloc(void *a, int num, const char *file, int line) { - if (a != NULL) - OPENSSL_free(a); + OPENSSL_free(a); a = OPENSSL_malloc(num); return (a); } diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 46c4f87..bca3ded 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -276,8 +276,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) ao[i]->obj = o; aop = lh_ADDED_OBJ_insert(added, ao[i]); /* memory leak, buit should not normally matter */ - if (aop != NULL) - OPENSSL_free(aop); + OPENSSL_free(aop); } } o->flags &= @@ -289,10 +288,8 @@ int OBJ_add_object(const ASN1_OBJECT *obj) OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE); err: for (i = ADDED_DATA; i <= ADDED_NID; i++) - if (ao[i] != NULL) - OPENSSL_free(ao[i]); - if (o != NULL) - OPENSSL_free(o); + OPENSSL_free(ao[i]); + OPENSSL_free(o); return (NID_undef); } diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c index 0bcb5df..58e9a92 100644 --- a/crypto/objects/obj_lib.c +++ b/crypto/objects/obj_lib.c @@ -114,14 +114,10 @@ ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) return (r); err: OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE); - if (ln != NULL) - OPENSSL_free(ln); - if (sn != NULL) - OPENSSL_free(sn); - if (data != NULL) - OPENSSL_free(data); - if (r != NULL) - OPENSSL_free(r); + OPENSSL_free(ln); + OPENSSL_free(sn); + OPENSSL_free(data); + OPENSSL_free(r); return (NULL); } diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 520b55a..91eac9b 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -326,8 +326,7 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, goto err; ret = 1; err: - if (os.data) - OPENSSL_free(os.data); + OPENSSL_free(os.data); return ret; } diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index 266b43b..aa10c03 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -139,8 +139,7 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) if (!rctx) return; BIO_free(rctx->mem); - if (rctx->iobuf) - OPENSSL_free(rctx->iobuf); + OPENSSL_free(rctx->iobuf); OPENSSL_free(rctx); } diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 34df9ac..ac64b65 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -273,14 +273,10 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL); err: - if (buf) - OPENSSL_free(buf); - if (*ppath) - OPENSSL_free(*ppath); - if (*pport) - OPENSSL_free(*pport); - if (*phost) - OPENSSL_free(*phost); + OPENSSL_free(buf); + OPENSSL_free(*ppath); + OPENSSL_free(*pport); + OPENSSL_free(*phost); return 0; } diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 0e7338b..29670ed 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -253,14 +253,11 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, } else { /* unknown */ } - if (name != NULL) - OPENSSL_free(name); - if (header != NULL) - OPENSSL_free(header); - if (data != NULL) - OPENSSL_free(data); + OPENSSL_free(name); name = NULL; + OPENSSL_free(header); header = NULL; + OPENSSL_free(data); data = NULL; } @@ -287,12 +284,9 @@ STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, ret = NULL; } - if (name != NULL) - OPENSSL_free(name); - if (header != NULL) - OPENSSL_free(header); - if (data != NULL) - OPENSSL_free(data); + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); return (ret); } diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index 374273d..a3812b8 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -112,8 +112,7 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, ret = npubk; err: - if (s != NULL) - OPENSSL_free(s); + OPENSSL_free(s); OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH); return (ret); } @@ -181,8 +180,7 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, err: EVP_MD_CTX_cleanup(&ctx->md); EVP_CIPHER_CTX_cleanup(&ctx->cipher); - if (s != NULL) - OPENSSL_free(s); + OPENSSL_free(s); return (ret); } #else /* !OPENSSL_NO_RSA */ diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c index 87cc727..e16be4a 100644 --- a/crypto/pem/pem_sign.c +++ b/crypto/pem/pem_sign.c @@ -95,7 +95,6 @@ int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, ret = 1; err: /* ctx has been zeroed by EVP_SignFinal() */ - if (m != NULL) - OPENSSL_free(m); + OPENSSL_free(m); return (ret); } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index b44912b..9e9c948 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -285,8 +285,7 @@ static EVP_PKEY *do_b2i_bio(BIO *in, int ispub) ret = b2i_rsa(&p, length, bitlen, ispub); err: - if (buf) - OPENSSL_free(buf); + OPENSSL_free(buf); return ret; } @@ -737,7 +736,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, ret = b2i_PrivateKey(&p, keylen); err: EVP_CIPHER_CTX_cleanup(&cctx); - if (enctmp && saltlen) + if (saltlen) OPENSSL_free(enctmp); return ret; } diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 4bc06b9..e5ad95f 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -181,8 +181,7 @@ static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, err: EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); - if (ek) - OPENSSL_free(ek); + OPENSSL_free(ek); return ret; } @@ -235,7 +234,7 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, err: EVP_PKEY_CTX_free(pctx); - if (!ret && ek) + if (!ret) OPENSSL_free(ek); return ret; @@ -890,8 +889,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) return 1; err: - if (abuf) - OPENSSL_free(abuf); + OPENSSL_free(abuf); EVP_MD_CTX_cleanup(&mctx); return 0; diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 38b850a..9313c93 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -251,8 +251,7 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) } ret = 1; err: - if (m != NULL) - OPENSSL_free(m); + OPENSSL_free(m); return (ret); } diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index ab8f9ec..d988d6c 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -232,10 +232,8 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, RSA_R_OAEP_DECODING_ERROR); cleanup: - if (db != NULL) - OPENSSL_free(db); - if (em != NULL) - OPENSSL_free(em); + OPENSSL_free(db); + OPENSSL_free(em); return mlen; } diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index efa1fd3..1bda998 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -266,8 +266,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, memcpy(to, em + msg_index, mlen); err: - if (em != NULL) - OPENSSL_free(em); + OPENSSL_free(em); if (mlen == -1) RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 866dd16..94dc408 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -136,8 +136,7 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->md = sctx->md; dctx->mgf1md = sctx->mgf1md; if (sctx->oaep_label) { - if (dctx->oaep_label) - OPENSSL_free(dctx->oaep_label); + OPENSSL_free(dctx->oaep_label); dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); if (!dctx->oaep_label) return 0; @@ -161,10 +160,8 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) RSA_PKEY_CTX *rctx = ctx->data; if (rctx) { BN_free(rctx->pub_exp); - if (rctx->tbuf) - OPENSSL_free(rctx->tbuf); - if (rctx->oaep_label) - OPENSSL_free(rctx->oaep_label); + OPENSSL_free(rctx->tbuf); + OPENSSL_free(rctx->oaep_label); OPENSSL_free(rctx); } } @@ -514,8 +511,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); return -2; } - if (rctx->oaep_label) - OPENSSL_free(rctx->oaep_label); + OPENSSL_free(rctx->oaep_label); if (p2 && p1 > 0) { rctx->oaep_label = p2; rctx->oaep_labellen = p1; diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index 318f5b8..b5055de 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -170,8 +170,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash, ret = 1; err: - if (DB) - OPENSSL_free(DB); + OPENSSL_free(DB); EVP_MD_CTX_cleanup(&ctx); return ret; @@ -279,8 +278,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, ret = 1; err: - if (salt) - OPENSSL_free(salt); + OPENSSL_free(salt); return ret; diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index d4ac91e..7611631 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -167,8 +167,7 @@ _STACK *sk_new(int (*c) (const void *, const void *)) ret->sorted = 0; return (ret); err: - if (ret) - OPENSSL_free(ret); + OPENSSL_free(ret); return (NULL); } @@ -318,8 +317,7 @@ void sk_free(_STACK *st) { if (st == NULL) return; - if (st->data != NULL) - OPENSSL_free(st->data); + OPENSSL_free(st->data); OPENSSL_free(st); } diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index f949b34..8687100 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -348,8 +348,7 @@ static int mem_list_end(STORE *s, void *handle) } if (context && context->search_attributes) sk_STORE_ATTR_INFO_free(context->search_attributes); - if (context) - OPENSSL_free(context); + OPENSSL_free(context); return 1; } diff --git a/crypto/threads/th-lock.c b/crypto/threads/th-lock.c index 6732dd7..e74474a 100644 --- a/crypto/threads/th-lock.c +++ b/crypto/threads/th-lock.c @@ -318,10 +318,8 @@ void CRYPTO_thread_setup(void) lock_count = OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long)); if (!lock_cs || !lock_count) { /* Nothing we can do about this...void function! */ - if (lock_cs) - OPENSSL_free(lock_cs); - if (lock_count) - OPENSSL_free(lock_count); + OPENSSL_free(lock_cs); + OPENSSL_free(lock_count); return; } for (i = 0; i < CRYPTO_num_locks(); i++) { diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 7f0548f..029d0bb 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -184,12 +184,9 @@ TXT_DB *TXT_DB_read(BIO *in, int num) if (ret != NULL) { if (ret->data != NULL) sk_OPENSSL_PSTRING_free(ret->data); - if (ret->index != NULL) - OPENSSL_free(ret->index); - if (ret->qual != NULL) - OPENSSL_free(ret->qual); - if (ret != NULL) - OPENSSL_free(ret); + OPENSSL_free(ret->index); + OPENSSL_free(ret->qual); + OPENSSL_free(ret); } return (NULL); } else @@ -350,8 +347,7 @@ void TXT_DB_free(TXT_DB *db) lh_OPENSSL_STRING_free(db->index[i]); OPENSSL_free(db->index); } - if (db->qual != NULL) - OPENSSL_free(db->qual); + OPENSSL_free(db->qual); if (db->data != NULL) { for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) { /* @@ -362,12 +358,10 @@ void TXT_DB_free(TXT_DB *db) max = p[db->num_fields]; /* last address */ if (max == NULL) { /* new row */ for (n = 0; n < db->num_fields; n++) - if (p[n] != NULL) - OPENSSL_free(p[n]); + OPENSSL_free(p[n]); } else { for (n = 0; n < db->num_fields; n++) { - if (((p[n] < (char *)p) || (p[n] > max)) - && (p[n] != NULL)) + if (((p[n] < (char *)p) || (p[n] > max))) OPENSSL_free(p[n]); } } diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index d2732f5..26afbd2 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -335,14 +335,10 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc, ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags, result_buf); err: - if (prompt_copy) - OPENSSL_free(prompt_copy); - if (action_desc_copy) - OPENSSL_free(action_desc_copy); - if (ok_chars_copy) - OPENSSL_free(ok_chars_copy); - if (cancel_chars_copy) - OPENSSL_free(cancel_chars_copy); + OPENSSL_free(prompt_copy); + OPENSSL_free(action_desc_copy); + OPENSSL_free(ok_chars_copy); + OPENSSL_free(cancel_chars_copy); return -1; } diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index b30fa30..31b3c3c 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -176,8 +176,7 @@ static int by_dir_hash_cmp(const BY_DIR_HASH *const *a, static void by_dir_entry_free(BY_DIR_ENTRY *ent) { - if (ent->dir) - OPENSSL_free(ent->dir); + OPENSSL_free(ent->dir); if (ent->hashes) sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); OPENSSL_free(ent); diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 57c2606..b0d9c4d 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -149,19 +149,13 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) paramid = param->id; string_stack_free(paramid->hosts); paramid->hosts = NULL; - if (paramid->peername) - OPENSSL_free(paramid->peername); - if (paramid->email) { - OPENSSL_free(paramid->email); - paramid->email = NULL; - paramid->emaillen = 0; - } - if (paramid->ip) { - OPENSSL_free(paramid->ip); - paramid->ip = NULL; - paramid->iplen = 0; - } - + OPENSSL_free(paramid->peername); + OPENSSL_free(paramid->email); + paramid->email = NULL; + paramid->emaillen = 0; + OPENSSL_free(paramid->ip); + paramid->ip = NULL; + paramid->iplen = 0; } X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) @@ -346,8 +340,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen, tmp = NULL; srclen = 0; } - if (*pdest) - OPENSSL_free(*pdest); + OPENSSL_free(*pdest); *pdest = tmp; if (pdestlen) *pdestlen = srclen; @@ -356,8 +349,7 @@ static int int_x509_param_set1(char **pdest, size_t *pdestlen, int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name) { - if (param->name) - OPENSSL_free(param->name); + OPENSSL_free(param->name); param->name = BUF_strdup(name); if (param->name) return 1; diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index 347ab4c..fb46d4e 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -113,10 +113,8 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) b64_str = OPENSSL_malloc(der_len * 2); if (!der_spki || !b64_str) { X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); - if (der_spki != NULL) - OPENSSL_free(der_spki); - if (b64_str != NULL) - OPENSSL_free(b64_str); + OPENSSL_free(der_spki); + OPENSSL_free(b64_str); return NULL; } p = der_spki; diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index cdc4c97..cab7171 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -166,8 +166,7 @@ static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) BUF_MEM_free(a->bytes); sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free); - if (a->canon_enc) - OPENSSL_free(a->canon_enc); + OPENSSL_free(a->canon_enc); OPENSSL_free(a); *pval = NULL; } @@ -343,10 +342,8 @@ static int x509_name_canon(X509_NAME *a) X509_NAME_ENTRY *entry, *tmpentry = NULL; int i, set = -1, ret = 0; - if (a->canon_enc) { - OPENSSL_free(a->canon_enc); - a->canon_enc = NULL; - } + OPENSSL_free(a->canon_enc); + a->canon_enc = NULL; /* Special case: empty X509_NAME => null encoding */ if (sk_X509_NAME_ENTRY_num(a->entries) == 0) { a->canon_enclen = 0; diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index eb9cfea..0997d59 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -210,8 +210,7 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, merr: X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE); - if (ext_der != NULL) - OPENSSL_free(ext_der); + OPENSSL_free(ext_der); ASN1_OCTET_STRING_free(ext_oct); return NULL; @@ -305,8 +304,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, err: ASN1_OBJECT_free(obj); ASN1_OCTET_STRING_free(oct); - if (ext_der) - OPENSSL_free(ext_der); + OPENSSL_free(ext_der); return extension; } diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 9d093a3..633daca 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -176,8 +176,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, err: sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); - if (value) - OPENSSL_free(value); + OPENSSL_free(value); if (method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); else diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index ecfc68d..2bbc056 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -163,8 +163,7 @@ static void SCT_free(SCT *sct) { if (!sct) return; - if (sct->sct) - OPENSSL_free(sct->sct); + OPENSSL_free(sct->sct); OPENSSL_free(sct); } diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 5de60ce..7142208 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -100,12 +100,9 @@ int X509V3_add_value(const char *name, const char *value, return 1; err: X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE); - if (vtmp) - OPENSSL_free(vtmp); - if (tname) - OPENSSL_free(tname); - if (tvalue) - OPENSSL_free(tvalue); + OPENSSL_free(vtmp); + OPENSSL_free(tname); + OPENSSL_free(tvalue); return 0; } @@ -121,12 +118,9 @@ void X509V3_conf_free(CONF_VALUE *conf) { if (!conf) return; - if (conf->name) - OPENSSL_free(conf->name); - if (conf->value) - OPENSSL_free(conf->value); - if (conf->section) - OPENSSL_free(conf->section); + OPENSSL_free(conf->name); + OPENSSL_free(conf->value); + OPENSSL_free(conf->section); OPENSSL_free(conf); } @@ -472,8 +466,7 @@ unsigned char *string_to_hex(const char *str, long *len) return hexbuf; err: - if (hexbuf) - OPENSSL_free(hexbuf); + OPENSSL_free(hexbuf); X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE); return NULL; @@ -1108,8 +1101,7 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc) return ret; err: - if (iptmp) - OPENSSL_free(iptmp); + OPENSSL_free(iptmp); ASN1_OCTET_STRING_free(ret); return NULL; } diff --git a/demos/b64.c b/demos/b64.c index 2fa4e98..c01107f 100644 --- a/demos/b64.c +++ b/demos/b64.c @@ -239,10 +239,8 @@ char **argv; BIO_printf(bio_err, "bytes written:%8ld\n", BIO_number_written(out)); } end: - if (strbuf != NULL) - OPENSSL_free(strbuf); - if (buff != NULL) - OPENSSL_free(buff); + OPENSSL_free(strbuf); + OPENSSL_free(buff); BIO_free(in); BIO_free(out); BIO_free(benc); diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index d675ace..0b72217 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -1548,12 +1548,9 @@ static int engine_md_cleanup(EVP_MD_CTX *ctx) ZEN_MD_DATA *zen_md_data = (ZEN_MD_DATA *)ctx->md_data; - if (zen_md_data->HashBuffer != NULL) { - OPENSSL_free(zen_md_data->HashBuffer); - zen_md_data->HashBufferSize = 0; - ctx->md_data = NULL; - } - + OPENSSL_free(zen_md_data->HashBuffer); + zen_md_data->HashBufferSize = 0; + ctx->md_data = NULL; return 1; } diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index 0b694f5..b6c47f0 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -848,9 +848,7 @@ static int pkey_bits_gost(const EVP_PKEY *pk) /* ---------------------- ASN1 METHOD for GOST MAC -------------------*/ static void mackey_free_gost(EVP_PKEY *pk) { - if (pk->pkey.ptr) { - OPENSSL_free(pk->pkey.ptr); - } + OPENSSL_free(pk->pkey.ptr); } static int mac_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2) diff --git a/engines/ccgost/gost_ctl.c b/engines/ccgost/gost_ctl.c index 6c93c45..31b95a0 100644 --- a/engines/ccgost/gost_ctl.c +++ b/engines/ccgost/gost_ctl.c @@ -38,11 +38,11 @@ const ENGINE_CMD_DEFN gost_cmds[] = { void gost_param_free() { int i; - for (i = 0; i <= GOST_PARAM_MAX; i++) - if (gost_params[i] != NULL) { - OPENSSL_free(gost_params[i]); - gost_params[i] = NULL; - } + + for (i = 0; i <= GOST_PARAM_MAX; i++) { + OPENSSL_free(gost_params[i]); + gost_params[i] = NULL; + } } @@ -66,8 +66,7 @@ const char *get_gost_engine_param(int param) } tmp = getenv(gost_envnames[param]); if (tmp) { - if (gost_params[param]) - OPENSSL_free(gost_params[param]); + OPENSSL_free(gost_params[param]); gost_params[param] = BUF_strdup(tmp); return gost_params[param]; } @@ -85,8 +84,7 @@ int gost_set_default_param(int param, const char *value) */ if (!tmp) tmp = value; - if (gost_params[param]) - OPENSSL_free(gost_params[param]); + OPENSSL_free(gost_params[param]); gost_params[param] = BUF_strdup(tmp); return 1; diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index 673b538..416f0f9 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -66,8 +66,8 @@ static int pkey_gost_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) static void pkey_gost_cleanup(EVP_PKEY_CTX *ctx) { struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); - if (data->shared_ukm) - OPENSSL_free(data->shared_ukm); + + OPENSSL_free(data->shared_ukm); OPENSSL_free(data); } diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c index b605a79..9c98129 100644 --- a/engines/e_4758cca.c +++ b/engines/e_4758cca.c @@ -474,8 +474,7 @@ static EVP_PKEY *ibm_4758_load_privkey(ENGINE *e, const char *key_id, return res; err: - if (keyToken) - OPENSSL_free(keyToken); + OPENSSL_free(keyToken); return NULL; } @@ -544,8 +543,7 @@ static EVP_PKEY *ibm_4758_load_pubkey(ENGINE *e, const char *key_id, return res; err: - if (keyToken) - OPENSSL_free(keyToken); + OPENSSL_free(keyToken); return NULL; } @@ -924,8 +922,7 @@ static int cca_get_random_bytes(unsigned char *buf, int num) static void cca_ex_free(void *obj, void *item, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) { - if (item) - OPENSSL_free(item); + OPENSSL_free(item); } # endif diff --git a/engines/e_aep.c b/engines/e_aep.c index 93a4be7..c86b34a 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -403,8 +403,7 @@ static const char *get_AEP_LIBNAME(void) static void free_AEP_LIBNAME(void) { - if (AEP_LIBNAME) - OPENSSL_free((void *)AEP_LIBNAME); + OPENSSL_free(AEP_LIBNAME); AEP_LIBNAME = NULL; } diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 6a324e6..e9a6134 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -324,8 +324,7 @@ static const char *get_ATALLA_LIBNAME(void) static void free_ATALLA_LIBNAME(void) { - if (ATALLA_LIBNAME) - OPENSSL_free((void *)ATALLA_LIBNAME); + OPENSSL_free(ATALLA_LIBNAME); ATALLA_LIBNAME = NULL; } diff --git a/engines/e_capi.c b/engines/e_capi.c index 2373d69..89e6d1d 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -360,8 +360,7 @@ static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) break; case CAPI_CMD_STORE_NAME: - if (ctx->storename) - OPENSSL_free(ctx->storename); + OPENSSL_free(ctx->storename); ctx->storename = BUF_strdup(p); CAPI_trace(ctx, "Setting store name to %s\n", p); break; @@ -751,8 +750,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) } err: - if (pubkey) - OPENSSL_free(pubkey); + OPENSSL_free(pubkey); if (!ret) { RSA_free(rkey); DSA_free(dkey); @@ -1232,8 +1230,7 @@ static int capi_list_containers(CAPI_CTX * ctx, BIO *out) ret = 0; done: - if (cname) - OPENSSL_free(cname); + OPENSSL_free(cname); CryptReleaseContext(hprov, 0); return ret; @@ -1282,10 +1279,8 @@ static void capi_dump_prov_info(CAPI_CTX * ctx, BIO *out, BIO_printf(out, " Container Name: %s, Key Type %d\n", contname, pinfo->dwKeySpec); err: - if (provname) - OPENSSL_free(provname); - if (contname) - OPENSSL_free(contname); + OPENSSL_free(provname); + OPENSSL_free(contname); } char *capi_cert_get_fname(CAPI_CTX * ctx, PCCERT_CONTEXT cert) @@ -1346,8 +1341,7 @@ void capi_dump_cert(CAPI_CTX * ctx, BIO *out, PCCERT_CONTEXT cert) CRYPT_KEY_PROV_INFO *pinfo; pinfo = capi_get_prov_info(ctx, cert); capi_dump_prov_info(ctx, out, pinfo); - if (pinfo) - OPENSSL_free(pinfo); + OPENSSL_free(pinfo); } if (flags & CAPI_DMP_PEM) @@ -1462,10 +1456,8 @@ static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname, CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", _contname, _provname, ptype); - if (_provname) - OPENSSL_free(_provname); - if (_contname) - OPENSSL_free(_contname); + OPENSSL_free(_provname); + OPENSSL_free(_contname); } if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE) dwFlags = CRYPT_MACHINE_KEYSET; @@ -1511,12 +1503,9 @@ static CAPI_KEY *capi_get_cert_key(CAPI_CTX * ctx, PCCERT_CONTEXT cert) } err: - if (pinfo) - OPENSSL_free(pinfo); - if (provname) - OPENSSL_free(provname); - if (contname) - OPENSSL_free(contname); + OPENSSL_free(pinfo); + OPENSSL_free(provname); + OPENSSL_free(contname); return key; } @@ -1610,14 +1599,10 @@ static void capi_ctx_free(CAPI_CTX * ctx) CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx); if (!ctx) return; - if (ctx->cspname) - OPENSSL_free(ctx->cspname); - if (ctx->debug_file) - OPENSSL_free(ctx->debug_file); - if (ctx->storename) - OPENSSL_free(ctx->storename); - if (ctx->ssl_client_store) - OPENSSL_free(ctx->ssl_client_store); + OPENSSL_free(ctx->cspname); + OPENSSL_free(ctx->debug_file); + OPENSSL_free(ctx->storename); + OPENSSL_free(ctx->ssl_client_store); OPENSSL_free(ctx); } @@ -1647,8 +1632,7 @@ static int capi_ctx_set_provname(CAPI_CTX * ctx, LPSTR pname, DWORD type, } CryptReleaseContext(hprov, 0); } - if (ctx->cspname) - OPENSSL_free(ctx->cspname); + OPENSSL_free(ctx->cspname); ctx->cspname = BUF_strdup(pname); ctx->csptype = type; return 1; diff --git a/engines/e_chil.c b/engines/e_chil.c index 68c9145..3535214 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -462,8 +462,7 @@ static HWCryptoHook_ModExpCRT_t *p_hwcrhk_ModExpCRT = NULL; static const char *HWCRHK_LIBNAME = NULL; static void free_HWCRHK_LIBNAME(void) { - if (HWCRHK_LIBNAME) - OPENSSL_free((void *)HWCRHK_LIBNAME); + OPENSSL_free(HWCRHK_LIBNAME); HWCRHK_LIBNAME = NULL; } diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 848d10f..0b4bfc5 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -338,8 +338,7 @@ static const char *get_CSWIFT_LIBNAME(void) static void free_CSWIFT_LIBNAME(void) { - if (CSWIFT_LIBNAME) - OPENSSL_free((void *)CSWIFT_LIBNAME); + OPENSSL_free(CSWIFT_LIBNAME); CSWIFT_LIBNAME = NULL; } @@ -707,16 +706,11 @@ static int cswift_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_bin2bn((unsigned char *)result->d, res.nbytes, r); to_return = 1; err: - if (sw_param.up.crt.p.value) - OPENSSL_free(sw_param.up.crt.p.value); - if (sw_param.up.crt.q.value) - OPENSSL_free(sw_param.up.crt.q.value); - if (sw_param.up.crt.dmp1.value) - OPENSSL_free(sw_param.up.crt.dmp1.value); - if (sw_param.up.crt.dmq1.value) - OPENSSL_free(sw_param.up.crt.dmq1.value); - if (sw_param.up.crt.iqmp.value) - OPENSSL_free(sw_param.up.crt.iqmp.value); + OPENSSL_free(sw_param.up.crt.p.value); + OPENSSL_free(sw_param.up.crt.q.value); + OPENSSL_free(sw_param.up.crt.dmp1.value); + OPENSSL_free(sw_param.up.crt.dmq1.value); + OPENSSL_free(sw_param.up.crt.iqmp.value); BN_free(result); BN_free(argument); if (acquired) diff --git a/engines/e_nuron.c b/engines/e_nuron.c index 3437f36..01229b0 100644 --- a/engines/e_nuron.c +++ b/engines/e_nuron.c @@ -90,8 +90,7 @@ static const char *get_NURON_LIBNAME(void) static void free_NURON_LIBNAME(void) { - if (NURON_LIBNAME) - OPENSSL_free((void *)NURON_LIBNAME); + OPENSSL_free(NURON_LIBNAME); NURON_LIBNAME = NULL; } diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index 9e2662e..c7eb892 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -339,8 +339,7 @@ static const char *get_UBSEC_LIBNAME(void) static void free_UBSEC_LIBNAME(void) { - if (UBSEC_LIBNAME) - OPENSSL_free((void *)UBSEC_LIBNAME); + OPENSSL_free(UBSEC_LIBNAME); UBSEC_LIBNAME = NULL; } diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index da98ea0..284d3ad 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -130,8 +130,7 @@ static int ssl_free(BIO *a) a->init = 0; a->flags = 0; } - if (a->ptr != NULL) - OPENSSL_free(a->ptr); + OPENSSL_free(a->ptr); return (1); } diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 2a76474..7b7f876 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -189,8 +189,7 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, if (reassembly) { bitmask = OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); if (bitmask == NULL) { - if (buf != NULL) - OPENSSL_free(buf); + OPENSSL_free(buf); OPENSSL_free(frag); return NULL; } @@ -211,10 +210,8 @@ void dtls1_hm_fragment_free(hm_fragment *frag) EVP_MD_CTX_destroy(frag->msg_header. saved_retransmit_state.write_hash); } - if (frag->fragment) - OPENSSL_free(frag->fragment); - if (frag->reassembly) - OPENSSL_free(frag->reassembly); + OPENSSL_free(frag->fragment); + OPENSSL_free(frag->reassembly); OPENSSL_free(frag); } diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 3183bcf..a78f150 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -177,27 +177,21 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl) while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); } while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); } while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) { rdata = (DTLS1_RECORD_DATA *)item->data; - if (rdata->rbuf.buf) { - OPENSSL_free(rdata->rbuf.buf); - } + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(item->data); pitem_free(item); } @@ -271,8 +265,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) { - if (rdata != NULL) - OPENSSL_free(rdata); + OPENSSL_free(rdata); if (item != NULL) pitem_free(item); @@ -304,8 +297,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) - OPENSSL_free(rdata->rbuf.buf); + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); return (-1); @@ -314,8 +306,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) /* insert should not fail, since duplicates are dropped */ if (pqueue_insert(queue->q, item) == NULL) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); - if (rdata->rbuf.buf != NULL) - OPENSSL_free(rdata->rbuf.buf); + OPENSSL_free(rdata->rbuf.buf); OPENSSL_free(rdata); pitem_free(item); return (-1); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 732420e..5a8d34c 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -122,8 +122,7 @@ void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n) void SSL3_BUFFER_release(SSL3_BUFFER *b) { - if (b->buf != NULL) - OPENSSL_free(b->buf); + OPENSSL_free(b->buf); b->buf = NULL; } @@ -224,10 +223,8 @@ int ssl3_release_write_buffer(SSL *s) wb = RECORD_LAYER_get_wbuf(&s->rlayer); - if (wb->buf != NULL) { - OPENSSL_free(wb->buf); - wb->buf = NULL; - } + OPENSSL_free(wb->buf); + wb->buf = NULL; return 1; } @@ -236,9 +233,7 @@ int ssl3_release_read_buffer(SSL *s) SSL3_BUFFER *b; b = RECORD_LAYER_get_rbuf(&s->rlayer); - if (b->buf != NULL) { - OPENSSL_free(b->buf); - b->buf = NULL; - } + OPENSSL_free(b->buf); + b->buf = NULL; return 1; } diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 33d0b30..1e6f88e 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -139,8 +139,7 @@ void SSL3_RECORD_clear(SSL3_RECORD *r) void SSL3_RECORD_release(SSL3_RECORD *r) { - if (r->comp != NULL) - OPENSSL_free(r->comp); + OPENSSL_free(r->comp); r->comp = NULL; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 71756cd..52ddec1 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1401,8 +1401,7 @@ int ssl3_get_key_exchange(SSL *s) */ if (alg_k & SSL_kPSK) { s->session->sess_cert = ssl_sess_cert_new(); - if (s->ctx->psk_identity_hint) - OPENSSL_free(s->ctx->psk_identity_hint); + OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = NULL; } #endif @@ -1471,8 +1470,7 @@ int ssl3_get_key_exchange(SSL *s) */ memcpy(tmp_id_hint, p, i); memset(tmp_id_hint + i, 0, PSK_MAX_IDENTITY_LEN + 1 - i); - if (s->ctx->psk_identity_hint != NULL) - OPENSSL_free(s->ctx->psk_identity_hint); + OPENSSL_free(s->ctx->psk_identity_hint); s->ctx->psk_identity_hint = BUF_strdup(tmp_id_hint); if (s->ctx->psk_identity_hint == NULL) { al = SSL_AD_HANDSHAKE_FAILURE; @@ -2054,10 +2052,8 @@ int ssl3_get_certificate_request(SSL *s) /* get the certificate types */ ctype_num = *(p++); - if (s->cert->ctypes) { - OPENSSL_free(s->cert->ctypes); - s->cert->ctypes = NULL; - } + OPENSSL_free(s->cert->ctypes); + s->cert->ctypes = NULL; if (ctype_num > SSL3_CT_NUMBER) { /* If we exceed static buffer copy all to cert structure */ s->cert->ctypes = OPENSSL_malloc(ctype_num); @@ -2193,10 +2189,8 @@ int ssl3_get_new_session_ticket(SSL *s) SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, SSL_R_LENGTH_MISMATCH); goto f_err; } - if (s->session->tlsext_tick) { - OPENSSL_free(s->session->tlsext_tick); - s->session->tlsext_ticklen = 0; - } + OPENSSL_free(s->session->tlsext_tick); + s->session->tlsext_ticklen = 0; s->session->tlsext_tick = OPENSSL_malloc(ticklen); if (!s->session->tlsext_tick) { SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET, ERR_R_MALLOC_FAILURE); @@ -2257,8 +2251,7 @@ int ssl3_get_cert_status(SSL *s) SSLerr(SSL_F_SSL3_GET_CERT_STATUS, SSL_R_LENGTH_MISMATCH); goto f_err; } - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = BUF_memdup(p, resplen); if (!s->tlsext_ocsp_resp) { al = SSL_AD_INTERNAL_ERROR; @@ -2786,8 +2779,7 @@ int ssl3_send_client_key_exchange(SSL *s) /* Free allocated memory */ BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - OPENSSL_free(encodedPoint); + OPENSSL_free(encodedPoint); EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); } @@ -2919,8 +2911,7 @@ int ssl3_send_client_key_exchange(SSL *s) ERR_R_INTERNAL_ERROR); goto err; } - if (s->session->srp_username != NULL) - OPENSSL_free(s->session->srp_username); + OPENSSL_free(s->session->srp_username); s->session->srp_username = BUF_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -2985,8 +2976,7 @@ int ssl3_send_client_key_exchange(SSL *s) t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL @@ -2996,8 +2986,7 @@ int ssl3_send_client_key_exchange(SSL *s) goto psk_err; } - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); + OPENSSL_free(s->session->psk_identity); s->session->psk_identity = BUF_strdup(identity); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, @@ -3090,8 +3079,7 @@ int ssl3_send_client_key_exchange(SSL *s) s->cert->pms = NULL; #ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); - if (encodedPoint != NULL) - OPENSSL_free(encodedPoint); + OPENSSL_free(encodedPoint); EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 190d0f1..16a60c6 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3187,11 +3187,9 @@ void ssl3_clear(SSL *s) s->version = SSL3_VERSION; #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) { - OPENSSL_free(s->next_proto_negotiated); - s->next_proto_negotiated = NULL; - s->next_proto_negotiated_len = 0; - } + OPENSSL_free(s->next_proto_negotiated); + s->next_proto_negotiated = NULL; + s->next_proto_negotiated_len = 0; #endif } @@ -3331,8 +3329,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) #ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { - if (s->tlsext_hostname != NULL) - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->tlsext_hostname); s->tlsext_hostname = NULL; ret = 1; @@ -3386,8 +3383,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return s->tlsext_ocsp_resplen; case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP: - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->tlsext_ocsp_resp); s->tlsext_ocsp_resp = parg; s->tlsext_ocsp_resplen = larg; ret = 1; @@ -3833,8 +3829,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) # ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: ctx->srp_ctx.srp_Mask |= SSL_kSRP; - if (ctx->srp_ctx.login != NULL) - OPENSSL_free(ctx->srp_ctx.login); + OPENSSL_free(ctx->srp_ctx.login); ctx->srp_ctx.login = NULL; if (parg == NULL) break; @@ -4281,10 +4276,8 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len) { - if (c->ctypes) { - OPENSSL_free(c->ctypes); - c->ctypes = NULL; - } + OPENSSL_free(c->ctypes); + c->ctypes = NULL; if (!p || !len) return 1; if (len > 0xff) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 77420a1..3e5c57a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2019,8 +2019,7 @@ int ssl3_send_server_key_exchange(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); err: #ifndef OPENSSL_NO_EC - if (encodedPoint != NULL) - OPENSSL_free(encodedPoint); + OPENSSL_free(encodedPoint); BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); @@ -2763,16 +2762,14 @@ int ssl3_get_client_key_exchange(SSL *s) t += psk_len; s2n(psk_len, t); - if (s->session->psk_identity != NULL) - OPENSSL_free(s->session->psk_identity); + OPENSSL_free(s->session->psk_identity); s->session->psk_identity = BUF_strdup((char *)p); if (s->session->psk_identity == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); goto psk_err; } - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint); if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) { @@ -2821,8 +2818,7 @@ int ssl3_get_client_key_exchange(SSL *s) SSL_R_BAD_SRP_PARAMETERS); goto f_err; } - if (s->session->srp_username != NULL) - OPENSSL_free(s->session->srp_username); + OPENSSL_free(s->session->srp_username); s->session->srp_username = BUF_strdup(s->srp_ctx.login); if (s->session->srp_username == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); @@ -3473,8 +3469,7 @@ int ssl3_send_newsession_ticket(SSL *s) /* SSL3_ST_SW_SESSION_TICKET_B */ return ssl_do_write(s); err: - if (senc) - OPENSSL_free(senc); + OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); return -1; diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index b6e7849..2a07a9b 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -285,10 +285,8 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src) { - if (*pdst) { - OPENSSL_free(*pdst); - *pdst = NULL; - } + OPENSSL_free(*pdst); + *pdst = NULL; if (src == NULL) return 1; *pdst = BUF_strndup((char *)src->data, src->length); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 14decbc..41af4f6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1560,7 +1560,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK if (ok && (strlen(rule_p) > 0)) ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c); - OPENSSL_free((void *)ca_list); /* Not needed anymore */ + OPENSSL_free(ca_list); /* Not needed anymore */ if (!ok) { /* Rule processing failure */ OPENSSL_free(co_list); diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 97b4fb9..5a19a75 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -380,8 +380,7 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) } if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { char **pfilename = &cctx->cert_filename[c->key - c->pkeys]; - if (*pfilename) - OPENSSL_free(*pfilename); + OPENSSL_free(*pfilename); *pfilename = BUF_strdup(value); if (!*pfilename) rv = 0; @@ -659,11 +658,9 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) if (cctx) { size_t i; for (i = 0; i < SSL_PKEY_NUM; i++) { - if (cctx->cert_filename[i]) - OPENSSL_free(cctx->cert_filename[i]); + OPENSSL_free(cctx->cert_filename[i]); } - if (cctx->prefix) - OPENSSL_free(cctx->prefix); + OPENSSL_free(cctx->prefix); OPENSSL_free(cctx); } } @@ -688,8 +685,7 @@ int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre) if (tmp == NULL) return 0; } - if (cctx->prefix) - OPENSSL_free(cctx->prefix); + OPENSSL_free(cctx->prefix); cctx->prefix = tmp; if (tmp) cctx->prefixlen = strlen(tmp); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 7319cd8..5b56ac7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -570,22 +570,17 @@ void SSL_free(SSL *s) /* Free up if allocated */ #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_hostname) - OPENSSL_free(s->tlsext_hostname); + OPENSSL_free(s->tlsext_hostname); SSL_CTX_free(s->initial_ctx); # ifndef OPENSSL_NO_EC - if (s->tlsext_ecpointformatlist) - OPENSSL_free(s->tlsext_ecpointformatlist); - if (s->tlsext_ellipticcurvelist) - OPENSSL_free(s->tlsext_ellipticcurvelist); + OPENSSL_free(s->tlsext_ecpointformatlist); + OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); if (s->tlsext_ocsp_ids) sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); - if (s->tlsext_ocsp_resp) - OPENSSL_free(s->tlsext_ocsp_resp); - if (s->alpn_client_proto_list) - OPENSSL_free(s->alpn_client_proto_list); + OPENSSL_free(s->tlsext_ocsp_resp); + OPENSSL_free(s->alpn_client_proto_list); #endif sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); @@ -603,8 +598,7 @@ void SSL_free(SSL *s) #endif /* OPENSSL_NO_KRB5 */ #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) - if (s->next_proto_negotiated) - OPENSSL_free(s->next_proto_negotiated); + OPENSSL_free(s->next_proto_negotiated); #endif #ifndef OPENSSL_NO_SRTP diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 34b6fac..a376875 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -931,11 +931,8 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb, int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) { if (s->version >= TLS1_VERSION) { - if (s->tlsext_session_ticket) { - OPENSSL_free(s->tlsext_session_ticket); - s->tlsext_session_ticket = NULL; - } - + OPENSSL_free(s->tlsext_session_ticket); + s->tlsext_session_ticket = NULL; s->tlsext_session_ticket = OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len); if (!s->tlsext_session_ticket) { diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index edb6558..e87d4b3 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -953,10 +953,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); rv = 0; ret: - if (buff != NULL) - OPENSSL_free(buff); - if (val != NULL) - OPENSSL_free(val); + OPENSSL_free(buff); + OPENSSL_free(val); return (rv); } diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index ce54f4f..193cae8 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -195,8 +195,7 @@ int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src) void custom_exts_free(custom_ext_methods *exts) { - if (exts->meths) - OPENSSL_free(exts->meths); + OPENSSL_free(exts->meths); } /* Set callbacks for a custom extension. */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index b77074a..31ebfdd 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -209,9 +209,7 @@ int tls1_new(SSL *s) void tls1_free(SSL *s) { #ifndef OPENSSL_NO_TLSEXT - if (s->tlsext_session_ticket) { - OPENSSL_free(s->tlsext_session_ticket); - } + OPENSSL_free(s->tlsext_session_ticket); #endif /* OPENSSL_NO_TLSEXT */ ssl3_free(s); } @@ -576,8 +574,7 @@ int tls1_set_curves(unsigned char **pext, size_t *pextlen, dup_list |= idmask; s2n(id, p); } - if (*pext) - OPENSSL_free(*pext); + OPENSSL_free(*pext); *pext = clist; *pextlen = ncurves * 2; return 1; @@ -1779,8 +1776,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, r = s->ctx->alpn_select_cb(s, &selected, &selected_len, data, data_len, s->ctx->alpn_select_cb_arg); if (r == SSL_TLSEXT_ERR_OK) { - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(selected_len); if (!s->s3->alpn_selected) { *al = SSL_AD_INTERNAL_ERROR; @@ -1894,10 +1890,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->s3->next_proto_neg_seen = 0; # endif - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; # ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); @@ -1909,19 +1903,15 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ - if (s->cert->peer_sigalgs) { - OPENSSL_free(s->cert->peer_sigalgs); - s->cert->peer_sigalgs = NULL; - } + OPENSSL_free(s->cert->peer_sigalgs); + s->cert->peer_sigalgs = NULL; # ifdef TLSEXT_TYPE_encrypt_then_mac s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; # endif # ifndef OPENSSL_NO_SRP - if (s->srp_ctx.login != NULL) { - OPENSSL_free(s->srp_ctx.login); - s->srp_ctx.login = NULL; - } + OPENSSL_free(s->srp_ctx.login); + s->srp_ctx.login = NULL; # endif s->srtp_profile = NULL; @@ -2078,10 +2068,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, return 0; } if (!s->hit) { - if (s->session->tlsext_ecpointformatlist) { - OPENSSL_free(s->session->tlsext_ecpointformatlist); - s->session->tlsext_ecpointformatlist = NULL; - } + OPENSSL_free(s->session->tlsext_ecpointformatlist); + s->session->tlsext_ecpointformatlist = NULL; s->session->tlsext_ecpointformatlist_length = 0; if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { @@ -2387,10 +2375,8 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, # endif s->tlsext_ticket_expected = 0; - if (s->s3->alpn_selected) { - OPENSSL_free(s->s3->alpn_selected); - s->s3->alpn_selected = NULL; - } + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = NULL; # ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); @@ -2442,8 +2428,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, } if (!s->hit) { s->session->tlsext_ecpointformatlist_length = 0; - if (s->session->tlsext_ecpointformatlist != NULL) - OPENSSL_free(s->session->tlsext_ecpointformatlist); + OPENSSL_free(s->session->tlsext_ecpointformatlist); if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL) { *al = TLS1_AD_INTERNAL_ERROR; @@ -2548,8 +2533,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, *al = TLS1_AD_DECODE_ERROR; return 0; } - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = OPENSSL_malloc(len); if (!s->s3->alpn_selected) { *al = TLS1_AD_INTERNAL_ERROR; @@ -2704,11 +2688,9 @@ int tls1_set_server_sigalgs(SSL *s) int al; size_t i; /* Clear any shared sigtnature algorithms */ - if (s->cert->shared_sigalgs) { - OPENSSL_free(s->cert->shared_sigalgs); - s->cert->shared_sigalgs = NULL; - s->cert->shared_sigalgslen = 0; - } + OPENSSL_free(s->cert->shared_sigalgs); + s->cert->shared_sigalgs = NULL; + s->cert->shared_sigalgslen = 0; /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { s->cert->pkeys[i].digest = NULL; @@ -2860,10 +2842,8 @@ int ssl_check_serverhello_tlsext(SSL *s) * Set resp to NULL, resplen to -1 so callback knows there is no * response. */ - if (s->tlsext_ocsp_resp) { - OPENSSL_free(s->tlsext_ocsp_resp); - s->tlsext_ocsp_resp = NULL; - } + OPENSSL_free(s->tlsext_ocsp_resp); + s->tlsext_ocsp_resp = NULL; s->tlsext_ocsp_resplen = -1; r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg); if (r == 0) { @@ -3408,11 +3388,10 @@ static int tls1_set_shared_sigalgs(SSL *s) TLS_SIGALGS *salgs = NULL; CERT *c = s->cert; unsigned int is_suiteb = tls1_suiteb(s); - if (c->shared_sigalgs) { - OPENSSL_free(c->shared_sigalgs); - c->shared_sigalgs = NULL; - c->shared_sigalgslen = 0; - } + + OPENSSL_free(c->shared_sigalgs); + c->shared_sigalgs = NULL; + c->shared_sigalgslen = 0; /* If client use client signature algorithms if not NULL */ if (!s->server && c->client_sigalgs && !is_suiteb) { conf = c->client_sigalgs; @@ -3459,8 +3438,7 @@ int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize) if (!c) return 0; - if (c->peer_sigalgs) - OPENSSL_free(c->peer_sigalgs); + OPENSSL_free(c->peer_sigalgs); c->peer_sigalgs = OPENSSL_malloc(dsize); if (!c->peer_sigalgs) return 0; @@ -3840,13 +3818,11 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, } if (client) { - if (c->client_sigalgs) - OPENSSL_free(c->client_sigalgs); + OPENSSL_free(c->client_sigalgs); c->client_sigalgs = sigalgs; c->client_sigalgslen = salglen; } else { - if (c->conf_sigalgs) - OPENSSL_free(c->conf_sigalgs); + OPENSSL_free(c->conf_sigalgs); c->conf_sigalgs = sigalgs; c->conf_sigalgslen = salglen; } diff --git a/test/dhtest.c b/test/dhtest.c index 8f71723..621fcba 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -195,10 +195,8 @@ int main(int argc, char *argv[]) err: ERR_print_errors_fp(stderr); - if (abuf != NULL) - OPENSSL_free(abuf); - if (bbuf != NULL) - OPENSSL_free(bbuf); + OPENSSL_free(abuf); + OPENSSL_free(bbuf); DH_free(b); DH_free(a); BN_GENCB_free(_cb); diff --git a/test/ecdhtest.c b/test/ecdhtest.c index af12476..47c8185 100644 --- a/test/ecdhtest.c +++ b/test/ecdhtest.c @@ -278,10 +278,8 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out) err: ERR_print_errors_fp(stderr); - if (abuf != NULL) - OPENSSL_free(abuf); - if (bbuf != NULL) - OPENSSL_free(bbuf); + OPENSSL_free(abuf); + OPENSSL_free(bbuf); BN_free(x_a); BN_free(y_a); BN_free(x_b); @@ -433,8 +431,7 @@ static int ecdh_kat(BIO *out, const char *cname, int nid, err: EC_KEY_free(key1); EC_KEY_free(key2); - if (Ztmp) - OPENSSL_free(Ztmp); + OPENSSL_free(Ztmp); if (rv) BIO_puts(out, " ok\n"); else { diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 1eeaaba..52326c5 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -504,12 +504,9 @@ int test_builtin(BIO *out) EC_KEY_free(wrong_eckey); if (ecdsa_sig) ECDSA_SIG_free(ecdsa_sig); - if (signature) - OPENSSL_free(signature); - if (raw_buf) - OPENSSL_free(raw_buf); - if (curves) - OPENSSL_free(curves); + OPENSSL_free(signature); + OPENSSL_free(raw_buf); + OPENSSL_free(curves); return ret; } diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 5641d98..ac79388 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -320,9 +320,7 @@ static int test_EVP_DigestSignInit(void) EVP_MD_CTX_cleanup(&md_ctx); EVP_MD_CTX_cleanup(&md_ctx_verify); EVP_PKEY_free(pkey); - if (sig) { - OPENSSL_free(sig); - } + OPENSSL_free(sig); return ret; } diff --git a/test/evp_test.c b/test/evp_test.c index 68d5bde..7187624 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -249,10 +249,8 @@ static void hex_print(const char *name, const unsigned char *buf, size_t len) static void free_expected(struct evp_test *t) { - if (t->expected_err) { - OPENSSL_free(t->expected_err); - t->expected_err = NULL; - } + OPENSSL_free(t->expected_err); + t->expected_err = NULL; if (t->out_expected) { OPENSSL_free(t->out_expected); OPENSSL_free(t->out_got); @@ -320,10 +318,8 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) t->meth->cleanup(t); OPENSSL_free(t->data); t->data = NULL; - if (t->expected_err) { - OPENSSL_free(t->expected_err); - t->expected_err = NULL; - } + OPENSSL_free(t->expected_err); + t->expected_err = NULL; free_expected(t); } t->meth = tmeth; @@ -534,8 +530,7 @@ int main(int argc, char **argv) static void test_free(void *d) { - if (d) - OPENSSL_free(d); + OPENSSL_free(d); } /* Message digest tests */ @@ -861,8 +856,7 @@ static int cipher_test_enc(struct evp_test *t, int enc) } err = NULL; err: - if (tmp) - OPENSSL_free(tmp); + OPENSSL_free(tmp); EVP_CIPHER_CTX_free(ctx); t->err = err; return err ? 0 : 1; @@ -1049,8 +1043,7 @@ static int mac_test_run(struct evp_test *t) err: if (mctx) EVP_MD_CTX_destroy(mctx); - if (mac) - OPENSSL_free(mac); + OPENSSL_free(mac); EVP_PKEY_CTX_free(genctx); EVP_PKEY_free(key); t->err = err; @@ -1133,10 +1126,9 @@ static int pkey_test_init(struct evp_test *t, const char *name, static void pkey_test_cleanup(struct evp_test *t) { struct pkey_data *kdata = t->data; - if (kdata->input) - OPENSSL_free(kdata->input); - if (kdata->output) - OPENSSL_free(kdata->output); + + OPENSSL_free(kdata->input); + OPENSSL_free(kdata->output); EVP_PKEY_CTX_free(kdata->ctx); } @@ -1185,8 +1177,7 @@ static int pkey_test_run(struct evp_test *t) goto err; err = NULL; err: - if (out) - OPENSSL_free(out); + OPENSSL_free(out); t->err = err; return 1; } diff --git a/test/ssltest.c b/test/ssltest.c index 311fbc9..8b5ff3e 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -466,10 +466,8 @@ static int verify_alpn(SSL *client, SSL *server) SSL_get0_alpn_selected(client, &client_proto, &client_proto_len); SSL_get0_alpn_selected(server, &server_proto, &server_proto_len); - if (alpn_selected != NULL) { - OPENSSL_free(alpn_selected); - alpn_selected = NULL; - } + OPENSSL_free(alpn_selected); + alpn_selected = NULL; if (client_proto_len != server_proto_len || memcmp(client_proto, server_proto, client_proto_len) != 0) { @@ -2457,11 +2455,8 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count) BIO_free(s_to_c); BIO_free_all(c_bio); BIO_free_all(s_bio); - - if (cbuf) - OPENSSL_free(cbuf); - if (sbuf) - OPENSSL_free(sbuf); + OPENSSL_free(cbuf); + OPENSSL_free(sbuf); return (ret); } From rsalz at openssl.org Fri May 1 14:15:50 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 14:15:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430489750.726792.22867.nullmailer@dev.openssl.org> The branch master has been updated via efa7dd64443f246004751bdaa5671bf6836e07ff (commit) from b548a1f11c06ccdfa4f52a539912d22d77ee309e (commit) - Log ----------------------------------------------------------------- commit efa7dd64443f246004751bdaa5671bf6836e07ff Author: Rich Salz Date: Fri May 1 10:15:18 2015 -0400 free NULL cleanup 11 Don't check for NULL before calling free functions. This gets: ERR_STATE_free ENGINE_free DSO_free CMAC_CTX_free COMP_CTX_free CONF_free NCONF_free NCONF_free_data _CONF_free_data A sk_free use within OBJ_sigid_free TS_TST_INFO_free (rest of TS_ API was okay) Doc update for UI_free (all uses were fine) X509V3_conf_free X509V3_section_free X509V3_string_free Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 3 +-- apps/req.c | 3 +-- crypto/asn1/asn1_gen.c | 3 +-- crypto/asn1/asn_mstbl.c | 3 +-- crypto/cmac/cm_ameth.c | 3 +-- crypto/cmac/cmac.c | 2 ++ crypto/comp/c_zlib.c | 3 +-- crypto/conf/conf_api.c | 18 +++++++----------- crypto/conf/conf_mod.c | 8 ++++---- crypto/dso/dso_lib.c | 6 ++---- crypto/engine/eng_cnf.c | 3 +-- crypto/engine/eng_dyn.c | 3 +-- crypto/engine/eng_lib.c | 8 +++----- crypto/engine/eng_table.c | 2 ++ crypto/err/err.c | 6 ++---- crypto/objects/obj_xref.c | 12 ++++-------- crypto/ts/ts_asn1.c | 6 ++---- crypto/ts/ts_conf.c | 3 +-- demos/engines/cluster_labs/hw_cluster_labs.c | 4 +--- demos/engines/ibmca/hw_ibmca.c | 4 +--- demos/engines/zencod/hw_zencod.c | 4 +--- engines/e_4758cca.c | 3 +-- engines/e_aep.c | 3 +-- engines/e_atalla.c | 3 +-- engines/e_chil.c | 3 +-- engines/e_cswift.c | 6 ++---- engines/e_sureware.c | 3 +-- engines/e_ubsec.c | 3 +-- ssl/s3_enc.c | 12 ++++-------- ssl/ssl_lib.c | 12 ++++-------- ssl/t1_enc.c | 12 ++++-------- test/enginetest.c | 21 +++++++-------------- 32 files changed, 67 insertions(+), 121 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 46cc5a0..f2a17a4 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1612,8 +1612,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) } err: - if (dbattr_conf) - NCONF_free(dbattr_conf); + NCONF_free(dbattr_conf); TXT_DB_free(tmpdb); BIO_free_all(in); return retdb; diff --git a/apps/req.c b/apps/req.c index 4ff3b24..e8e18ec 100644 --- a/apps/req.c +++ b/apps/req.c @@ -883,8 +883,7 @@ int req_main(int argc, char **argv) if (sigopts) sk_OPENSSL_STRING_free(sigopts); #ifndef OPENSSL_NO_ENGINE - if (gen_eng) - ENGINE_free(gen_eng); + ENGINE_free(gen_eng); #endif OPENSSL_free(keyalgstr); X509_REQ_free(req); diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 6756c67..549bc5e 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -511,8 +511,7 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, OPENSSL_free(der); sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); - if (sect) - X509V3_section_free(cnf, sect); + X509V3_section_free(cnf, sect); return ret; } diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index 889cbe4..94ffbd8 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -154,7 +154,6 @@ static int do_tcreate(char *value, char *name) if (!rv) ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE); } - if (lst) - sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); + sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); return rv; } diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index 98634c9..07853a6 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -70,8 +70,7 @@ static int cmac_size(const EVP_PKEY *pkey) static void cmac_key_free(EVP_PKEY *pkey) { CMAC_CTX *cmctx = (CMAC_CTX *)pkey->pkey.ptr; - if (cmctx) - CMAC_CTX_free(cmctx); + CMAC_CTX_free(cmctx); } const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = { diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 1901848..5e8fdc3 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -115,6 +115,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) void CMAC_CTX_free(CMAC_CTX *ctx) { + if (!ctx) + return; CMAC_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 4508e7f..334c78f 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -289,8 +289,7 @@ COMP_METHOD *COMP_zlib(void) void COMP_zlib_cleanup(void) { #ifdef ZLIB_SHARED - if (zlib_dso) - DSO_free(zlib_dso); + DSO_free(zlib_dso); #endif } diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index b41564b..59808a3 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -241,8 +241,7 @@ static void value_free_stack_doall(CONF_VALUE *a) OPENSSL_free(vv->name); OPENSSL_free(vv); } - if (sk != NULL) - sk_CONF_VALUE_free(sk); + sk_CONF_VALUE_free(sk); OPENSSL_free(a->section); OPENSSL_free(a); } @@ -251,7 +250,7 @@ static void value_free_stack_doall(CONF_VALUE *a) CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) { STACK_OF(CONF_VALUE) *sk = NULL; - int ok = 0, i; + int i; CONF_VALUE *v = NULL, *vv; if ((sk = sk_CONF_VALUE_new_null()) == NULL) @@ -268,13 +267,10 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) vv = lh_CONF_VALUE_insert(conf->data, v); OPENSSL_assert(vv == NULL); - ok = 1; + return v; + err: - if (!ok) { - if (sk != NULL) - sk_CONF_VALUE_free(sk); - OPENSSL_free(v); - v = NULL; - } - return (v); + sk_CONF_VALUE_free(sk); + OPENSSL_free(v); + return NULL; } diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index ce2b177..18fe38b 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -266,8 +266,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, return md; err: - if (dso) - DSO_free(dso); + DSO_free(dso); CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); ERR_add_error_data(4, "module=", name, ", path=", path); return NULL; @@ -422,8 +421,7 @@ void CONF_modules_unload(int all) /* unload a single module */ static void module_free(CONF_MODULE *md) { - if (md->dso) - DSO_free(md->dso); + DSO_free(md->dso); OPENSSL_free(md->name); OPENSSL_free(md); } @@ -445,6 +443,8 @@ void CONF_modules_finish(void) static void module_finish(CONF_IMODULE *imod) { + if (!imod) + return; if (imod->pmod->finish) imod->pmod->finish(imod); imod->pmod->links--; diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index a33a8a8..99701d1 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -133,10 +133,8 @@ int DSO_free(DSO *dso) { int i; - if (dso == NULL) { - DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER); - return (0); - } + if (dso == NULL) + return (1); i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO); #ifdef REF_PRINT diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index f09bec4..e84281f 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -194,8 +194,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) ", name=", ecmd->name, ", value=", ecmd->value); } - if (e) - ENGINE_free(e); + ENGINE_free(e); return ret; } diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 7dd3659..02590e0 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -186,8 +186,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, { if (ptr) { dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr; - if (ctx->dynamic_dso) - DSO_free(ctx->dynamic_dso); + DSO_free(ctx->dynamic_dso); OPENSSL_free(ctx->DYNAMIC_LIBNAME); OPENSSL_free(ctx->engine_id); if (ctx->dirs) diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 6083440..64b0cad 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -108,16 +108,14 @@ int engine_free_util(ENGINE *e, int locked) { int i; - if (e == NULL) { - ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER); - return 0; - } + if (e == NULL) + return 1; if (locked) i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE); else i = --e->struct_ref; engine_ref_debug(e, 0, -1) - if (i > 0) + if (i > 0) return 1; #ifdef REF_CHECK if (i < 0) { diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index 53a6a25..16eb771 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -216,6 +216,8 @@ void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e) static void int_cleanup_cb_doall(ENGINE_PILE *p) { + if (!p) + return; sk_ENGINE_free(p->sk); if (p->funct) engine_unlocked_finish(p->funct, 0); diff --git a/crypto/err/err.c b/crypto/err/err.c index 9d58f38..308504a 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -409,8 +409,7 @@ static void int_thread_del_item(const ERR_STATE *d) CRYPTO_w_unlock(CRYPTO_LOCK_ERR); int_thread_release(&hash); - if (p) - ERR_STATE_free(p); + ERR_STATE_free(p); } #ifndef OPENSSL_NO_ERR @@ -905,8 +904,7 @@ ERR_STATE *ERR_get_state(void) * If a race occurred in this function and we came second, tmpp is * the first one that we just replaced. */ - if (tmpp) - ERR_STATE_free(tmpp); + ERR_STATE_free(tmpp); } return ret; } diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index 97b305d..b752a2c 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -184,14 +184,10 @@ static void sid_free(nid_triple *tt) void OBJ_sigid_free(void) { - if (sig_app) { - sk_nid_triple_pop_free(sig_app, sid_free); - sig_app = NULL; - } - if (sigx_app) { - sk_nid_triple_free(sigx_app); - sigx_app = NULL; - } + sk_nid_triple_pop_free(sig_app, sid_free); + sig_app = NULL; + sk_nid_triple_free(sigx_app); + sigx_app = NULL; } #ifdef OBJ_XREF_TEST diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c index 7c741d9..99b686f 100644 --- a/crypto/ts/ts_asn1.c +++ b/crypto/ts/ts_asn1.c @@ -189,8 +189,7 @@ static int ts_resp_set_tst_info(TS_RESP *a) TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); return 0; } - if (a->tst_info != NULL) - TS_TST_INFO_free(a->tst_info); + TS_TST_INFO_free(a->tst_info); a->tst_info = PKCS7_to_TS_TST_INFO(a->token); if (!a->tst_info) { TSerr(TS_F_TS_RESP_SET_TST_INFO, @@ -212,8 +211,7 @@ static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it, if (op == ASN1_OP_NEW_POST) { ts_resp->tst_info = NULL; } else if (op == ASN1_OP_FREE_POST) { - if (ts_resp->tst_info != NULL) - TS_TST_INFO_free(ts_resp->tst_info); + TS_TST_INFO_free(ts_resp->tst_info); } else if (op == ASN1_OP_D2I_POST) { if (ts_resp_set_tst_info(ts_resp) == 0) return 0; diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 4716b23..2b85660 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -230,8 +230,7 @@ int TS_CONF_set_default_engine(const char *name) TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE); ERR_add_error_data(2, "engine:", name); } - if (e) - ENGINE_free(e); + ENGINE_free(e); return ret; } diff --git a/demos/engines/cluster_labs/hw_cluster_labs.c b/demos/engines/cluster_labs/hw_cluster_labs.c index c58e548..918689c 100644 --- a/demos/engines/cluster_labs/hw_cluster_labs.c +++ b/demos/engines/cluster_labs/hw_cluster_labs.c @@ -363,9 +363,7 @@ int cluster_labs_init(ENGINE *e) err: /* reset all pointers */ - if (cluster_labs_dso) - DSO_free(cluster_labs_dso); - + DSO_free(cluster_labs_dso); cluster_labs_dso = NULL; p_cl_engine_init = NULL; p_cl_mod_exp = NULL; diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index 082246f..820abe8 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -412,9 +412,7 @@ static int ibmca_init(ENGINE *e) return 1; err: - if (ibmca_dso) - DSO_free(ibmca_dso); - + DSO_free(ibmca_dso); p_icaOpenAdapter = NULL; p_icaCloseAdapter = NULL; p_icaRsaModExpo = NULL; diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index 0b72217..773674f 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -623,9 +623,7 @@ static int zencod_init(ENGINE *e) return 1; err: - if (zencod_dso) { - DSO_free(zencod_dso); - } + DSO_free(zencod_dso); zencod_dso = NULL; ptr_zencod_bytes2bits = NULL; ptr_zencod_bits2bytes = NULL; diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c index 9c98129..e592cfb 100644 --- a/engines/e_4758cca.c +++ b/engines/e_4758cca.c @@ -324,8 +324,7 @@ static int ibm_4758_cca_init(ENGINE *e) return 1; err: - if (dso) - DSO_free(dso); + DSO_free(dso); dso = NULL; # ifndef OPENSSL_NO_RSA diff --git a/engines/e_aep.c b/engines/e_aep.c index c86b34a..8a47f7d 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -501,8 +501,7 @@ static int aep_init(ENGINE *e) err: - if (aep_dso) - DSO_free(aep_dso); + DSO_free(aep_dso); aep_dso = NULL; p_AEP_OpenConnection = NULL; diff --git a/engines/e_atalla.c b/engines/e_atalla.c index e9a6134..278cff4 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -406,8 +406,7 @@ static int atalla_init(ENGINE *e) /* Everything's fine. */ return 1; err: - if (atalla_dso) - DSO_free(atalla_dso); + DSO_free(atalla_dso); atalla_dso = NULL; p_Atalla_GetHardwareConfig = NULL; p_Atalla_RSAPrivateKeyOpFn = NULL; diff --git a/engines/e_chil.c b/engines/e_chil.c index 3535214..75c15f6 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -622,8 +622,7 @@ static int hwcrhk_init(ENGINE *e) # endif return 1; err: - if (hwcrhk_dso) - DSO_free(hwcrhk_dso); + DSO_free(hwcrhk_dso); hwcrhk_dso = NULL; p_hwcrhk_Init = NULL; p_hwcrhk_Finish = NULL; diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 0b4bfc5..5dcee7c 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -431,10 +431,8 @@ static int cswift_init(ENGINE *e) /* Everything's fine. */ return 1; err: - if (cswift_dso) { - DSO_free(cswift_dso); - cswift_dso = NULL; - } + DSO_free(cswift_dso); + cswift_dso = NULL; p_CSwift_AcquireAccContext = NULL; p_CSwift_AttachKeyParam = NULL; p_CSwift_SimpleRequest = NULL; diff --git a/engines/e_sureware.c b/engines/e_sureware.c index 9e56a7d..7d8c147 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -560,8 +560,7 @@ static int surewarehk_init(ENGINE *e) return 1; err: - if (surewarehk_dso) - DSO_free(surewarehk_dso); + DSO_free(surewarehk_dso); surewarehk_dso = NULL; p_surewarehk_Init = NULL; p_surewarehk_Finish = NULL; diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index c7eb892..a44b0b2 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -481,8 +481,7 @@ static int ubsec_init(ENGINE *e) } err: - if (ubsec_dso) - DSO_free(ubsec_dso); + DSO_free(ubsec_dso); ubsec_dso = NULL; p_UBSEC_ubsec_bytes_to_bits = NULL; p_UBSEC_ubsec_bits_to_bytes = NULL; diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index df86f5b..45de404 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -259,10 +259,8 @@ int ssl3_change_cipher_state(SSL *s, int which) } #ifndef OPENSSL_NO_COMP /* COMPRESS */ - if (s->expand != NULL) { - COMP_CTX_free(s->expand); - s->expand = NULL; - } + COMP_CTX_free(s->expand); + s->expand = NULL; if (comp != NULL) { s->expand = COMP_CTX_new(comp); if (s->expand == NULL) { @@ -294,10 +292,8 @@ int ssl3_change_cipher_state(SSL *s, int which) } #ifndef OPENSSL_NO_COMP /* COMPRESS */ - if (s->compress != NULL) { - COMP_CTX_free(s->compress); - s->compress = NULL; - } + COMP_CTX_free(s->compress); + s->compress = NULL; if (comp != NULL) { s->compress = COMP_CTX_new(comp); if (s->compress == NULL) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5b56ac7..8eab3e9 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2860,14 +2860,10 @@ void ssl_clear_cipher_ctx(SSL *s) s->enc_write_ctx = NULL; } #ifndef OPENSSL_NO_COMP - if (s->expand != NULL) { - COMP_CTX_free(s->expand); - s->expand = NULL; - } - if (s->compress != NULL) { - COMP_CTX_free(s->compress); - s->compress = NULL; - } + COMP_CTX_free(s->expand); + s->expand = NULL; + COMP_CTX_free(s->compress); + s->compress = NULL; #endif } diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e87d4b3..5c7fb86 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -385,10 +385,8 @@ int tls1_change_cipher_state(SSL *s, int which) dd = s->enc_read_ctx; mac_ctx = ssl_replace_hash(&s->read_hash, NULL); #ifndef OPENSSL_NO_COMP - if (s->expand != NULL) { - COMP_CTX_free(s->expand); - s->expand = NULL; - } + COMP_CTX_free(s->expand); + s->expand = NULL; if (comp != NULL) { s->expand = COMP_CTX_new(comp->method); if (s->expand == NULL) { @@ -425,10 +423,8 @@ int tls1_change_cipher_state(SSL *s, int which) } else mac_ctx = ssl_replace_hash(&s->write_hash, NULL); #ifndef OPENSSL_NO_COMP - if (s->compress != NULL) { - COMP_CTX_free(s->compress); - s->compress = NULL; - } + COMP_CTX_free(s->compress); + s->compress = NULL; if (comp != NULL) { s->compress = COMP_CTX_new(comp->method); if (s->compress == NULL) { diff --git a/test/enginetest.c b/test/enginetest.c index ab7c0c0..2d9afaa 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -147,8 +147,7 @@ int main(int argc, char *argv[]) printf("Remove failed!\n"); goto end; } - if (ptr) - ENGINE_free(ptr); + ENGINE_free(ptr); display_engine_list(); if (!ENGINE_add(new_h3) || !ENGINE_add(new_h2)) { printf("Add failed!\n"); @@ -196,8 +195,7 @@ int main(int argc, char *argv[]) if (!ENGINE_remove(ptr)) printf("Remove failed!i - probably no hardware " "support present.\n"); - if (ptr) - ENGINE_free(ptr); + ENGINE_free(ptr); display_engine_list(); if (!ENGINE_add(new_h1) || !ENGINE_remove(new_h1)) { printf("Couldn't add and remove to an empty list!\n"); @@ -248,17 +246,12 @@ int main(int argc, char *argv[]) end: if (to_return) ERR_print_errors_fp(stderr); - if (new_h1) - ENGINE_free(new_h1); - if (new_h2) - ENGINE_free(new_h2); - if (new_h3) - ENGINE_free(new_h3); - if (new_h4) - ENGINE_free(new_h4); + ENGINE_free(new_h1); + ENGINE_free(new_h2); + ENGINE_free(new_h3); + ENGINE_free(new_h4); for (loop = 0; loop < 512; loop++) - if (block[loop]) - ENGINE_free(block[loop]); + ENGINE_free(block[loop]); ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); From ben at openssl.org Fri May 1 16:46:33 2015 From: ben at openssl.org (Ben Laurie) Date: Fri, 01 May 2015 16:46:33 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430498793.065131.6064.nullmailer@dev.openssl.org> The branch master has been updated via 190c8c60c11467424910605d8d0098ccc1168fdc (commit) via 8b68b7e97bea1bb19ae5ad9afc7fdb5547bd4fc7 (commit) via dc2a1af86abbd0e464f952250c749d37e009eead (commit) from efa7dd64443f246004751bdaa5671bf6836e07ff (commit) - Log ----------------------------------------------------------------- commit 190c8c60c11467424910605d8d0098ccc1168fdc Author: Ben Laurie Date: Sun Apr 19 14:10:54 2015 +0100 Fix build on MacOS. Reviewed-by: Andy Polyakov commit 8b68b7e97bea1bb19ae5ad9afc7fdb5547bd4fc7 Author: Ben Laurie Date: Sun Apr 19 14:34:05 2015 +0100 Use BN_ULONG format. Reviewed-by: Andy Polyakov commit dc2a1af86abbd0e464f952250c749d37e009eead Author: Ben Laurie Date: Sun Apr 19 14:30:56 2015 +0100 u_len may be unused. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 9 +-------- Configure | 21 +++++++++++++++++++-- config | 6 ++++-- ssl/record/rec_layer_s3.c | 2 +- test/bntest.c | 4 ++-- 5 files changed, 27 insertions(+), 15 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 025bd86..372080c 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -641,14 +641,7 @@ "linux-x86_64-clang" => { inherit_from => [ "linux-x86_64" ], cc => "clang", - # TODO(openssl-team): fix problems and investigate if (at least) the - # following warnings can also be enabled: - # -Wconditional-uninitialized, -Wswitch-enum, -Wunused-macros, - # -Wmissing-field-initializers, -Wmissing-variable-declarations, - # -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, - # -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token - # -Wextended-offsetof - cflags => "-m64 -DL_ENDIAN -Wall -Wextra $clang_disabled_warnings -Qunused-arguments", + cflags => "-m64 -DL_ENDIAN -Wall -Wextra -Qunused-arguments", }, "linux-x32" => { inherit_from => [ "linux-generic32", asm("x86_64_asm") ], diff --git a/Configure b/Configure index 53ff45d..b9e0f50 100755 --- a/Configure +++ b/Configure @@ -112,7 +112,15 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED"; -my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; +# These are used in addition to $gcc_devteam_warn when the compiler is clang. +# TODO(openssl-team): fix problems and investigate if (at least) the +# following warnings can also be enabled: -Wconditional-uninitialized, +# -Wswitch-enum, -Wunused-macros, -Wmissing-field-initializers, +# -Wmissing-variable-declarations, +# -Wincompatible-pointer-types-discards-qualifiers, -Wcast-align, +# -Wunreachable-code -Wunused-parameter -Wlanguage-extension-token +# -Wextended-offsetof +my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof"; my $strict_warnings = 0; @@ -1726,12 +1734,21 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/) if ($strict_warnings) { + my $ecc = $cc; + $ecc = "clang" if `$cc --version 2>&1` =~ /clang/; my $wopt; - die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/); + die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/); foreach $wopt (split /\s+/, $gcc_devteam_warn) { $cflags .= " $wopt" unless ($cflags =~ /$wopt/) } + if ($ecc eq "clang") + { + foreach $wopt (split /\s+/, $clang_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + } + } } open(IN,"/dev/null` if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then echo "WARNING! If you wish to build 64-bit library, then you have to" - echo " invoke './Configure darwin64-x86_64-cc' *manually*." + echo " invoke './Configure darwin64-x86_64-cc $options' *manually*." if [ "$TEST" = "false" -a -t 1 ]; then echo " You have about 5 seconds to press Ctrl-C to abort." - (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1 + # The stty technique used elsewhere doesn't work on + # MacOS. At least, right now on this Mac. + sleep 5 fi fi if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index b7d43f3..0ed82f7 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -445,10 +445,10 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) unsigned int n, nw; #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK unsigned int max_send_fragment; + unsigned int u_len = (unsigned int)len; #endif SSL3_BUFFER *wb = &s->rlayer.wbuf; int i; - unsigned int u_len = (unsigned int)len; if (len < 0) { SSLerr(SSL_F_SSL3_WRITE_BYTES, SSL_R_SSL_NEGATIVE_LENGTH); diff --git a/test/bntest.c b/test/bntest.c index 7aaefc5..1ce6db1 100644 --- a/test/bntest.c +++ b/test/bntest.c @@ -1799,8 +1799,8 @@ int test_probable_prime_coprime(BIO *bp, BN_CTX *ctx) for (j = 0; j < 5; j++) { if (BN_mod_word(r, primes[j]) == 0) { - BIO_printf(bp, "Number generated is not coprime to %ld:\n", - primes[j]); + BIO_printf(bp, "Number generated is not coprime to " + BN_DEC_FMT1 ":\n", primes[j]); BN_print_fp(stdout, r); BIO_printf(bp, "\n"); goto err; From rsalz at openssl.org Fri May 1 18:30:44 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 18:30:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430505044.469578.16788.nullmailer@dev.openssl.org> The branch master has been updated via 666964780a245c14e8f0eb6e13dd854a37387ea9 (commit) from 190c8c60c11467424910605d8d0098ccc1168fdc (commit) - Log ----------------------------------------------------------------- commit 666964780a245c14e8f0eb6e13dd854a37387ea9 Author: Rich Salz Date: Fri May 1 14:29:48 2015 -0400 Remove goto inside an if(0) block There were a dozen-plus instances of this construct: if (0) { label: ..... } Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/f_enum.c | 25 +++++++++++-------------- crypto/asn1/f_int.c | 22 +++++++++------------- crypto/asn1/f_string.c | 25 +++++++++++-------------- crypto/asn1/t_x509.c | 11 +++++------ crypto/dh/dh_ameth.c | 12 ++++++------ crypto/x509/x509_vfy.c | 10 +++++----- crypto/x509v3/pcy_cache.c | 6 +++--- demos/bio/sconnect.c | 17 ++++++++--------- ssl/s3_clnt.c | 14 +++++++------- ssl/s3_lib.c | 1 - ssl/s3_srvr.c | 18 ++++++++---------- ssl/ssl_asn1.c | 4 ---- ssl/ssl_cert.c | 14 ++++++-------- ssl/ssl_lib.c | 8 +++----- 14 files changed, 82 insertions(+), 105 deletions(-) diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c index 338a02e..eabfd37 100644 --- a/crypto/asn1/f_enum.c +++ b/crypto/asn1/f_enum.c @@ -97,7 +97,6 @@ int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) { - int ret = 0; int i, j, k, m, n, again, bufsize; unsigned char *s = NULL, *sp; unsigned char *bufp; @@ -108,16 +107,16 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) bufsize = BIO_gets(bp, buf, size); for (;;) { if (bufsize < 1) - goto err_sl; + goto err; i = bufsize; if (buf[i - 1] == '\n') buf[--i] = '\0'; if (i == 0) - goto err_sl; + goto err; if (buf[i - 1] == '\r') buf[--i] = '\0'; if (i == 0) - goto err_sl; + goto err; again = (buf[i - 1] == '\\'); for (j = 0; j < i; j++) { @@ -133,7 +132,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) * We have now cleared all the crap off the end of the line */ if (i < 2) - goto err_sl; + goto err; bufp = (unsigned char *)buf; if (first) { @@ -147,7 +146,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) i -= again; if (i % 2 != 0) { ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); - goto err; + return 0; } i /= 2; if (num + i > slen) { @@ -155,7 +154,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); OPENSSL_free(s); - goto err; + return 0; } s = sp; slen = num + i * 2; @@ -172,7 +171,7 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) else { ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_NON_HEX_CHARACTERS); - goto err; + return 0; } s[num + j] <<= 4; s[num + j] |= m; @@ -186,11 +185,9 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) } bs->length = num; bs->data = s; - ret = 1; + return 1; + err: - if (0) { - err_sl: - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); - } - return (ret); + ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); + return 0; } diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 5a2d18b..880c284 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -101,7 +101,6 @@ int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) { - int ret = 0; int i, j, k, m, n, again, bufsize; unsigned char *s = NULL, *sp; unsigned char *bufp; @@ -112,16 +111,16 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) bufsize = BIO_gets(bp, buf, size); for (;;) { if (bufsize < 1) - goto err_sl; + goto err; i = bufsize; if (buf[i - 1] == '\n') buf[--i] = '\0'; if (i == 0) - goto err_sl; + goto err; if (buf[i - 1] == '\r') buf[--i] = '\0'; if (i == 0) - goto err_sl; + goto err; again = (buf[i - 1] == '\\'); for (j = 0; j < i; j++) { @@ -147,7 +146,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) * We have now cleared all the crap off the end of the line */ if (i < 2) - goto err_sl; + goto err; bufp = (unsigned char *)buf; if (first) { @@ -161,7 +160,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) i -= again; if (i % 2 != 0) { ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); - goto err; + return 0; } i /= 2; if (num + i > slen) { @@ -169,7 +168,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); OPENSSL_free(s); - goto err; + return 0; } s = sp; slen = num + i * 2; @@ -200,11 +199,8 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) } bs->length = num; bs->data = s; - ret = 1; + return 1; err: - if (0) { - err_sl: - ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); - } - return (ret); + ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); + return 0; } diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index e9dcee8..c82f2a1 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -95,7 +95,6 @@ int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) { - int ret = 0; int i, j, k, m, n, again, bufsize; unsigned char *s = NULL, *sp; unsigned char *bufp; @@ -107,7 +106,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) if (first) break; else - goto err_sl; + goto err; } first = 0; @@ -115,11 +114,11 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) if (buf[i - 1] == '\n') buf[--i] = '\0'; if (i == 0) - goto err_sl; + goto err; if (buf[i - 1] == '\r') buf[--i] = '\0'; if (i == 0) - goto err_sl; + goto err; again = (buf[i - 1] == '\\'); for (j = i - 1; j > 0; j--) { @@ -145,7 +144,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) * We have now cleared all the crap off the end of the line */ if (i < 2) - goto err_sl; + goto err; bufp = (unsigned char *)buf; @@ -153,7 +152,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) i -= again; if (i % 2 != 0) { ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); - goto err; + return 0; } i /= 2; if (num + i > slen) { @@ -161,7 +160,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) if (sp == NULL) { ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); OPENSSL_free(s); - goto err; + return 0; } s = sp; slen = num + i * 2; @@ -178,7 +177,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) else { ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_NON_HEX_CHARACTERS); - goto err; + return 0; } s[num + j] <<= 4; s[num + j] |= m; @@ -192,11 +191,9 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) } bs->length = num; bs->data = s; - ret = 1; + return 1; + err: - if (0) { - err_sl: - ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); - } - return (ret); + ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); + return 0; } diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index c32f28e..76c6c1e 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -490,7 +490,7 @@ int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm) int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) { char *s, *c, *b; - int ret = 0, l, i; + int l, i; l = 80 - 2 - obase; @@ -535,11 +535,10 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) l--; } - ret = 1; - if (0) { + OPENSSL_free(b); + return 1; err: - X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); - } + X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB); OPENSSL_free(b); - return (ret); + return 0; } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index c9374b7..b45173e 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -327,7 +327,7 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, ASN1_PCTX *ctx, int ptype) { unsigned char *m = NULL; - int reason = ERR_R_BUF_LIB, ret = 0; + int reason = ERR_R_BUF_LIB; size_t buf_len = 0; const char *ktype = NULL; @@ -415,13 +415,13 @@ static int do_dh_print(BIO *bp, const DH *x, int indent, goto err; } - ret = 1; - if (0) { + OPENSSL_free(m); + return 1; + err: - DHerr(DH_F_DO_DH_PRINT, reason); - } + DHerr(DH_F_DO_DH_PRINT, reason); OPENSSL_free(m); - return (ret); + return 0; } static int int_dh_size(const EVP_PKEY *pkey) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3cdf453..522f9b9 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -489,12 +489,12 @@ int X509_verify_cert(X509_STORE_CTX *ctx) /* If we get this far evaluate policies */ if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)) ok = ctx->check_policy(ctx); - if (!ok) - goto end; - if (0) { + if (ok) + goto done; + end: - X509_get_pubkey_parameters(NULL, ctx->chain); - } + X509_get_pubkey_parameters(NULL, ctx->chain); + done: sk_X509_free(sktmp); X509_free(chain_ss); return ok; diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 125b311..1f07fe2 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -200,12 +200,12 @@ static int policy_cache_new(X509 *x) goto bad_cache; } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) goto bad_cache; + goto just_cleanup; - if (0) { bad_cache: - x->ex_flags |= EXFLAG_INVALID_POLICY; - } + x->ex_flags |= EXFLAG_INVALID_POLICY; + just_cleanup: if (ext_pcons) POLICY_CONSTRAINTS_free(ext_pcons); diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index 73280b5..6e4ca65 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -96,17 +96,16 @@ char *argv[]; } ret = 1; + goto done; - if (0) { err: - if (ERR_peek_error() == 0) { /* system call error */ - fprintf(stderr, "errno=%d ", errno); - perror("error"); - } else - ERR_print_errors_fp(stderr); - } + if (ERR_peek_error() == 0) { /* system call error */ + fprintf(stderr, "errno=%d ", errno); + perror("error"); + } else + ERR_print_errors_fp(stderr); + done: BIO_free_all(out); SSL_CTX_free(ssl_ctx); - exit(!ret); - return (ret); + return (ret == 1); } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 52ddec1..7915052 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1189,7 +1189,7 @@ int ssl3_get_server_certificate(SSL *s) if ((sk = sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; + goto done; } n2l3(p, llen); @@ -1222,7 +1222,7 @@ int ssl3_get_server_certificate(SSL *s) } if (!sk_X509_push(sk, x)) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; + goto done; } x = NULL; nc += l + 3; @@ -1250,7 +1250,7 @@ int ssl3_get_server_certificate(SSL *s) sc = ssl_sess_cert_new(); if (sc == NULL) - goto err; + goto done; ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; @@ -1332,11 +1332,11 @@ int ssl3_get_server_certificate(SSL *s) x = NULL; ret = 1; - if (0) { + goto done; + f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - } - err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + done: EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 16a60c6..4610e7f 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3570,7 +3570,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ptmp = EVP_PKEY_new(); if (!ptmp) return 0; - if (0) ; #ifndef OPENSSL_NO_RSA else if (sc->peer_rsa_tmp) rv = EVP_PKEY_set1_RSA(ptmp, sc->peer_rsa_tmp); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 3e5c57a..5b83407 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3184,7 +3184,7 @@ int ssl3_get_client_certificate(SSL *s) if ((sk = sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; + goto done; } n2l3(p, llen); @@ -3206,7 +3206,7 @@ int ssl3_get_client_certificate(SSL *s) x = d2i_X509(NULL, &p, l); if (x == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB); - goto err; + goto done; } if (p != (q + l)) { al = SSL_AD_DECODE_ERROR; @@ -3216,7 +3216,7 @@ int ssl3_get_client_certificate(SSL *s) } if (!sk_X509_push(sk, x)) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; + goto done; } x = NULL; nc += l + 3; @@ -3279,7 +3279,7 @@ int ssl3_get_client_certificate(SSL *s) s->session->sess_cert = ssl_sess_cert_new(); if (s->session->sess_cert == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto err; + goto done; } } sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); @@ -3288,15 +3288,13 @@ int ssl3_get_client_certificate(SSL *s) * Inconsistency alert: cert_chain does *not* include the peer's own * certificate, while we do include it in s3_clnt.c */ - sk = NULL; - ret = 1; - if (0) { + goto done; + f_err: - ssl3_send_alert(s, SSL3_AL_FATAL, al); - } - err: + ssl3_send_alert(s, SSL3_AL_FATAL, al); + done: X509_free(x); sk_X509_pop_free(sk, X509_free); return (ret); diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 2a07a9b..905c8cf 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -325,10 +325,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, if (as == NULL) goto err; - if (0) { - i2d_SSL_SESSION_ASN1(NULL, NULL); - } - if (!a || !*a) { ret = SSL_SESSION_new(); if (ret == NULL) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index a15c5f9..5244ecb 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -850,12 +850,12 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) sk_X509_NAME_push(ret, xn); } } + goto done; - if (0) { err: - sk_X509_NAME_pop_free(ret, X509_NAME_free); - ret = NULL; - } + sk_X509_NAME_pop_free(ret, X509_NAME_free); + ret = NULL; + done: sk_X509_NAME_free(sk); BIO_free(in); X509_free(x); @@ -911,17 +911,15 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, } ERR_clear_error(); + goto done; - if (0) { err: ret = 0; - } + done: BIO_free(in); if (x != NULL) X509_free(x); - (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); - return ret; } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8eab3e9..63e9712 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2838,13 +2838,11 @@ SSL *SSL_dup(SSL *s) } } } + return ret; - if (0) { err: - SSL_free(ret); - ret = NULL; - } - return (ret); + SSL_free(ret); + return NULL; } void ssl_clear_cipher_ctx(SSL *s) From rsalz at openssl.org Fri May 1 18:37:51 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 01 May 2015 18:37:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430505471.242257.18189.nullmailer@dev.openssl.org> The branch master has been updated via 25aaa98aa249d26391c1994d2de449562c8b8b99 (commit) from 666964780a245c14e8f0eb6e13dd854a37387ea9 (commit) - Log ----------------------------------------------------------------- commit 25aaa98aa249d26391c1994d2de449562c8b8b99 Author: Rich Salz Date: Fri May 1 14:37:16 2015 -0400 free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 18 ++++------- apps/asn1pars.c | 6 ++-- apps/ca.c | 23 +++++--------- apps/ciphers.c | 2 +- apps/cms.c | 27 ++++++---------- apps/dgst.c | 9 ++---- apps/engine.c | 3 +- apps/genrsa.c | 6 ++-- apps/ocsp.c | 3 +- apps/openssl.c | 9 ++---- apps/pkcs12.c | 3 +- apps/req.c | 8 ++--- apps/s_cb.c | 6 ++-- apps/s_server.c | 34 +++++++------------- apps/sess_id.c | 3 +- apps/smime.c | 6 ++-- apps/srp.c | 7 ++--- apps/x509.c | 3 +- crypto/asn1/a_d2i_fp.c | 9 ++---- crypto/asn1/p5_pbe.c | 3 +- crypto/asn1/x_crl.c | 6 ++-- crypto/cms/cms_cd.c | 5 +-- crypto/cms/cms_dd.c | 5 +-- crypto/cms/cms_enc.c | 2 +- crypto/cms/cms_env.c | 9 ++---- crypto/cms/cms_ess.c | 13 ++------ crypto/cms/cms_kari.c | 7 ++--- crypto/cms/cms_smime.c | 6 ++-- crypto/conf/conf_def.c | 11 +++---- crypto/ec/ec_asn1.c | 22 +++++-------- crypto/ec/ec_lib.c | 7 +---- crypto/ec/ec_mult.c | 3 +- crypto/engine/eng_dyn.c | 3 +- crypto/err/err.c | 6 ++-- crypto/ex_data.c | 6 ++-- crypto/mem_dbg.c | 15 ++++----- crypto/ocsp/ocsp_cl.c | 7 ++--- crypto/ocsp/ocsp_ext.c | 6 ++-- crypto/ocsp/ocsp_lib.c | 3 +- crypto/ocsp/ocsp_srv.c | 3 +- crypto/pem/pvkfmt.c | 4 +-- crypto/pqueue/pqueue.c | 6 ---- crypto/rsa/rsa_ameth.c | 9 ++---- crypto/stack/stack.c | 3 +- crypto/store/str_mem.c | 2 +- crypto/ts/ts_rsp_verify.c | 3 +- crypto/txt_db/txt_db.c | 43 ++++++++------------------ crypto/x509/by_dir.c | 12 +++----- crypto/x509/x509_obj.c | 3 +- crypto/x509/x509_vfy.c | 6 ++-- crypto/x509/x509_vpm.c | 14 +++------ crypto/x509v3/pcy_cache.c | 11 ++----- crypto/x509v3/pcy_data.c | 2 ++ crypto/x509v3/pcy_tree.c | 3 +- crypto/x509v3/v3_crld.c | 6 ++-- demos/cms/cms_comp.c | 5 +-- demos/cms/cms_ddec.c | 6 +--- demos/cms/cms_dec.c | 6 +--- demos/cms/cms_denc.c | 6 +--- demos/cms/cms_enc.c | 6 +--- demos/cms/cms_sign.c | 6 +--- demos/cms/cms_sign2.c | 6 +--- demos/cms/cms_uncomp.c | 6 +--- demos/cms/cms_ver.c | 7 +---- demos/engines/ibmca/hw_ibmca.c | 3 +- engines/ccgost/gost2001.c | 10 +++--- engines/ccgost/gost2001_keyx.c | 3 +- ssl/d1_both.c | 7 +++-- ssl/d1_clnt.c | 3 +- ssl/d1_lib.c | 6 ++-- ssl/record/rec_layer_d1.c | 13 +++----- ssl/s23_clnt.c | 3 +- ssl/s3_clnt.c | 13 +++----- ssl/s3_lib.c | 3 +- ssl/s3_srvr.c | 23 +++++--------- ssl/ssl_cert.c | 34 ++++++++------------ ssl/ssl_ciph.c | 3 +- ssl/ssl_lib.c | 70 +++++++++++++----------------------------- ssl/ssl_rsa.c | 7 ++--- ssl/ssl_sess.c | 24 +++++---------- test/ecdsatest.c | 6 ++-- test/evp_test.c | 10 +++--- 82 files changed, 244 insertions(+), 511 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index f2a17a4..1b76dbf 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -592,12 +592,9 @@ int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl) } err: - if (host) - OPENSSL_free(host); - if (path) - OPENSSL_free(path); - if (port) - OPENSSL_free(port); + OPENSSL_free(host); + OPENSSL_free(path); + OPENSSL_free(port); if (bio) BIO_free_all(bio); OCSP_REQ_CTX_free(rctx); @@ -660,8 +657,7 @@ X509 *load_cert(const char *file, int format, BIO_printf(bio_err, "unable to load certificate\n"); ERR_print_errors(bio_err); } - if (cert != NULL) - BIO_free(cert); + BIO_free(cert); return (x); } @@ -761,8 +757,7 @@ EVP_PKEY *load_key(const char *file, int format, int maybe_stdin, goto end; } end: - if (key != NULL) - BIO_free(key); + BIO_free(key); if (pkey == NULL) { BIO_printf(bio_err, "unable to load %s\n", key_descrip); ERR_print_errors(bio_err); @@ -849,8 +844,7 @@ EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin, pkey = b2i_PublicKey_bio(key); #endif end: - if (key != NULL) - BIO_free(key); + BIO_free(key); if (pkey == NULL) BIO_printf(bio_err, "unable to load %s\n", key_descrip); return (pkey); diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 01a50f4..61bdeab 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -319,15 +319,13 @@ int asn1parse_main(int argc, char **argv) BIO_free(b64); if (ret != 0) ERR_print_errors(bio_err); - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); OPENSSL_free(name); OPENSSL_free(header); if (strictpem) OPENSSL_free(str); ASN1_TYPE_free(at); - if (osk != NULL) - sk_OPENSSL_STRING_free(osk); + sk_OPENSSL_STRING_free(osk); OBJ_cleanup(); return (ret); } diff --git a/apps/ca.c b/apps/ca.c index ad6b000..0b92872 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -514,10 +514,8 @@ end_of_options: errorline, configfile); goto end; } - if (tofree) { - OPENSSL_free(tofree); - tofree = NULL; - } + OPENSSL_free(tofree); + tofree = NULL; /* Lets get the config section we are using */ if (section == NULL) { @@ -1331,8 +1329,7 @@ end_of_options: /*****************************************************************/ ret = 0; end: - if (tofree) - OPENSSL_free(tofree); + OPENSSL_free(tofree); BIO_free_all(Cout); BIO_free_all(Sout); BIO_free_all(out); @@ -1342,13 +1339,12 @@ end_of_options: if (ret) ERR_print_errors(bio_err); app_RAND_write_file(randfile); - if (free_key && key) + if (free_key) OPENSSL_free(key); BN_free(serial); BN_free(crlnumber); free_index(db); - if (sigopts) - sk_OPENSSL_STRING_free(sigopts); + sk_OPENSSL_STRING_free(sigopts); EVP_PKEY_free(pkey); X509_free(x509); X509_CRL_free(crl); @@ -2000,8 +1996,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, ok = 1; end: for (i = 0; i < DB_NUMBER; i++) - if (row[i] != NULL) - OPENSSL_free(row[i]); + OPENSSL_free(row[i]); X509_NAME_free(CAname); X509_NAME_free(subject); @@ -2159,10 +2154,8 @@ static int certify_spkac(X509 **xret, char *infile, EVP_PKEY *pkey, ext_copy, 0); end: X509_REQ_free(req); - if (parms != NULL) - CONF_free(parms); - if (spki != NULL) - NETSCAPE_SPKI_free(spki); + CONF_free(parms); + NETSCAPE_SPKI_free(spki); X509_NAME_ENTRY_free(ne); return (ok); diff --git a/apps/ciphers.c b/apps/ciphers.c index 3d84a2b..232fd60 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -214,7 +214,7 @@ int ciphers_main(int argc, char **argv) err: ERR_print_errors(bio_err); end: - if (use_supported && sk) + if (use_supported) sk_SSL_CIPHER_free(sk); SSL_CTX_free(ctx); SSL_free(ssl); diff --git a/apps/cms.c b/apps/cms.c index 25e3ad6..79d0b8f 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -1117,20 +1117,15 @@ int cms_main(int argc, char **argv) sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); X509_VERIFY_PARAM_free(vpm); - if (sksigners) - sk_OPENSSL_STRING_free(sksigners); - if (skkeys) - sk_OPENSSL_STRING_free(skkeys); + sk_OPENSSL_STRING_free(sksigners); + sk_OPENSSL_STRING_free(skkeys); OPENSSL_free(secret_key); OPENSSL_free(secret_keyid); OPENSSL_free(pwri_tmp); ASN1_OBJECT_free(econtent_type); - if (rr) - CMS_ReceiptRequest_free(rr); - if (rr_to) - sk_OPENSSL_STRING_free(rr_to); - if (rr_from) - sk_OPENSSL_STRING_free(rr_from); + CMS_ReceiptRequest_free(rr); + sk_OPENSSL_STRING_free(rr_to); + sk_OPENSSL_STRING_free(rr_from); for (key_param = key_first; key_param;) { cms_key_param *tparam; sk_OPENSSL_STRING_free(key_param->param); @@ -1247,8 +1242,7 @@ static void receipt_request_print(CMS_ContentInfo *cms) BIO_puts(bio_err, " Receipts To:\n"); gnames_stack_print(rto); } - if (rr) - CMS_ReceiptRequest_free(rr); + CMS_ReceiptRequest_free(rr); } } @@ -1280,12 +1274,9 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns) return ret; err: - if (ret) - sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); - if (gens) - GENERAL_NAMES_free(gens); - if (gen) - GENERAL_NAME_free(gen); + sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free); + GENERAL_NAMES_free(gens); + GENERAL_NAME_free(gen); return NULL; } diff --git a/apps/dgst.c b/apps/dgst.c index a679cb9..5d23492 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -443,14 +443,11 @@ int dgst_main(int argc, char **argv) end: OPENSSL_clear_free(buf, BUFSIZE); BIO_free(in); - if (passin) - OPENSSL_free(passin); + OPENSSL_free(passin); BIO_free_all(out); EVP_PKEY_free(sigkey); - if (sigopts) - sk_OPENSSL_STRING_free(sigopts); - if (macopts) - sk_OPENSSL_STRING_free(macopts); + sk_OPENSSL_STRING_free(sigopts); + sk_OPENSSL_STRING_free(macopts); OPENSSL_free(sigbuf); BIO_free(bmd); return (ret); diff --git a/apps/engine.c b/apps/engine.c index c7c0aaf..832cb0a 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -261,8 +261,7 @@ static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent) BIO_printf(out, "\n"); ret = 1; err: - if (cmds) - sk_OPENSSL_STRING_pop_free(cmds, identity); + sk_OPENSSL_STRING_pop_free(cmds, identity); OPENSSL_free(name); OPENSSL_free(desc); return ret; diff --git a/apps/genrsa.c b/apps/genrsa.c index a5ab658..e09e576 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -198,10 +198,8 @@ int genrsa_main(int argc, char **argv) if (hexe && dece) { BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe); } - if (hexe) - OPENSSL_free(hexe); - if (dece) - OPENSSL_free(dece); + OPENSSL_free(hexe); + OPENSSL_free(dece); { PW_CB_DATA cb_data; cb_data.password = passout; diff --git a/apps/ocsp.c b/apps/ocsp.c index d4ea019..d4538a8 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -917,8 +917,7 @@ static void make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, NULL); goto end; } - if (ca_id) - OCSP_CERTID_free(ca_id); + OCSP_CERTID_free(ca_id); ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca); /* Is this request about our CA? */ diff --git a/apps/openssl.c b/apps/openssl.c index c6b048a..b71f3d1 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -511,12 +511,9 @@ int main(int argc, char *argv[]) end: OPENSSL_free(copied_argv); OPENSSL_free(to_free); - if (config != NULL) { - NCONF_free(config); - config = NULL; - } - if (prog != NULL) - lh_FUNCTION_free(prog); + NCONF_free(config); + config = NULL; + lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); BIO_free(bio_in); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 4c62392..0a4ee3e 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -554,8 +554,7 @@ int pkcs12_main(int argc, char **argv) app_RAND_write_file(NULL); BIO_free(in); BIO_free_all(out); - if (canames) - sk_OPENSSL_STRING_free(canames); + sk_OPENSSL_STRING_free(canames); OPENSSL_free(passin); OPENSSL_free(passout); return (ret); diff --git a/apps/req.c b/apps/req.c index e8e18ec..b9dc35c 100644 --- a/apps/req.c +++ b/apps/req.c @@ -872,16 +872,14 @@ int req_main(int argc, char **argv) if (ret) { ERR_print_errors(bio_err); } - if ((req_conf != NULL) && (req_conf != config)) + if (req_conf != config) NCONF_free(req_conf); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(genctx); - if (pkeyopts) - sk_OPENSSL_STRING_free(pkeyopts); - if (sigopts) - sk_OPENSSL_STRING_free(sigopts); + sk_OPENSSL_STRING_free(pkeyopts); + sk_OPENSSL_STRING_free(sigopts); #ifndef OPENSSL_NO_ENGINE ENGINE_free(gen_eng); #endif diff --git a/apps/s_cb.c b/apps/s_cb.c index 1f2d371..13a3a25 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1202,6 +1202,9 @@ static int ssl_excert_prepend(SSL_EXCERT **pexc) void ssl_excert_free(SSL_EXCERT *exc) { SSL_EXCERT *curr; + + if (!exc) + return; while (exc) { X509_free(exc->cert); EVP_PKEY_free(exc->key); @@ -1311,8 +1314,7 @@ int args_excert(int opt, SSL_EXCERT **pexc) err: ERR_print_errors(bio_err); - if (exc) - ssl_excert_free(exc); + ssl_excert_free(exc); *pexc = NULL; return 0; } diff --git a/apps/s_server.c b/apps/s_server.c index 5fb275d..fead620 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -475,8 +475,7 @@ static int ebcdic_free(BIO *a) { if (a == NULL) return (0); - if (a->ptr != NULL) - OPENSSL_free(a->ptr); + OPENSSL_free(a->ptr); a->ptr = NULL; a->init = 0; a->flags = 0; @@ -725,12 +724,9 @@ static int cert_status_cb(SSL *s, void *arg) OPENSSL_free(port); X509_email_free(aia); } - if (id) - OCSP_CERTID_free(id); - if (req) - OCSP_REQUEST_free(req); - if (resp) - OCSP_RESPONSE_free(resp); + OCSP_CERTID_free(id); + OCSP_REQUEST_free(req); + OCSP_RESPONSE_free(resp); return ret; err: ret = SSL_TLSEXT_ERR_ALERT_FATAL; @@ -1928,30 +1924,22 @@ int s_server_main(int argc, char *argv[]) EVP_PKEY_free(s_dkey); sk_X509_pop_free(s_chain, X509_free); sk_X509_pop_free(s_dchain, X509_free); - if (pass) - OPENSSL_free(pass); - if (dpass) - OPENSSL_free(dpass); + OPENSSL_free(pass); + OPENSSL_free(dpass); X509_VERIFY_PARAM_free(vpm); free_sessions(); #ifndef OPENSSL_NO_TLSEXT - if (tlscstatp.host) - OPENSSL_free(tlscstatp.host); - if (tlscstatp.port) - OPENSSL_free(tlscstatp.port); - if (tlscstatp.path) - OPENSSL_free(tlscstatp.path); - if (ctx2 != NULL) + OPENSSL_free(tlscstatp.host); + OPENSSL_free(tlscstatp.port); + OPENSSL_free(tlscstatp.path); SSL_CTX_free(ctx2); X509_free(s_cert2); EVP_PKEY_free(s_key2); BIO_free(serverinfo_in); # ifndef OPENSSL_NO_NEXTPROTONEG - if (next_proto.data) - OPENSSL_free(next_proto.data); + OPENSSL_free(next_proto.data); # endif - if (alpn_ctx.data) - OPENSSL_free(alpn_ctx.data); + OPENSSL_free(alpn_ctx.data); #endif ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); diff --git a/apps/sess_id.c b/apps/sess_id.c index cfecd86..6816543 100644 --- a/apps/sess_id.c +++ b/apps/sess_id.c @@ -211,8 +211,7 @@ int sess_id_main(int argc, char **argv) ret = 0; end: BIO_free_all(out); - if (x != NULL) - SSL_SESSION_free(x); + SSL_SESSION_free(x); return (ret); } diff --git a/apps/smime.c b/apps/smime.c index 8b8520b..e544ca2 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -651,10 +651,8 @@ int smime_main(int argc, char **argv) sk_X509_pop_free(encerts, X509_free); sk_X509_pop_free(other, X509_free); X509_VERIFY_PARAM_free(vpm); - if (sksigners) - sk_OPENSSL_STRING_free(sksigners); - if (skkeys) - sk_OPENSSL_STRING_free(skkeys); + sk_OPENSSL_STRING_free(sksigners); + sk_OPENSSL_STRING_free(skkeys); X509_STORE_free(store); X509_free(cert); X509_free(recip); diff --git a/apps/srp.c b/apps/srp.c index 960ca82..8b44780 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -669,11 +669,8 @@ int srp_main(int argc, char **argv) ERR_print_errors(bio_err); if (randfile) app_RAND_write_file(randfile); - if (conf) - NCONF_free(conf); - if (db) - free_index(db); - + NCONF_free(conf); + free_index(db); OBJ_cleanup(); return (ret); } diff --git a/apps/x509.c b/apps/x509.c index 31ae38a..fe9b109 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -949,8 +949,7 @@ int x509_main(int argc, char **argv) EVP_PKEY_free(Upkey); EVP_PKEY_free(CApkey); EVP_PKEY_free(fkey); - if (sigopts) - sk_OPENSSL_STRING_free(sigopts); + sk_OPENSSL_STRING_free(sigopts); X509_REQ_free(rq); ASN1_INTEGER_free(sno); sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free); diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index af1f7c6..13e47fd 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -97,8 +97,7 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) p = (unsigned char *)b->data; ret = d2i(x, &p, len); err: - if (b != NULL) - BUF_MEM_free(b); + BUF_MEM_free(b); return (ret); } @@ -118,8 +117,7 @@ void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) p = (const unsigned char *)b->data; ret = ASN1_item_d2i(x, &p, len, it); err: - if (b != NULL) - BUF_MEM_free(b); + BUF_MEM_free(b); return (ret); } @@ -264,7 +262,6 @@ static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) *pb = b; return off; err: - if (b != NULL) - BUF_MEM_free(b); + BUF_MEM_free(b); return -1; } diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index a65b659..ec738de 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -116,8 +116,7 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, return 1; err: - if (pbe != NULL) - PBEPARAM_free(pbe); + PBEPARAM_free(pbe); ASN1_STRING_free(pbe_str); return 0; } diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index e32556e..a32158b 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -281,10 +281,8 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if (!crl->meth->crl_free(crl)) return 0; } - if (crl->akid) - AUTHORITY_KEYID_free(crl->akid); - if (crl->idp) - ISSUING_DIST_POINT_free(crl->idp); + AUTHORITY_KEYID_free(crl->akid); + ISSUING_DIST_POINT_free(crl->idp); ASN1_INTEGER_free(crl->crl_number); ASN1_INTEGER_free(crl->base_crl_number); sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free); diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index aa3238f..8673e00 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -105,10 +105,7 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid) return cms; err: - - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); return NULL; } diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index d5fda1a..09ad319 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -88,10 +88,7 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) return cms; err: - - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); return NULL; } diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index f1ac1d5..ed20c53 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -194,7 +194,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) ok = 1; err: - if (ec->key && !keep_key) { + if (!keep_key) { OPENSSL_clear_free(ec->key, ec->keylen); ec->key = NULL; } diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index e8274be..7fefd24 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -168,8 +168,7 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) goto merr; return cms; merr: - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -400,10 +399,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ret = 1; err: - if (pctx) { - EVP_PKEY_CTX_free(pctx); - ktri->pctx = NULL; - } + EVP_PKEY_CTX_free(pctx); + ktri->pctx = NULL; OPENSSL_free(ek); return ret; diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 21f41f6..9dfbd67 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -128,9 +128,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); err: - if (rr) - CMS_ReceiptRequest_free(rr); - + CMS_ReceiptRequest_free(rr); return NULL; } @@ -337,10 +335,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) r = 1; err: - if (rr) - CMS_ReceiptRequest_free(rr); + CMS_ReceiptRequest_free(rr); M_ASN1_free_of(rct, CMS_Receipt); - return r; } @@ -384,9 +380,6 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); err: - if (rr) - CMS_ReceiptRequest_free(rr); - + CMS_ReceiptRequest_free(rr); return os; - } diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index ea7fb5b..d860f09 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -207,10 +207,9 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) { EVP_PKEY_CTX *pctx; CMS_KeyAgreeRecipientInfo *kari = ri->d.kari; - if (kari->pctx) { - EVP_PKEY_CTX_free(kari->pctx); - kari->pctx = NULL; - } + + EVP_PKEY_CTX_free(kari->pctx); + kari->pctx = NULL; if (!pk) return 1; pctx = EVP_PKEY_CTX_new(pk, NULL); diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index 8066602..d19ec6d 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -512,8 +512,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); err: - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); return NULL; } @@ -614,8 +613,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, merr: CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); err: - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); return NULL; } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index bd2e8c0..0ed06e1 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -391,19 +391,17 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) v = NULL; } } - if (buff != NULL) - BUF_MEM_free(buff); + BUF_MEM_free(buff); OPENSSL_free(section); return (1); err: - if (buff != NULL) - BUF_MEM_free(buff); + BUF_MEM_free(buff); OPENSSL_free(section); if (line != NULL) *line = eline; BIO_snprintf(btmp, sizeof btmp, "%ld", eline); ERR_add_error_data(2, "line ", btmp); - if ((h != conf->data) && (conf->data != NULL)) { + if (h != conf->data) { CONF_free(conf->data); conf->data = NULL; } @@ -595,8 +593,7 @@ static int str_copy(CONF *conf, char *section, char **pto, char *from) OPENSSL_free(buf); return (1); err: - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); return (0); } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index c86f22e..638f849 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -994,7 +994,6 @@ int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out) EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) { - int ok = 0; EC_KEY *ret = NULL; EC_PRIVATEKEY *priv_key = NULL; @@ -1075,18 +1074,14 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len) if (a) *a = ret; - ok = 1; - err: - if (!ok) { - if (a == NULL || *a != ret) - EC_KEY_free(ret); - ret = NULL; - } - - if (priv_key) - EC_PRIVATEKEY_free(priv_key); - + EC_PRIVATEKEY_free(priv_key); return (ret); + + err: + if (a == NULL || *a != ret) + EC_KEY_free(ret); + EC_PRIVATEKEY_free(priv_key); + return NULL; } int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) @@ -1190,8 +1185,7 @@ int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out) ok = 1; err: OPENSSL_free(buffer); - if (priv_key) - EC_PRIVATEKEY_free(priv_key); + EC_PRIVATEKEY_free(priv_key); return (ok ? ret : 0); } diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 02de91d..628e879 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -132,16 +132,11 @@ void EC_GROUP_free(EC_GROUP *group) group->meth->group_finish(group); EC_EX_DATA_free_all_data(&group->extra_data); - BN_MONT_CTX_free(group->mont_data); - EC_POINT_free(group->generator); BN_free(group->order); BN_free(group->cofactor); - - if (group->seed) - OPENSSL_free(group->seed); - + OPENSSL_free(group->seed); OPENSSL_free(group); } diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 115bc42..bd99c82 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -742,8 +742,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) if (ctx != NULL) BN_CTX_end(ctx); BN_CTX_free(new_ctx); - if (pre_comp) - ec_pre_comp_free(pre_comp); + ec_pre_comp_free(pre_comp); if (points) { EC_POINT **p; diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 02590e0..84d8e86 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -189,8 +189,7 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, DSO_free(ctx->dynamic_dso); OPENSSL_free(ctx->DYNAMIC_LIBNAME); OPENSSL_free(ctx->engine_id); - if (ctx->dirs) - sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); + sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str); OPENSSL_free(ctx); } } diff --git a/crypto/err/err.c b/crypto/err/err.c index 308504a..e1091e3 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -559,10 +559,8 @@ void ERR_unload_strings(int lib, ERR_STRING_DATA *str) void ERR_free_strings(void) { CRYPTO_w_lock(CRYPTO_LOCK_ERR); - if (int_error_hash) { - lh_ERR_STRING_DATA_free(int_error_hash); - int_error_hash = NULL; - } + lh_ERR_STRING_DATA_free(int_error_hash); + int_error_hash = NULL; CRYPTO_w_unlock(CRYPTO_LOCK_ERR); } diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 66070f6..96ecd94 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -524,10 +524,8 @@ static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) } } OPENSSL_free(storage); - if (ad->sk) { - sk_void_free(ad->sk); - ad->sk = NULL; - } + sk_void_free(ad->sk); + ad->sk = NULL; } /********************************************************************/ diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 402df01..dee1fb9 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -197,10 +197,10 @@ static CRYPTO_THREADID disabling_threadid; static void app_info_free(APP_INFO *inf) { + if (!inf) + return; if (--(inf->references) <= 0) { - if (inf->next != NULL) { - app_info_free(inf->next); - } + app_info_free(inf->next); OPENSSL_free(inf); } } @@ -559,8 +559,7 @@ void CRYPTO_dbg_free(void *addr, int before_p) fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5ld] - 0x%p (%d)\n", mp->order, mp->addr, mp->num); #endif - if (mp->app_info != NULL) - app_info_free(mp->app_info); + app_info_free(mp->app_info); OPENSSL_free(mp); } @@ -763,10 +762,8 @@ void CRYPTO_mem_leaks(BIO *b) old_mh_mode = mh_mode; mh_mode = CRYPTO_MEM_CHECK_OFF; - if (mh != NULL) { - lh_MEM_free(mh); - mh = NULL; - } + lh_MEM_free(mh); + mh = NULL; if (amih != NULL) { if (lh_APP_INFO_num_items(amih) == 0) { lh_APP_INFO_free(amih); diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 78d817d..0f3f13f 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -91,8 +91,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) if (!(one = OCSP_ONEREQ_new())) goto err; - if (one->reqCert) - OCSP_CERTID_free(one->reqCert); + OCSP_CERTID_free(one->reqCert); one->reqCert = cid; if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err; @@ -107,6 +106,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) { GENERAL_NAME *gen; + gen = GENERAL_NAME_new(); if (gen == NULL) return 0; @@ -115,8 +115,7 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) return 0; } gen->type = GEN_DIRNAME; - if (req->tbsRequest->requestorName) - GENERAL_NAME_free(req->tbsRequest->requestorName); + GENERAL_NAME_free(req->tbsRequest->requestorName); req->tbsRequest->requestorName = gen; return 1; } diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 91eac9b..8a35f75 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -437,8 +437,7 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); err: - if (cid) - OCSP_CRLID_free(cid); + OCSP_CRLID_free(cid); return x; } @@ -516,7 +515,6 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) } x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); err: - if (sloc) - OCSP_SERVICELOC_free(sloc); + OCSP_SERVICELOC_free(sloc); return x; } diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index ac64b65..62a5812 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -142,8 +142,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, digerr: OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); err: - if (cid) - OCSP_CERTID_free(cid); + OCSP_CERTID_free(cid); return NULL; } diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 00cafea..1afa68c 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -130,8 +130,7 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) goto err; return rsp; err: - if (rsp) - OCSP_RESPONSE_free(rsp); + OCSP_RESPONSE_free(rsp); return NULL; } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 9e9c948..d2a5952 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -674,6 +674,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, const unsigned char *p = *in; unsigned int magic; unsigned char *enctmp = NULL, *q; + EVP_CIPHER_CTX cctx; EVP_CIPHER_CTX_init(&cctx); if (saltlen) { @@ -736,8 +737,7 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in, ret = b2i_PrivateKey(&p, keylen); err: EVP_CIPHER_CTX_cleanup(&cctx); - if (saltlen) - OPENSSL_free(enctmp); + OPENSSL_free(enctmp); return ret; } diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index a4af9f9..725fe38 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -82,9 +82,6 @@ pitem *pitem_new(unsigned char *prio64be, void *data) void pitem_free(pitem *item) { - if (item == NULL) - return; - OPENSSL_free(item); } @@ -100,9 +97,6 @@ pqueue_s *pqueue_new() void pqueue_free(pqueue_s *pq) { - if (pq == NULL) - return; - OPENSSL_free(pq); } diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 9313c93..e9ccd7e 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -378,8 +378,7 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, X509_ALGOR *maskHash; pss = rsa_pss_decode(sigalg, &maskHash); rv = rsa_pss_param_print(bp, pss, maskHash, indent); - if (pss) - RSA_PSS_PARAMS_free(pss); + RSA_PSS_PARAMS_free(pss); X509_ALGOR_free(maskHash); if (!rv) return 0; @@ -557,8 +556,7 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) goto err; rv = 1; err: - if (pss) - RSA_PSS_PARAMS_free(pss); + RSA_PSS_PARAMS_free(pss); if (rv) return os; ASN1_STRING_free(os); @@ -896,8 +894,7 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) os = NULL; rv = 1; err: - if (oaep) - RSA_OAEP_PARAMS_free(oaep); + RSA_OAEP_PARAMS_free(oaep); ASN1_STRING_free(os); return rv; } diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 7611631..7922188 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -106,8 +106,7 @@ _STACK *sk_dup(_STACK *sk) ret->comp = sk->comp; return (ret); err: - if (ret) - sk_free(ret); + sk_free(ret); return (NULL); } diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 8687100..f1cca6a 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -346,7 +346,7 @@ static int mem_list_end(STORE *s, void *handle) STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER); return 0; } - if (context && context->search_attributes) + if (context) sk_STORE_ATTR_INFO_free(context->search_attributes); OPENSSL_free(context); return 1; diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 3ce765d..a89f9cb 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -718,8 +718,7 @@ static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); } - if (gen_names) - GENERAL_NAMES_free(gen_names); + GENERAL_NAMES_free(gen_names); return found; } diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 029d0bb..49d8ccc 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -71,7 +71,6 @@ const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT; TXT_DB *TXT_DB_read(BIO *in, int num) { TXT_DB *ret = NULL; - int er = 1; int esc = 0; long ln = 0; int i, add, n; @@ -161,36 +160,23 @@ TXT_DB *TXT_DB_read(BIO *in, int num) "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n", ln, num, n, f); #endif - er = 2; goto err; } pp[n] = p; - if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) { -#if !defined(OPENSSL_NO_STDIO) /* temporary fix :-( */ - fprintf(stderr, "failure in sk_push\n"); -#endif - er = 2; + if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) goto err; - } } - er = 0; + BUF_MEM_free(buf); + return ret; err: BUF_MEM_free(buf); - if (er) { -#if !defined(OPENSSL_NO_STDIO) - if (er == 1) - fprintf(stderr, "OPENSSL_malloc failure\n"); -#endif - if (ret != NULL) { - if (ret->data != NULL) - sk_OPENSSL_PSTRING_free(ret->data); - OPENSSL_free(ret->index); - OPENSSL_free(ret->qual); - OPENSSL_free(ret); - } - return (NULL); - } else - return (ret); + if (ret != NULL) { + sk_OPENSSL_PSTRING_free(ret->data); + OPENSSL_free(ret->index); + OPENSSL_free(ret->qual); + OPENSSL_free(ret); + } + return (NULL); } OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx, @@ -242,8 +228,7 @@ int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *), return (0); } } - if (db->index[field] != NULL) - lh_OPENSSL_STRING_free(db->index[field]); + lh_OPENSSL_STRING_free(db->index[field]); db->index[field] = idx; db->qual[field] = qual; return (1); @@ -292,8 +277,7 @@ long TXT_DB_write(BIO *out, TXT_DB *db) } ret = tot; err: - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); return (ret); } @@ -343,8 +327,7 @@ void TXT_DB_free(TXT_DB *db) if (db->index != NULL) { for (i = db->num_fields - 1; i >= 0; i--) - if (db->index[i] != NULL) - lh_OPENSSL_STRING_free(db->index[i]); + lh_OPENSSL_STRING_free(db->index[i]); OPENSSL_free(db->index); } OPENSSL_free(db->qual); diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 31b3c3c..304cf4a 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -177,8 +177,7 @@ static int by_dir_hash_cmp(const BY_DIR_HASH *const *a, static void by_dir_entry_free(BY_DIR_ENTRY *ent) { OPENSSL_free(ent->dir); - if (ent->hashes) - sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); + sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free); OPENSSL_free(ent); } @@ -187,10 +186,8 @@ static void free_dir(X509_LOOKUP *lu) BY_DIR *a; a = (BY_DIR *)lu->method_data; - if (a->dirs != NULL) - sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); - if (a->buffer != NULL) - BUF_MEM_free(a->buffer); + sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free); + BUF_MEM_free(a->buffer); OPENSSL_free(a); } @@ -435,7 +432,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, } } finish: - if (b != NULL) - BUF_MEM_free(b); + BUF_MEM_free(b); return (ok); } diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index 4e80c1b..ca6ff5d 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -207,7 +207,6 @@ char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) return (p); err: X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE); - if (b != NULL) - BUF_MEM_free(b); + BUF_MEM_free(b); return (NULL); } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 522f9b9..3f4fb81 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1020,10 +1020,8 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, *pscore = best_score; *preasons = best_reasons; CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509_CRL); - if (*pdcrl) { - X509_CRL_free(*pdcrl); - *pdcrl = NULL; - } + X509_CRL_free(*pdcrl); + *pdcrl = NULL; get_delta_sk(ctx, pdcrl, pscore, best_crl, crls); } diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index b0d9c4d..29ee8a7 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -83,8 +83,6 @@ static void str_free(char *s) OPENSSL_free(s); } -#define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free) - static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, const char *name, size_t namelen) { @@ -101,8 +99,8 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode, if (name && name[namelen - 1] == '\0') --namelen; - if (mode == SET_HOST && id->hosts) { - string_stack_free(id->hosts); + if (mode == SET_HOST) { + sk_OPENSSL_STRING_pop_free(id->hosts, str_free); id->hosts = NULL; } if (name == NULL || namelen == 0) @@ -147,7 +145,7 @@ static void x509_verify_param_zero(X509_VERIFY_PARAM *param) sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); param->policies = NULL; paramid = param->id; - string_stack_free(paramid->hosts); + sk_OPENSSL_STRING_pop_free(paramid->hosts, str_free); paramid->hosts = NULL; OPENSSL_free(paramid->peername); OPENSSL_free(paramid->email); @@ -287,10 +285,8 @@ int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, /* Copy the host flags if and only if we're copying the host list */ if (test_x509_verify_param_copy_id(hosts, NULL)) { - if (dest->id->hosts) { - string_stack_free(dest->id->hosts); - dest->id->hosts = NULL; - } + sk_OPENSSL_STRING_pop_free(dest->id->hosts, str_free); + dest->id->hosts = NULL; if (id->hosts) { dest->id->hosts = sk_OPENSSL_STRING_deep_copy(id->hosts, str_copy, str_free); diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 1f07fe2..1f94260 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -110,8 +110,7 @@ static int policy_cache_create(X509 *x, bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; - if (data) - policy_data_free(data); + policy_data_free(data); sk_POLICYINFO_pop_free(policies, POLICYINFO_free); if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); @@ -206,11 +205,8 @@ static int policy_cache_new(X509 *x) x->ex_flags |= EXFLAG_INVALID_POLICY; just_cleanup: - if (ext_pcons) - POLICY_CONSTRAINTS_free(ext_pcons); - + POLICY_CONSTRAINTS_free(ext_pcons); ASN1_INTEGER_free(ext_any); - return 1; } @@ -219,8 +215,7 @@ void policy_cache_free(X509_POLICY_CACHE *cache) { if (!cache) return; - if (cache->anyPolicy) - policy_data_free(cache->anyPolicy); + policy_data_free(cache->anyPolicy); sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); OPENSSL_free(cache); } diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 3a8d432..37c867e 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -67,6 +67,8 @@ void policy_data_free(X509_POLICY_DATA *data) { + if (!data) + return; ASN1_OBJECT_free(data->valid_policy); /* Don't free qualifiers if shared */ if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS)) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 1f85c37..f1bcb05 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -657,8 +657,7 @@ void X509_policy_tree_free(X509_POLICY_TREE *tree) for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) { X509_free(curr->cert); sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free); - if (curr->anyPolicy) - policy_node_free(curr->anyPolicy); + policy_node_free(curr->anyPolicy); } sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free); diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 48a6a9d..8ffcdd7 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -173,8 +173,7 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, return 1; err: - if (fnm) - sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); + sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free); sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free); return -1; } @@ -279,8 +278,7 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, return point; err: - if (point) - DIST_POINT_free(point); + DIST_POINT_free(point); return NULL; } diff --git a/demos/cms/cms_comp.c b/demos/cms/cms_comp.c index e117d37..f902d20 100644 --- a/demos/cms/cms_comp.c +++ b/demos/cms/cms_comp.c @@ -48,11 +48,8 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); BIO_free(in); BIO_free(out); - return ret; - } diff --git a/demos/cms/cms_ddec.c b/demos/cms/cms_ddec.c index 36bb4ee..3b23e8d 100644 --- a/demos/cms/cms_ddec.c +++ b/demos/cms/cms_ddec.c @@ -68,16 +68,12 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); X509_free(rcert); EVP_PKEY_free(rkey); - BIO_free(in); BIO_free(out); BIO_free(tbio); BIO_free(dcont); - return ret; - } diff --git a/demos/cms/cms_dec.c b/demos/cms/cms_dec.c index 832b54d..22181c2 100644 --- a/demos/cms/cms_dec.c +++ b/demos/cms/cms_dec.c @@ -59,15 +59,11 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); X509_free(rcert); EVP_PKEY_free(rkey); - BIO_free(in); BIO_free(out); BIO_free(tbio); - return ret; - } diff --git a/demos/cms/cms_denc.c b/demos/cms/cms_denc.c index f91fec1..8aa82aa 100644 --- a/demos/cms/cms_denc.c +++ b/demos/cms/cms_denc.c @@ -77,16 +77,12 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); X509_free(rcert); sk_X509_pop_free(recips, X509_free); - BIO_free(in); BIO_free(out); BIO_free(dout); BIO_free(tbio); - return ret; - } diff --git a/demos/cms/cms_enc.c b/demos/cms/cms_enc.c index ba62f79..f4ba542 100644 --- a/demos/cms/cms_enc.c +++ b/demos/cms/cms_enc.c @@ -73,15 +73,11 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); X509_free(rcert); sk_X509_pop_free(recips, X509_free); - BIO_free(in); BIO_free(out); BIO_free(tbio); - return ret; - } diff --git a/demos/cms/cms_sign.c b/demos/cms/cms_sign.c index e9871df..8b5a64d 100644 --- a/demos/cms/cms_sign.c +++ b/demos/cms/cms_sign.c @@ -69,15 +69,11 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); X509_free(scert); EVP_PKEY_free(skey); - BIO_free(in); BIO_free(out); BIO_free(tbio); - return ret; - } diff --git a/demos/cms/cms_sign2.c b/demos/cms/cms_sign2.c index 127f586..9fdd035 100644 --- a/demos/cms/cms_sign2.c +++ b/demos/cms/cms_sign2.c @@ -77,9 +77,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); X509_free(scert); EVP_PKEY_free(skey); X509_free(scert2); @@ -87,7 +85,5 @@ int main(int argc, char **argv) BIO_free(in); BIO_free(out); BIO_free(tbio); - return ret; - } diff --git a/demos/cms/cms_uncomp.c b/demos/cms/cms_uncomp.c index 8d45834..2c10b81 100644 --- a/demos/cms/cms_uncomp.c +++ b/demos/cms/cms_uncomp.c @@ -42,12 +42,8 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); BIO_free(in); BIO_free(out); - return ret; - } diff --git a/demos/cms/cms_ver.c b/demos/cms/cms_ver.c index 0f34bbf..c6e83c0 100644 --- a/demos/cms/cms_ver.c +++ b/demos/cms/cms_ver.c @@ -67,15 +67,10 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); } - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); X509_free(cacert); - BIO_free(in); BIO_free(out); BIO_free(tbio); - return ret; - } diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index 820abe8..fb5b8db 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -596,8 +596,7 @@ static int ibmca_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) rsa->dmq1, rsa->iqmp, ctx); } err: - if (ctx) - BN_CTX_free(ctx); + BN_CTX_free(ctx); return to_return; } # endif diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c index 5490a5d..8b56a30 100644 --- a/engines/ccgost/gost2001.c +++ b/engines/ccgost/gost2001.c @@ -109,8 +109,8 @@ int fill_GOST2001_params(EC_KEY *eckey, int nid) } ok = 1; err: - if (P) EC_POINT_free(P); - if (grp) EC_GROUP_free(grp); + EC_POINT_free(P); + EC_GROUP_free(grp); if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -243,7 +243,7 @@ DSA_SIG *gost2001_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey) if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx); - if (C) EC_POINT_free(C); + EC_POINT_free(C); BN_free(md); if (!ret) DSA_SIG_free(newsig); @@ -361,7 +361,7 @@ int gost2001_do_verify(const unsigned char *dgst, int dgst_len, ok = 1; } err: - if (C) EC_POINT_free(C); + EC_POINT_free(C); if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx); @@ -413,7 +413,7 @@ int gost2001_compute_public(EC_KEY *ec) } ok = 256; err: - if (pub_key) EC_POINT_free(pub_key); + EC_POINT_free(pub_key); if (ctx) BN_CTX_end(ctx); BN_CTX_free(ctx); diff --git a/engines/ccgost/gost2001_keyx.c b/engines/ccgost/gost2001_keyx.c index 864d01b..abbacbb 100644 --- a/engines/ccgost/gost2001_keyx.c +++ b/engines/ccgost/gost2001_keyx.c @@ -285,7 +285,6 @@ int pkey_GOST01cp_decrypt(EVP_PKEY_CTX *pctx, unsigned char *key, ret = 1; err: EVP_PKEY_free(eph_key); - if (gkt) - GOST_KEY_TRANSPORT_free(gkt); + GOST_KEY_TRANSPORT_free(gkt); return ret; } diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 7b7f876..3af3ba1 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -203,7 +203,8 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, void dtls1_hm_fragment_free(hm_fragment *frag) { - + if (!frag) + return; if (frag->msg_header.is_ccs) { EVP_CIPHER_CTX_free(frag->msg_header. saved_retransmit_state.enc_write_ctx); @@ -724,7 +725,7 @@ dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) return DTLS1_HM_FRAGMENT_RETRY; err: - if (frag != NULL && item == NULL) + if (item == NULL) dtls1_hm_fragment_free(frag); *ok = 0; return i; @@ -821,7 +822,7 @@ dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, return DTLS1_HM_FRAGMENT_RETRY; err: - if (frag != NULL && item == NULL) + if (item == NULL) dtls1_hm_fragment_free(frag); *ok = 0; return i; diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 0f4373e..b8efa88 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -781,8 +781,7 @@ int dtls1_connect(SSL *s) s->in_handshake, NULL); #endif - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); if (cb != NULL) cb(s, SSL_CB_CONNECT_EXIT, ret); return (ret); diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 6946b32..81d532c 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -153,10 +153,8 @@ int dtls1_new(SSL *s) d1->mtu = 0; if (!d1->buffered_messages || !d1->sent_messages) { - if (d1->buffered_messages) - pqueue_free(d1->buffered_messages); - if (d1->sent_messages) - pqueue_free(d1->sent_messages); + pqueue_free(d1->buffered_messages); + pqueue_free(d1->sent_messages); OPENSSL_free(d1); ssl3_free(s); return (0); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index a78f150..a484c97 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -140,12 +140,9 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) if (!d->unprocessed_rcds.q || !d->processed_rcds.q || !d->buffered_app_data.q) { - if (d->unprocessed_rcds.q) - pqueue_free(d->unprocessed_rcds.q); - if (d->processed_rcds.q) - pqueue_free(d->processed_rcds.q); - if (d->buffered_app_data.q) - pqueue_free(d->buffered_app_data.q); + pqueue_free(d->unprocessed_rcds.q); + pqueue_free(d->processed_rcds.q); + pqueue_free(d->buffered_app_data.q); OPENSSL_free(d); rl->d = NULL; return (0); @@ -266,9 +263,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) { OPENSSL_free(rdata); - if (item != NULL) - pitem_free(item); - + pitem_free(item); SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); return -1; } diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 4196eac..3434340 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -249,8 +249,7 @@ int ssl23_connect(SSL *s) } end: s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); if (cb != NULL) cb(s, SSL_CB_CONNECT_EXIT, ret); return (ret); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 7915052..f81f160 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -599,11 +599,8 @@ int ssl3_connect(SSL *s) case SSL_ST_OK: /* clean a few things up */ ssl3_cleanup_key_block(s); - - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; /* * If we are not 'joining' the last two packets, remove the @@ -657,8 +654,7 @@ int ssl3_connect(SSL *s) } end: s->in_handshake--; - if (buf != NULL) - BUF_MEM_free(buf); + BUF_MEM_free(buf); if (cb != NULL) cb(s, SSL_CB_CONNECT_EXIT, ret); return (ret); @@ -3319,8 +3315,7 @@ int ssl3_send_client_certificate(SSL *s) } X509_free(x509); - if (pkey != NULL) - EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); if (i && !ssl3_check_client_certificate(s)) i = 0; if (i == 0) { diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 4610e7f..c2fddb8 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3131,8 +3131,7 @@ void ssl3_free(SSL *s) if (s->s3->handshake_dgst) ssl3_free_digest_list(s); #ifndef OPENSSL_NO_TLSEXT - if (s->s3->alpn_selected) - OPENSSL_free(s->s3->alpn_selected); + OPENSSL_free(s->s3->alpn_selected); #endif #ifndef OPENSSL_NO_SRP diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 5b83407..d2c8995 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1272,14 +1272,9 @@ int ssl3_get_client_hello(SSL *s) } s->session->cipher = pref_cipher; - - if (s->cipher_list) - sk_SSL_CIPHER_free(s->cipher_list); - - if (s->cipher_list_by_id) - sk_SSL_CIPHER_free(s->cipher_list_by_id); - + sk_SSL_CIPHER_free(s->cipher_list); s->cipher_list = sk_SSL_CIPHER_dup(s->session->ciphers); + sk_SSL_CIPHER_free(s->cipher_list_by_id); s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); } } @@ -1371,8 +1366,7 @@ int ssl3_get_client_hello(SSL *s) #else s->session->compress_meth = (comp == NULL) ? 0 : comp->id; #endif - if (s->session->ciphers != NULL) - sk_SSL_CIPHER_free(s->session->ciphers); + sk_SSL_CIPHER_free(s->session->ciphers); s->session->ciphers = ciphers; if (ciphers == NULL) { al = SSL_AD_INTERNAL_ERROR; @@ -1452,8 +1446,7 @@ int ssl3_get_client_hello(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } err: - if (ciphers != NULL) - sk_SSL_CIPHER_free(ciphers); + sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; } @@ -3127,11 +3120,9 @@ int ssl3_get_cert_verify(SSL *s) ssl3_send_alert(s, SSL3_AL_FATAL, al); } end: - if (s->s3->handshake_buffer) { - BIO_free(s->s3->handshake_buffer); - s->s3->handshake_buffer = NULL; - s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; - } + BIO_free(s->s3->handshake_buffer); + s->s3->handshake_buffer = NULL; + s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE; EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_free(pkey); return (ret); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 5244ecb..cce7f15 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -405,11 +405,9 @@ void ssl_cert_clear_certs(CERT *c) sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; #ifndef OPENSSL_NO_TLSEXT - if (cpk->serverinfo) { - OPENSSL_free(cpk->serverinfo); - cpk->serverinfo = NULL; - cpk->serverinfo_length = 0; - } + OPENSSL_free(cpk->serverinfo); + cpk->serverinfo = NULL; + cpk->serverinfo_length = 0; #endif /* Clear all flags apart from explicit sign */ cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; @@ -447,20 +445,14 @@ void ssl_cert_free(CERT *c) #endif ssl_cert_clear_certs(c); - if (c->peer_sigalgs) - OPENSSL_free(c->peer_sigalgs); - if (c->conf_sigalgs) - OPENSSL_free(c->conf_sigalgs); - if (c->client_sigalgs) - OPENSSL_free(c->client_sigalgs); - if (c->shared_sigalgs) - OPENSSL_free(c->shared_sigalgs); - if (c->ctypes) - OPENSSL_free(c->ctypes); + OPENSSL_free(c->peer_sigalgs); + OPENSSL_free(c->conf_sigalgs); + OPENSSL_free(c->client_sigalgs); + OPENSSL_free(c->shared_sigalgs); + OPENSSL_free(c->ctypes); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); - if (c->ciphers_raw) - OPENSSL_free(c->ciphers_raw); + OPENSSL_free(c->ciphers_raw); #ifndef OPENSSL_NO_TLSEXT custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); @@ -624,12 +616,11 @@ void ssl_sess_cert_free(SESS_CERT *sc) X509_free(sc->peer_pkeys[i].x509); #if 0 /* - * We don't have the peer's private key. These lines are just + * We don't have the peer's private key. This line is just * here as a reminder that we're still using a not-quite-appropriate * data structure. */ - if (sc->peer_pkeys[i].privatekey != NULL) - EVP_PKEY_free(sc->peer_pkeys[i].privatekey); + EVP_PKEY_free(sc->peer_pkeys[i].privatekey); #endif } @@ -917,8 +908,7 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, ret = 0; done: BIO_free(in); - if (x != NULL) - X509_free(x); + X509_free(x); (void)sk_X509_NAME_set_cmp_func(stack, oldcmp); return ret; } diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 41af4f6..6c6ac8d 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1600,8 +1600,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK sk_SSL_CIPHER_free(cipherstack); return NULL; } - if (*cipher_list != NULL) - sk_SSL_CIPHER_free(*cipher_list); + sk_SSL_CIPHER_free(*cipher_list); *cipher_list = cipherstack; if (*cipher_list_by_id != NULL) sk_SSL_CIPHER_free(*cipher_list_by_id); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 63e9712..4dfd7ab 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -216,15 +216,11 @@ int SSL_clear(SSL *s) s->client_version = s->version; s->rwstate = SSL_NOTHING; - if (s->init_buf != NULL) { - BUF_MEM_free(s->init_buf); - s->init_buf = NULL; - } - + BUF_MEM_free(s->init_buf); + s->init_buf = NULL; ssl_clear_cipher_ctx(s); ssl_clear_hash_ctx(&s->read_hash); ssl_clear_hash_ctx(&s->write_hash); - s->first_packet = 0; /* @@ -547,14 +543,11 @@ void SSL_free(SSL *s) if (s->wbio != s->rbio) BIO_free_all(s->wbio); - if (s->init_buf != NULL) - BUF_MEM_free(s->init_buf); + BUF_MEM_free(s->init_buf); /* add extra stuff */ - if (s->cipher_list != NULL) - sk_SSL_CIPHER_free(s->cipher_list); - if (s->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(s->cipher_list_by_id); + sk_SSL_CIPHER_free(s->cipher_list); + sk_SSL_CIPHER_free(s->cipher_list_by_id); /* Make the next call work :-) */ if (s->session != NULL) { @@ -577,8 +570,7 @@ void SSL_free(SSL *s) OPENSSL_free(s->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); - if (s->tlsext_ocsp_ids) - sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); + sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); OPENSSL_free(s->tlsext_ocsp_resp); OPENSSL_free(s->alpn_client_proto_list); #endif @@ -602,8 +594,7 @@ void SSL_free(SSL *s) #endif #ifndef OPENSSL_NO_SRTP - if (s->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); + sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); #endif OPENSSL_free(s); @@ -1499,8 +1490,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, sk_SSL_CIPHER_zero(sk); } - if (s->cert->ciphers_raw) - OPENSSL_free(s->cert->ciphers_raw); + OPENSSL_free(s->cert->ciphers_raw); s->cert->ciphers_raw = BUF_memdup(p, num); if (s->cert->ciphers_raw == NULL) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1721,9 +1711,7 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, unsigned protos_len) { - if (ctx->alpn_client_proto_list) - OPENSSL_free(ctx->alpn_client_proto_list); - + OPENSSL_free(ctx->alpn_client_proto_list); ctx->alpn_client_proto_list = OPENSSL_malloc(protos_len); if (!ctx->alpn_client_proto_list) return 1; @@ -1741,9 +1729,7 @@ int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos, int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos, unsigned protos_len) { - if (ssl->alpn_client_proto_list) - OPENSSL_free(ssl->alpn_client_proto_list); - + OPENSSL_free(ssl->alpn_client_proto_list); ssl->alpn_client_proto_list = OPENSSL_malloc(protos_len); if (!ssl->alpn_client_proto_list) return 1; @@ -2037,28 +2023,19 @@ void SSL_CTX_free(SSL_CTX *a) SSL_CTX_flush_sessions(a, 0); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); - - if (a->sessions != NULL) - lh_SSL_SESSION_free(a->sessions); - + lh_SSL_SESSION_free(a->sessions); X509_STORE_free(a->cert_store); - if (a->cipher_list != NULL) - sk_SSL_CIPHER_free(a->cipher_list); - if (a->cipher_list_by_id != NULL) - sk_SSL_CIPHER_free(a->cipher_list_by_id); + sk_SSL_CIPHER_free(a->cipher_list); + sk_SSL_CIPHER_free(a->cipher_list_by_id); ssl_cert_free(a->cert); sk_X509_NAME_pop_free(a->client_CA, X509_NAME_free); sk_X509_pop_free(a->extra_certs, X509_free); a->comp_methods = NULL; - #ifndef OPENSSL_NO_SRTP - if (a->srtp_profiles) - sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); + sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles); #endif - #ifndef OPENSSL_NO_PSK - if (a->psk_identity_hint) - OPENSSL_free(a->psk_identity_hint); + OPENSSL_free(a->psk_identity_hint); #endif #ifndef OPENSSL_NO_SRP SSL_CTX_SRP_CTX_free(a); @@ -2070,13 +2047,10 @@ void SSL_CTX_free(SSL_CTX *a) #ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC - if (a->tlsext_ecpointformatlist) - OPENSSL_free(a->tlsext_ecpointformatlist); - if (a->tlsext_ellipticcurvelist) - OPENSSL_free(a->tlsext_ellipticcurvelist); -# endif /* OPENSSL_NO_EC */ - if (a->alpn_client_proto_list != NULL) - OPENSSL_free(a->alpn_client_proto_list); + OPENSSL_free(a->tlsext_ecpointformatlist); + OPENSSL_free(a->tlsext_ellipticcurvelist); +# endif + OPENSSL_free(a->alpn_client_proto_list); #endif OPENSSL_free(a); @@ -3259,8 +3233,7 @@ int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint) SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - if (ctx->psk_identity_hint != NULL) - OPENSSL_free(ctx->psk_identity_hint); + OPENSSL_free(ctx->psk_identity_hint); if (identity_hint != NULL) { ctx->psk_identity_hint = BUF_strdup(identity_hint); if (ctx->psk_identity_hint == NULL) @@ -3282,8 +3255,7 @@ int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint) SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG); return 0; } - if (s->session->psk_identity_hint != NULL) - OPENSSL_free(s->session->psk_identity_hint); + OPENSSL_free(s->session->psk_identity_hint); if (identity_hint != NULL) { s->session->psk_identity_hint = BUF_strdup(identity_hint); if (s->session->psk_identity_hint == NULL) diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index e4798e9..305b185 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -212,12 +212,10 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) } } - if (c->pkeys[i].privatekey != NULL) - EVP_PKEY_free(c->pkeys[i].privatekey); + EVP_PKEY_free(c->pkeys[i].privatekey); CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); - c->valid = 0; return (1); } @@ -715,8 +713,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) } end: - if (x != NULL) - X509_free(x); + X509_free(x); BIO_free(in); return (ret); } diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index a376875..1a00c38 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -733,31 +733,23 @@ void SSL_SESSION_free(SSL_SESSION *ss) OPENSSL_cleanse(ss->session_id, sizeof ss->session_id); ssl_sess_cert_free(ss->sess_cert); X509_free(ss->peer); - if (ss->ciphers != NULL) - sk_SSL_CIPHER_free(ss->ciphers); + sk_SSL_CIPHER_free(ss->ciphers); #ifndef OPENSSL_NO_TLSEXT - if (ss->tlsext_hostname != NULL) - OPENSSL_free(ss->tlsext_hostname); - if (ss->tlsext_tick != NULL) - OPENSSL_free(ss->tlsext_tick); + OPENSSL_free(ss->tlsext_hostname); + OPENSSL_free(ss->tlsext_tick); # ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; - if (ss->tlsext_ecpointformatlist != NULL) - OPENSSL_free(ss->tlsext_ecpointformatlist); + OPENSSL_free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; - if (ss->tlsext_ellipticcurvelist != NULL) - OPENSSL_free(ss->tlsext_ellipticcurvelist); + OPENSSL_free(ss->tlsext_ellipticcurvelist); # endif /* OPENSSL_NO_EC */ #endif #ifndef OPENSSL_NO_PSK - if (ss->psk_identity_hint != NULL) - OPENSSL_free(ss->psk_identity_hint); - if (ss->psk_identity != NULL) - OPENSSL_free(ss->psk_identity); + OPENSSL_free(ss->psk_identity_hint); + OPENSSL_free(ss->psk_identity); #endif #ifndef OPENSSL_NO_SRP - if (ss->srp_username != NULL) - OPENSSL_free(ss->srp_username); + OPENSSL_free(ss->srp_username); #endif OPENSSL_clear_free(ss, sizeof(*ss)); } diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 52326c5..6aeff25 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -241,8 +241,7 @@ int x9_62_test_internal(BIO *out, int nid, const char *r_in, const char *s_in) if (!ret) BIO_printf(out, " failed\n"); EC_KEY_free(key); - if (signature) - ECDSA_SIG_free(signature); + ECDSA_SIG_free(signature); BN_free(r); BN_free(s); EVP_MD_CTX_cleanup(&md_ctx); @@ -502,8 +501,7 @@ int test_builtin(BIO *out) builtin_err: EC_KEY_free(eckey); EC_KEY_free(wrong_eckey); - if (ecdsa_sig) - ECDSA_SIG_free(ecdsa_sig); + ECDSA_SIG_free(ecdsa_sig); OPENSSL_free(signature); OPENSSL_free(raw_buf); OPENSSL_free(curves); diff --git a/test/evp_test.c b/test/evp_test.c index 7187624..4b5b9aa 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -251,12 +251,10 @@ static void free_expected(struct evp_test *t) { OPENSSL_free(t->expected_err); t->expected_err = NULL; - if (t->out_expected) { - OPENSSL_free(t->out_expected); - OPENSSL_free(t->out_got); - t->out_expected = NULL; - t->out_got = NULL; - } + OPENSSL_free(t->out_expected); + OPENSSL_free(t->out_got); + t->out_expected = NULL; + t->out_got = NULL; } static void print_expected(struct evp_test *t) From rsalz at openssl.org Sat May 2 11:24:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 11:24:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430565859.287400.16283.nullmailer@dev.openssl.org> The branch master has been updated via 6c26d0df8318983ff3f2a869d21871dcc1d6b7cc (commit) from 25aaa98aa249d26391c1994d2de449562c8b8b99 (commit) - Log ----------------------------------------------------------------- commit 6c26d0df8318983ff3f2a869d21871dcc1d6b7cc Author: Rich Salz Date: Sat May 2 07:23:58 2015 -0400 Remove outdated RC4 files Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/rc4/rc4.c | 179 --------------------------------- crypto/rc4/rc4s.cpp | 73 -------------- crypto/rc4/rrc4.doc | 278 ---------------------------------------------------- 3 files changed, 530 deletions(-) delete mode 100644 crypto/rc4/rc4.c delete mode 100644 crypto/rc4/rc4s.cpp delete mode 100644 crypto/rc4/rrc4.doc diff --git a/crypto/rc4/rc4.c b/crypto/rc4/rc4.c deleted file mode 100644 index 99082e8..0000000 --- a/crypto/rc4/rc4.c +++ /dev/null @@ -1,179 +0,0 @@ -/* crypto/rc4/rc4.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include -#include -#include - -char *usage[] = { - "usage: rc4 args\n", - "\n", - " -in arg - input file - default stdin\n", - " -out arg - output file - default stdout\n", - " -key key - password\n", - NULL -}; - -int main(int argc, char *argv[]) -{ - FILE *in = NULL, *out = NULL; - char *infile = NULL, *outfile = NULL, *keystr = NULL; - RC4_KEY key; - char buf[BUFSIZ]; - int badops = 0, i; - char **pp; - unsigned char md[MD5_DIGEST_LENGTH]; - - argc--; - argv++; - while (argc >= 1) { - if (strcmp(*argv, "-in") == 0) { - if (--argc < 1) - goto bad; - infile = *(++argv); - } else if (strcmp(*argv, "-out") == 0) { - if (--argc < 1) - goto bad; - outfile = *(++argv); - } else if (strcmp(*argv, "-key") == 0) { - if (--argc < 1) - goto bad; - keystr = *(++argv); - } else { - fprintf(stderr, "unknown option %s\n", *argv); - badops = 1; - break; - } - argc--; - argv++; - } - - if (badops) { - bad: - for (pp = usage; (*pp != NULL); pp++) - fprintf(stderr, "%s", *pp); - exit(1); - } - - if (infile == NULL) - in = stdin; - else { - in = fopen(infile, "r"); - if (in == NULL) { - perror("open"); - exit(1); - } - - } - if (outfile == NULL) - out = stdout; - else { - out = fopen(outfile, "w"); - if (out == NULL) { - perror("open"); - exit(1); - } - } - -#ifdef OPENSSL_SYS_MSDOS - /* This should set the file to binary mode. */ - { -# include - setmode(fileno(in), O_BINARY); - setmode(fileno(out), O_BINARY); - } -#endif - - if (keystr == NULL) { /* get key */ - i = EVP_read_pw_string(buf, BUFSIZ, "Enter RC4 password:", 0); - if (i != 0) { - OPENSSL_cleanse(buf, BUFSIZ); - fprintf(stderr, "bad password read\n"); - exit(1); - } - keystr = buf; - } - - EVP_Digest((unsigned char *)keystr, strlen(keystr), md, NULL, EVP_md5(), - NULL); - OPENSSL_cleanse(keystr, strlen(keystr)); - RC4_set_key(&key, MD5_DIGEST_LENGTH, md); - - for (;;) { - i = fread(buf, 1, BUFSIZ, in); - if (i == 0) - break; - if (i < 0) { - perror("read"); - exit(1); - } - RC4(&key, (unsigned int)i, (unsigned char *)buf, - (unsigned char *)buf); - i = fwrite(buf, (unsigned int)i, 1, out); - if (i != 1) { - perror("write"); - exit(1); - } - } - fclose(out); - fclose(in); - exit(0); - return (1); -} diff --git a/crypto/rc4/rc4s.cpp b/crypto/rc4/rc4s.cpp deleted file mode 100644 index 3814fde..0000000 --- a/crypto/rc4/rc4s.cpp +++ /dev/null @@ -1,73 +0,0 @@ -// -// gettsc.inl -// -// gives access to the Pentium's (secret) cycle counter -// -// This software was written by Leonard Janke (janke at unixg.ubc.ca) -// in 1996-7 and is entered, by him, into the public domain. - -#if defined(__WATCOMC__) -void GetTSC(unsigned long&); -#pragma aux GetTSC = 0x0f 0x31 "mov [edi], eax" parm [edi] modify [edx eax]; -#elif defined(__GNUC__) -inline -void GetTSC(unsigned long& tsc) -{ - asm volatile(".byte 15, 49\n\t" - : "=eax" (tsc) - : - : "%edx", "%eax"); -} -#elif defined(_MSC_VER) -inline -void GetTSC(unsigned long& tsc) -{ - unsigned long a; - __asm _emit 0fh - __asm _emit 31h - __asm mov a, eax; - tsc=a; -} -#endif - -#include -#include -#include - -void main(int argc,char *argv[]) - { - unsigned char buffer[1024]; - RC4_KEY ctx; - unsigned long s1,s2,e1,e2; - unsigned char k[16]; - unsigned long data[2]; - unsigned char iv[8]; - int i,num=64,numm; - int j=0; - - if (argc >= 2) - num=atoi(argv[1]); - - if (num == 0) num=256; - if (num > 1024-16) num=1024-16; - numm=num+8; - - for (j=0; j<6; j++) - { - for (i=0; i<10; i++) /**/ - { - RC4(&ctx,numm,buffer,buffer); - GetTSC(s1); - RC4(&ctx,numm,buffer,buffer); - GetTSC(e1); - GetTSC(s2); - RC4(&ctx,num,buffer,buffer); - GetTSC(e2); - RC4(&ctx,num,buffer,buffer); - } - - printf("RC4 (%d bytes) %d %d (%d) - 8 bytes\n",num, - e1-s1,e2-s2,(e1-s1)-(e2-s2)); - } - } - diff --git a/crypto/rc4/rrc4.doc b/crypto/rc4/rrc4.doc deleted file mode 100644 index 2f9a953..0000000 --- a/crypto/rc4/rrc4.doc +++ /dev/null @@ -1,278 +0,0 @@ -Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy -Path: ghost.dsi.unimi.it!univ-lyon1.fr!jussieu.fr!zaphod.crihan.fr!warwick!clyde.open.ac.uk!strath-cs!bnr.co.uk!bt!pipex!howland.reston.ans.net!europa.eng.gtefsd.com!MathWorks.Com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!csus.edu!netcom.com!sterndark -From: sterndark at netcom.com (David Sterndark) -Subject: RC4 Algorithm revealed. -Message-ID: -Sender: sterndark at netcom.com -Organization: NETCOM On-line Communication Services (408 261-4700 guest) -X-Newsreader: TIN [version 1.2 PL1] -Date: Wed, 14 Sep 1994 06:35:31 GMT -Lines: 263 -Xref: ghost.dsi.unimi.it sci.crypt:27332 alt.security:14732 comp.security.misc:11701 alt.privacy:16026 - -I am shocked, shocked, I tell you, shocked, to discover -that the cypherpunks have illegaly and criminally revealed -a crucial RSA trade secret and harmed the security of -America by reverse engineering the RC4 algorithm and -publishing it to the world. - -On Saturday morning an anonymous cypherpunk wrote: - - - SUBJECT: RC4 Source Code - - - I've tested this. It is compatible with the RC4 object module - that comes in the various RSA toolkits. - - /* rc4.h */ - typedef struct rc4_key - { - unsigned char state[256]; - unsigned char x; - unsigned char y; - } rc4_key; - void prepare_key(unsigned char *key_data_ptr,int key_data_len, - rc4_key *key); - void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key); - - - /*rc4.c */ - #include "rc4.h" - static void swap_byte(unsigned char *a, unsigned char *b); - void prepare_key(unsigned char *key_data_ptr, int key_data_len, - rc4_key *key) - { - unsigned char swapByte; - unsigned char index1; - unsigned char index2; - unsigned char* state; - short counter; - - state = &key->state[0]; - for(counter = 0; counter < 256; counter++) - state[counter] = counter; - key->x = 0; - key->y = 0; - index1 = 0; - index2 = 0; - for(counter = 0; counter < 256; counter++) - { - index2 = (key_data_ptr[index1] + state[counter] + - index2) % 256; - swap_byte(&state[counter], &state[index2]); - - index1 = (index1 + 1) % key_data_len; - } - } - - void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key) - { - unsigned char x; - unsigned char y; - unsigned char* state; - unsigned char xorIndex; - short counter; - - x = key->x; - y = key->y; - - state = &key->state[0]; - for(counter = 0; counter < buffer_len; counter ++) - { - x = (x + 1) % 256; - y = (state[x] + y) % 256; - swap_byte(&state[x], &state[y]); - - xorIndex = (state[x] + state[y]) % 256; - - buffer_ptr[counter] ^= state[xorIndex]; - } - key->x = x; - key->y = y; - } - - static void swap_byte(unsigned char *a, unsigned char *b) - { - unsigned char swapByte; - - swapByte = *a; - *a = *b; - *b = swapByte; - } - - - -Another cypherpunk, this one not anonymous, tested the -output from this algorithm against the output from -official RC4 object code - - - Date: Tue, 13 Sep 94 18:37:56 PDT - From: ekr at eit.COM (Eric Rescorla) - Message-Id: <9409140137.AA17743 at eitech.eit.com> - Subject: RC4 compatibility testing - Cc: cypherpunks at toad.com - - One data point: - - I can't say anything about the internals of RC4 versus the - algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4', - since I don't know anything about RC4's internals. - - However, I do have a (legitimately acquired) copy of BSAFE2 and - so I'm able to compare the output of this algorithm to the output - of genuine RC4 as found in BSAFE. I chose a set of test vectors - and ran them through both algorithms. The algorithms appear to - give identical results, at least with these key/plaintext pairs. - - I note that this is the algorithm _without_ Hal Finney's - proposed modification - - (see <199409130605.XAA24133 at jobe.shell.portal.com>). - - The vectors I used (together with the ciphertext they produce) - follow at the end of this message. - - -Ekr - - Disclaimer: This posting does not reflect the opinions of EIT. - - --------------------results follow-------------- - Test vector 0 - Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - 0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 - - Test vector 1 - Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - 0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 - - Test vector 2 - Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - 0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a - - Test vector 3 - Key: 0xef 0x01 0x23 0x45 - Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 - 0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 - - Test vector 4 - Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef - Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 - 0x01 - 0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 - 0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f - 0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca - 0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d - 0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 - 0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 - 0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 - 0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a - 0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 - 0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 - 0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa - 0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd - 0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 - 0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 - 0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a - 0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 - 0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 - 0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 - 0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 - 0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 - 0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 - 0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 - 0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e - 0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef - 0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 - 0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 - 0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b - 0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 - 0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 - 0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 - 0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 - 0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 - 0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 - 0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 - 0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b - 0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 - 0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 - 0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 - 0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 - 0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d - 0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 - 0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c - 0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 - 0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 - 0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd - 0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f - 0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 - 0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 - 0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 - 0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 - 0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 - 0xc0 - - - --- - --------------------------------------------------------------------- -We have the right to defend ourselves and our -property, because of the kind of animals that we James A. Donald -are. True law derives from this right, not from -the arbitrary power of the omnipotent state. jamesd at netcom.com - - From rsalz at openssl.org Sat May 2 11:44:46 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 11:44:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430567086.564934.18938.nullmailer@dev.openssl.org> The branch master has been updated via 539ed89f686866b82a9ec9a4c3b112878d29cd73 (commit) from 6c26d0df8318983ff3f2a869d21871dcc1d6b7cc (commit) - Log ----------------------------------------------------------------- commit 539ed89f686866b82a9ec9a4c3b112878d29cd73 Author: Hanno B?ck Date: Fri May 1 22:27:20 2015 -0400 Fix uninitialized variable. Signed-off-by: Rich Salz Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: apps/asn1pars.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 61bdeab..42338da 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -334,7 +334,7 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline; + long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; From rsalz at openssl.org Sat May 2 11:46:05 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 11:46:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430567165.052570.19824.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 6b3a315003f362150fddf8db072d4309f3f0d962 (commit) from f296e411efc2d3ebbf37bdc9c1111e84a5982ec6 (commit) - Log ----------------------------------------------------------------- commit 6b3a315003f362150fddf8db072d4309f3f0d962 Author: Hanno B?ck Date: Fri May 1 22:27:20 2015 -0400 Fix uninitialized variable. Signed-off-by: Rich Salz Reviewed-by: Viktor Dukhovni (cherry picked from commit 539ed89f686866b82a9ec9a4c3b112878d29cd73) ----------------------------------------------------------------------- Summary of changes: apps/asn1pars.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 7a0f169..11b0787 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline; + long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; From rsalz at openssl.org Sat May 2 11:46:21 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 11:46:21 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1430567181.402975.20085.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via cd258a84db854e1099d7f363789756139d9a9ca4 (commit) from 017f695f2ca06ba45f6d9dd7be508934fb2a37e3 (commit) - Log ----------------------------------------------------------------- commit cd258a84db854e1099d7f363789756139d9a9ca4 Author: Hanno B?ck Date: Fri May 1 22:27:20 2015 -0400 Fix uninitialized variable. Signed-off-by: Rich Salz Reviewed-by: Viktor Dukhovni (cherry picked from commit 539ed89f686866b82a9ec9a4c3b112878d29cd73) ----------------------------------------------------------------------- Summary of changes: apps/asn1pars.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 7a0f169..11b0787 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -375,7 +375,7 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline; + long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; From rsalz at openssl.org Sat May 2 11:54:16 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 11:54:16 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430567656.647398.21513.nullmailer@dev.openssl.org> The branch master has been updated via 53ba0a9e91ad203de2943edaf1090ab17ec435fa (commit) from 539ed89f686866b82a9ec9a4c3b112878d29cd73 (commit) - Log ----------------------------------------------------------------- commit 53ba0a9e91ad203de2943edaf1090ab17ec435fa Author: Rich Salz Date: Fri May 1 22:06:07 2015 -0400 RT3776: Wrong size for malloc Use sizeof *foo parameter, to avoid these errors. Reviewed-by: Viktor Dukhovni ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 29ee8a7..6305406 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -161,16 +161,16 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + param = OPENSSL_malloc(sizeof *param); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + paramid = OPENSSL_malloc(sizeof *paramid); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof(X509_VERIFY_PARAM)); - memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID)); + memset(param, 0, sizeof *paramid); + memset(paramid, 0, sizeof *paramid); param->id = paramid; x509_verify_param_zero(param); return param; From rsalz at openssl.org Sat May 2 11:55:26 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 11:55:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430567726.511483.22309.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2 (commit) from 6b3a315003f362150fddf8db072d4309f3f0d962 (commit) - Log ----------------------------------------------------------------- commit 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2 Author: Rich Salz Date: Fri May 1 22:06:07 2015 -0400 RT3776: Wrong size for malloc Use sizeof *foo parameter, to avoid these errors. Reviewed-by: Viktor Dukhovni (cherry picked from commit 53ba0a9e91ad203de2943edaf1090ab17ec435fa) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 9f7647f..ad5c9e8 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -172,16 +172,17 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + + param = OPENSSL_malloc(sizeof *param); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM)); + paramid = OPENSSL_malloc(sizeof *paramid); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof(X509_VERIFY_PARAM)); - memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID)); + memset(param, 0, sizeof *paramid); + memset(paramid, 0, sizeof *paramid); param->id = paramid; x509_verify_param_zero(param); return param; From rsalz at openssl.org Sat May 2 12:01:32 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 12:01:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430568092.755375.23169.nullmailer@dev.openssl.org> The branch master has been updated via bed2edf1cb73f1fe2c11029acc694086bc14443e (commit) from 53ba0a9e91ad203de2943edaf1090ab17ec435fa (commit) - Log ----------------------------------------------------------------- commit bed2edf1cb73f1fe2c11029acc694086bc14443e Author: Gilles Khouzam Date: Fri May 1 22:20:42 2015 -0400 RT3820: Don't call GetDesktopWindow() Signed-off-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index ce07b84..be4cdb0 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -288,8 +288,6 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p != (void *)-1) return (*_OPENSSL_isservice.f) (); - (void)GetDesktopWindow(); /* return value is ignored */ - h = GetProcessWindowStation(); if (h == NULL) return -1; From rsalz at openssl.org Sat May 2 12:02:01 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 12:02:01 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430568121.436193.23889.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via a65938663979e5452ce6fc42c82356d671bb5409 (commit) from 5b38d54753acdabbf6b1d5e15d38ee81fb0612a2 (commit) - Log ----------------------------------------------------------------- commit a65938663979e5452ce6fc42c82356d671bb5409 Author: Gilles Khouzam Date: Fri May 1 22:20:42 2015 -0400 RT3820: Don't call GetDesktopWindow() Signed-off-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit bed2edf1cb73f1fe2c11029acc694086bc14443e) ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 98526d7..ca0e3cc 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -825,8 +825,6 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p != (void *)-1) return (*_OPENSSL_isservice.f) (); - (void)GetDesktopWindow(); /* return value is ignored */ - h = GetProcessWindowStation(); if (h == NULL) return -1; From rsalz at openssl.org Sat May 2 12:02:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 12:02:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1430568132.292152.24137.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via ee827adf0483e8e66e3c447c42308bf8bc96c43f (commit) from cd258a84db854e1099d7f363789756139d9a9ca4 (commit) - Log ----------------------------------------------------------------- commit ee827adf0483e8e66e3c447c42308bf8bc96c43f Author: Gilles Khouzam Date: Fri May 1 22:20:42 2015 -0400 RT3820: Don't call GetDesktopWindow() Signed-off-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit bed2edf1cb73f1fe2c11029acc694086bc14443e) ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 6353bbe..c654a5c 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -806,8 +806,6 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p != (void *)-1) return (*_OPENSSL_isservice.f) (); - (void)GetDesktopWindow(); /* return value is ignored */ - h = GetProcessWindowStation(); if (h == NULL) return -1; From rsalz at openssl.org Sat May 2 12:02:26 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 02 May 2015 12:02:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1430568146.891785.24378.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 6c63867178c45f28a30b3c59f0bfadc5456a61b1 (commit) from b3ac37c69adc8d0c4764ddfb94842428f6f956b2 (commit) - Log ----------------------------------------------------------------- commit 6c63867178c45f28a30b3c59f0bfadc5456a61b1 Author: Gilles Khouzam Date: Fri May 1 22:20:42 2015 -0400 RT3820: Don't call GetDesktopWindow() Signed-off-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit bed2edf1cb73f1fe2c11029acc694086bc14443e) ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index f0a1c31..4c91dbe 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -776,8 +776,6 @@ int OPENSSL_isservice(void) if (_OPENSSL_isservice.p != (void *)-1) return (*_OPENSSL_isservice.f) (); - (void)GetDesktopWindow(); /* return value is ignored */ - h = GetProcessWindowStation(); if (h == NULL) return -1; From levitte at openssl.org Sat May 2 12:39:14 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 02 May 2015 12:39:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430570354.605809.27916.nullmailer@dev.openssl.org> The branch master has been updated via 169692d736d5a7e2cdeeebeab3cd64a608c33f6b (commit) from bed2edf1cb73f1fe2c11029acc694086bc14443e (commit) - Log ----------------------------------------------------------------- commit 169692d736d5a7e2cdeeebeab3cd64a608c33f6b Author: Richard Levitte Date: Sat May 2 07:47:35 2015 +0200 Remove shlib/ Cleanup of files that haven't been used, touched, or I suspect, even noticed for a long time. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 4 +- shlib/Makefile.hpux10-cc | 34 ----------------- shlib/README | 1 - shlib/hpux10-cc.sh | 92 --------------------------------------------- shlib/irix.sh | 7 ---- shlib/sco5-shared-gcc.sh | 48 ----------------------- shlib/sco5-shared-installed | 28 -------------- shlib/sco5-shared.sh | 48 ----------------------- shlib/solaris-sc4.sh | 42 --------------------- shlib/solaris.sh | 36 ------------------ shlib/sun.sh | 8 ---- shlib/svr5-shared-gcc.sh | 48 ----------------------- shlib/svr5-shared-installed | 27 ------------- shlib/svr5-shared.sh | 48 ----------------------- shlib/win32.bat | 18 --------- shlib/win32dll.bat | 13 ------- 16 files changed, 2 insertions(+), 500 deletions(-) delete mode 100644 shlib/Makefile.hpux10-cc delete mode 100644 shlib/README delete mode 100644 shlib/hpux10-cc.sh delete mode 100644 shlib/irix.sh delete mode 100755 shlib/sco5-shared-gcc.sh delete mode 100755 shlib/sco5-shared-installed delete mode 100755 shlib/sco5-shared.sh delete mode 100755 shlib/solaris-sc4.sh delete mode 100644 shlib/solaris.sh delete mode 100644 shlib/sun.sh delete mode 100755 shlib/svr5-shared-gcc.sh delete mode 100755 shlib/svr5-shared-installed delete mode 100755 shlib/svr5-shared.sh delete mode 100755 shlib/win32.bat delete mode 100755 shlib/win32dll.bat diff --git a/Makefile.org b/Makefile.org index dcc2c44..0676a39 100644 --- a/Makefile.org +++ b/Makefile.org @@ -167,7 +167,7 @@ SHELL=/bin/sh TOP= . ONEDIRS=out tmp -EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS +EDIRS= times doc bugs util include certs ms demos VMS WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) @@ -406,7 +406,7 @@ libclean: rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib clean: libclean - rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c + rm -f *.o core a.out fluff rehash.time testlog make.log cctest cctest.c rm -rf *.bak certs/.0 @set -e; target=clean; $(RECURSIVE_BUILD_CMD) rm -f $(LIBS) tags TAGS diff --git a/shlib/Makefile.hpux10-cc b/shlib/Makefile.hpux10-cc deleted file mode 100644 index 89c28dc..0000000 --- a/shlib/Makefile.hpux10-cc +++ /dev/null @@ -1,34 +0,0 @@ -# Makefile.hpux-cc - -major=0.9.8 - -slib=libssl -sh_slib=$(slib).sl.$(major) - -clib=libcrypto -sh_clib=$(clib).sl.$(major) - -all : $(clib).sl $(slib).sl - - -$(clib)_pic.a : $(clib).a - echo "Copying $? to $@" - cp -p $? $@ - -$(slib)_pic.a : $(slib).a - echo "Copying $? to $@" - cp -p $? $@ - -$(sh_clib) : $(clib)_pic.a - ld -b -s -z +h $@ -o $@ -Fl $(clib)_pic.a -ldld -lc - -$(clib).sl : $(sh_clib) - rm -f $@ - ln -s $? $@ - -$(sh_slib) : $(slib)_pic.a $(clib).sl - ld -b -s -z +h $@ -o $@ -Fl $(slib)_pic.a -ldld -lc - -$(slib).sl : $(sh_slib) - rm -f $@ - ln -s $? $@ diff --git a/shlib/README b/shlib/README deleted file mode 100644 index fea07a5..0000000 --- a/shlib/README +++ /dev/null @@ -1 +0,0 @@ -Only the windows NT and, linux builds have been tested for SSLeay 0.8.0 diff --git a/shlib/hpux10-cc.sh b/shlib/hpux10-cc.sh deleted file mode 100644 index ceeb8c5..0000000 --- a/shlib/hpux10-cc.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/usr/bin/sh -# -# Run this script from the OpenSSL root directory: -# sh shlib/hpux10-cc.sh -# -# HP-UX (10.20) shared library installation: -# Compile and install OpenSSL with best possible optimization: -# - shared libraries are compiled and installed with +O4 optimization -# - executable(s) are compiled and installed with +O4 optimization -# - static libraries are compiled and installed with +O3 optimization, -# to avoid the time consuming +O4 link-time optimization when using -# these libraries. (The shared libs are already optimized during build -# at +O4.) -# -# This script must be run with appropriate privileges to install into -# /usr/local/ssl. HP-UX prevents used executables and shared libraries -# from being deleted or overwritten. Stop all processes using already -# installed items of OpenSSL. -# -# WARNING: At high optimization levels, HP's ANSI-C compiler can chew up -# large amounts of memory and CPU time. Make sure to have at least -# 128MB of RAM available and that your kernel is configured to allow -# at least 128MB data size (maxdsiz parameter which can be obtained -# by multiplying 'echo maxdsiz/D | adb -k /stand/vmunix /dev/kmem' -# by 'getconf PAGE_SIZE'). -# The installation process can take several hours, even on fast -# machines. +O4 optimization of the libcrypto.sl shared library may -# take 1 hour on a C200 (200MHz PA8200 CPU), +O3 compilation of -# fcrypt_b.c can take 20 minutes on this machine. Stay patient. -# -# SITEFLAGS: site specific flags. I do use +DAportable, since I have to -# support older PA1.1-type CPUs. Your mileage may vary. -# +w1 enables enhanced warnings, useful when working with snaphots. -# -SITEFLAGS="+DAportable +w1" -# -# Set the default additions to build with HP-UX. -# -D_REENTRANT must/should be defined on HP-UX manually, since we do call -# Configure directly. -# +Oall increases the optimization done. -# -MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS" - -# Configure for pic and build the static pic libraries -perl5 Configure no-shared hpux-parisc-cc-o4 +Z ${MYFLAGS} -make clean -make DIRS="crypto ssl" -# Rename the static pic libs and build dynamic libraries from them -# Be prepared to see a lot of warnings about shared libraries being built -# with optimizations higher than +O2. When using these libraries, it is -# not possible to replace internal library functions with functions from -# the program to be linked. -# -make -f shlib/Makefile.hpux10-cc - -# Copy the libraries to /usr/local/ssl/lib (they have to be in their -# final location when linking applications). -# If the directories are still there, no problem. -mkdir /usr/local -mkdir /usr/local/ssl -mkdir /usr/local/ssl/lib -chmod 444 lib*_pic.a -chmod 555 lib*.sl.0.9.8 -cp -p lib*_pic.a lib*.sl.0.9.8 /usr/local/ssl/lib -(cd /usr/local/ssl/lib ; ln -sf libcrypto.sl.0.9.8 libcrypto.sl ; ln -sf libssl.sl.0.9.8 libssl.sl) - -# Reconfigure without pic to compile the executables. Unfortunately, while -# performing this task we have to recompile the library components, even -# though we use the already installed shared libs anyway. -# -perl5 Configure no-shared hpux-parisc-cc-o4 ${MYFLAGS} - -make clean - -# Hack the Makefiles to pick up the dynamic libraries during linking -# -sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl -sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl -sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl -# Build the static libs and the executables in one make. -make -# Install everything -make install - -# Finally build the static libs with +O3. This time we only need the libraries, -# once created, they are simply copied into place. -# -perl5 Configure no-shared hpux-parisc-cc ${MYFLAGS} -make clean -make DIRS="crypto ssl" -chmod 644 libcrypto.a libssl.a -cp -p libcrypto.a libssl.a /usr/local/ssl/lib diff --git a/shlib/irix.sh b/shlib/irix.sh deleted file mode 100644 index 22e4e6a..0000000 --- a/shlib/irix.sh +++ /dev/null @@ -1,7 +0,0 @@ -FLAGS="-DTERMIOS -O2 -mips2 -DB_ENDIAN -fomit-frame-pointer -Wall -Iinclude" -SHFLAGS="-DPIC -fpic" - -gcc -c -Icrypto $SHFLAGS $FLAGS -o crypto.o crypto/crypto.c -ld -shared -o libcrypto.so crypto.o -gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c -ld -shared -o libssl.so ssl.o diff --git a/shlib/sco5-shared-gcc.sh b/shlib/sco5-shared-gcc.sh deleted file mode 100755 index fe4a457..0000000 --- a/shlib/sco5-shared-gcc.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -major="0" -minor="9.7b" - -slib=libssl -sh_slib=$slib.so.$major.$minor - -clib=libcrypto -sh_clib=$clib.so.$major.$minor - -FLAGS="-O3 -fomit-frame-pointer" -SHFLAGS="-DPIC -fPIC" - -touch $sh_clib -touch $sh_slib - -echo collecting all object files for $clib.so -OBJS= -find . -name \*.o -print > allobjs -for obj in `ar t libcrypto.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $clib.so -gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket - -rm -f $clib.so -ln -s $sh_clib $clib.so - -echo collecting all object files for $slib.so -OBJS= -for obj in `ar t libssl.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $slib.so -gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto - -rm -f $slib.so -ln -s $sh_slib $slib.so - -mv libRSAglue.a libRSAglue.a.orig -mv libcrypto.a libcrypto.a.orig -mv libssl.a libssl.a.orig - diff --git a/shlib/sco5-shared-installed b/shlib/sco5-shared-installed deleted file mode 100755 index 5099028..0000000 --- a/shlib/sco5-shared-installed +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh - -major="0" -minor="9.7b" - -slib=libssl -sh_slib=$slib.so.$major.$minor - -clib=libcrypto -sh_clib=$clib.so.$major.$minor - -# If you want them in /usr/local/lib then change INSTALLTOP to point there. -#INSTALLTOP=/usr/local/ssl/lib -INSTALLTOP=/usr/local/lib - -cp -p $sh_clib $INSTALLTOP -cp -p $sh_slib $INSTALLTOP - -PWD=`pwd` -cd $INSTALLTOP -rm -f $INSTALLTOP/$clib.so -ln -s $INSTALLTOP/$sh_clib $clib.so - -rm -f $INSTALLTOP/$slib.so -ln -s $INSTALLTOP/$sh_slib $slib.so - -cd $PWD - diff --git a/shlib/sco5-shared.sh b/shlib/sco5-shared.sh deleted file mode 100755 index b3365d9..0000000 --- a/shlib/sco5-shared.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh - -major="0" -minor="9.7b" - -slib=libssl -sh_slib=$slib.so.$major.$minor - -clib=libcrypto -sh_clib=$clib.so.$major.$minor - -FLAGS="-O -DFILIO_H -Kalloca" -SHFLAGS="-Kpic -DPIC" - -touch $sh_clib -touch $sh_slib - -echo collecting all object files for $clib.so -OBJS= -find . -name \*.o -print > allobjs -for obj in `ar t libcrypto.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $clib.so -cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket - -rm -f $clib.so -ln -s $sh_clib $clib.so - -echo collecting all object files for $slib.so -OBJS= -for obj in `ar t libssl.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $slib.so -cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto - -rm -f $slib.so -ln -s $sh_slib $slib.so - -mv libRSAglue.a libRSAglue.a.orig -mv libcrypto.a libcrypto.a.orig -mv libssl.a libssl.a.orig - diff --git a/shlib/solaris-sc4.sh b/shlib/solaris-sc4.sh deleted file mode 100755 index b0766b3..0000000 --- a/shlib/solaris-sc4.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -major="1" - -slib=libssl -sh_slib=$slib.so.$major - -clib=libcrypto -sh_clib=$clib.so.$major - -echo collecting all object files for $clib.so -OBJS= -find . -name \*.o -print > allobjs -for obj in `ar t libcrypto.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $clib.so -cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket - -rm -f $clib.so -ln -s $sh_clib $clib.so - -echo collecting all object files for $slib.so -OBJS= -for obj in `ar t libssl.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $slib.so -cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto - -rm -f $slib.so -ln -s $sh_slib $slib.so - -rm -f allobjs - -mv libRSAglue.a libRSAglue.a.orig -mv libcrypto.a libcrypto.a.orig -mv libssl.a libssl.a.orig diff --git a/shlib/solaris.sh b/shlib/solaris.sh deleted file mode 100644 index 03475f1..0000000 --- a/shlib/solaris.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -echo "#define DATE \"`date`\"" >crypto/date.h - -major="0" -minor="8.0" -slib=libssl -clib=libcrypto -CC=gcc -CPP='gcc -E' -AS=as -#FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -mv8 -Wall' -FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -Wall -DREF_CHECK -DCRYPTO_MDEBUG' -INCLUDE='-Iinclude -Icrypto -Issl' -SHFLAGS='-DPIC -fpic' - -CFLAGS="$FLAGS $INCLUDE $SHFLAGS" -ASM_OBJ=""; - -echo compiling bignum assember -$AS -o bn_asm.o crypto/bn/asm/sparc.s -CFLAGS="$CFLAGS -DBN_ASM" -ASM_OBJ="$ASM_OBJ bn_asm.o" - -echo compiling $clib -$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c - -echo linking $clib.so -gcc $CFLAGS -shared -o $clib.so.$major.$minor crypto.o $ASM_OBJ -lnsl -lsocket - -echo compiling $slib.so -$CC -c $CFLAGS -o ssl.o ssl/ssl.c - -echo building $slib.so -gcc $CFLAGS -shared -o $slib.so ssl.o -L. -lcrypto - diff --git a/shlib/sun.sh b/shlib/sun.sh deleted file mode 100644 index a890bbd..0000000 --- a/shlib/sun.sh +++ /dev/null @@ -1,8 +0,0 @@ -FLAGS="-DTERMIO -O3 -DB_ENDIAN -fomit-frame-pointer -mv8 -Wall -Iinclude" -SHFLAGS="-DPIC -fpic" - -gcc -c -Icrypto $SHFLAGS -fpic $FLAGS -o crypto.o crypto/crypto.c -ld -G -z text -o libcrypto.so crypto.o - -gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c -ld -G -z text -o libssl.so ssl.o diff --git a/shlib/svr5-shared-gcc.sh b/shlib/svr5-shared-gcc.sh deleted file mode 100755 index c5d0cc5..0000000 --- a/shlib/svr5-shared-gcc.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/sh - -major="0" -minor="9.7b" - -slib=libssl -sh_slib=$slib.so.$major.$minor - -clib=libcrypto -sh_clib=$clib.so.$major.$minor - -FLAGS="-O3 -DFILIO_H -fomit-frame-pointer -pthread" -SHFLAGS="-DPIC -fPIC" - -touch $sh_clib -touch $sh_slib - -echo collecting all object files for $clib.so -OBJS= -find . -name \*.o -print > allobjs -for obj in `ar t libcrypto.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $clib.so -gcc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket - -rm -f $clib.so -ln -s $sh_clib $clib.so - -echo collecting all object files for $slib.so -OBJS= -for obj in `ar t libssl.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $slib.so -gcc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto - -rm -f $slib.so -ln -s $sh_slib $slib.so - -mv libRSAglue.a libRSAglue.a.orig -mv libcrypto.a libcrypto.a.orig -mv libssl.a libssl.a.orig - diff --git a/shlib/svr5-shared-installed b/shlib/svr5-shared-installed deleted file mode 100755 index b1def35..0000000 --- a/shlib/svr5-shared-installed +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/sh - -major="0" -minor="9.7b" - -slib=libssl -sh_slib=$slib.so.$major.$minor - -clib=libcrypto -sh_clib=$clib.so.$major.$minor - -# If you want them in /usr/local/lib then change INSTALLTOP to point there. -#INSTALLTOP=/usr/local/ssl/lib -INSTALLTOP=/usr/local/lib - -cp -p $sh_clib $INSTALLTOP -cp -p $sh_slib $INSTALLTOP - -PWD=`pwd` -cd $INSTALLTOP -rm -f $INSTALLTOP/$clib.so -ln -s $INSTALLTOP/$sh_clib $clib.so - -rm -f $INSTALLTOP/$slib.so -ln -s $INSTALLTOP/$sh_slib $slib.so - -cd $PWD diff --git a/shlib/svr5-shared.sh b/shlib/svr5-shared.sh deleted file mode 100755 index 9edf26e..0000000 --- a/shlib/svr5-shared.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/usr/bin/sh - -major="0" -minor="9.7b" - -slib=libssl -sh_slib=$slib.so.$major.$minor - -clib=libcrypto -sh_clib=$clib.so.$major.$minor - -FLAGS="-O -DFILIO_H -Kalloca -Kthread" -SHFLAGS="-Kpic -DPIC" - -touch $sh_clib -touch $sh_slib - -echo collecting all object files for $clib.so -OBJS= -find . -name \*.o -print > allobjs -for obj in `ar t libcrypto.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $clib.so -cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket - -rm -f $clib.so -ln -s $sh_clib $clib.so - -echo collecting all object files for $slib.so -OBJS= -for obj in `ar t libssl.a` -do - OBJS="$OBJS `grep $obj allobjs`" -done - -echo linking $slib.so -cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto - -rm -f $slib.so -ln -s $sh_slib $slib.so - -mv libRSAglue.a libRSAglue.a.orig -mv libcrypto.a libcrypto.a.orig -mv libssl.a libssl.a.orig - diff --git a/shlib/win32.bat b/shlib/win32.bat deleted file mode 100755 index 2b0faaa..0000000 --- a/shlib/win32.bat +++ /dev/null @@ -1,18 +0,0 @@ -rem win32 dll build - -set OPTIONS1=-DDES_ASM -DBN_ASM -DBF_ASM -DFLAT_INC -Iout -Itmp -DL_ENDIAN -set OPTIONS2=/W3 /WX /Ox /Gs0 /GF /Gy /nologo - -set OPTIONS=%OPTIONS1% %OPTIONS2% - -rem ml /coff /c crypto\bf\asm\b-win32.asm -rem ml /coff /c crypto\des\asm\c-win32.asm -rem ml /coff /c crypto\des\asm\d-win32.asm -rem ml /coff /c crypto\bn\asm\x86nt32.asm - -cl /Focrypto.obj -DWIN32 %OPTIONS% -c crypto\crypto.c -cl /Fossl.obj -DWIN32 %OPTIONS% -c ssl\ssl.c -cl /Foeay.obj -DWIN32 %OPTIONS% -c apps\eay.c - -cl /Fessleay.exe %OPTIONS% eay.obj ssl.obj crypto.obj crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib ws2_32.lib - diff --git a/shlib/win32dll.bat b/shlib/win32dll.bat deleted file mode 100755 index 844e353..0000000 --- a/shlib/win32dll.bat +++ /dev/null @@ -1,13 +0,0 @@ -rem win32 dll build - -set OPTIONS1=-DDES_ASM -DBN_ASM -DBF_ASM -DFLAT_INC -Iout -Itmp -DL_ENDIAN -set OPTIONS2=/W3 /WX /Ox /Gf /nologo - -set OPTIONS=%OPTIONS1% %OPTIONS2% - -cl /Felibeay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\libeay32.def crypto\crypto.c crypto\bf\asm\b-win32.obj crypto\des\asm\c-win32.obj crypto\des\asm\d-win32.obj crypto\bn\asm\x86nt32.obj user32.lib gdi32.lib ws2_32.lib - -cl /Fessleay32.dll /GD /MD /LD -DWIN32 %OPTIONS% ms\ssleay32.def ssl\ssl.c libeay32.lib - -cl /Fessleay.exe /MD -DWIN32 %OPTIONS% apps\eay.c ssleay32.lib libeay32.lib user32.lib ws2_32.lib - From steve at openssl.org Sat May 2 13:15:21 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 02 May 2015 13:15:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430572521.991382.31347.nullmailer@dev.openssl.org> The branch master has been updated via 6f4d71ff9d5ac80c5ae2a309a487ccbdb360108b (commit) from 169692d736d5a7e2cdeeebeab3cd64a608c33f6b (commit) - Log ----------------------------------------------------------------- commit 6f4d71ff9d5ac80c5ae2a309a487ccbdb360108b Author: Dr. Stephen Henson Date: Sat May 2 13:21:34 2015 +0100 make X509_VERIFY_PARAM opaque Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lcl.h | 18 ++++++++++++++++++ include/openssl/x509_vfy.h | 19 +------------------ 2 files changed, 19 insertions(+), 18 deletions(-) diff --git a/crypto/x509/x509_lcl.h b/crypto/x509/x509_lcl.h index 427d8ca..eb5ae43 100644 --- a/crypto/x509/x509_lcl.h +++ b/crypto/x509/x509_lcl.h @@ -57,6 +57,24 @@ * */ +/* + * This structure holds all parameters associated with a verify operation by + * including an X509_VERIFY_PARAM structure in related structures the + * parameters used can be customized + */ + +struct X509_VERIFY_PARAM_st { + char *name; + time_t check_time; /* Time to use */ + unsigned long inh_flags; /* Inheritance flags */ + unsigned long flags; /* Various verify flags */ + int purpose; /* purpose to check untrusted certificates */ + int trust; /* trust setting to check */ + int depth; /* Verify depth */ + STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ + X509_VERIFY_PARAM_ID *id; /* opaque ID data */ +}; + /* internal only structure to hold additional X509_VERIFY_PARAM data */ struct X509_VERIFY_PARAM_ID_st { diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index e41b5e2..0be9b5a 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -145,24 +145,7 @@ typedef struct x509_lookup_method_st { } X509_LOOKUP_METHOD; typedef struct X509_VERIFY_PARAM_ID_st X509_VERIFY_PARAM_ID; - -/* - * This structure hold all parameters associated with a verify operation by - * including an X509_VERIFY_PARAM structure in related structures the - * parameters used can be customized - */ - -typedef struct X509_VERIFY_PARAM_st { - char *name; - time_t check_time; /* Time to use */ - unsigned long inh_flags; /* Inheritance flags */ - unsigned long flags; /* Various verify flags */ - int purpose; /* purpose to check untrusted certificates */ - int trust; /* trust setting to check */ - int depth; /* Verify depth */ - STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */ - X509_VERIFY_PARAM_ID *id; /* opaque ID data */ -} X509_VERIFY_PARAM; +typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM; DECLARE_STACK_OF(X509_VERIFY_PARAM) From ben at openssl.org Sat May 2 15:13:59 2015 From: ben at openssl.org (Ben Laurie) Date: Sat, 02 May 2015 15:13:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430579639.397078.9058.nullmailer@dev.openssl.org> The branch master has been updated via 9598996c93c572c173c6966082b08ce02c94841b (commit) from 6f4d71ff9d5ac80c5ae2a309a487ccbdb360108b (commit) - Log ----------------------------------------------------------------- commit 9598996c93c572c173c6966082b08ce02c94841b Author: Ben Laurie Date: Fri May 1 17:48:59 2015 +0100 Clean all .o files. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.org b/Makefile.org index 0676a39..3a67c94 100644 --- a/Makefile.org +++ b/Makefile.org @@ -406,7 +406,7 @@ libclean: rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib clean: libclean - rm -f *.o core a.out fluff rehash.time testlog make.log cctest cctest.c + rm -f */*/*.o */*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c rm -rf *.bak certs/.0 @set -e; target=clean; $(RECURSIVE_BUILD_CMD) rm -f $(LIBS) tags TAGS From levitte at openssl.org Sat May 2 19:52:13 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 02 May 2015 19:52:13 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430596333.544302.1451.nullmailer@dev.openssl.org> The branch master has been updated via 31ff45aa975acb43f1da20e714eadf4649655714 (commit) from 9598996c93c572c173c6966082b08ce02c94841b (commit) - Log ----------------------------------------------------------------- commit 31ff45aa975acb43f1da20e714eadf4649655714 Author: Richard Levitte Date: Sat May 2 14:42:21 2015 +0200 Remove obsolete make variables ONEDIRS, EDIRS and WDIRS aren't used anywhere. Most probably remains from a build system of the past, it's time they get put to rest. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 7 ------- engines/ccgost/Makefile | 2 +- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/Makefile.org b/Makefile.org index 3a67c94..8146eed 100644 --- a/Makefile.org +++ b/Makefile.org @@ -166,9 +166,6 @@ HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh TOP= . -ONEDIRS=out tmp -EDIRS= times doc bugs util include certs ms demos VMS -WDIRS= windows LIBS= libcrypto.a libssl.a SHARED_CRYPTO=libcrypto$(SHLIB_EXT) SHARED_SSL=libssl$(SHLIB_EXT) @@ -413,10 +410,6 @@ clean: libclean rm -f openssl.pc libssl.pc libcrypto.pc rm -f speed.* .pure rm -f $(TARFILE) - @set -e; for i in $(ONEDIRS) ;\ - do \ - rm -fr $$i/*; \ - done makefile.one: files $(PERL) util/mk1mf.pl >makefile.one; \ diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index edd1e50..1ce1848 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -17,7 +17,7 @@ SRC=$(LIBSRC) LIBNAME=gost top: - (cd $(TOP); $(MAKE) DIRS=engines EDIRS=$(DIR) sub_all) + (cd $(TOP); $(MAKE) DIRS=engines sub_all) all: lib From steve at openssl.org Sun May 3 11:54:45 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sun, 03 May 2015 11:54:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430654085.363152.13463.nullmailer@dev.openssl.org> The branch master has been updated via b6eb9827a6866981c08cc9613ca8b4a648894fb1 (commit) from 31ff45aa975acb43f1da20e714eadf4649655714 (commit) - Log ----------------------------------------------------------------- commit b6eb9827a6866981c08cc9613ca8b4a648894fb1 Author: Dr. Stephen Henson Date: Sat May 2 18:30:00 2015 +0100 Add OSSL_NELEM macro. Add OSSL_NELEM macro to e_os.h to determine the number of elements in an array. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_strnid.c | 10 +++------- crypto/asn1/ameth_lib.c | 10 ++++------ crypto/asn1/asn1_gen.c | 2 +- crypto/bio/bss_file.c | 2 +- crypto/bn/bn_dh.c | 5 +++-- crypto/bn/bn_gf2m.c | 4 ++-- crypto/bn/bn_nist.c | 20 ++++++++++---------- crypto/bn/bn_srp.c | 29 +++++++++++++++-------------- crypto/ec/ec_curve.c | 7 ++++--- crypto/evp/evp_pbe.c | 5 ++--- crypto/objects/obj_xref.c | 12 +++++------- crypto/rand/rand_unix.c | 5 ++--- crypto/ts/ts_rsp_print.c | 3 +-- crypto/ts/ts_rsp_verify.c | 2 +- crypto/x509/x509_trs.c | 2 +- crypto/x509/x509_vpm.c | 8 +++----- crypto/x509v3/tabtest.c | 2 +- crypto/x509v3/v3_purp.c | 5 ++--- e_os.h | 2 ++ ssl/s3_lib.c | 2 +- ssl/ssl_ciph.c | 4 ++-- ssl/ssl_conf.c | 9 ++++----- ssl/t1_lib.c | 26 +++++++++----------------- ssl/t1_trce.c | 4 ++-- 24 files changed, 81 insertions(+), 99 deletions(-) diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 213cf63..5126298 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -220,9 +220,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) if (idx >= 0) return sk_ASN1_STRING_TABLE_value(stable, idx); } - return OBJ_bsearch_table(&fnd, tbl_standard, - sizeof(tbl_standard) / - sizeof(ASN1_STRING_TABLE)); + return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard)); } /* @@ -309,8 +307,7 @@ main() ASN1_STRING_TABLE *tmp; int i, last_nid = -1; - for (tmp = tbl_standard, i = 0; - i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) { + for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) { if (tmp->nid < last_nid) { last_nid = 0; break; @@ -323,8 +320,7 @@ main() exit(0); } - for (tmp = tbl_standard, i = 0; - i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) + for (tmp = tbl_standard, i = 0; i < OSSL_NELEM(tbl_standard); i++, tmp++) printf("Index %d, NID %d, Name=%s\n", i, tmp->nid, OBJ_nid2ln(tmp->nid)); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 718aa52..49f4e5a 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -107,8 +107,7 @@ static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL; void main() { int i; - for (i = 0; - i < sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); i++) + for (i = 0; i < OSSL_NELEM(standard_methods); i++) fprintf(stderr, "Number %d id=%d (%s)\n", i, standard_methods[i]->pkey_id, OBJ_nid2sn(standard_methods[i]->pkey_id)); @@ -129,7 +128,7 @@ IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *, int EVP_PKEY_asn1_get_count(void) { - int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); + int num = OSSL_NELEM(standard_methods); if (app_methods) num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods); return num; @@ -137,7 +136,7 @@ int EVP_PKEY_asn1_get_count(void) const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx) { - int num = sizeof(standard_methods) / sizeof(EVP_PKEY_ASN1_METHOD *); + int num = OSSL_NELEM(standard_methods); if (idx < 0) return NULL; if (idx < num) @@ -157,8 +156,7 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) if (idx >= 0) return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); } - ret = OBJ_bsearch_ameth(&t, standard_methods, sizeof(standard_methods) - / sizeof(EVP_PKEY_ASN1_METHOD *)); + ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); if (!ret || !*ret) return NULL; return *ret; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 549bc5e..049515d 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -620,7 +620,7 @@ static int asn1_str2tag(const char *tagstr, int len) len = strlen(tagstr); tntmp = tnst; - for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { + for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) return tntmp->tag; } diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 0776383..1da6b86 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -148,7 +148,7 @@ BIO *BIO_new_file(const char *filename, const char *mode) if (MultiByteToWideChar(CP_UTF8, flags, filename, len_0, wfilename, sz) && MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1, - wmode, sizeof(wmode) / sizeof(wmode[0])) && + wmode, OSSL_NELEM(wmode)) && (file = _wfopen(wfilename, wmode)) == NULL && (errno == ENOENT || errno == EBADF) ) { diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c index 1c007bb..cfd8c06 100644 --- a/crypto/bn/bn_dh.c +++ b/crypto/bn/bn_dh.c @@ -57,6 +57,7 @@ */ #include "bn_lcl.h" +#include "e_os.h" #ifndef OPENSSL_NO_DH /* DH parameters from RFC5114 */ @@ -247,8 +248,8 @@ static const BN_ULONG dh2048_256_q[] = { /* Macro to make a BIGNUM from static data */ # define make_dh_bn(x) const BIGNUM _bignum_##x = { (BN_ULONG *) x, \ - sizeof(x)/sizeof(BN_ULONG),\ - sizeof(x)/sizeof(BN_ULONG),\ + OSSL_NELEM(x),\ + OSSL_NELEM(x),\ 0, BN_FLG_STATIC_DATA }; diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 7c0d4af..c87c5d9 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -473,8 +473,8 @@ int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p) int arr[6]; bn_check_top(a); bn_check_top(p); - ret = BN_GF2m_poly2arr(p, arr, sizeof(arr) / sizeof(arr[0])); - if (!ret || ret > (int)(sizeof(arr) / sizeof(arr[0]))) { + ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr)); + if (!ret || ret > (int)OSSL_NELEM(arr)) { BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH); return 0; } diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index 2c5596d..af048d3 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -379,8 +379,8 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_192_sqr = { (BN_ULONG *)_nist_p_192_sqr, - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), - sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]), + OSSL_NELEM(_nist_p_192_sqr), + OSSL_NELEM(_nist_p_192_sqr), 0, BN_FLG_STATIC_DATA }; @@ -524,8 +524,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_224_sqr = { (BN_ULONG *)_nist_p_224_sqr, - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), - sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]), + OSSL_NELEM(_nist_p_224_sqr), + OSSL_NELEM(_nist_p_224_sqr), 0, BN_FLG_STATIC_DATA }; @@ -705,8 +705,8 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_256_sqr = { (BN_ULONG *)_nist_p_256_sqr, - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), - sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]), + OSSL_NELEM(_nist_p_256_sqr), + OSSL_NELEM(_nist_p_256_sqr), 0, BN_FLG_STATIC_DATA }; @@ -951,8 +951,8 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, } u; static const BIGNUM _bignum_nist_p_384_sqr = { (BN_ULONG *)_nist_p_384_sqr, - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), - sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]), + OSSL_NELEM(_nist_p_384_sqr), + OSSL_NELEM(_nist_p_384_sqr), 0, BN_FLG_STATIC_DATA }; @@ -1209,8 +1209,8 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field, PTR_SIZE_INT mask; static const BIGNUM _bignum_nist_p_521_sqr = { (BN_ULONG *)_nist_p_521_sqr, - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), - sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]), + OSSL_NELEM(_nist_p_521_sqr), + OSSL_NELEM(_nist_p_521_sqr), 0, BN_FLG_STATIC_DATA }; diff --git a/crypto/bn/bn_srp.c b/crypto/bn/bn_srp.c index 0a39f2f..5dd31fc 100644 --- a/crypto/bn/bn_srp.c +++ b/crypto/bn/bn_srp.c @@ -1,4 +1,5 @@ #include "bn_lcl.h" +#include "e_os.h" #ifndef OPENSSL_NO_SRP @@ -37,8 +38,8 @@ static const BN_ULONG bn_group_1024_value[] = { const BIGNUM bn_group_1024 = { (BN_ULONG *)bn_group_1024_value, - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), - (sizeof bn_group_1024_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_1024_value), + OSSL_NELEM(bn_group_1024_value), 0, BN_FLG_STATIC_DATA }; @@ -72,8 +73,8 @@ static const BN_ULONG bn_group_1536_value[] = { const BIGNUM bn_group_1536 = { (BN_ULONG *)bn_group_1536_value, - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), - (sizeof bn_group_1536_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_1536_value), + OSSL_NELEM(bn_group_1536_value), 0, BN_FLG_STATIC_DATA }; @@ -115,8 +116,8 @@ static const BN_ULONG bn_group_2048_value[] = { const BIGNUM bn_group_2048 = { (BN_ULONG *)bn_group_2048_value, - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), - (sizeof bn_group_2048_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_2048_value), + OSSL_NELEM(bn_group_2048_value), 0, BN_FLG_STATIC_DATA }; @@ -174,8 +175,8 @@ static const BN_ULONG bn_group_3072_value[] = { const BIGNUM bn_group_3072 = { (BN_ULONG *)bn_group_3072_value, - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), - (sizeof bn_group_3072_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_3072_value), + OSSL_NELEM(bn_group_3072_value), 0, BN_FLG_STATIC_DATA }; @@ -249,8 +250,8 @@ static const BN_ULONG bn_group_4096_value[] = { const BIGNUM bn_group_4096 = { (BN_ULONG *)bn_group_4096_value, - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), - (sizeof bn_group_4096_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_4096_value), + OSSL_NELEM(bn_group_4096_value), 0, BN_FLG_STATIC_DATA }; @@ -356,8 +357,8 @@ static const BN_ULONG bn_group_6144_value[] = { const BIGNUM bn_group_6144 = { (BN_ULONG *)bn_group_6144_value, - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), - (sizeof bn_group_6144_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_6144_value), + OSSL_NELEM(bn_group_6144_value), 0, BN_FLG_STATIC_DATA }; @@ -495,8 +496,8 @@ static const BN_ULONG bn_group_8192_value[] = { const BIGNUM bn_group_8192 = { (BN_ULONG *)bn_group_8192_value, - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), - (sizeof bn_group_8192_value) / sizeof(BN_ULONG), + OSSL_NELEM(bn_group_8192_value), + OSSL_NELEM(bn_group_8192_value), 0, BN_FLG_STATIC_DATA }; diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 8bba3bc..d0f1fcb 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -74,6 +74,7 @@ #include #include #include +#include "e_os.h" typedef struct { int field_type, /* either NID_X9_62_prime_field or @@ -3022,7 +3023,7 @@ static const ec_list_element curve_list[] = { "RFC 5639 curve over a 512 bit prime field"}, }; -#define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element)) +#define curve_list_length OSSL_NELEM(curve_list) static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) { @@ -3194,7 +3195,7 @@ static EC_NIST_NAME nist_curves[] = { const char *EC_curve_nid2nist(int nid) { size_t i; - for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) { + for (i = 0; i < OSSL_NELEM(nist_curves); i++) { if (nist_curves[i].nid == nid) return nist_curves[i].name; } @@ -3204,7 +3205,7 @@ const char *EC_curve_nid2nist(int nid) int EC_curve_nist2nid(const char *name) { size_t i; - for (i = 0; i < sizeof(nist_curves) / sizeof(EC_NIST_NAME); i++) { + for (i = 0; i < OSSL_NELEM(nist_curves); i++) { if (!strcmp(nist_curves[i].name, name)) return nist_curves[i].nid; } diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 7a71637..6128a73 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -130,7 +130,7 @@ int main(int argc, char **argv) * OpenSSL_add_all_algorithms(); */ - for (i = 0; i < sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL); i++) { + for (i = 0; i < OSSL_NELEM(builtin_pbe); i++) { tpbe = builtin_pbe + i; fprintf(stderr, "%d %d %s ", tpbe->pbe_type, tpbe->pbe_nid, OBJ_nid2sn(tpbe->pbe_nid)); @@ -276,8 +276,7 @@ int EVP_PBE_find(int type, int pbe_nid, pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i); } if (pbetmp == NULL) { - pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, - sizeof(builtin_pbe) / sizeof(EVP_PBE_CTL)); + pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe)); } if (pbetmp == NULL) return 0; diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index b752a2c..10ce639 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -59,6 +59,7 @@ #include #include "obj_xref.h" +#include "e_os.h" DECLARE_STACK_OF(nid_triple) STACK_OF(nid_triple) *sig_app, *sigx_app; @@ -102,8 +103,7 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid) } #ifndef OBJ_XREF_TEST2 if (rv == NULL) { - rv = OBJ_bsearch_sig(&tmp, sigoid_srt, - sizeof(sigoid_srt) / sizeof(nid_triple)); + rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt)); } #endif if (rv == NULL) @@ -133,9 +133,7 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid) } #ifndef OBJ_XREF_TEST2 if (rv == NULL) { - rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, - sizeof(sigoid_srt_xref) / sizeof(nid_triple *) - ); + rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref)); } #endif if (rv == NULL) @@ -198,12 +196,12 @@ main() int i, rv; # ifdef OBJ_XREF_TEST2 - for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { + for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { OBJ_add_sigid(sigoid_srt[i][0], sigoid_srt[i][1], sigoid_srt[i][2]); } # endif - for (i = 0; i < sizeof(sigoid_srt) / sizeof(nid_triple); i++) { + for (i = 0; i < OSSL_NELEM(sigoid_srt); i++) { n1 = sigoid_srt[i][0]; rv = OBJ_find_sigid_algs(n1, &n2, &n3); printf("Forward: %d, %s %s %s\n", rv, diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 732ba3b..4332270 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -250,7 +250,7 @@ int RAND_poll(void) # endif # ifdef DEVRANDOM static const char *randomfiles[] = { DEVRANDOM }; - struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])]; + struct stat randomstats[OSSL_NELEM(randomfiles)]; int fd; unsigned int i; # endif @@ -267,8 +267,7 @@ int RAND_poll(void) * out of random entries. */ - for (i = 0; (i < sizeof(randomfiles) / sizeof(randomfiles[0])) && - (n < ENTROPY_NEEDED); i++) { + for (i = 0; (i < OSSL_NELEM(randomfiles)) && (n < ENTROPY_NEEDED); i++) { if ((fd = open(randomfiles[i], O_RDONLY # ifdef O_NONBLOCK | O_NONBLOCK diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index d64f2f4..0a3e497 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -130,8 +130,7 @@ int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a) /* Printing status code. */ BIO_printf(bio, "Status: "); status = ASN1_INTEGER_get(a->status); - if (0 <= status - && status < (long)(sizeof(status_map) / sizeof(status_map[0]))) + if (0 <= status && status < (long)OSSL_NELEM(status_map)) BIO_printf(bio, "%s\n", status_map[status]); else BIO_printf(bio, "out of bounds\n"); diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index a89f9cb..8381d41 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -101,7 +101,7 @@ static const char *TS_status_text[] = { "granted", "revocationNotification" }; -#define TS_STATUS_TEXT_SIZE (sizeof(TS_status_text)/sizeof(*TS_status_text)) +#define TS_STATUS_TEXT_SIZE OSSL_NELEM(TS_status_text) /* * This must be greater or equal to the sum of the strings in TS_status_text diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 92ea2b5..6632f9b 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -94,7 +94,7 @@ static X509_TRUST trstandard[] = { {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL} }; -#define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) +#define X509_TRUST_COUNT OSSL_NELEM(trstandard) static STACK_OF(X509_TRUST) *trtable = NULL; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 6305406..b9a9741 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -601,7 +601,7 @@ int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param) int X509_VERIFY_PARAM_get_count(void) { - int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + int num = OSSL_NELEM(default_table); if (param_table) num += sk_X509_VERIFY_PARAM_num(param_table); return num; @@ -609,7 +609,7 @@ int X509_VERIFY_PARAM_get_count(void) const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) { - int num = sizeof(default_table) / sizeof(X509_VERIFY_PARAM); + int num = OSSL_NELEM(default_table); if (id < num) return default_table + id; return sk_X509_VERIFY_PARAM_value(param_table, id - num); @@ -626,9 +626,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name) if (idx != -1) return sk_X509_VERIFY_PARAM_value(param_table, idx); } - return OBJ_bsearch_table(&pm, default_table, - sizeof(default_table) / - sizeof(X509_VERIFY_PARAM)); + return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table)); } void X509_VERIFY_PARAM_table_cleanup(void) diff --git a/crypto/x509v3/tabtest.c b/crypto/x509v3/tabtest.c index 145dc9d..65209db 100644 --- a/crypto/x509v3/tabtest.c +++ b/crypto/x509v3/tabtest.c @@ -72,7 +72,7 @@ main() { int i, prev = -1, bad = 0; X509V3_EXT_METHOD **tmp; - i = sizeof(standard_exts) / sizeof(X509V3_EXT_METHOD *); + i = OSSL_NELEM(standard_exts); if (i != STANDARD_EXTENSION_COUNT) fprintf(stderr, "Extension number invalid expecting %d\n", i); tmp = standard_exts; diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index d51f93f..5cee586 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -108,7 +108,7 @@ static X509_PURPOSE xstandard[] = { NULL}, }; -#define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) +#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard) static STACK_OF(X509_PURPOSE) *xptable = NULL; @@ -334,8 +334,7 @@ int X509_supported_extension(X509_EXTENSION *ex) if (ex_nid == NID_undef) return 0; - if (OBJ_bsearch_nid(&ex_nid, supported_nids, - sizeof(supported_nids) / sizeof(int))) + if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids))) return 1; return 0; } diff --git a/e_os.h b/e_os.h index f4a427a..7f94bfc 100644 --- a/e_os.h +++ b/e_os.h @@ -689,6 +689,8 @@ struct servent *getservbyname(const char *name, const char *proto); # endif # endif +#define OSSL_NELEM(x) (sizeof(x)/sizeof(x[0])) + #ifdef __cplusplus } #endif diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c2fddb8..e346c22 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -159,7 +159,7 @@ const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT; -#define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) +#define SSL3_NUM_CIPHERS OSSL_NELEM(ssl3_ciphers) /* list of available SSLv3 ciphers (sorted by id) */ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 6c6ac8d..a3dca18 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -242,7 +242,7 @@ static int ssl_cipher_info_find(const ssl_cipher_table * table, } #define ssl_cipher_info_lookup(table, x) \ - ssl_cipher_info_find(table, sizeof(table)/sizeof(*table), x) + ssl_cipher_info_find(table, OSSL_NELEM(table), x) /* * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation @@ -1531,7 +1531,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * groups of cipher_aliases added together in one list (otherwise * we would be happy with just the cipher_aliases table). */ - num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); + num_of_group_aliases = OSSL_NELEM(cipher_aliases); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); if (ca_list == NULL) { diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 5a19a75..2d96b11 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -220,7 +220,7 @@ static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd) #endif }; cctx->tbl = ssl_option_single; - cctx->ntbl = sizeof(ssl_option_single) / sizeof(ssl_flag_tbl); + cctx->ntbl = OSSL_NELEM(ssl_option_single); return ssl_set_option_list(cmd, -1, cctx); } @@ -335,7 +335,7 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) if (!(cctx->flags & SSL_CONF_FLAG_FILE)) return -2; cctx->tbl = ssl_protocol_list; - cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl); + cctx->ntbl = OSSL_NELEM(ssl_protocol_list); return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); } @@ -360,7 +360,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) if (value == NULL) return -3; cctx->tbl = ssl_option_list; - cctx->ntbl = sizeof(ssl_option_list) / sizeof(ssl_flag_tbl); + cctx->ntbl = OSSL_NELEM(ssl_option_list); return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); } @@ -508,8 +508,7 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, return NULL; /* Look for matching parameter name in table */ - for (i = 0, t = ssl_conf_cmds; - i < sizeof(ssl_conf_cmds) / sizeof(ssl_conf_cmd_tbl); i++, t++) { + for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) { if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { if (t->str_cmdline && !strcmp(t->str_cmdline, cmd)) return t; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 31ebfdd..7af9c7e 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -307,8 +307,7 @@ static const unsigned char suiteb_curves[] = { int tls1_ec_curve_id2nid(int curve_id) { /* ECC curves from RFC 4492 and RFC 7027 */ - if ((curve_id < 1) || ((unsigned int)curve_id > - sizeof(nid_list) / sizeof(nid_list[0]))) + if ((curve_id < 1) || ((unsigned int)curve_id > OSSL_NELEM(nid_list))) return 0; return nid_list[curve_id - 1].nid; } @@ -442,8 +441,7 @@ static int tls_curve_allowed(SSL *s, const unsigned char *curve, int op) const tls_curve_info *cinfo; if (curve[0]) return 1; - if ((curve[1] < 1) || ((size_t)curve[1] > - sizeof(nid_list) / sizeof(nid_list[0]))) + if ((curve[1] < 1) || ((size_t)curve[1] > OSSL_NELEM(nid_list))) return 0; cinfo = &nid_list[curve[1] - 1]; # ifdef OPENSSL_NO_EC2M @@ -3172,8 +3170,7 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, int sig_id, md_id; if (!md) return 0; - md_id = tls12_find_id(EVP_MD_type(md), tls12_md, - sizeof(tls12_md) / sizeof(tls12_lookup)); + md_id = tls12_find_id(EVP_MD_type(md), tls12_md, OSSL_NELEM(tls12_md)); if (md_id == -1) return 0; sig_id = tls12_get_sigid(pk); @@ -3186,8 +3183,7 @@ int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, int tls12_get_sigid(const EVP_PKEY *pk) { - return tls12_find_id(pk->type, tls12_sig, - sizeof(tls12_sig) / sizeof(tls12_lookup)); + return tls12_find_id(pk->type, tls12_sig, OSSL_NELEM(tls12_sig)); } typedef struct { @@ -3213,7 +3209,7 @@ static const tls12_hash_info *tls12_get_hash_info(unsigned char hash_alg) { if (hash_alg == 0) return NULL; - if (hash_alg > sizeof(tls12_md_info) / sizeof(tls12_md_info[0])) + if (hash_alg > OSSL_NELEM(tls12_md_info)) return NULL; return tls12_md_info + hash_alg - 1; } @@ -3256,14 +3252,12 @@ static void tls1_lookup_sigalg(int *phash_nid, int *psign_nid, if (!phash_nid && !psign_nid && !psignhash_nid) return; if (phash_nid || psignhash_nid) { - hash_nid = tls12_find_nid(data[0], tls12_md, - sizeof(tls12_md) / sizeof(tls12_lookup)); + hash_nid = tls12_find_nid(data[0], tls12_md, OSSL_NELEM(tls12_md)); if (phash_nid) *phash_nid = hash_nid; } if (psign_nid || psignhash_nid) { - sign_nid = tls12_find_nid(data[1], tls12_sig, - sizeof(tls12_sig) / sizeof(tls12_lookup)); + sign_nid = tls12_find_nid(data[1], tls12_sig, OSSL_NELEM(tls12_sig)); if (psign_nid) *psign_nid = sign_nid; } @@ -3806,10 +3800,8 @@ int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, if (sigalgs == NULL) return 0; for (i = 0, sptr = sigalgs; i < salglen; i += 2) { - rhash = tls12_find_id(*psig_nids++, tls12_md, - sizeof(tls12_md) / sizeof(tls12_lookup)); - rsign = tls12_find_id(*psig_nids++, tls12_sig, - sizeof(tls12_sig) / sizeof(tls12_lookup)); + rhash = tls12_find_id(*psig_nids++, tls12_md, OSSL_NELEM(tls12_md)); + rsign = tls12_find_id(*psig_nids++, tls12_sig, OSSL_NELEM(tls12_sig)); if (rhash == -1 || rsign == -1) goto err; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 77f2a9f..f8d19b8 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -65,11 +65,11 @@ typedef struct { } ssl_trace_tbl; # define ssl_trace_str(val, tbl) \ - do_ssl_trace_str(val, tbl, sizeof(tbl)/sizeof(ssl_trace_tbl)) + do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl)) # define ssl_trace_list(bio, indent, msg, msglen, value, table) \ do_ssl_trace_list(bio, indent, msg, msglen, value, \ - table, sizeof(table)/sizeof(ssl_trace_tbl)) + table, OSSL_NELEM(table)) static const char *do_ssl_trace_str(int val, ssl_trace_tbl *tbl, size_t ntbl) { From rsalz at openssl.org Sun May 3 12:55:52 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 03 May 2015 12:55:52 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430657752.621401.18932.nullmailer@dev.openssl.org> The branch master has been updated via 5812e6f17571345d9e8449459572e540379002d5 (commit) via 4c583c36596cd86feebd983b0313733fe9870500 (commit) via 186bb90705f848806783de512b3df6872552b304 (commit) via 8332f91cc0db4955259bca9f9138b5eff94d6e8c (commit) from b6eb9827a6866981c08cc9613ca8b4a648894fb1 (commit) - Log ----------------------------------------------------------------- commit 5812e6f17571345d9e8449459572e540379002d5 Author: Alok Menghrajani Date: Mon Apr 13 09:48:06 2015 -0700 Fixes some typos in doc/ssl/ This is the last of Alok's PR260 Reviewed-by: Tim Hudson commit 4c583c36596cd86feebd983b0313733fe9870500 Author: Alok Menghrajani Date: Mon Apr 13 09:29:52 2015 -0700 Fixes some typos in doc/apps/ Signed-off-by: Rich Salz Reviewed-by: Tim Hudson commit 186bb90705f848806783de512b3df6872552b304 Author: Alok Menghrajani Date: Mon Apr 13 11:05:13 2015 -0700 RT3802: Fixes typos in doc/crypto/ Signed-off-by: Rich Salz Reviewed-by: Tim Hudson commit 8332f91cc0db4955259bca9f9138b5eff94d6e8c Author: Rich Salz Date: Sat May 2 18:42:29 2015 -0400 fix various typo's https://github.com/openssl/openssl/pull/176 (CHANGES) https://rt.openssl.org/Ticket/Display.html?id=3545 (objects.txt) https://rt.openssl.org/Ticket/Display.html?id=3796 (verify.pod) Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: CHANGES | 2 +- crypto/objects/obj_dat.h | 4 ++-- crypto/objects/objects.txt | 2 +- doc/apps/c_rehash.pod | 2 +- doc/apps/ca.pod | 2 +- doc/apps/ciphers.pod | 6 ++--- doc/apps/cms.pod | 4 ++-- doc/apps/dgst.pod | 2 +- doc/apps/enc.pod | 4 ++-- doc/apps/genpkey.pod | 6 ++--- doc/apps/openssl.pod | 22 ++++++++--------- doc/apps/req.pod | 4 ++-- doc/apps/s_client.pod | 2 +- doc/apps/ts.pod | 36 ++++++++++++++-------------- doc/apps/verify.pod | 4 ++-- doc/apps/x509v3_config.pod | 10 ++++---- doc/crypto/ASN1_TIME_set.pod | 2 +- doc/crypto/ASN1_TYPE_get.pod | 2 +- doc/crypto/ASN1_generate_nconf.pod | 4 ++-- doc/crypto/BIO_f_cipher.pod | 2 +- doc/crypto/BIO_s_bio.pod | 2 +- doc/crypto/BIO_s_connect.pod | 4 ++-- doc/crypto/CONF_modules_load_file.pod | 4 ++-- doc/crypto/EC_GROUP_copy.pod | 6 ++--- doc/crypto/EC_GROUP_new.pod | 6 ++--- doc/crypto/EC_KEY_new.pod | 4 ++-- doc/crypto/EVP_BytesToKey.pod | 4 ++-- doc/crypto/EVP_DigestInit.pod | 2 +- doc/crypto/EVP_DigestSignInit.pod | 2 +- doc/crypto/EVP_PKEY_CTX_ctrl.pod | 2 +- doc/crypto/EVP_PKEY_CTX_new.pod | 2 +- doc/crypto/EVP_PKEY_keygen.pod | 6 ++--- doc/crypto/OBJ_nid2obj.pod | 4 ++-- doc/crypto/PKCS12_create.pod | 4 ++-- doc/crypto/PKCS5_PBKDF2_HMAC.pod | 2 +- doc/crypto/PKCS7_sign.pod | 2 +- doc/crypto/PKCS7_sign_add_signer.pod | 2 +- doc/crypto/PKCS7_verify.pod | 2 +- doc/crypto/SMIME_write_PKCS7.pod | 2 +- doc/crypto/X509_NAME_get_index_by_NID.pod | 2 +- doc/crypto/X509_STORE_CTX_get_error.pod | 2 +- doc/crypto/X509_STORE_CTX_new.pod | 6 ++--- doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 10 ++++---- doc/crypto/X509_check_host.pod | 2 +- doc/crypto/X509_verify_cert.pod | 2 +- doc/crypto/d2i_ASN1_OBJECT.pod | 2 +- doc/crypto/d2i_DHparams.pod | 2 +- doc/crypto/d2i_DSAPublicKey.pod | 2 +- doc/crypto/d2i_X509_ALGOR.pod | 2 +- doc/crypto/d2i_X509_CRL.pod | 2 +- doc/crypto/d2i_X509_NAME.pod | 2 +- doc/crypto/d2i_X509_REQ.pod | 2 +- doc/crypto/d2i_X509_SIG.pod | 2 +- doc/crypto/ec.pod | 2 +- doc/crypto/engine.pod | 2 +- doc/crypto/err.pod | 2 +- doc/fingerprints.txt | 2 +- doc/ssl/SSL_CTX_set_cert_cb.pod | 2 +- doc/ssl/SSL_CTX_set_security_level.pod | 2 +- doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 26 ++++++++++---------- include/openssl/obj_mac.h | 2 +- 61 files changed, 132 insertions(+), 132 deletions(-) diff --git a/CHANGES b/CHANGES index b6342bd..de00a8a 100644 --- a/CHANGES +++ b/CHANGES @@ -7606,7 +7606,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k [Bodo Moeller; problems reported by Anders Gertz ] *) Correct util/mkdef.pl to be selective about disabled algorithms. - Previously, it would create entries for disableed algorithms no + Previously, it would create entries for disabled algorithms no matter what. [Richard Levitte] diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index bf5496e..c8102a0 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2164,7 +2164,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[5107]),0}, {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", NID_subject_directory_attributes,3,&(lvalues[5115]),0}, -{"issuingDistributionPoint","X509v3 Issuing Distrubution Point", +{"issuingDistributionPoint","X509v3 Issuing Distribution Point", NID_issuing_distribution_point,3,&(lvalues[5118]),0}, {"certificateIssuer","X509v3 Certificate Issuer", NID_certificate_issuer,3,&(lvalues[5121]),0}, @@ -3654,7 +3654,7 @@ static const unsigned int ln_objs[NUM_LN]={ 857, /* "X509v3 Freshest CRL" */ 748, /* "X509v3 Inhibit Any Policy" */ 86, /* "X509v3 Issuer Alternative Name" */ -770, /* "X509v3 Issuing Distrubution Point" */ +770, /* "X509v3 Issuing Distribution Point" */ 83, /* "X509v3 Key Usage" */ 666, /* "X509v3 Name Constraints" */ 403, /* "X509v3 No Revocation Available" */ diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 2bcaf83..2fc85b4 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -748,7 +748,7 @@ id-ce 24 : invalidityDate : Invalidity Date !Cname delta-crl id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator !Cname issuing-distribution-point -id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distrubution Point +id-ce 28 : issuingDistributionPoint : X509v3 Issuing Distribution Point !Cname certificate-issuer id-ce 29 : certificateIssuer : X509v3 Certificate Issuer !Cname name-constraints diff --git a/doc/apps/c_rehash.pod b/doc/apps/c_rehash.pod index ccce29e..c3d98b6 100644 --- a/doc/apps/c_rehash.pod +++ b/doc/apps/c_rehash.pod @@ -28,7 +28,7 @@ directories to be set up like this in order to find certificates. If any directories are named on the command line, then those are processed in turn. If not, then the B environment variable -is consulted; this shold be a colon-separated list of directories, +is consulted; this should be a colon-separated list of directories, like the Unix B variable. If that is not set then the default directory (installation-specific but often B) is processed. diff --git a/doc/apps/ca.pod b/doc/apps/ca.pod index 997fa20..1d18070 100644 --- a/doc/apps/ca.pod +++ b/doc/apps/ca.pod @@ -245,7 +245,7 @@ configuration file, must be valid UTF8 strings. =item B<-multivalue-rdn> -This option causes the -subj argument to be interpretedt with full +This option causes the -subj argument to be interpreted with full support for multivalued RDNs. Example: I diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 6d39c54..84d8260 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -303,7 +303,7 @@ ciphersuites using SHA256 or SHA384. =item B -cipher suites using GOST R 34.10 (either 2001 or 94) for authenticaction +cipher suites using GOST R 34.10 (either 2001 or 94) for authentication (needs an engine supporting GOST algorithms). =item B @@ -585,7 +585,7 @@ Note: these ciphers can also be used in SSL v3. TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDH-RSA-CAMELLIA128-SHA256 TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDH-RSA-CAMELLIA256-SHA384 -=head2 Pre shared keying (PSK) cipheruites +=head2 Pre shared keying (PSK) ciphersuites TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA @@ -621,7 +621,7 @@ Include all RC4 ciphers but leave out those without authentication: openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' -Include all chiphers with RSA authentication but leave out ciphers without +Include all ciphers with RSA authentication but leave out ciphers without encryption. openssl ciphers -v 'RSA:!COMPLEMENTOFALL' diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index af1240a..9001371 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -376,7 +376,7 @@ identifier extension. Supported by B<-sign> and B<-encrypt> options. =item B<-receipt_request_all -receipt_request_first> for B<-sign> option include a signed receipt request. Indicate requests should -be provided by all receipient or first tier recipients (those mailed directly +be provided by all recipient or first tier recipients (those mailed directly and not from a mailing list). Ignored it B<-receipt_request_from> is included. =item B<-receipt_request_from emailaddress> @@ -398,7 +398,7 @@ requests. specify symmetric key to use. The key must be supplied in hex format and be consistent with the algorithm used. Supported by the B<-EncryptedData_encrypt> -B<-EncrryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used +B<-EncryptedData_decrypt>, B<-encrypt> and B<-decrypt> options. When used with B<-encrypt> or B<-decrypt> the supplied key is used to wrap or unwrap the content encryption key using an AES key in the B type. diff --git a/doc/apps/dgst.pod b/doc/apps/dgst.pod index 8f974ed..236e1b7 100644 --- a/doc/apps/dgst.pod +++ b/doc/apps/dgst.pod @@ -137,7 +137,7 @@ Following options are supported by both by B and B: =item B -Specifies MAC key as alphnumeric string (use if key contain printable +Specifies MAC key as alphanumeric string (use if key contain printable characters only). String length must conform to any restrictions of the MAC algorithm for example exactly 32 chars for gost-mac. diff --git a/doc/apps/enc.pod b/doc/apps/enc.pod index 41791ad..8f4ef99 100644 --- a/doc/apps/enc.pod +++ b/doc/apps/enc.pod @@ -170,7 +170,7 @@ configuration file is read and any ENGINEs loaded. Engines which provide entirely new encryption algorithms (such as ccgost engine which provides gost89 algorithm) should be configured in the configuration file. Engines, specified in the command line using -engine -options can only be used for hadrware-assisted implementations of +options can only be used for hardware-assisted implementations of ciphers, which are supported by OpenSSL core or other engine, specified in the configuration file. @@ -212,7 +212,7 @@ Note that some of these ciphers can be disabled at compile time and some are available only if an appropriate engine is configured in the configuration file. The output of the B command run with unsupported options (for example B) includes a -list of ciphers, supported by your versesion of OpenSSL, including +list of ciphers, supported by your version of OpenSSL, including ones provided by configured engines. The B program does not support authenticated encryption modes diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 74faba5..0bce0b5 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -87,7 +87,7 @@ parameters along with the PEM or DER structure. =head1 KEY GENERATION OPTIONS -The options supported by each algorith and indeed each implementation of an +The options supported by each algorithm and indeed each implementation of an algorithm can vary. The options for the OpenSSL implementations are detailed below. @@ -154,7 +154,7 @@ such as "P-256". =item B -the encoding to use for parameters. The "encoding" paramater must be either +the encoding to use for parameters. The "encoding" parameter must be either "named_curve" or "explicit". =back @@ -163,7 +163,7 @@ the encoding to use for parameters. The "encoding" paramater must be either Gost 2001 support is not enabled by default. To enable this algorithm, one should load the ccgost engine in the OpenSSL configuration file. -See README.gost file in the engines/ccgost directiry of the source +See README.gost file in the engines/ccgost directory of the source distribution for more details. Use of a parameter file for the GOST R 34.10 algorithm is optional. diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index b2e2719..3e651b8 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -23,12 +23,12 @@ v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them. The B program is a command line tool for using the various -cryptography functions of OpenSSL's B library from the shell. -It can be used for +cryptography functions of OpenSSL's B library from the shell. +It can be used for o Creation and management of private keys, public keys and parameters o Public key cryptographic operations - o Creation of X.509 certificates, CSRs and CRLs + o Creation of X.509 certificates, CSRs and CRLs o Calculation of Message Digests o Encryption and Decryption with Ciphers o SSL/TLS Client and Server Tests @@ -75,7 +75,7 @@ Parse an ASN.1 sequence. =item L|ca(1)> -Certificate Authority (CA) Management. +Certificate Authority (CA) Management. =item L|ciphers(1)> @@ -104,7 +104,7 @@ Obsoleted by L|dhparam(1)>. =item L|dhparam(1)> -Generation and Management of Diffie-Hellman Parameters. Superseded by +Generation and Management of Diffie-Hellman Parameters. Superseded by L|genpkey(1)> and L|pkeyparam(1)> @@ -114,7 +114,7 @@ DSA Data Management. =item L|dsaparam(1)> -DSA Parameter Generation and Management. Superseded by +DSA Parameter Generation and Management. Superseded by L|genpkey(1)> and L|pkeyparam(1)> =item L|ec(1)> @@ -131,7 +131,7 @@ Encoding with Ciphers. =item L|engine(1)> -Engine (loadble module) information and manipulation. +Engine (loadable module) information and manipulation. =item L|errstr(1)> @@ -144,7 +144,7 @@ Obsoleted by L|dhparam(1)>. =item L|gendsa(1)> -Generation of DSA Private Key from Parameters. Superseded by +Generation of DSA Private Key from Parameters. Superseded by L|genpkey(1)> and L|pkey(1)> =item L|genpkey(1)> @@ -279,11 +279,11 @@ MDC2 Digest RMD-160 Digest -=item B +=item B SHA Digest -=item B +=item B SHA-1 Digest @@ -408,7 +408,7 @@ L, L, L, L, L, L, L, L, L, -L, L, L +L, L, L =head1 HISTORY diff --git a/doc/apps/req.pod b/doc/apps/req.pod index eb840be..9e8e1ab 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -153,7 +153,7 @@ the default key size, specified in the configuration file is used. All other algorithms support the B<-newkey alg:file> form, where file may be an algorithm parameter file, created by the B command -or and X.509 certificate for a key with approriate algorithm. +or and X.509 certificate for a key with appropriate algorithm. B generates a key using the parameter file or certificate B, the algorithm is determined by the parameters. B use algorithm @@ -278,7 +278,7 @@ set multiple options. See the L manual page for details. customise the output format used with B<-text>. The B
, B and B for a curve over Fp stored in B. EC_group_get_curve_GFp obtains the previously set curve parameters. EC_GROUP_set_curve_GF2m sets the equivalent curve parameters for a curve over F2^m. In this case B
represents -the irreducible polybnomial - each bit represents a term in the polynomial. Therefore there will either be three -or five bits set dependant on whether the polynomial is a trinomial or a pentanomial. +the irreducible polynomial - each bit represents a term in the polynomial. Therefore there will either be three +or five bits set dependent on whether the polynomial is a trinomial or a pentanomial. EC_group_get_curve_GF2m obtains the previously set curve parameters. The functions EC_GROUP_new_curve_GFp and EC_GROUP_new_curve_GF2m are shortcuts for calling EC_GROUP_new and the diff --git a/doc/crypto/EC_KEY_new.pod b/doc/crypto/EC_KEY_new.pod index c737058..fc42cbc 100644 --- a/doc/crypto/EC_KEY_new.pod +++ b/doc/crypto/EC_KEY_new.pod @@ -38,7 +38,7 @@ EC_KEY_new, EC_KEY_get_flags, EC_KEY_set_flags, EC_KEY_clear_flags, EC_KEY_new_b =head1 DESCRIPTION -An EC_KEY represents a public key and (optionaly) an associated private key. A new EC_KEY (with no associated curve) can be constructed by calling EC_KEY_new. +An EC_KEY represents a public key and (optionally) an associated private key. A new EC_KEY (with no associated curve) can be constructed by calling EC_KEY_new. The reference count for the newly created EC_KEY is initially set to 1. A curve can be associated with the EC_KEY by calling EC_KEY_set_group. @@ -71,7 +71,7 @@ The functions EC_KEY_get0_group, EC_KEY_set_group, EC_KEY_get0_private_key, EC_K The functions EC_KEY_get_conv_form and EC_KEY_set_conv_form get and set the point_conversion_form for the B. For a description of point_conversion_forms please refer to L. -EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitary additional data specific to the +EC_KEY_insert_key_method_data and EC_KEY_get_key_method_data enable the caller to associate arbitrary additional data specific to the elliptic curve scheme being used with the EC_KEY object. This data is treated as a "black box" by the ec library. The data to be stored by EC_KEY_insert_key_method_data is provided in the B parameter, which must have have associated functions for duplicating, freeing and "clear_freeing" the data item. If a subsequent EC_KEY_get_key_method_data call is issued, the functions for duplicating, freeing and "clear_freeing" the data item must be provided again, and they must be the same as they were when the data item was inserted. EC_KEY_set_flags sets the flags in the B parameter on the EC_KEY object. Any flags that are already set are left set. The currently defined standard flags are EC_FLAG_NON_FIPS_ALLOW and EC_FLAG_FIPS_CHECKED. In addition there is the flag EC_FLAG_COFACTOR_ECDH which is specific to ECDH and is defined in ecdh.h. EC_KEY_get_flags returns the current flags that are set for this EC_KEY. EC_KEY_clear_flags clears the flags indicated by the B parameter. All other flags are left in their existing state. diff --git a/doc/crypto/EVP_BytesToKey.pod b/doc/crypto/EVP_BytesToKey.pod index cd3aa02..e6df57d 100644 --- a/doc/crypto/EVP_BytesToKey.pod +++ b/doc/crypto/EVP_BytesToKey.pod @@ -29,7 +29,7 @@ A typical application of this function is to derive keying material for an encryption algorithm from a password in the B parameter. Increasing the B parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number +harder for an attacker to perform a brute force attack using a large number of candidate passwords. If the total key and IV length is less than the digest length and @@ -46,7 +46,7 @@ enough data is available for the key and IV. D_i is defined as: D_i = HASH^count(D_(i-1) || data || salt) -where || denotes concatentaion, D_0 is empty, HASH is the digest +where || denotes concatenation, D_0 is empty, HASH is the digest algorithm in use, HASH^1(data) is simply HASH(data), HASH^2(data) is HASH(HASH(data)) and so on. diff --git a/doc/crypto/EVP_DigestInit.pod b/doc/crypto/EVP_DigestInit.pod index 3fb9b4c..06e6d4f 100644 --- a/doc/crypto/EVP_DigestInit.pod +++ b/doc/crypto/EVP_DigestInit.pod @@ -74,7 +74,7 @@ EVP_MD_CTX_create() allocates, initializes and returns a digest context. EVP_DigestInit_ex() sets up digest context B to use a digest B from ENGINE B. B must be initialized before calling this -function. B will typically be supplied by a functionsuch as EVP_sha1(). +function. B will typically be supplied by a function such as EVP_sha1(). If B is NULL then the default implementation of digest B is used. EVP_DigestUpdate() hashes B bytes of data at B into the diff --git a/doc/crypto/EVP_DigestSignInit.pod b/doc/crypto/EVP_DigestSignInit.pod index 37d960e..5ad1926 100644 --- a/doc/crypto/EVP_DigestSignInit.pod +++ b/doc/crypto/EVP_DigestSignInit.pod @@ -26,7 +26,7 @@ be used to set alternative signing options. EVP_DigestSignUpdate() hashes B bytes of data at B into the signature context B. This function can be called several times on the same B to include additional data. This function is currently implemented -usig a macro. +using a macro. EVP_DigestSignFinal() signs the data in B places the signature in B. If B is B then the maximum size of the output buffer is written to diff --git a/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/doc/crypto/EVP_PKEY_CTX_ctrl.pod index 6866a6f..026c10b 100644 --- a/doc/crypto/EVP_PKEY_CTX_ctrl.pod +++ b/doc/crypto/EVP_PKEY_CTX_ctrl.pod @@ -89,7 +89,7 @@ B block structure. If this macro is not called a salt length value of -2 is used by default. The EVP_PKEY_CTX_set_rsa_rsa_keygen_bits() macro sets the RSA key length for -RSA key genration to B. If not specified 1024 bits is used. +RSA key generation to B. If not specified 1024 bits is used. The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value for RSA key generation to B currently it should be an odd integer. The diff --git a/doc/crypto/EVP_PKEY_CTX_new.pod b/doc/crypto/EVP_PKEY_CTX_new.pod index 17d5e74..d30e007 100644 --- a/doc/crypto/EVP_PKEY_CTX_new.pod +++ b/doc/crypto/EVP_PKEY_CTX_new.pod @@ -21,7 +21,7 @@ the algorithm specified in B and ENGINE B. The EVP_PKEY_CTX_new_id() function allocates public key algorithm context using the algorithm specified by B and ENGINE B. It is normally used when no B structure is associated with the operations, for example -during parameter generation of key genration for some algorithms. +during parameter generation of key generation for some algorithms. EVP_PKEY_CTX_dup() duplicates the context B. diff --git a/doc/crypto/EVP_PKEY_keygen.pod b/doc/crypto/EVP_PKEY_keygen.pod index fd431ac..2f0256d 100644 --- a/doc/crypto/EVP_PKEY_keygen.pod +++ b/doc/crypto/EVP_PKEY_keygen.pod @@ -26,7 +26,7 @@ EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init, EVP_PKEY_paramgen =head1 DESCRIPTION The EVP_PKEY_keygen_init() function initializes a public key algorithm -context using key B for a key genration operation. +context using key B for a key generation operation. The EVP_PKEY_keygen() function performs a key generation operation, the generated key is written to B. @@ -44,7 +44,7 @@ parameters available is returned. Any non negative value returns the value of that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for B should only be called within the generation callback. -If the callback returns 0 then the key genration operation is aborted and an +If the callback returns 0 then the key generation operation is aborted and an error occurs. This might occur during a time consuming operation where a user clicks on a "cancel" button. @@ -64,7 +64,7 @@ once on the same context if several operations are performed using the same parameters. The meaning of the parameters passed to the callback will depend on the -algorithm and the specifiic implementation of the algorithm. Some might not +algorithm and the specific implementation of the algorithm. Some might not give any useful information at all during key or parameter generation. Others might not even call the callback. diff --git a/doc/crypto/OBJ_nid2obj.pod b/doc/crypto/OBJ_nid2obj.pod index 648204e..7acb4c4 100644 --- a/doc/crypto/OBJ_nid2obj.pod +++ b/doc/crypto/OBJ_nid2obj.pod @@ -46,7 +46,7 @@ for the object B, the long name or the short name respectively or NID_undef if an error occurred. OBJ_txt2nid() returns NID corresponding to text string . B can be -a long name, a short name or the numerical respresentation of an object. +a long name, a short name or the numerical representation of an object. OBJ_txt2obj() converts the text string B into an ASN1_OBJECT structure. If B is 0 then long names and short names will be interpreted @@ -104,7 +104,7 @@ Objects do not need to be in the internal tables to be processed, the functions OBJ_txt2obj() and OBJ_obj2txt() can process the numerical form of an OID. -Some objects are used to reprsent algorithms which do not have a +Some objects are used to represent algorithms which do not have a corresponding ASN.1 OBJECT IDENTIFIER encoding (for example no OID currently exists for a particular algorithm). As a result they B be encoded or decoded as part of ASN.1 structures. Applications can determine if there diff --git a/doc/crypto/PKCS12_create.pod b/doc/crypto/PKCS12_create.pod index de7cab2..88397fe 100644 --- a/doc/crypto/PKCS12_create.pod +++ b/doc/crypto/PKCS12_create.pod @@ -16,7 +16,7 @@ PKCS12_create - create a PKCS#12 structure PKCS12_create() creates a PKCS#12 structure. B is the passphrase to use. B is the B to use for -the supplied certifictate and key. B is the private key to include in +the supplied certificate and key. B is the private key to include in the structure and B its corresponding certificates. B, if not B is an optional set of certificates to also include in the structure. @@ -56,7 +56,7 @@ used for the corresponding B or B in the PKCS12 structure. Either B, B or both can be B to indicate that no key or -certficate is required. In previous versions both had to be present or +certificate is required. In previous versions both had to be present or a fatal error is returned. B or B can be set to -1 indicating that no encryption diff --git a/doc/crypto/PKCS5_PBKDF2_HMAC.pod b/doc/crypto/PKCS5_PBKDF2_HMAC.pod index 3431ff0..7287993 100644 --- a/doc/crypto/PKCS5_PBKDF2_HMAC.pod +++ b/doc/crypto/PKCS5_PBKDF2_HMAC.pod @@ -49,7 +49,7 @@ encryption algorithm from a password in the B, a salt in B, and an iteration count. Increasing the B parameter slows down the algorithm which makes it -harder for an attacker to peform a brute force attack using a large number +harder for an attacker to perform a brute force attack using a large number of candidate passwords. =head1 RETURN VALUES diff --git a/doc/crypto/PKCS7_sign.pod b/doc/crypto/PKCS7_sign.pod index 64a3514..c788c4b 100644 --- a/doc/crypto/PKCS7_sign.pod +++ b/doc/crypto/PKCS7_sign.pod @@ -13,7 +13,7 @@ PKCS7_sign - create a PKCS#7 signedData structure =head1 DESCRIPTION PKCS7_sign() creates and returns a PKCS#7 signedData structure. B is -the certificate to sign with, B is the corresponsding private key. +the certificate to sign with, B is the corresponding private key. B is an optional additional set of certificates to include in the PKCS#7 structure (for example any intermediate CAs in the chain). diff --git a/doc/crypto/PKCS7_sign_add_signer.pod b/doc/crypto/PKCS7_sign_add_signer.pod index ebec4d5..f09a0f9 100644 --- a/doc/crypto/PKCS7_sign_add_signer.pod +++ b/doc/crypto/PKCS7_sign_add_signer.pod @@ -40,7 +40,7 @@ Any of the following flags (ored together) can be passed in the B parameter. If B is set then an attempt is made to copy the content -digest value from the PKCS7 struture: to add a signer to an existing structure. +digest value from the PKCS7 structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The returned PKCS7 structure will be valid and finalized when this flag is set. diff --git a/doc/crypto/PKCS7_verify.pod b/doc/crypto/PKCS7_verify.pod index f083306..cad304e 100644 --- a/doc/crypto/PKCS7_verify.pod +++ b/doc/crypto/PKCS7_verify.pod @@ -16,7 +16,7 @@ PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure PKCS7_verify() verifies a PKCS#7 signedData structure. B is the PKCS7 structure to verify. B is a set of certificates in which to search for -the signer's certificate. B is a trusted certficate store (used for +the signer's certificate. B is a trusted certificate store (used for chain verification). B is the signed data if the content is not present in B (that is it is detached). The content is written to B if it is not NULL. diff --git a/doc/crypto/SMIME_write_PKCS7.pod b/doc/crypto/SMIME_write_PKCS7.pod index ca6bd02..4a7cd08 100644 --- a/doc/crypto/SMIME_write_PKCS7.pod +++ b/doc/crypto/SMIME_write_PKCS7.pod @@ -40,7 +40,7 @@ the data must be read twice: once to compute the signature in PKCS7_sign() and once to output the S/MIME message. If streaming is performed the content is output in BER format using indefinite -length constructuted encoding except in the case of signed data with detached +length constructed encoding except in the case of signed data with detached content where the content is absent and DER format is used. =head1 BUGS diff --git a/doc/crypto/X509_NAME_get_index_by_NID.pod b/doc/crypto/X509_NAME_get_index_by_NID.pod index c8a8128..84fc180 100644 --- a/doc/crypto/X509_NAME_get_index_by_NID.pod +++ b/doc/crypto/X509_NAME_get_index_by_NID.pod @@ -51,7 +51,7 @@ X509_NAME_get_text_by_NID() and X509_NAME_get_text_by_OBJ() are legacy functions which have various limitations which make them of minimal use in practice. They can only find the first matching entry and will copy the contents of the field verbatim: this can -be highly confusing if the target is a muticharacter string type +be highly confusing if the target is a multicharacter string type like a BMPString or a UTF8String. For a more general solution X509_NAME_get_index_by_NID() or diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod index be00ff1..7748e90 100644 --- a/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/doc/crypto/X509_STORE_CTX_get_error.pod @@ -55,7 +55,7 @@ X509_STORE_CTX_get_error() returns B or an error code. X509_STORE_CTX_get_error_depth() returns a non-negative error depth. -X509_STORE_CTX_get_current_cert() returns the cerificate which caused the +X509_STORE_CTX_get_current_cert() returns the certificate which caused the error or B if no certificate is relevant to the error. X509_verify_cert_error_string() returns a human readable error string for diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index bad12e4..d8d3346 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -49,7 +49,7 @@ X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B to B. This is an alternative way of specifying trusted certificates instead of using an B. -X509_STORE_CTX_set_cert() sets the certificate to be vertified in B to +X509_STORE_CTX_set_cert() sets the certificate to be verified in B to B. X509_STORE_CTX_set_chain() sets the additional certificate chain used by B @@ -61,10 +61,10 @@ enabled in the associated B structure. This might be used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. -X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer +X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an internal pointer to the verification parameters associated with B. -X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer +X509_STORE_CTX_set0_param() sets the internal verification parameter pointer to B. After this call B should not be used. X509_STORE_CTX_set_default() looks up and sets the default verification diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index d19dc12..066ce0f 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -89,7 +89,7 @@ with the DANE-EE(3) certificate usage, and the internal check will be suppressed as appropriate when DANE support is added to OpenSSL. X509_VERIFY_PARAM_add1_host() adds B as an additional reference -identifer that can match the peer's certificate. Any previous names +identifier that can match the peer's certificate. Any previous names set via X509_VERIFY_PARAM_set1_host() or X509_VERIFY_PARAM_add1_host() are retained, no change is made if B is NULL or empty. When multiple names are configured, the peer is considered verified when @@ -157,13 +157,13 @@ ignored. B setting this option for anything other than debugging purposes can be a security risk. Finer control over which extensions are supported can be performed in the verification callback. -THe B flag disables workarounds for some broken +The B flag disables workarounds for some broken certificates and makes the verification strictly apply B rules. B enables proxy certificate verification. B enables certificate policy checking, by default -no policy checking is peformed. Additional information is sent to the +no policy checking is performed. Additional information is sent to the verification callback relating to policy checking. B, B and @@ -181,11 +181,11 @@ By default some additional features such as indirect CRLs and CRLs signed by different keys are disabled. If B is set they are enabled. -If B ise set delta CRLs (if present) are used to +If B is set delta CRLs (if present) are used to determine certificate status. If not set deltas are ignored. B enables checking of the root CA self signed -cerificate signature. By default this check is disabled because it doesn't +certificate signature. By default this check is disabled because it doesn't add any additional security but in some cases applications might want to check the signature anyway. A side effect of not checking the root CA signature is that disabled or unsupported message digests on the root CA diff --git a/doc/crypto/X509_check_host.pod b/doc/crypto/X509_check_host.pod index 0def17a..eab2586 100644 --- a/doc/crypto/X509_check_host.pod +++ b/doc/crypto/X509_check_host.pod @@ -91,7 +91,7 @@ expansion; this only applies to B. If set, B suppresses support for "*" as wildcard pattern in labels that have a prefix or suffix, -such as: "www*" or "*www"; this only aplies to B. +such as: "www*" or "*www"; this only applies to B. If set, B allows a "*" that constitutes the complete label of a DNS name (e.g. "*.example.com") diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod index 5253bdc..e5cfc6f 100644 --- a/doc/crypto/X509_verify_cert.pod +++ b/doc/crypto/X509_verify_cert.pod @@ -2,7 +2,7 @@ =head1 NAME -X509_verify_cert - discover and verify X509 certificte chain +X509_verify_cert - discover and verify X509 certificate chain =head1 SYNOPSIS diff --git a/doc/crypto/d2i_ASN1_OBJECT.pod b/doc/crypto/d2i_ASN1_OBJECT.pod index 45bb184..d9a6912 100644 --- a/doc/crypto/d2i_ASN1_OBJECT.pod +++ b/doc/crypto/d2i_ASN1_OBJECT.pod @@ -15,7 +15,7 @@ d2i_ASN1_OBJECT, i2d_ASN1_OBJECT - ASN1 OBJECT IDENTIFIER functions These functions decode and encode an ASN1 OBJECT IDENTIFIER. -Othewise these behave in a similar way to d2i_X509() and i2d_X509() +Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/d2i_DHparams.pod b/doc/crypto/d2i_DHparams.pod index 1e98aeb..d8bdf22 100644 --- a/doc/crypto/d2i_DHparams.pod +++ b/doc/crypto/d2i_DHparams.pod @@ -16,7 +16,7 @@ d2i_DHparams, i2d_DHparams - PKCS#3 DH parameter functions. These functions decode and encode PKCS#3 DH parameters using the DHparameter structure described in PKCS#3. -Othewise these behave in a similar way to d2i_X509() and i2d_X509() +Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/d2i_DSAPublicKey.pod b/doc/crypto/d2i_DSAPublicKey.pod index e999376..44451cf 100644 --- a/doc/crypto/d2i_DSAPublicKey.pod +++ b/doc/crypto/d2i_DSAPublicKey.pod @@ -68,7 +68,7 @@ If B is zero then only the B field is encoded as an B. If B is 1 then a B consisting of the B
, B, B and B respectively fields are encoded. -The B functions also use a non standard structure consiting +The B functions also use a non standard structure consisting consisting of a SEQUENCE containing the B
, B, B and B and B fields respectively. diff --git a/doc/crypto/d2i_X509_ALGOR.pod b/doc/crypto/d2i_X509_ALGOR.pod index 9e5cd92..272a138 100644 --- a/doc/crypto/d2i_X509_ALGOR.pod +++ b/doc/crypto/d2i_X509_ALGOR.pod @@ -16,7 +16,7 @@ d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions. These functions decode and encode an B structure which is equivalent to the B structure. -Othewise these behave in a similar way to d2i_X509() and i2d_X509() +Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/d2i_X509_CRL.pod b/doc/crypto/d2i_X509_CRL.pod index 675d38b..5ace93a 100644 --- a/doc/crypto/d2i_X509_CRL.pod +++ b/doc/crypto/d2i_X509_CRL.pod @@ -23,7 +23,7 @@ i2d_X509_CRL_bio, i2d_X509_CRL_fp - PKCS#10 certificate request functions. These functions decode and encode an X509 CRL (certificate revocation list). -Othewise the functions behave in a similar way to d2i_X509() and i2d_X509() +Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/d2i_X509_NAME.pod b/doc/crypto/d2i_X509_NAME.pod index 343ffe1..fe0b6c0 100644 --- a/doc/crypto/d2i_X509_NAME.pod +++ b/doc/crypto/d2i_X509_NAME.pod @@ -17,7 +17,7 @@ These functions decode and encode an B structure which is the the same as the B type defined in RFC2459 (and elsewhere) and used for example in certificate subject and issuer names. -Othewise the functions behave in a similar way to d2i_X509() and i2d_X509() +Otherwise the functions behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/d2i_X509_REQ.pod b/doc/crypto/d2i_X509_REQ.pod index 91c0c19..3a52df4 100644 --- a/doc/crypto/d2i_X509_REQ.pod +++ b/doc/crypto/d2i_X509_REQ.pod @@ -22,7 +22,7 @@ i2d_X509_REQ_bio, i2d_X509_REQ_fp - PKCS#10 certificate request functions. These functions decode and encode a PKCS#10 certificate request. -Othewise these behave in a similar way to d2i_X509() and i2d_X509() +Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/d2i_X509_SIG.pod b/doc/crypto/d2i_X509_SIG.pod index e48fd79..38a6f20 100644 --- a/doc/crypto/d2i_X509_SIG.pod +++ b/doc/crypto/d2i_X509_SIG.pod @@ -16,7 +16,7 @@ d2i_X509_SIG, i2d_X509_SIG - DigestInfo functions. These functions decode and encode an X509_SIG structure which is equivalent to the B structure defined in PKCS#1 and PKCS#7. -Othewise these behave in a similar way to d2i_X509() and i2d_X509() +Otherwise these behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. =head1 SEE ALSO diff --git a/doc/crypto/ec.pod b/doc/crypto/ec.pod index 7d57ba8..aee0fdf 100644 --- a/doc/crypto/ec.pod +++ b/doc/crypto/ec.pod @@ -184,7 +184,7 @@ The creation and destruction of B objects is described in L objects are described in L. Functions for creating, destroying and manipulating B objects are explained in L, -whilst functions for performing mathematical operations and tests on B are coverd in L. +whilst functions for performing mathematical operations and tests on B are covered in L. For working with private and public keys refer to L. Implementations are covered in L. diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod index f5ab1c3..5eb065c 100644 --- a/doc/crypto/engine.pod +++ b/doc/crypto/engine.pod @@ -576,7 +576,7 @@ for any higher-level ENGINE functions such as ENGINE_ctrl_cmd_string(). by applications, administrations, users, etc. These can support arbitrary operations via ENGINE_ctrl(), including passing to and/or from the control commands data of any arbitrary type. These commands are supported in the -discovery mechanisms simply to allow applications determinie if an ENGINE +discovery mechanisms simply to allow applications to determine if an ENGINE supports certain specific commands it might want to use (eg. application "foo" might query various ENGINEs to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and ENGINE could therefore decide whether or not to support this "foo"-specific diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 4a5dc69..4b10f59 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -46,7 +46,7 @@ err - error codes =head1 DESCRIPTION -When a call to the OpenSSL library fails, this is usually signalled +When a call to the OpenSSL library fails, this is usually signaled by the return value, and an error code is stored in an error queue associated with the current thread. The B library provides functions to obtain these error codes and textual error messages. diff --git a/doc/fingerprints.txt b/doc/fingerprints.txt index b55d7bb..1863224 100644 --- a/doc/fingerprints.txt +++ b/doc/fingerprints.txt @@ -1,4 +1,4 @@ -Fingerprints for Signing Relases +Fingerprints for Signing Releases OpenSSL releases are signed with PGP/GnuPG keys. This file contains the fingerprints of team members who are "authorized" to sign the diff --git a/doc/ssl/SSL_CTX_set_cert_cb.pod b/doc/ssl/SSL_CTX_set_cert_cb.pod index 141d828..1677ff0 100644 --- a/doc/ssl/SSL_CTX_set_cert_cb.pod +++ b/doc/ssl/SSL_CTX_set_cert_cb.pod @@ -43,7 +43,7 @@ SSL_add1_chain_cert(). It might also call SSL_certs_clear() to delete any certificates associated with the B object. -The certificate callback functionality supercedes the (largely broken) +The certificate callback functionality supersedes the (largely broken) functionality provided by the old client certificate callback interface. It is B called even is a certificate is already set so the callback can modify or delete the existing certificate. diff --git a/doc/ssl/SSL_CTX_set_security_level.pod b/doc/ssl/SSL_CTX_set_security_level.pod index d5d2539..a8a7ecc 100644 --- a/doc/ssl/SSL_CTX_set_security_level.pod +++ b/doc/ssl/SSL_CTX_set_security_level.pod @@ -34,7 +34,7 @@ SSL_CTX_set_security_level, SSL_set_security_level, SSL_CTX_get_security_level, =head1 DESCRIPTION The functions SSL_CTX_set_security_level() and SSL_set_security_level() set -the security level to B. If not set the libary default security level +the security level to B. If not set the library default security level is used. The functions SSL_CTX_get_security_level() and SSL_get_security_level() diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod index da0dd0f..af203b8 100644 --- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -15,7 +15,7 @@ SSL_CTX_set_tlsext_ticket_key_cb - set a callback for session ticket processing =head1 DESCRIPTION -SSL_CTX_set_tlsext_ticket_key_cb() sets a callback fuction I for handling +SSL_CTX_set_tlsext_ticket_key_cb() sets a callback function I for handling session tickets for the ssl context I. Session tickets, defined in RFC5077 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies @@ -40,13 +40,13 @@ The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket. -Before the callback function is started I and I have been +Before the callback function is started I and I have been initialised with EVP_CIPHER_CTX_init and HMAC_CTX_init respectively. For new sessions tickets, when the client doesn't present a session ticket, or -an attempted retreival of the ticket failed, or a renew option was indicated, +an attempted retrieval of the ticket failed, or a renew option was indicated, the callback function will be called with I equal to 1. The OpenSSL -library expects that the function will set an arbitary I, initialize +library expects that the function will set an arbitrary I, initialize I, and set the cipher context I and the hash context I. The I is 16 characters long and is used as a key identifier. @@ -54,22 +54,22 @@ The I is 16 characters long and is used as a key identifier. The I length is the length of the IV of the corresponding cipher. The maximum IV length is L bytes defined in B. -The initialization vector I should be a random value. The cipher context -I should use the initialisation vector I. The cipher context can be +The initialization vector I should be a random value. The cipher context +I should use the initialisation vector I. The cipher context can be set using L. The hmac context can be set using L. When the client presents a session ticket, the callback function with be called -with I set to 0 indicating that the I function should retreive a set +with I set to 0 indicating that the I function should retrieve a set of parameters. In this case I and I have already been parsed out of the session ticket. The OpenSSL library expects that the I will be used to retrieve a cryptographic parameters and that the cryptographic context -I will be set with the retreived parameters and the initialization vector +I will be set with the retrieved parameters and the initialization vector I. using a function like L. The I needs to be set using L. If the I is still valid but a renewal of the ticket is required the callback function should return 2. The library will call the callback again -with an arguement of enc equal to 1 to set the new ticket. +with an argument of enc equal to 1 to set the new ticket. The return value of the I function is used by OpenSSL to determine what further processing will occur. The following return values have meaning: @@ -92,7 +92,7 @@ continue on those parameters. =item Z<>0 This indicates that it was not possible to set/retrieve a session ticket and -the SSL/TLS session will continue by by negiotationing a set of cryptographic +the SSL/TLS session will continue by by negotiating a set of cryptographic parameters or using the alternate SSL/TLS resumption mechanism, session ids. If called with enc equal to 0 the library will call the I again to get @@ -107,10 +107,10 @@ This indicates an error. =head1 NOTES Session resumption shortcuts the TLS so that the client certificate -negiotation don't occur. It makes up for this by storing client certificate +negotiation don't occur. It makes up for this by storing client certificate an all other negotiated state information encrypted within the ticket. In a resumed session the applications will have all this state information available -exactly as if a full negiotation had occured. +exactly as if a full negotiation had occurred. If an attacker can obtain the key used to encrypt a session ticket, they can obtain the master secret for any ticket using that key and decrypt any traffic @@ -125,7 +125,7 @@ enable an attacker to obtain the session keys. =head1 EXAMPLES -Reference Implemention: +Reference Implementation: SSL_CTX_set_tlsext_ticket_key_cb(SSL,ssl_tlsext_ticket_key_cb); .... diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 9d37396..e750a85 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2354,7 +2354,7 @@ #define OBJ_delta_crl OBJ_id_ce,27L #define SN_issuing_distribution_point "issuingDistributionPoint" -#define LN_issuing_distribution_point "X509v3 Issuing Distrubution Point" +#define LN_issuing_distribution_point "X509v3 Issuing Distribution Point" #define NID_issuing_distribution_point 770 #define OBJ_issuing_distribution_point OBJ_id_ce,28L From matt at openssl.org Sun May 3 22:38:51 2015 From: matt at openssl.org (Matt Caswell) Date: Sun, 03 May 2015 22:38:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430692731.379331.14766.nullmailer@dev.openssl.org> The branch master has been updated via 59ef580a14a526f6dd8d86b632d67022976fabcd (commit) from 5812e6f17571345d9e8449459572e540379002d5 (commit) - Log ----------------------------------------------------------------- commit 59ef580a14a526f6dd8d86b632d67022976fabcd Author: mancha security Date: Sat May 2 22:34:46 2015 +0000 ssl/s3_srvr.c: Fix typo introduced via 69f682374868b. Incorrect name used for SSL_AD_INTERNAL_ERROR. Signed-off-by: mancha security Signed-off-by: Matt Caswell Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_srvr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index d2c8995..7a39967 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2537,7 +2537,7 @@ int ssl3_get_client_key_exchange(SSL *s) session->master_key, pms, outl); if (s->session->master_key_length < 0) { - al = SSL_INTERNAL_ERROR; + al = SSL_AD_INTERNAL_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); goto f_err; } From steve at openssl.org Mon May 4 12:06:45 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 04 May 2015 12:06:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430741205.516536.30880.nullmailer@dev.openssl.org> The branch master has been updated via b8cba00807e6dd766b7bcdd3656e250e05dbe56f (commit) via bdcb1a2cf553166edec0509f4bf3cd36fc964024 (commit) from 59ef580a14a526f6dd8d86b632d67022976fabcd (commit) - Log ----------------------------------------------------------------- commit b8cba00807e6dd766b7bcdd3656e250e05dbe56f Author: Dr. Stephen Henson Date: Mon May 4 00:59:48 2015 +0100 Return an error in ASN1_TYPE_unpack_sequence if argument is NULL Thanks to Brian Carpenter for reporting this issue. Reviewed-by: Richard Levitte commit bdcb1a2cf553166edec0509f4bf3cd36fc964024 Author: Dr. Stephen Henson Date: Sun May 3 17:32:05 2015 +0100 more OSSL_NELEM cases Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 +- apps/ca.c | 2 +- apps/speed.c | 2 +- crypto/asn1/a_type.c | 2 +- crypto/cryptlib.c | 4 ++-- crypto/x509v3/ext_dat.h | 2 +- test/constant_time_test.c | 8 ++++---- test/dhtest.c | 2 +- test/ectest.c | 4 +--- test/gost2814789test.c | 3 ++- test/igetest.c | 8 +++----- test/testutil.c | 3 ++- 12 files changed, 20 insertions(+), 22 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 1b76dbf..1e2970a 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2654,7 +2654,7 @@ int app_isdir(const char *name) # if defined(UNICODE) || defined(_UNICODE) size_t i, len_0 = strlen(name) + 1; - if (len_0 > sizeof(FileData.cFileName) / sizeof(FileData.cFileName[0])) + if (len_0 > OSSL_NELEM(FileData.cFileName)) return -1; # if !defined(_WIN32_WCE) || _WIN32_WCE>=101 diff --git a/apps/ca.c b/apps/ca.c index 0b92872..2f43a9b 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -2408,7 +2408,7 @@ static const char *crl_reasons[] = { "CAkeyTime" }; -#define NUM_REASONS (sizeof(crl_reasons) / sizeof(char *)) +#define NUM_REASONS OSSL_NELEM(crl_reasons) /* * Given revocation information convert to a DB string. The format of the diff --git a/apps/speed.c b/apps/speed.c index a5bd265..7a69485 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2438,7 +2438,7 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher) { static int mblengths[] = { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 }; - int j, count, num = sizeof(lengths) / sizeof(lengths[0]); + int j, count, num = OSSL_NELEM(lengths); const char *alg_name; unsigned char *inp, *out, no_key[32], no_iv[16]; EVP_CIPHER_CTX ctx; diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 864ebec..283baaa 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -179,7 +179,7 @@ ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t) void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t) { - if (t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL) + if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL) return NULL; return ASN1_item_unpack(t->value.sequence, it); } diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index be4cdb0..3742ff2 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -406,8 +406,8 @@ void OPENSSL_showfatal(const char *fmta, ...) } while (0); va_start(ap, fmta); - _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap); - buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0'); + _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap); + buf[OSSL_NELEM(buf) - 1] = _T('\0'); va_end(ap); # if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333 diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 4e0fe92..d43c86c 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -131,4 +131,4 @@ static const X509V3_EXT_METHOD *standard_exts[] = { /* Number of standard extensions */ -#define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *)) +#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts) diff --git a/test/constant_time_test.c b/test/constant_time_test.c index d313d0c..bdb2702 100644 --- a/test/constant_time_test.c +++ b/test/constant_time_test.c @@ -231,12 +231,12 @@ int main(int argc, char *argv[]) int num_failed = 0, num_all = 0; fprintf(stdout, "Testing constant time operations...\n"); - for (i = 0; i < sizeof(test_values) / sizeof(int); ++i) { + for (i = 0; i < OSSL_NELEM(test_values); ++i) { a = test_values[i]; num_failed += test_is_zero(a); num_failed += test_is_zero_8(a); num_all += 2; - for (j = 0; j < sizeof(test_values) / sizeof(int); ++j) { + for (j = 0; j < OSSL_NELEM(test_values); ++j) { b = test_values[j]; num_failed += test_binary_op(&constant_time_lt, "constant_time_lt", a, b, a < b); @@ -274,9 +274,9 @@ int main(int argc, char *argv[]) } } - for (i = 0; i < sizeof(signed_test_values) / sizeof(int); ++i) { + for (i = 0; i < OSSL_NELEM(signed_test_values); ++i) { c = signed_test_values[i]; - for (j = 0; j < sizeof(signed_test_values) / sizeof(int); ++j) { + for (j = 0; j < OSSL_NELEM(signed_test_values); ++j) { d = signed_test_values[j]; num_failed += test_select_int(c, d); num_failed += test_eq_int(c, d); diff --git a/test/dhtest.c b/test/dhtest.c index 621fcba..7e46166 100644 --- a/test/dhtest.c +++ b/test/dhtest.c @@ -485,7 +485,7 @@ static const rfc5114_td rfctd[] = { static int run_rfc5114_tests(void) { int i; - for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) { + for (i = 0; i < (int)OSSL_NELEM(rfctd); i++) { DH *dhA, *dhB; unsigned char *Z1 = NULL, *Z2 = NULL; const rfc5114_td *td = rfctd + i; diff --git a/test/ectest.c b/test/ectest.c index 7320d3d..4b15708 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1628,9 +1628,7 @@ static void nistp_tests() { unsigned i; - for (i = 0; - i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); - i++) { + for (i = 0; i < OSSL_NELEM(nistp_tests_params); i++) { nistp_single_test(&nistp_tests_params[i]); } } diff --git a/test/gost2814789test.c b/test/gost2814789test.c index 8384d66..4569249 100644 --- a/test/gost2814789test.c +++ b/test/gost2814789test.c @@ -26,6 +26,7 @@ int main(int argc, char *argv[]) # include # include # include +# include "e_os.h" # define CCGOST_ID "gost" @@ -1311,7 +1312,7 @@ int main(int argc, char *argv[]) } /* Test cases */ - for (t = 0; t < sizeof(tcs) / sizeof(tcs[0]); t++) { + for (t = 0; t < OSSL_NELEM(tcs); t++) { if (NULL == tcs[t].szDerive) { continue; } diff --git a/test/igetest.c b/test/igetest.c index 96e9884..9c80c85 100644 --- a/test/igetest.c +++ b/test/igetest.c @@ -55,6 +55,7 @@ #include #include #include +#include "e_os.h" #define TEST_SIZE 128 #define BIG_TEST_SIZE 10240 @@ -191,8 +192,7 @@ static int run_test_vectors(void) unsigned int n; int errs = 0; - for (n = 0; n < sizeof(ige_test_vectors) / sizeof(ige_test_vectors[0]); - ++n) { + for (n = 0; n < OSSL_NELEM(ige_test_vectors); ++n) { const struct ige_test *const v = &ige_test_vectors[n]; AES_KEY key; unsigned char buf[MAX_VECTOR_SIZE]; @@ -235,9 +235,7 @@ static int run_test_vectors(void) } } - for (n = 0; - n < sizeof(bi_ige_test_vectors) / sizeof(bi_ige_test_vectors[0]); - ++n) { + for (n = 0; n < OSSL_NELEM(bi_ige_test_vectors); ++n) { const struct bi_ige_test *const v = &bi_ige_test_vectors[n]; AES_KEY key1; AES_KEY key2; diff --git a/test/testutil.c b/test/testutil.c index 05ed589..70087d3 100644 --- a/test/testutil.c +++ b/test/testutil.c @@ -61,6 +61,7 @@ #include #include #include +#include "e_os.h" /* * Declares the structures needed to register each test case function. @@ -75,7 +76,7 @@ static int num_tests = 0; void add_test(const char *test_case_name, int (*test_fn) ()) { - assert(num_tests != (sizeof(all_tests) / sizeof(all_tests)[0])); + assert(num_tests != OSSL_NELEM(all_tests)); all_tests[num_tests].test_case_name = test_case_name; all_tests[num_tests].test_fn = test_fn; ++num_tests; From rsalz at openssl.org Mon May 4 14:45:08 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 04 May 2015 14:45:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430750708.327511.14036.nullmailer@dev.openssl.org> The branch master has been updated via b6d3cb543c2e91aa6820cde637db55ad1cee525f (commit) from b8cba00807e6dd766b7bcdd3656e250e05dbe56f (commit) - Log ----------------------------------------------------------------- commit b6d3cb543c2e91aa6820cde637db55ad1cee525f Author: Rich Salz Date: Mon May 4 07:52:27 2015 -0400 RT1369: don't do "helpful" access check. Don't do access check on destination directory; it breaks when euid/egid is different from real uid/gid. Reviewed-by: Richard Levitte Signed-off-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/ca.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/apps/ca.c b/apps/ca.c index 2f43a9b..b6cf47f 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -703,24 +703,13 @@ end_of_options: #ifndef OPENSSL_SYS_VMS /* * outdir is a directory spec, but access() for VMS demands a - * filename. In any case, stat(), below, will catch the problem if - * outdir is not a directory spec, and the fopen() or open() will - * catch an error if there is no write access. - * - * Presumably, this problem could also be solved by using the DEC C - * routines to convert the directory syntax to Unixly, and give that - * to access(). However, time's too short to do that just now. + * filename. We could use the DEC C routine to convert the + * directory syntax to Unixly, and give that to app_isdir, + * but for now the fopen will catch the error if it's not a + * directory */ - if (app_access(outdir, R_OK | W_OK | X_OK) != 0) - { - BIO_printf(bio_err, "I am unable to access the %s directory\n", - outdir); - perror(outdir); - goto end; - } - if (app_isdir(outdir) <= 0) { - BIO_printf(bio_err, "%s need to be a directory\n", outdir); + BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir); perror(outdir); goto end; } From rsalz at openssl.org Mon May 4 14:53:22 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 04 May 2015 14:53:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430751202.388642.15665.nullmailer@dev.openssl.org> The branch master has been updated via 23b0fa5ab6b6b9f0a9350e24ac5ddb8275802617 (commit) from b6d3cb543c2e91aa6820cde637db55ad1cee525f (commit) - Log ----------------------------------------------------------------- commit 23b0fa5ab6b6b9f0a9350e24ac5ddb8275802617 Author: Rich Salz Date: Mon May 4 10:34:51 2015 -0400 Fix cut/paste error Was memset with wrong sizeof. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index b9a9741..1d88f56 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -169,7 +169,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof *paramid); + memset(param, 0, sizeof *param); memset(paramid, 0, sizeof *paramid); param->id = paramid; x509_verify_param_zero(param); From rsalz at openssl.org Mon May 4 14:54:26 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 04 May 2015 14:54:26 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430751266.321237.16519.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 82e586a90b18fa91fb2756af4c36cc70ff097f6d (commit) from a65938663979e5452ce6fc42c82356d671bb5409 (commit) - Log ----------------------------------------------------------------- commit 82e586a90b18fa91fb2756af4c36cc70ff097f6d Author: Rich Salz Date: Mon May 4 10:34:51 2015 -0400 Fix cut/paste error Was memset with wrong sizeof. Reviewed-by: Richard Levitte (cherry picked from commit 23b0fa5ab6b6b9f0a9350e24ac5ddb8275802617) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_vpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index ad5c9e8..1ea0c69 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -181,7 +181,7 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof *paramid); + memset(param, 0, sizeof *param); memset(paramid, 0, sizeof *paramid); param->id = paramid; x509_verify_param_zero(param); From levitte at openssl.org Mon May 4 18:16:00 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 May 2015 18:16:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430763360.372239.12862.nullmailer@dev.openssl.org> The branch master has been updated via 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4 (commit) via b256f717f8ea001a03538044d4b0d259cb38d278 (commit) from 23b0fa5ab6b6b9f0a9350e24ac5ddb8275802617 (commit) - Log ----------------------------------------------------------------- commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4 Author: Richard Levitte Date: Mon May 4 17:34:40 2015 +0200 RT2943: Check sizes if -iv and -K arguments RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. Reviewed-by: Rich Salz commit b256f717f8ea001a03538044d4b0d259cb38d278 Author: Richard Levitte Date: Mon May 4 17:33:34 2015 +0200 Have -K actually take an argument, and correct help text Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/enc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index 8b892cf..e4d490f 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -113,7 +113,7 @@ OPTIONS enc_options[] = { {"bufsize", OPT_BUFSIZE, 's', "Buffer size"}, {"k", OPT_K, 's', "Passphrase"}, {"kfile", OPT_KFILE, '<', "Fead passphrase from file"}, - {"K", OPT_UPPER_K, '-', "Same as -iv"}, + {"K", OPT_UPPER_K, 's', "Raw key, in hex"}, {"S", OPT_UPPER_S, 's', "Salt, in hex"}, {"iv", OPT_IV, 's', "IV in hex"}, {"md", OPT_MD, 's', "Use specified digest to create key from passphrase"}, @@ -459,9 +459,14 @@ int enc_main(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -473,7 +478,7 @@ int enc_main(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } From rsalz at openssl.org Mon May 4 19:00:27 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 04 May 2015 19:00:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430766027.566172.17816.nullmailer@dev.openssl.org> The branch master has been updated via b4faea50c35d92a67d1369355b49cc3efba78406 (commit) from 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4 (commit) - Log ----------------------------------------------------------------- commit b4faea50c35d92a67d1369355b49cc3efba78406 Author: Rich Salz Date: Fri May 1 23:10:31 2015 -0400 Use safer sizeof variant in malloc For a local variable: TYPE *p; Allocations like this are "risky": p = OPENSSL_malloc(sizeof(TYPE)); if the type of p changes, and the malloc call isn't updated, you could get memory corruption. Instead do this: p = OPENSSL_malloc(sizeof(*p)); Also fixed a few memset() calls that I noticed while doing this. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 9 +++++---- apps/ca.c | 4 ++-- apps/cms.c | 2 +- apps/ecparam.c | 2 +- apps/openssl.c | 2 +- apps/s_cb.c | 2 +- apps/s_server.c | 6 +++--- apps/speed.c | 2 +- apps/srp.c | 2 +- apps/vms_decc_init.c | 2 +- crypto/LPdir_unix.c | 4 ++-- crypto/LPdir_vms.c | 4 ++-- crypto/LPdir_win.c | 4 ++-- crypto/asn1/a_object.c | 2 +- crypto/asn1/a_strnid.c | 2 +- crypto/asn1/ameth_lib.c | 2 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/asn_mime.c | 4 ++-- crypto/asn1/bio_asn1.c | 2 +- crypto/asn1/bio_ndef.c | 2 +- crypto/asn1/tasn_new.c | 2 +- crypto/asn1/tasn_prn.c | 2 +- crypto/asn1/tasn_scn.c | 2 +- crypto/asn1/x_crl.c | 2 +- crypto/asn1/x_info.c | 2 +- crypto/asn1/x_pkey.c | 4 ++-- crypto/bio/bf_buff.c | 3 +-- crypto/bio/bf_lbuf.c | 2 +- crypto/bio/bf_nbio.c | 2 +- crypto/bio/bio_lib.c | 3 +-- crypto/bio/bss_acpt.c | 2 +- crypto/bio/bss_bio.c | 2 +- crypto/bio/bss_conn.c | 2 +- crypto/bio/bss_dgram.c | 4 ++-- crypto/bn/Makefile | 14 +++++++------- crypto/bn/bn_blind.c | 2 +- crypto/bn/bn_ctx.c | 4 ++-- crypto/bn/bn_gf2m.c | 10 +++++----- crypto/bn/bn_lib.c | 6 +++--- crypto/bn/bn_mont.c | 2 +- crypto/bn/bn_recp.c | 2 +- crypto/buffer/buffer.c | 2 +- crypto/cmac/cmac.c | 3 ++- crypto/comp/c_zlib.c | 4 ++-- crypto/comp/comp_lib.c | 2 +- crypto/conf/conf_api.c | 2 +- crypto/conf/conf_def.c | 4 ++-- crypto/conf/conf_mod.c | 4 ++-- crypto/dh/dh_lib.c | 2 +- crypto/dh/dh_pmeth.c | 2 +- crypto/dsa/dsa_asn1.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- crypto/dsa/dsa_pmeth.c | 2 +- crypto/dso/dso_lib.c | 2 +- crypto/dso/dso_vms.c | 2 +- crypto/dso/dso_win32.c | 4 ++-- crypto/ec/Makefile | 11 ++++++----- crypto/ec/ec_key.c | 3 +-- crypto/ec/ec_lib.c | 10 +++++----- crypto/ec/ec_mult.c | 8 ++++---- crypto/ec/ec_pmeth.c | 3 ++- crypto/ec/ecp_nistp224.c | 4 ++-- crypto/ec/ecp_nistp256.c | 4 ++-- crypto/ec/ecp_nistp521.c | 4 ++-- crypto/ec/ecp_nistz256.c | 4 ++-- crypto/ecdh/ech_lib.c | 2 +- crypto/ecdsa/ecs_lib.c | 4 ++-- crypto/engine/eng_dyn.c | 4 ++-- crypto/engine/eng_lib.c | 4 ++-- crypto/engine/eng_openssl.c | 2 +- crypto/engine/eng_table.c | 2 +- crypto/err/err.c | 6 +++--- crypto/evp/bio_b64.c | 2 +- crypto/evp/bio_enc.c | 2 +- crypto/evp/bio_ok.c | 2 +- crypto/evp/digest.c | 8 ++++---- crypto/evp/evp_enc.c | 4 ++-- crypto/evp/evp_pbe.c | 3 ++- crypto/evp/p_lib.c | 2 +- crypto/evp/pmeth_lib.c | 7 ++++--- crypto/ex_data.c | 4 ++-- crypto/hmac/hm_pmeth.c | 2 +- crypto/hmac/hmac.c | 2 +- crypto/jpake/jpake.c | 4 ++-- crypto/lhash/lhash.c | 6 +++--- crypto/lock.c | 2 +- crypto/mem_dbg.c | 4 ++-- crypto/modes/gcm128.c | 2 +- crypto/modes/ocb128.c | 2 +- crypto/objects/Makefile | 8 ++++---- crypto/objects/o_names.c | 8 ++++---- crypto/objects/obj_dat.c | 11 ++++------- crypto/objects/obj_xref.c | 2 +- crypto/ocsp/ocsp_ht.c | 4 ++-- crypto/pqueue/pqueue.c | 4 ++-- crypto/rsa/rsa_lib.c | 2 +- crypto/rsa/rsa_pmeth.c | 2 +- crypto/srp/srp_vfy.c | 8 ++++---- crypto/stack/stack.c | 4 ++-- crypto/store/str_lib.c | 13 +++++++------ crypto/store/str_mem.c | 2 +- crypto/store/str_meth.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/txt_db/txt_db.c | 2 +- crypto/ui/ui_lib.c | 6 +++--- crypto/x509/by_dir.c | 6 +++--- crypto/x509/x509_lu.c | 8 ++++---- crypto/x509/x509_trs.c | 2 +- crypto/x509/x509_vfy.c | 3 +-- crypto/x509/x509_vpm.c | 8 ++++---- crypto/x509/x_name.c | 4 ++-- crypto/x509v3/pcy_cache.c | 2 +- crypto/x509v3/pcy_data.c | 2 +- crypto/x509v3/pcy_node.c | 2 +- crypto/x509v3/pcy_tree.c | 4 ++-- crypto/x509v3/v3_asid.c | 2 +- crypto/x509v3/v3_lib.c | 2 +- crypto/x509v3/v3_purp.c | 2 +- crypto/x509v3/v3_scts.c | 2 +- crypto/x509v3/v3_utl.c | 2 +- demos/state_machine/state_machine.c | 2 +- engines/ccgost/gost_pmeth.c | 7 ++++--- engines/e_capi.c | 8 ++++---- engines/e_chil.c | 2 +- engines/e_gmp.c | 3 ++- ssl/bio_ssl.c | 3 +-- ssl/d1_both.c | 2 +- ssl/d1_lib.c | 4 ++-- ssl/record/rec_layer_d1.c | 7 +++---- ssl/s3_enc.c | 4 ++-- ssl/s3_lib.c | 8 ++++---- ssl/ssl_cert.c | 10 ++++------ ssl/ssl_ciph.c | 8 ++++---- ssl/ssl_conf.c | 4 ++-- ssl/ssl_lib.c | 4 ++-- ssl/ssl_sess.c | 2 +- ssl/t1_enc.c | 2 +- test/Makefile | 23 ++++++++++++----------- test/ecdsatest.c | 4 +--- test/ectest.c | 4 +--- test/evp_test.c | 10 +++++----- 142 files changed, 278 insertions(+), 283 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 1e2970a..797e250 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -180,7 +180,7 @@ int chopup_args(ARGS *arg, char *buf) arg->argc = 0; if (arg->size == 0) { arg->size = 20; - arg->argv = app_malloc(sizeof(char *) * arg->size, "argv space"); + arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space"); if (arg->argv == NULL) return 0; } @@ -195,7 +195,8 @@ int chopup_args(ARGS *arg, char *buf) /* The start of something good :-) */ if (arg->argc >= arg->size) { arg->size += 20; - arg->argv = OPENSSL_realloc(arg->argv, sizeof(char *) * arg->size); + arg->argv = OPENSSL_realloc(arg->argv, + sizeof(*arg->argv) * arg->size); if (arg->argv == NULL) return 0; } @@ -1585,7 +1586,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) } } - retdb = app_malloc(sizeof *retdb, "new DB"); + retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; tmpdb = NULL; if (db_attr) @@ -2364,7 +2365,7 @@ static int WIN32_rename(const char *from, const char *to) } else { /* UNICODE path */ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; - tfrom = (TCHAR *)malloc(sizeof(TCHAR) * (flen + tlen)); + tfrom = malloc(*sizeof(*tfrom) * (flen + tlen)); if (tfrom == NULL) goto err; tto = tfrom + flen; diff --git a/apps/ca.c b/apps/ca.c index b6cf47f..abce534 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1970,7 +1970,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, row[DB_type][0] = 'V'; row[DB_type][1] = '\0'; - irow = app_malloc(sizeof(char *) * (DB_NUMBER + 1), "row space"); + irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space"); for (i = 0; i < DB_NUMBER; i++) { irow[i] = row[i]; row[i] = NULL; @@ -2207,7 +2207,7 @@ static int do_revoke(X509 *x509, CA_DB *db, int type, char *value) row[DB_type][0] = 'V'; row[DB_type][1] = '\0'; - irow = app_malloc(sizeof(char *) * (DB_NUMBER + 1), "row ptr"); + irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr"); for (i = 0; i < DB_NUMBER; i++) { irow[i] = row[i]; row[i] = NULL; diff --git a/apps/cms.c b/apps/cms.c index 79d0b8f..5eb5d2d 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -570,7 +570,7 @@ int cms_main(int argc, char **argv) } if (key_param == NULL || key_param->idx != keyidx) { cms_key_param *nparam; - nparam = app_malloc(sizeof *nparam, "key param buffer"); + nparam = app_malloc(sizeof(*nparam), "key param buffer"); nparam->idx = keyidx; if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index dd0e8f5..5ceaec7 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -232,7 +232,7 @@ int ecparam_main(int argc, char **argv) size_t crv_len = EC_get_builtin_curves(NULL, 0); size_t n; - curves = app_malloc((int)(sizeof *curves * crv_len), "list curves"); + curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves"); if (!EC_get_builtin_curves(curves, crv_len)) { OPENSSL_free(curves); goto end; diff --git a/apps/openssl.c b/apps/openssl.c index b71f3d1..fa3b683 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -804,7 +804,7 @@ static LHASH_OF(FUNCTION) *prog_init(void) /* Sort alphabetically within category. For nicer help displays. */ for (i = 0, f = functions; f->name != NULL; ++f, ++i) ; - qsort(functions, i, sizeof *functions, SortFnByName); + qsort(functions, i, sizeof(*functions), SortFnByName); if ((ret = lh_FUNCTION_new()) == NULL) return (NULL); diff --git a/apps/s_cb.c b/apps/s_cb.c index 13a3a25..d371cc9 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1173,7 +1173,7 @@ void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc) static int ssl_excert_prepend(SSL_EXCERT **pexc) { - SSL_EXCERT *exc = app_malloc(sizeof *exc, "prepend cert"); + SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert"); exc->certfile = NULL; exc->keyfile = NULL; diff --git a/apps/s_server.c b/apps/s_server.c index fead620..c1b799f 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -461,7 +461,7 @@ static int ebcdic_new(BIO *bi) { EBCDIC_OUTBUFF *wbuf; - wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + 1024, "ebcdef wbuf"); + wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf"); wbuf->alloced = 1024; wbuf->buff[0] = '\0'; @@ -515,7 +515,7 @@ static int ebcdic_write(BIO *b, const char *in, int inl) num = num + num; /* double the size */ if (num < inl) num = inl; - wbuf = app_malloc(sizeof(EBCDIC_OUTBUFF) + num, "grow ebcdic wbuf"); + wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf"); OPENSSL_free(b->ptr); wbuf->alloced = num; @@ -3127,7 +3127,7 @@ static simple_ssl_session *first = NULL; static int add_session(SSL *ssl, SSL_SESSION *session) { - simple_ssl_session *sess = app_malloc(sizeof *sess, "get session"); + simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session"); unsigned char *p; SSL_SESSION_get_id(session, &sess->idlen); diff --git a/apps/speed.c b/apps/speed.c index 7a69485..00c7c41 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2283,7 +2283,7 @@ static int do_multi(int multi) int *fds; static char sep[] = ":"; - fds = malloc(multi * sizeof *fds); + fds = malloc(sizeof(*fds) * multi); for (n = 0; n < multi; ++n) { if (pipe(fd) == -1) { fprintf(stderr, "pipe failure\n"); diff --git a/apps/srp.c b/apps/srp.c index 8b44780..c7a93cf 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -138,7 +138,7 @@ static int update_index(CA_DB *db, char **row) char **irow; int i; - irow = app_malloc(sizeof(char *) * (DB_NUMBER + 1), "row pointers"); + irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers"); for (i = 0; i < DB_NUMBER; i++) { irow[i] = row[i]; row[i] = NULL; diff --git a/apps/vms_decc_init.c b/apps/vms_decc_init.c index 3ec7b54..2b273ac 100644 --- a/apps/vms_decc_init.c +++ b/apps/vms_decc_init.c @@ -130,7 +130,7 @@ char **copy_argv(int *argc, char *argv[]) */ int i, count = *argc; - char **newargv = app_malloc((count + 1) * sizeof *newargv, "argv copy"); + char **newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy"); for (i = 0; i < count; i++) newargv[i] = argv[i]; diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c index bead6ab..3a14da1 100644 --- a/crypto/LPdir_unix.c +++ b/crypto/LPdir_unix.c @@ -78,12 +78,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) errno = 0; if (*ctx == NULL) { - *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + *ctx = malloc(sizeof(**ctx)); if (*ctx == NULL) { errno = ENOMEM; return 0; } - memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + memset(*ctx, '\0', sizeof(**ctx)); (*ctx)->dir = opendir(directory); if ((*ctx)->dir == NULL) { diff --git a/crypto/LPdir_vms.c b/crypto/LPdir_vms.c index 88c7ddd..1e8f9e7 100644 --- a/crypto/LPdir_vms.c +++ b/crypto/LPdir_vms.c @@ -104,12 +104,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) return 0; } - *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + *ctx = malloc(sizeof(**ctx)); if (*ctx == NULL) { errno = ENOMEM; return 0; } - memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + memset(*ctx, '\0', sizeof(**ctx)); strcpy((*ctx)->filespec, directory); strcat((*ctx)->filespec, "*.*;"); diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c index 07e63fb..78a796d 100644 --- a/crypto/LPdir_win.c +++ b/crypto/LPdir_win.c @@ -69,12 +69,12 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) return 0; } - *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX)); + *ctx = malloc(sizeof(**ctx)); if (*ctx == NULL) { errno = ENOMEM; return 0; } - memset(*ctx, '\0', sizeof(LP_DIR_CTX)); + memset(*ctx, '\0', sizeof(**ctx)); if (directory[dirlen - 1] != '*') { extdirbuf = (char *)malloc(dirlen + 3); diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 809e9a4..7cedce8 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -345,7 +345,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void) { ASN1_OBJECT *ret; - ret = OPENSSL_malloc(sizeof(ASN1_OBJECT)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 5126298..071613b 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -240,7 +240,7 @@ static ASN1_STRING_TABLE *stable_get(int nid) tmp = ASN1_STRING_TABLE_get(nid); if (tmp && tmp->flags & STABLE_FLAGS_MALLOC) return tmp; - rv = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); + rv = OPENSSL_malloc(sizeof(*rv)); if (!rv) return NULL; if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 49f4e5a..c7acb46 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -284,7 +284,7 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, const char *pem_str, const char *info) { EVP_PKEY_ASN1_METHOD *ameth; - ameth = OPENSSL_malloc(sizeof(EVP_PKEY_ASN1_METHOD)); + ameth = OPENSSL_malloc(sizeof(*ameth)); if (!ameth) return NULL; diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index e1e509b..bda6ab0 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -349,7 +349,7 @@ ASN1_STRING *ASN1_STRING_type_new(int type) { ASN1_STRING *ret; - ret = OPENSSL_malloc(sizeof(ASN1_STRING)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index e8411a8..da5b417 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -844,7 +844,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) } } } - mhdr = OPENSSL_malloc(sizeof(MIME_HEADER)); + mhdr = OPENSSL_malloc(sizeof(*mhdr)); if (!mhdr) goto err; mhdr->name = tmpname; @@ -883,7 +883,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) goto err; } /* Parameter values are case sensitive so leave as is */ - mparam = OPENSSL_malloc(sizeof(MIME_PARAM)); + mparam = OPENSSL_malloc(sizeof(*mparam)); if (!mparam) goto err; mparam->param_name = tmpname; diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index ba39069..910d06f 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -146,7 +146,7 @@ BIO_METHOD *BIO_f_asn1(void) static int asn1_bio_new(BIO *b) { BIO_ASN1_BUF_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(BIO_ASN1_BUF_CTX)); + ctx = OPENSSL_malloc(sizeof(*ctx)); if (!ctx) return 0; if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index de517f2..ff2fdf5 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -106,7 +106,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); return NULL; } - ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT)); + ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux)); asn_bio = BIO_new(BIO_f_asn1()); /* ASN1 bio needs to be next to output BIO */ diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index aeced95..f54bd9b 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -319,7 +319,7 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it) return 1; case V_ASN1_ANY: - typ = OPENSSL_malloc(sizeof(ASN1_TYPE)); + typ = OPENSSL_malloc(sizeof(*typ)); if (!typ) return 0; typ->value.ptr = NULL; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 76d584b..e080e72 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -85,7 +85,7 @@ ASN1_PCTX default_pctx = { ASN1_PCTX *ASN1_PCTX_new(void) { ASN1_PCTX *ret; - ret = OPENSSL_malloc(sizeof(ASN1_PCTX)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index cedea9c..43a125c 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -75,7 +75,7 @@ ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) { ASN1_SCTX *ret; - ret = OPENSSL_malloc(sizeof(ASN1_SCTX)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index a32158b..0d759be 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -476,7 +476,7 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl), EVP_PKEY *pk)) { X509_CRL_METHOD *m; - m = OPENSSL_malloc(sizeof(X509_CRL_METHOD)); + m = OPENSSL_malloc(sizeof(*m)); if (!m) return NULL; m->crl_init = crl_init; diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c index 5b927ef..856bcf5 100644 --- a/crypto/asn1/x_info.c +++ b/crypto/asn1/x_info.c @@ -66,7 +66,7 @@ X509_INFO *X509_INFO_new(void) { X509_INFO *ret = NULL; - ret = OPENSSL_malloc(sizeof(X509_INFO)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index 59e002b..b01616f 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -66,10 +66,10 @@ X509_PKEY *X509_PKEY_new(void) { X509_PKEY *ret = NULL; - ret = OPENSSL_malloc(sizeof(X509_PKEY)); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) goto err; - memset(ret, 0, sizeof(X509_PKEY)); + memset(ret, 0, sizeof(*ret)); ret->version = 0; ret->enc_algor = X509_ALGOR_new(); diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 53a1204..6487f43 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -91,9 +91,8 @@ BIO_METHOD *BIO_f_buffer(void) static int buffer_new(BIO *bi) { - BIO_F_BUFFER_CTX *ctx; + BIO_F_BUFFER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - ctx = OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); if (ctx == NULL) return (0); ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE); diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index d7906b4..e948e92 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -104,7 +104,7 @@ static int linebuffer_new(BIO *bi) { BIO_LINEBUFFER_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(BIO_LINEBUFFER_CTX)); + ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return (0); ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE); diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 9b9c0c0..53829dd 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -102,7 +102,7 @@ static int nbiof_new(BIO *bi) { NBIO_TEST *nt; - if (!(nt = OPENSSL_malloc(sizeof(NBIO_TEST)))) + if (!(nt = OPENSSL_malloc(sizeof(*nt)))) return (0); nt->lrn = -1; nt->lwn = -1; diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index e7957a7..7542d1c 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -65,9 +65,8 @@ BIO *BIO_new(BIO_METHOD *method) { - BIO *ret = NULL; + BIO *ret = OPENSSL_malloc(sizeof(*ret)); - ret = OPENSSL_malloc(sizeof(BIO)); if (ret == NULL) { BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 6793fe1..cde8da3 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -137,7 +137,7 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void) { BIO_ACCEPT *ret; - if ((ret = OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); memset(ret, 0, sizeof(BIO_ACCEPT)); diff --git a/crypto/bio/bss_bio.c b/crypto/bio/bss_bio.c index c9b8e7f..afd2107 100644 --- a/crypto/bio/bss_bio.c +++ b/crypto/bio/bss_bio.c @@ -144,7 +144,7 @@ static int bio_new(BIO *bio) { struct bio_bio_st *b; - b = OPENSSL_malloc(sizeof *b); + b = OPENSSL_malloc(sizeof(*b)); if (b == NULL) return 0; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 0b82082..b8fa828 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -286,7 +286,7 @@ BIO_CONNECT *BIO_CONNECT_new(void) { BIO_CONNECT *ret; - if ((ret = OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); ret->state = BIO_CONN_S_BEFORE; ret->param_hostname = NULL; diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 406d46b..fb1564c 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -225,7 +225,7 @@ static int dgram_new(BIO *bi) bi->init = 0; bi->num = 0; - data = OPENSSL_malloc(sizeof(bio_dgram_data)); + data = OPENSSL_malloc(sizeof(*data)); if (data == NULL) return 0; memset(data, 0x00, sizeof(bio_dgram_data)); @@ -1085,7 +1085,7 @@ static int dgram_sctp_new(BIO *bi) bi->init = 0; bi->num = 0; - data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data)); + data = OPENSSL_malloc(sizeof(*data)); if (data == NULL) return 0; memset(data, 0x00, sizeof(bio_dgram_sctp_data)); diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 5b45f11..2bae4ab 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -215,7 +215,7 @@ bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h bn_depr.o: ../cryptlib.h ../include/internal/bn_int.h bn_depr.c bn_lcl.h -bn_dh.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +bn_dh.o: ../../e_os.h ../../include/openssl/bn.h ../../include/openssl/crypto.h bn_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h bn_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_dh.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h @@ -391,12 +391,12 @@ bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_sqrt.o: ../include/internal/bn_int.h bn_lcl.h bn_sqrt.c -bn_srp.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -bn_srp.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h -bn_srp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -bn_srp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_srp.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h -bn_srp.o: bn_lcl.h bn_srp.c +bn_srp.o: ../../e_os.h ../../include/openssl/bn.h +bn_srp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +bn_srp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +bn_srp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +bn_srp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +bn_srp.o: ../include/internal/bn_int.h bn_lcl.h bn_srp.c bn_word.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 659638b..9338cdd 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -137,7 +137,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) bn_check_top(mod); - if ((ret = OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index d2dd1e6..481c9d2 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -186,7 +186,7 @@ static void ctxdbg(BN_CTX *ctx) BN_CTX *BN_CTX_new(void) { - BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX)); + BN_CTX *ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) { BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -353,7 +353,7 @@ static BIGNUM *BN_POOL_get(BN_POOL *p) if (p->used == p->size) { BIGNUM *bn; unsigned int loop = 0; - BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM)); + BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(*item)); if (!item) return NULL; /* Initialise the structure */ diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index c87c5d9..50d7c74 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -551,7 +551,7 @@ int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(a); bn_check_top(b); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -609,7 +609,7 @@ int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) bn_check_top(a); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1025,7 +1025,7 @@ int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, bn_check_top(a); bn_check_top(b); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1084,7 +1084,7 @@ int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) int *arr = NULL; bn_check_top(a); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { @@ -1214,7 +1214,7 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, int *arr = NULL; bn_check_top(a); bn_check_top(p); - if ((arr = OPENSSL_malloc(sizeof(int) * max)) == NULL) + if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL) goto err; ret = BN_GF2m_poly2arr(p, arr, max); if (!ret || ret > max) { diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 3e9ea8e..6fc0e39 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -268,7 +268,7 @@ BIGNUM *BN_new(void) { BIGNUM *ret; - if ((ret = OPENSSL_malloc(sizeof(BIGNUM))) == NULL) { + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } @@ -299,7 +299,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); return (NULL); } - a = A = OPENSSL_malloc(sizeof(BN_ULONG) * words); + a = A = OPENSSL_malloc(sizeof(*a) * words); if (A == NULL) { BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE); return (NULL); @@ -919,7 +919,7 @@ BN_GENCB *BN_GENCB_new(void) { BN_GENCB *ret; - if ((ret = OPENSSL_malloc(sizeof(BN_GENCB))) == NULL) { + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index f19910d..d07afcc 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -314,7 +314,7 @@ BN_MONT_CTX *BN_MONT_CTX_new(void) { BN_MONT_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); BN_MONT_CTX_init(ret); diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index ef1972b..3ab486b 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -71,7 +71,7 @@ BN_RECP_CTX *BN_RECP_CTX_new(void) { BN_RECP_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); BN_RECP_CTX_init(ret); diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index c77fdc5..b41b8f2 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -71,7 +71,7 @@ BUF_MEM *BUF_MEM_new(void) { BUF_MEM *ret; - ret = OPENSSL_malloc(sizeof(BUF_MEM)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index 5e8fdc3..e7db320 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -90,7 +90,8 @@ static void make_kn(unsigned char *k1, const unsigned char *l, int bl) CMAC_CTX *CMAC_CTX_new(void) { CMAC_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(CMAC_CTX)); + + ctx = OPENSSL_malloc(sizeof(*ctx)); if (!ctx) return NULL; EVP_CIPHER_CTX_init(&ctx->cctx); diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 334c78f..2d5b54f 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -119,7 +119,7 @@ static int zlib_stateful_ex_idx = -1; static int zlib_stateful_init(COMP_CTX *ctx) { int err; - struct zlib_state *state = OPENSSL_malloc(sizeof(struct zlib_state)); + struct zlib_state *state = OPENSSL_malloc(sizeof(*state)); if (state == NULL) goto err; @@ -347,7 +347,7 @@ static int bio_zlib_new(BIO *bi) return 0; } # endif - ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX)); + ctx = OPENSSL_malloc(sizeof(*ctx)); if (!ctx) { COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 7bcdd6b..9feb0af 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -8,7 +8,7 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { COMP_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) { + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { /* ZZZZZZZZZZZZZZZZ */ return (NULL); } diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index 59808a3..3badf7f 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -255,7 +255,7 @@ CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) if ((sk = sk_CONF_VALUE_new_null()) == NULL) goto err; - if ((v = OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL) + if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) goto err; i = strlen(section) + 1; if ((v->section = OPENSSL_malloc(i)) == NULL) diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 0ed06e1..8af2ab1 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -130,7 +130,7 @@ static CONF *def_create(CONF_METHOD *meth) { CONF *ret; - ret = OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret) if (meth->init(ret) == 0) { OPENSSL_free(ret); @@ -357,7 +357,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) p++; *p = '\0'; - if (!(v = OPENSSL_malloc(sizeof(CONF_VALUE)))) { + if (!(v = OPENSSL_malloc(sizeof(*v)))) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 18fe38b..23d2a58 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -281,7 +281,7 @@ static CONF_MODULE *module_add(DSO *dso, const char *name, supported_modules = sk_CONF_MODULE_new_null(); if (supported_modules == NULL) return NULL; - tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); + tmod = OPENSSL_malloc(sizeof(*tmod)); if (tmod == NULL) return NULL; @@ -336,7 +336,7 @@ static int module_init(CONF_MODULE *pmod, char *name, char *value, CONF_IMODULE *imod = NULL; /* Otherwise add initialized module to list */ - imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); + imod = OPENSSL_malloc(sizeof(*imod)); if (!imod) goto err; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 10e98c6..1ae081c 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -109,7 +109,7 @@ DH *DH_new(void) DH *DH_new_method(ENGINE *engine) { - DH *ret = OPENSSL_malloc(sizeof(DH)); + DH *ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE); diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index be44c0b..1e10364 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -98,7 +98,7 @@ typedef struct { static int pkey_dh_init(EVP_PKEY_CTX *ctx) { DH_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(DH_PKEY_CTX)); + dctx = OPENSSL_malloc(sizeof(*dctx)); if (!dctx) return 0; dctx->prime_len = 1024; diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index d79f261..0f0c515 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -70,7 +70,7 @@ static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { if (operation == ASN1_OP_NEW_PRE) { DSA_SIG *sig; - sig = OPENSSL_malloc(sizeof(DSA_SIG)); + sig = OPENSSL_malloc(sizeof(*sig)); if (!sig) { DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index aec1b36..2a193c8 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -117,7 +117,7 @@ DSA *DSA_new_method(ENGINE *engine) { DSA *ret; - ret = OPENSSL_malloc(sizeof(DSA)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 7aa1054..853612a 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -81,7 +81,7 @@ typedef struct { static int pkey_dsa_init(EVP_PKEY_CTX *ctx) { DSA_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(DSA_PKEY_CTX)); + dctx = OPENSSL_malloc(sizeof(*dctx)); if (!dctx) return 0; dctx->nbits = 1024; diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index 99701d1..a0e711c 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -104,7 +104,7 @@ DSO *DSO_new_method(DSO_METHOD *meth) */ default_DSO_meth = DSO_METHOD_openssl(); } - ret = OPENSSL_malloc(sizeof(DSO)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 821e238..07ec1cd 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -230,7 +230,7 @@ static int vms_load(DSO *dso) goto err; } - p = DSO_MALLOC(sizeof(DSO_VMS_INTERNAL)); + p = DSO_MALLOC(sizeof(*p)); if (p == NULL) { DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 144d8e6..bd96c5d 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -168,7 +168,7 @@ static int win32_load(DSO *dso) ERR_add_error_data(3, "filename(", filename, ")"); goto err; } - p = OPENSSL_malloc(sizeof(HINSTANCE)); + p = OPENSSL_malloc(sizeof(*p)); if (p == NULL) { DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE); goto err; @@ -304,7 +304,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, return (NULL); } - result = OPENSSL_malloc(sizeof(struct file_st)); + result = OPENSSL_malloc(sizeof(*result)); if (result == NULL) { DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 423f60b..ec17b3f 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -143,11 +143,12 @@ ec_check.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h ec_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_check.o: ../../include/openssl/symhacks.h ec_check.c ec_lcl.h -ec_curve.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -ec_curve.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h -ec_curve.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -ec_curve.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -ec_curve.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h +ec_curve.o: ../../e_os.h ../../include/openssl/asn1.h +ec_curve.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +ec_curve.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +ec_curve.o: ../../include/openssl/ec.h ../../include/openssl/err.h +ec_curve.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +ec_curve.o: ../../include/openssl/opensslconf.h ec_curve.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_curve.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ec_curve.o: ../../include/openssl/symhacks.h ec_curve.c ec_lcl.h diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c index 4c588e8..07c33fe 100644 --- a/crypto/ec/ec_key.c +++ b/crypto/ec/ec_key.c @@ -67,9 +67,8 @@ EC_KEY *EC_KEY_new(void) { - EC_KEY *ret; + EC_KEY *ret = OPENSSL_malloc(sizeof(*ret)); - ret = OPENSSL_malloc(sizeof(EC_KEY)); if (ret == NULL) { ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c index 628e879..9156943 100644 --- a/crypto/ec/ec_lib.c +++ b/crypto/ec/ec_lib.c @@ -85,7 +85,7 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -158,7 +158,7 @@ void EC_GROUP_clear_free(EC_GROUP *group) BN_clear_free(group->order); BN_clear_free(group->cofactor); OPENSSL_clear_free(group->seed, group->seed_len); - OPENSSL_clear_free(group, sizeof *group); + OPENSSL_clear_free(group, sizeof(*group)); } int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src) @@ -555,7 +555,7 @@ int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data, /* no explicit entry needed */ return 1; - d = OPENSSL_malloc(sizeof *d); + d = OPENSSL_malloc(sizeof(*d)); if (d == NULL) return 0; @@ -692,7 +692,7 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) return NULL; } - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -727,7 +727,7 @@ void EC_POINT_clear_free(EC_POINT *point) point->meth->point_clear_finish(point); else if (point->meth->point_finish != 0) point->meth->point_finish(point); - OPENSSL_clear_free(point, sizeof *point); + OPENSSL_clear_free(point, sizeof(*point)); } int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src) diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index bd99c82..9b75b9b 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -100,7 +100,7 @@ static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group) if (!group) return NULL; - ret = OPENSSL_malloc(sizeof(EC_PRE_COMP)); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -165,11 +165,11 @@ static void ec_pre_comp_clear_free(void *pre_) for (p = pre->points; *p != NULL; p++) { EC_POINT_clear_free(*p); - OPENSSL_cleanse(p, sizeof *p); + OPENSSL_cleanse(p, sizeof(*p)); } OPENSSL_free(pre->points); } - OPENSSL_clear_free(pre, sizeof *pre); + OPENSSL_clear_free(pre, sizeof(*pre)); } /* @@ -659,7 +659,7 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) num = pre_points_per_block * numblocks; /* number of points to compute * and store */ - points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1)); + points = OPENSSL_malloc(sizeof(*points) * (num + 1)); if (!points) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index ec27e23..3fbeac5 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -91,7 +91,8 @@ typedef struct { static int pkey_ec_init(EVP_PKEY_CTX *ctx) { EC_PKEY_CTX *dctx; - dctx = OPENSSL_malloc(sizeof(EC_PKEY_CTX)); + + dctx = OPENSSL_malloc(sizeof(*dctx)); if (!dctx) return 0; dctx->gen_group = NULL; diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 60a8d50..c79e6da 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1200,7 +1200,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, static NISTP224_PRE_COMP *nistp224_pre_comp_new() { NISTP224_PRE_COMP *ret = NULL; - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -1247,7 +1247,7 @@ static void nistp224_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_clear_free(pre, sizeof *pre); + OPENSSL_clear_free(pre, sizeof(*pre)); } /******************************************************************************/ diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index c9f073b..6ec5692 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1815,7 +1815,7 @@ const EC_METHOD *EC_GFp_nistp256_method(void) static NISTP256_PRE_COMP *nistp256_pre_comp_new() { NISTP256_PRE_COMP *ret = NULL; - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; @@ -1862,7 +1862,7 @@ static void nistp256_pre_comp_clear_free(void *pre_) if (i > 0) return; - OPENSSL_clear_free(pre, sizeof *pre); + OPENSSL_clear_free(pre, sizeof(*pre)); } /******************************************************************************/ diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index bdfd576..e208a83 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1643,8 +1643,8 @@ const EC_METHOD *EC_GFp_nistp521_method(void) static NISTP521_PRE_COMP *nistp521_pre_comp_new() { - NISTP521_PRE_COMP *ret = NULL; - ret = OPENSSL_malloc(sizeof(NISTP521_PRE_COMP)); + NISTP521_PRE_COMP *ret = OPENSSL_malloc(sizeof(*ret)); + if (!ret) { ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); return ret; diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index e73d26c..83f0c6f 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -1408,7 +1408,7 @@ static EC_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group) if (!group) return NULL; - ret = OPENSSL_malloc(sizeof(EC_PRE_COMP)); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) { ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE); @@ -1463,7 +1463,7 @@ static void ecp_nistz256_pre_comp_clear_free(void *pre_) OPENSSL_clear_free(pre->precomp, 32 * sizeof(unsigned char) * (1 << pre->w) * 2 * 37); - OPENSSL_clear_free(pre, sizeof *pre); + OPENSSL_clear_free(pre, sizeof(*pre)); } static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group) diff --git a/crypto/ecdh/ech_lib.c b/crypto/ecdh/ech_lib.c index 82f8850..62734bc 100644 --- a/crypto/ecdh/ech_lib.c +++ b/crypto/ecdh/ech_lib.c @@ -117,7 +117,7 @@ static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine) { ECDH_DATA *ret; - ret = OPENSSL_malloc(sizeof(ECDH_DATA)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/ecdsa/ecs_lib.c b/crypto/ecdsa/ecs_lib.c index 3d01212..cabf6ec 100644 --- a/crypto/ecdsa/ecs_lib.c +++ b/crypto/ecdsa/ecs_lib.c @@ -105,7 +105,7 @@ static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine) { ECDSA_DATA *ret; - ret = OPENSSL_malloc(sizeof(ECDSA_DATA)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); @@ -253,7 +253,7 @@ ECDSA_METHOD *ECDSA_METHOD_new(ECDSA_METHOD *ecdsa_meth) { ECDSA_METHOD *ret; - ret = OPENSSL_malloc(sizeof(ECDSA_METHOD)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ECDSAerr(ECDSA_F_ECDSA_METHOD_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 84d8e86..ed1c220 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -202,8 +202,8 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr, */ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) { - dynamic_data_ctx *c; - c = OPENSSL_malloc(sizeof(dynamic_data_ctx)); + dynamic_data_ctx *c = OPENSSL_malloc(sizeof(*c)); + if (!c) { ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 64b0cad..3bf06bb 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -66,7 +66,7 @@ ENGINE *ENGINE_new(void) { ENGINE *ret; - ret = OPENSSL_malloc(sizeof(ENGINE)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); return NULL; @@ -163,7 +163,7 @@ static int int_cleanup_check(int create) static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb) { - ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM)); + ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(*item)); if (!item) return NULL; item->cb = cb; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index cc91044..e9bdd01 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -425,7 +425,7 @@ typedef struct { static int ossl_hmac_init(EVP_PKEY_CTX *ctx) { OSSL_HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_malloc(sizeof(OSSL_HMAC_PKEY_CTX)); + hctx = OPENSSL_malloc(sizeof(*hctx)); if (!hctx) return 0; hctx->md = NULL; diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index 16eb771..f0f4dbb 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -147,7 +147,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, tmplate.nid = *nids; fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate); if (!fnd) { - fnd = OPENSSL_malloc(sizeof(ENGINE_PILE)); + fnd = OPENSSL_malloc(sizeof(*fnd)); if (!fnd) goto end; fnd->uptodate = 1; diff --git a/crypto/err/err.c b/crypto/err/err.c index e1091e3..78e8817 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -455,8 +455,8 @@ static void build_SYS_str_reasons(void) char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); char *src = strerror(i); if (src != NULL) { - strncpy(*dest, src, sizeof *dest); - (*dest)[sizeof *dest - 1] = '\0'; + strncpy(*dest, src, sizeof(*dest)); + (*dest)[sizeof(*dest) - 1] = '\0'; str->string = *dest; } } @@ -882,7 +882,7 @@ ERR_STATE *ERR_get_state(void) /* ret == the error state, if NULL, make a new one */ if (ret == NULL) { - ret = OPENSSL_malloc(sizeof(ERR_STATE)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) return (&fallback); CRYPTO_THREADID_cpy(&ret->tid, &tid); diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index fe772fc..6dc3bb1 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -115,7 +115,7 @@ static int b64_new(BIO *bi) { BIO_B64_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(BIO_B64_CTX)); + ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return (0); diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 0afd8cc..86a2dc5 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -112,7 +112,7 @@ static int enc_new(BIO *bi) { BIO_ENC_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(BIO_ENC_CTX)); + ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return (0); EVP_CIPHER_CTX_init(&ctx->cipher); diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index eced061..9a65a9d 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -176,7 +176,7 @@ static int ok_new(BIO *bi) { BIO_OK_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(BIO_OK_CTX)); + ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return (0); diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 043830d..04ab3a0 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -119,12 +119,12 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } EVP_MD_CTX *EVP_MD_CTX_create(void) { - EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_MD_CTX_init(ctx); @@ -281,7 +281,7 @@ int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) } else tmp_buf = NULL; EVP_MD_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->md_data && out->digest->ctx_size) { if (tmp_buf) @@ -360,7 +360,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) */ ENGINE_finish(ctx->engine); #endif - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); return 1; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index c2387b9..4dfc159 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -76,7 +76,7 @@ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) { - EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) EVP_CIPHER_CTX_init(ctx); return ctx; @@ -619,7 +619,7 @@ int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in) #endif EVP_CIPHER_CTX_cleanup(out); - memcpy(out, in, sizeof *out); + memcpy(out, in, sizeof(*out)); if (in->cipher_data && in->cipher->ctx_size) { out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size); diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 6128a73..0f32507 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -226,9 +226,10 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, int md_nid, EVP_PBE_KEYGEN *keygen) { EVP_PBE_CTL *pbe_tmp; + if (!pbe_algs) pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (!(pbe_tmp = OPENSSL_malloc(sizeof(EVP_PBE_CTL)))) { + if (!(pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp)))) { EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index c163e47..42ae5ae 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -185,7 +185,7 @@ EVP_PKEY *EVP_PKEY_new(void) { EVP_PKEY *ret; - ret = OPENSSL_malloc(sizeof(EVP_PKEY)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE); return (NULL); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index b20a902..397d342 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -165,7 +165,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) return NULL; } - ret = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) { #ifndef OPENSSL_NO_ENGINE if (e) @@ -197,7 +197,8 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) { EVP_PKEY_METHOD *pmeth; - pmeth = OPENSSL_malloc(sizeof(EVP_PKEY_METHOD)); + + pmeth = OPENSSL_malloc(sizeof(*pmeth)); if (!pmeth) return NULL; @@ -313,7 +314,7 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) return 0; } #endif - rctx = OPENSSL_malloc(sizeof(EVP_PKEY_CTX)); + rctx = OPENSSL_malloc(sizeof(*rctx)); if (!rctx) return NULL; diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 96ecd94..20a2dd7 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -318,7 +318,7 @@ static EX_CLASS_ITEM *def_get_class(int class_index) CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); p = lh_EX_CLASS_ITEM_retrieve(ex_data, &d); if (!p) { - gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); + gen = OPENSSL_malloc(sizeof(*gen)); if (gen) { gen->class_index = class_index; gen->meth_num = 0; @@ -350,7 +350,7 @@ static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, CRYPTO_EX_free *free_func) { int toret = -1; - CRYPTO_EX_DATA_FUNCS *a = OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); + CRYPTO_EX_DATA_FUNCS *a = OPENSSL_malloc(sizeof(*a)); if (!a) { CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE); return -1; diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index f53f78c..845a72b 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -75,7 +75,7 @@ typedef struct { static int pkey_hmac_init(EVP_PKEY_CTX *ctx) { HMAC_PKEY_CTX *hctx; - hctx = OPENSSL_malloc(sizeof(HMAC_PKEY_CTX)); + hctx = OPENSSL_malloc(sizeof(*hctx)); if (!hctx) return 0; hctx->md = NULL; diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index ccfd16e..6362aa8 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -197,7 +197,7 @@ void HMAC_CTX_cleanup(HMAC_CTX *ctx) EVP_MD_CTX_cleanup(&ctx->i_ctx); EVP_MD_CTX_cleanup(&ctx->o_ctx); EVP_MD_CTX_cleanup(&ctx->md_ctx); - memset(ctx, 0, sizeof *ctx); + memset(ctx, 0, sizeof(*ctx)); } unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index b097c7f..b494ac0 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -107,14 +107,14 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx) OPENSSL_free(ctx->p.peer_name); OPENSSL_free(ctx->p.name); - memset(ctx, '\0', sizeof *ctx); + memset(ctx, '\0', sizeof(*ctx)); } JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, const BIGNUM *p, const BIGNUM *g, const BIGNUM *q, const BIGNUM *secret) { - JPAKE_CTX *ctx = OPENSSL_malloc(sizeof *ctx); + JPAKE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx == NULL) return NULL; diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index ac3b5f6..083310e 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -117,9 +117,9 @@ _LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) _LHASH *ret; int i; - if ((ret = OPENSSL_malloc(sizeof(_LHASH))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) goto err0; - if ((ret->b = OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL) + if ((ret->b = OPENSSL_malloc(sizeof(*ret->b) * MIN_NODES)) == NULL) goto err1; for (i = 0; i < MIN_NODES; i++) ret->b[i] = NULL; @@ -188,7 +188,7 @@ void *lh_insert(_LHASH *lh, void *data) rn = getrn(lh, data, &hash); if (*rn == NULL) { - if ((nn = OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) { + if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) { lh->error++; return (NULL); } diff --git a/crypto/lock.c b/crypto/lock.c index cc5f47a..cad9876 100644 --- a/crypto/lock.c +++ b/crypto/lock.c @@ -251,7 +251,7 @@ int CRYPTO_get_new_dynlockid(void) } CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); - pointer = OPENSSL_malloc(sizeof(CRYPTO_dynlock)); + pointer = OPENSSL_malloc(sizeof(*pointer)); if (pointer == NULL) { CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE); return (0); diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index dee1fb9..98c17dd 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -394,7 +394,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) if (is_MemCheck_on()) { MemCheck_off(); /* obtain MALLOC2 lock */ - if ((ami = OPENSSL_malloc(sizeof(APP_INFO))) == NULL) { + if ((ami = OPENSSL_malloc(sizeof(*ami))) == NULL) { ret = 0; goto err; } @@ -478,7 +478,7 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, if (is_MemCheck_on()) { MemCheck_off(); /* make sure we hold MALLOC2 lock */ - if ((m = OPENSSL_malloc(sizeof(MEM))) == NULL) { + if ((m = OPENSSL_malloc(sizeof(*m))) == NULL) { OPENSSL_free(addr); MemCheck_on(); /* release MALLOC2 lock if num_disabled drops * to 0 */ diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 780b326..b39cd06 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -1701,7 +1701,7 @@ GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block) { GCM128_CONTEXT *ret; - if ((ret = OPENSSL_malloc(sizeof(GCM128_CONTEXT)))) + if ((ret = OPENSSL_malloc(sizeof(*ret)))) CRYPTO_gcm128_init(ret, key, block); return ret; diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index efa403b..79b7862 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -210,7 +210,7 @@ OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, OCB128_CONTEXT *octx; int ret; - if ((octx = OPENSSL_malloc(sizeof(OCB128_CONTEXT)))) { + if ((octx = OPENSSL_malloc(sizeof(*octx)))) { ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt); if (ret) return octx; diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index ad2db1e..6e9fa2e 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -106,10 +106,10 @@ obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h obj_lib.o: ../cryptlib.h ../include/internal/asn1_int.h obj_lib.c -obj_xref.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -obj_xref.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -obj_xref.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -obj_xref.o: ../../include/openssl/opensslconf.h +obj_xref.o: ../../e_os.h ../../include/openssl/asn1.h +obj_xref.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +obj_xref.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h +obj_xref.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h obj_xref.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h obj_xref.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h obj_xref.o: ../../include/openssl/symhacks.h obj_xref.c obj_xref.h diff --git a/crypto/objects/o_names.c b/crypto/objects/o_names.c index 1fa6426..d861b6d 100644 --- a/crypto/objects/o_names.c +++ b/crypto/objects/o_names.c @@ -83,7 +83,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *), names_type_num++; for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) { MemCheck_off(); - name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); + name_funcs = OPENSSL_malloc(sizeof(*name_funcs)); MemCheck_on(); if (!name_funcs) { OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE); @@ -187,7 +187,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) alias = type & OBJ_NAME_ALIAS; type &= ~OBJ_NAME_ALIAS; - onp = OPENSSL_malloc(sizeof(OBJ_NAME)); + onp = OPENSSL_malloc(sizeof(*onp)); if (onp == NULL) { /* ERROR */ return (0); @@ -310,13 +310,13 @@ void OBJ_NAME_do_all_sorted(int type, d.type = type; d.names = - OPENSSL_malloc(lh_OBJ_NAME_num_items(names_lh) * sizeof *d.names); + OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh)); /* Really should return an error if !d.names...but its a void function! */ if (d.names) { d.n = 0; OBJ_NAME_do_all(type, do_all_sorted_fn, &d); - qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp); + qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp); for (n = 0; n < d.n; ++n) fn(d.names[n], arg); diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index bca3ded..82af4a4 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -255,19 +255,16 @@ int OBJ_add_object(const ASN1_OBJECT *obj) return (0); if ((o = OBJ_dup(obj)) == NULL) goto err; - if (!(ao[ADDED_NID] = OPENSSL_malloc(sizeof(ADDED_OBJ)))) + if (!(ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao)))) goto err2; if ((o->length != 0) && (obj->data != NULL)) - if (! - (ao[ADDED_DATA] = OPENSSL_malloc(sizeof(ADDED_OBJ)))) + if (!(ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao)))) goto err2; if (o->sn != NULL) - if (! - (ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(ADDED_OBJ)))) + if (!(ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao)))) goto err2; if (o->ln != NULL) - if (! - (ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(ADDED_OBJ)))) + if (!(ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao)))) goto err2; for (i = ADDED_DATA; i <= ADDED_NID; i++) { diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index 10ce639..44471a3 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -154,7 +154,7 @@ int OBJ_add_sigid(int signid, int dig_id, int pkey_id) sigx_app = sk_nid_triple_new(sigx_cmp); if (!sigx_app) return 0; - ntr = OPENSSL_malloc(sizeof(int) * 3); + ntr = OPENSSL_malloc(sizeof(*ntr)); if (!ntr) return 0; ntr->sign_id = signid; diff --git a/crypto/ocsp/ocsp_ht.c b/crypto/ocsp/ocsp_ht.c index aa10c03..582ef9c 100644 --- a/crypto/ocsp/ocsp_ht.c +++ b/crypto/ocsp/ocsp_ht.c @@ -113,8 +113,8 @@ static int parse_http_line1(char *line); OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) { - OCSP_REQ_CTX *rctx; - rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); + OCSP_REQ_CTX *rctx = OPENSSL_malloc(sizeof(*rctx)); + if (!rctx) return NULL; rctx->state = OHS_ERROR; diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index 725fe38..d66efe1 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -68,7 +68,7 @@ typedef struct _pqueue { pitem *pitem_new(unsigned char *prio64be, void *data) { - pitem *item = OPENSSL_malloc(sizeof(pitem)); + pitem *item = OPENSSL_malloc(sizeof(*item)); if (item == NULL) return NULL; @@ -87,7 +87,7 @@ void pitem_free(pitem *item) pqueue_s *pqueue_new() { - pqueue_s *pq = OPENSSL_malloc(sizeof(pqueue_s)); + pqueue_s *pq = OPENSSL_malloc(sizeof(*pq)); if (pq == NULL) return NULL; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index d8a9132..7d8fd39 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -127,7 +127,7 @@ RSA *RSA_new_method(ENGINE *engine) { RSA *ret; - ret = OPENSSL_malloc(sizeof(RSA)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 94dc408..e407671 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -97,7 +97,7 @@ typedef struct { static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { RSA_PKEY_CTX *rctx; - rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); + rctx = OPENSSL_malloc(sizeof(*rctx)); if (!rctx) return 0; rctx->nbits = 1024; diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index cd07f70..075c9ed 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -198,7 +198,7 @@ static void SRP_user_pwd_free(SRP_user_pwd *user_pwd) static SRP_user_pwd *SRP_user_pwd_new(void) { - SRP_user_pwd *ret = OPENSSL_malloc(sizeof(SRP_user_pwd)); + SRP_user_pwd *ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) return NULL; ret->N = NULL; @@ -249,7 +249,7 @@ static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v) SRP_VBASE *SRP_VBASE_new(char *seed_key) { - SRP_VBASE *vb = OPENSSL_malloc(sizeof(SRP_VBASE)); + SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb)); if (vb == NULL) return NULL; @@ -284,7 +284,7 @@ static SRP_gN_cache *SRP_gN_new_init(const char *ch) { unsigned char tmp[MAX_LEN]; int len; - SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(SRP_gN_cache)); + SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN)); if (newgN == NULL) return NULL; @@ -391,7 +391,7 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) * we add this couple in the internal Stack */ - if ((gN = OPENSSL_malloc(sizeof(SRP_gN))) == NULL) + if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) goto err; if (!(gN->id = BUF_strdup(pp[DB_srpid])) diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index 7922188..efabe16 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -122,7 +122,7 @@ _STACK *sk_deep_copy(_STACK *sk, void *(*copy_func) (void *), ret->sorted = sk->sorted; ret->num = sk->num; ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES; - ret->data = OPENSSL_malloc(sizeof(char *) * ret->num_alloc); + ret->data = OPENSSL_malloc(sizeof(*ret->data) * ret->num_alloc); if (ret->data == NULL) { OPENSSL_free(ret); return NULL; @@ -156,7 +156,7 @@ _STACK *sk_new(int (*c) (const void *, const void *)) if ((ret = OPENSSL_malloc(sizeof(_STACK))) == NULL) goto err; - if ((ret->data = OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL) + if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * MIN_NODES)) == NULL) goto err; for (i = 0; i < MIN_NODES; i++) ret->data[i] = NULL; diff --git a/crypto/store/str_lib.c b/crypto/store/str_lib.c index 1a4f237..fef7111 100644 --- a/crypto/store/str_lib.c +++ b/crypto/store/str_lib.c @@ -109,7 +109,7 @@ STORE *STORE_new_method(const STORE_METHOD *method) return NULL; } - ret = OPENSSL_malloc(sizeof(STORE)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE); return NULL; @@ -1156,9 +1156,9 @@ int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[], STORE_OBJECT *STORE_OBJECT_new(void) { - STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT)); + STORE_OBJECT *object = OPENSSL_malloc(sizeof(*object)); if (object) - memset(object, 0, sizeof(STORE_OBJECT)); + memset(object, 0, sizeof(*object)); return object; } @@ -1206,7 +1206,9 @@ struct STORE_attr_info_st { STORE_ATTR_INFO *STORE_ATTR_INFO_new(void) { - return OPENSSL_malloc(sizeof(STORE_ATTR_INFO)); + STORE_ATTR_INFO *p = OPENSSL_malloc(sizeof(*p)); + + return p; } static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs, @@ -1450,8 +1452,7 @@ struct attr_list_ctx_st { void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes) { if (attributes) { - struct attr_list_ctx_st *context = (struct attr_list_ctx_st *) - OPENSSL_malloc(sizeof(struct attr_list_ctx_st)); + struct attr_list_ctx_st *context = OPENSSL_malloc(sizeof(*context)); if (context) context->attributes = attributes; else diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index f1cca6a..632ada8 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -244,7 +244,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]) { - struct mem_ctx_st *context = OPENSSL_malloc(sizeof(struct mem_ctx_st)); + struct mem_ctx_st *context = OPENSSL_malloc(sizeof(*context)); void *attribute_context = NULL; STORE_ATTR_INFO *attrs = NULL; diff --git a/crypto/store/str_meth.c b/crypto/store/str_meth.c index 781b160..7487819 100644 --- a/crypto/store/str_meth.c +++ b/crypto/store/str_meth.c @@ -63,7 +63,7 @@ STORE_METHOD *STORE_create_method(char *name) { - STORE_METHOD *store_method = OPENSSL_malloc(sizeof(STORE_METHOD)); + STORE_METHOD *store_method = OPENSSL_malloc(sizeof(*store_method)); if (store_method) { memset(store_method, 0, sizeof(*store_method)); diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 58068cf..2d1e438 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -169,7 +169,7 @@ TS_RESP_CTX *TS_RESP_CTX_new() { TS_RESP_CTX *ctx; - if (!(ctx = OPENSSL_malloc(sizeof(TS_RESP_CTX)))) { + if (!(ctx = OPENSSL_malloc(sizeof(*ctx)))) { TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index f328c33..651b1d1 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -63,7 +63,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) { - TS_VERIFY_CTX *ctx = OPENSSL_malloc(sizeof(TS_VERIFY_CTX)); + TS_VERIFY_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) memset(ctx, 0, sizeof(TS_VERIFY_CTX)); diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 49d8ccc..54c85d2 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -85,7 +85,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) if (!BUF_MEM_grow(buf, size)) goto err; - if ((ret = OPENSSL_malloc(sizeof(TXT_DB))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) goto err; ret->num_fields = num; ret->index = NULL; diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index 26afbd2..e090b88 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -74,7 +74,7 @@ UI *UI_new(void) UI *UI_new_method(const UI_METHOD *method) { - UI *ret = OPENSSL_malloc(sizeof(UI)); + UI *ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE); @@ -141,7 +141,7 @@ static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt, } else if ((type == UIT_PROMPT || type == UIT_VERIFY || type == UIT_BOOLEAN) && result_buf == NULL) { UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER); - } else if ((ret = OPENSSL_malloc(sizeof(UI_STRING)))) { + } else if ((ret = OPENSSL_malloc(sizeof(*ret)))) { ret->out_string = prompt; ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0; ret->input_flags = input_flags; @@ -582,7 +582,7 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth) UI_METHOD *UI_create_method(char *name) { - UI_METHOD *ui_method = OPENSSL_malloc(sizeof(UI_METHOD)); + UI_METHOD *ui_method = OPENSSL_malloc(sizeof(*ui_method)); if (ui_method) { memset(ui_method, 0, sizeof(*ui_method)); diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 304cf4a..1be5309 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -148,7 +148,7 @@ static int new_dir(X509_LOOKUP *lu) { BY_DIR *a; - if ((a = OPENSSL_malloc(sizeof(BY_DIR))) == NULL) + if ((a = OPENSSL_malloc(sizeof(*a))) == NULL) return (0); if ((a->buffer = BUF_MEM_new()) == NULL) { OPENSSL_free(a); @@ -226,7 +226,7 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 0; } } - ent = OPENSSL_malloc(sizeof(BY_DIR_ENTRY)); + ent = OPENSSL_malloc(sizeof(*ent)); if (!ent) return 0; ent->dir_type = type; @@ -396,7 +396,7 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, hent = sk_BY_DIR_HASH_value(ent->hashes, idx); } if (!hent) { - hent = OPENSSL_malloc(sizeof(BY_DIR_HASH)); + hent = OPENSSL_malloc(sizeof(*hent)); if (hent == NULL) { CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE); diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 7fbc8e3..5017f02 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -67,7 +67,7 @@ X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) { X509_LOOKUP *ret; - ret = OPENSSL_malloc(sizeof(X509_LOOKUP)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) return NULL; @@ -184,7 +184,7 @@ X509_STORE *X509_STORE_new(void) { X509_STORE *ret; - if ((ret = OPENSSL_malloc(sizeof(X509_STORE))) == NULL) + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return NULL; ret->objs = sk_X509_OBJECT_new(x509_object_cmp); ret->cache = 1; @@ -342,7 +342,7 @@ int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) if (x == NULL) return 0; - obj = OPENSSL_malloc(sizeof(X509_OBJECT)); + obj = OPENSSL_malloc(sizeof(*obj)); if (obj == NULL) { X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE); return 0; @@ -375,7 +375,7 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) if (x == NULL) return 0; - obj = OPENSSL_malloc(sizeof(X509_OBJECT)); + obj = OPENSSL_malloc(sizeof(*obj)); if (obj == NULL) { X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 6632f9b..4207f42 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -188,7 +188,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), idx = X509_TRUST_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { + if (!(trtmp = OPENSSL_malloc(sizeof(*trtmp)))) { X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 3f4fb81..8c0680b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2211,9 +2211,8 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, X509_STORE_CTX *X509_STORE_CTX_new(void) { - X509_STORE_CTX *ctx; + X509_STORE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); - ctx = OPENSSL_malloc(sizeof(X509_STORE_CTX)); if (!ctx) { X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 1d88f56..4b6ec63 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -161,16 +161,16 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) X509_VERIFY_PARAM *param; X509_VERIFY_PARAM_ID *paramid; - param = OPENSSL_malloc(sizeof *param); + param = OPENSSL_malloc(sizeof(*param)); if (!param) return NULL; - paramid = OPENSSL_malloc(sizeof *paramid); + paramid = OPENSSL_malloc(sizeof(*paramid)); if (!paramid) { OPENSSL_free(param); return NULL; } - memset(param, 0, sizeof *param); - memset(paramid, 0, sizeof *paramid); + memset(param, 0, sizeof(*param)); + memset(paramid, 0, sizeof(*paramid)); param->id = paramid; x509_verify_param_zero(param); return param; diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index cab7171..e61dfb2 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -133,8 +133,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) { - X509_NAME *ret = NULL; - ret = OPENSSL_malloc(sizeof(X509_NAME)); + X509_NAME *ret = OPENSSL_malloc(sizeof(*ret)); + if (!ret) goto memerr; if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL) diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 1f94260..8e78011 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -127,7 +127,7 @@ static int policy_cache_new(X509 *x) CERTIFICATEPOLICIES *ext_cpols = NULL; POLICY_MAPPINGS *ext_pmaps = NULL; int i; - cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE)); + cache = OPENSSL_malloc(sizeof(*cache)); if (!cache) return 0; cache->anyPolicy = NULL; diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index 37c867e..ef6edb1 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -98,7 +98,7 @@ X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, return NULL; } else id = NULL; - ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA)); + ret = OPENSSL_malloc(sizeof(*ret)); if (!ret) return NULL; ret->expected_policy_set = sk_ASN1_OBJECT_new_null(); diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index d6c9176..855fe3e 100644 --- a/crypto/x509v3/pcy_node.c +++ b/crypto/x509v3/pcy_node.c @@ -114,7 +114,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, X509_POLICY_TREE *tree) { X509_POLICY_NODE *node; - node = OPENSSL_malloc(sizeof(X509_POLICY_NODE)); + node = OPENSSL_malloc(sizeof(*node)); if (!node) return NULL; node->data = data; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index f1bcb05..8870ec2 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -218,13 +218,13 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, /* If we get this far initialize the tree */ - tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE)); + tree = OPENSSL_malloc(sizeof(*tree)); if (!tree) return 0; tree->flags = 0; - tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n); + tree->levels = OPENSSL_malloc(sizeof(*tree->levels) * n); tree->nlevel = 0; tree->extra_data = NULL; tree->auth_policies = NULL; diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 34469eb..d7f5848 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -471,7 +471,7 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice) ASRange *r; switch (a->type) { case ASIdOrRange_id: - if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) { + if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) { X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE); goto done; diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 3396ff1..c091b04 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -140,7 +140,7 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) X509V3_R_EXTENSION_NOT_FOUND); return 0; } - if (!(tmpext = OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { + if (!(tmpext = OPENSSL_malloc(sizeof(*tmpext)))) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 5cee586..ed634cb 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -209,7 +209,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, idx = X509_PURPOSE_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { + if (!(ptmp = OPENSSL_malloc(sizeof(*ptmp)))) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 2bbc056..31e610d 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -203,7 +203,7 @@ static STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, goto err; listlen -= sctlen; - sct = OPENSSL_malloc(sizeof(SCT)); + sct = OPENSSL_malloc(sizeof(*sct)); if (!sct) goto err; if (!sk_SCT_push(sk, sct)) { diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 7142208..a5fda6f 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -88,7 +88,7 @@ int X509V3_add_value(const char *name, const char *value, goto err; if (value && !(tvalue = BUF_strdup(value))) goto err; - if (!(vtmp = OPENSSL_malloc(sizeof(CONF_VALUE)))) + if (!(vtmp = OPENSSL_malloc(sizeof(*vtmp)))) goto err; if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c index f8a7da8..cd990b2 100644 --- a/demos/state_machine/state_machine.c +++ b/demos/state_machine/state_machine.c @@ -114,7 +114,7 @@ void SSLStateMachine_print_error(SSLStateMachine * pMachine, SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile, const char *szKeyFile) { - SSLStateMachine *pMachine = malloc(sizeof *pMachine); + SSLStateMachine *pMachine = malloc(sizeof(*pMachine)); int n; die_unless(pMachine); diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index 416f0f9..2537579 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -24,7 +24,8 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx) { struct gost_pmeth_data *data; EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx); - data = OPENSSL_malloc(sizeof(struct gost_pmeth_data)); + + data = OPENSSL_malloc(sizeof(*data)); if (!data) return 0; memset(data, 0, sizeof(struct gost_pmeth_data)); @@ -406,8 +407,8 @@ static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx) /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/ static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx) { - struct gost_mac_pmeth_data *data; - data = OPENSSL_malloc(sizeof(struct gost_mac_pmeth_data)); + struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data)); + if (!data) return 0; memset(data, 0, sizeof(struct gost_mac_pmeth_data)); diff --git a/engines/e_capi.c b/engines/e_capi.c index 89e6d1d..33881cd 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -1441,9 +1441,9 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX * ctx, const char *id, static CAPI_KEY *capi_get_key(CAPI_CTX * ctx, const TCHAR *contname, TCHAR *provname, DWORD ptype, DWORD keyspec) { - CAPI_KEY *key; DWORD dwFlags = 0; - key = OPENSSL_malloc(sizeof(CAPI_KEY)); + CAPI_KEY *key = OPENSSL_malloc(sizeof(*key)); + if (key == NULL) return NULL; if (sizeof(TCHAR) == sizeof(char)) @@ -1573,8 +1573,8 @@ void capi_free_key(CAPI_KEY * key) static CAPI_CTX *capi_ctx_new() { - CAPI_CTX *ctx; - ctx = OPENSSL_malloc(sizeof(CAPI_CTX)); + CAPI_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); + if (!ctx) { CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; diff --git a/engines/e_chil.c b/engines/e_chil.c index 75c15f6..4a173fc 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -786,7 +786,7 @@ static EVP_PKEY *hwcrhk_load_privkey(ENGINE *eng, const char *key_id, goto err; } # ifndef OPENSSL_NO_RSA - hptr = OPENSSL_malloc(sizeof(HWCryptoHook_RSAKeyHandle)); + hptr = OPENSSL_malloc(sizeof(*hptr)); if (!hptr) { HWCRHKerr(HWCRHK_F_HWCRHK_LOAD_PRIVKEY, ERR_R_MALLOC_FAILURE); goto err; diff --git a/engines/e_gmp.c b/engines/e_gmp.c index cf01016..dd72759 100644 --- a/engines/e_gmp.c +++ b/engines/e_gmp.c @@ -322,9 +322,10 @@ typedef struct st_e_gmp_rsa_ctx { static E_GMP_RSA_CTX *e_gmp_get_rsa(RSA *rsa) { E_GMP_RSA_CTX *hptr = RSA_get_ex_data(rsa, hndidx_rsa); + if (hptr) return hptr; - hptr = OPENSSL_malloc(sizeof(E_GMP_RSA_CTX)); + hptr = OPENSSL_malloc(sizeof(*hptr)); if (!hptr) return NULL; /* diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 284d3ad..18e7074 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -101,9 +101,8 @@ BIO_METHOD *BIO_f_ssl(void) static int ssl_new(BIO *bi) { - BIO_SSL *bs; + BIO_SSL *bs = OPENSSL_malloc(sizeof(*bs)); - bs = OPENSSL_malloc(sizeof(BIO_SSL)); if (bs == NULL) { BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); return (0); diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 3af3ba1..65a3a18 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -170,7 +170,7 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, unsigned char *buf = NULL; unsigned char *bitmask = NULL; - frag = OPENSSL_malloc(sizeof(hm_fragment)); + frag = OPENSSL_malloc(sizeof(*frag)); if (frag == NULL) return NULL; diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 81d532c..3441fc5 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -136,11 +136,11 @@ int dtls1_new(SSL *s) if (!ssl3_new(s)) return (0); - if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) { + if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) { ssl3_free(s); return (0); } - memset(d1, 0, sizeof *d1); + memset(d1, 0, sizeof(*d1)); d1->buffered_messages = pqueue_new(); d1->sent_messages = pqueue_new(); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index a484c97..2635894 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -127,9 +127,8 @@ int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl) { DTLS_RECORD_LAYER *d; - if ((d = OPENSSL_malloc(sizeof *d)) == NULL) { + if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) return (0); - } rl->d = d; @@ -196,7 +195,7 @@ void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl) unprocessed_rcds = d->unprocessed_rcds.q; processed_rcds = d->processed_rcds.q; buffered_app_data = d->buffered_app_data.q; - memset(d, 0, sizeof *d); + memset(d, 0, sizeof(*d)); d->unprocessed_rcds.q = unprocessed_rcds; d->processed_rcds.q = processed_rcds; d->buffered_app_data.q = buffered_app_data; @@ -259,7 +258,7 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) if (pqueue_size(queue->q) >= 100) return 0; - rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); + rdata = OPENSSL_malloc(sizeof(*rdata)); item = pitem_new(priority, rdata); if (rdata == NULL || item == NULL) { OPENSSL_free(rdata); diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index 45de404..d968a1c 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -244,7 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->enc_read_ctx != NULL) reuse_dd = 1; else if ((s->enc_read_ctx = - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL) goto err; else /* @@ -278,7 +278,7 @@ int ssl3_change_cipher_state(SSL *s, int which) if (s->enc_write_ctx != NULL) reuse_dd = 1; else if ((s->enc_write_ctx = - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL) goto err; else /* diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e346c22..a962b5c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3098,9 +3098,9 @@ int ssl3_new(SSL *s) { SSL3_STATE *s3; - if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL) + if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL) goto err; - memset(s3, 0, sizeof *s3); + memset(s3, 0, sizeof(*s3)); s->s3 = s3; #ifndef OPENSSL_NO_SRP @@ -3137,7 +3137,7 @@ void ssl3_free(SSL *s) #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); #endif - OPENSSL_clear_free(s->s3, sizeof *s->s3); + OPENSSL_clear_free(s->s3, sizeof(*s->s3)); s->s3 = NULL; } @@ -3174,7 +3174,7 @@ void ssl3_clear(SSL *s) s->s3->alpn_selected = NULL; } #endif - memset(s->s3, 0, sizeof *s->s3); + memset(s->s3, 0, sizeof(*s->s3)); s->s3->init_extra = init_extra; ssl_free_wbio_buffer(s); diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index cce7f15..c7a2aa9 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -182,9 +182,8 @@ void ssl_cert_set_default_md(CERT *cert) CERT *ssl_cert_new(void) { - CERT *ret; + CERT *ret = OPENSSL_malloc(sizeof(*ret)); - ret = OPENSSL_malloc(sizeof(CERT)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); return (NULL); @@ -202,10 +201,9 @@ CERT *ssl_cert_new(void) CERT *ssl_cert_dup(CERT *cert) { - CERT *ret; + CERT *ret = OPENSSL_malloc(sizeof(*ret)); int i; - ret = OPENSSL_malloc(sizeof(CERT)); if (ret == NULL) { SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); return (NULL); @@ -577,13 +575,13 @@ SESS_CERT *ssl_sess_cert_new(void) { SESS_CERT *ret; - ret = OPENSSL_malloc(sizeof *ret); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) { SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof *ret); + memset(ret, 0, sizeof(*ret)); ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a3dca18..0ddb56b 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -499,7 +499,7 @@ static void load_builtin_compressions(void) MemCheck_off(); ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); if (ssl_comp_methods != NULL) { - comp = OPENSSL_malloc(sizeof(SSL_COMP)); + comp = OPENSSL_malloc(sizeof(*comp)); if (comp != NULL) { comp->method = COMP_zlib(); if (comp->method && comp->method->type == NID_undef) @@ -1452,7 +1452,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); #endif /* KSSL_DEBUG */ - co_list = OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); return (NULL); /* Failure */ @@ -1533,7 +1533,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK */ num_of_group_aliases = OSSL_NELEM(cipher_aliases); num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; - ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); + ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max); if (ca_list == NULL) { OPENSSL_free(co_list); SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1933,7 +1933,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) } MemCheck_off(); - comp = OPENSSL_malloc(sizeof(SSL_COMP)); + comp = OPENSSL_malloc(sizeof(*comp)); if (comp == NULL) { MemCheck_on(); SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE); diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 2d96b11..a14f564 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -609,9 +609,9 @@ int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd) SSL_CONF_CTX *SSL_CONF_CTX_new(void) { - SSL_CONF_CTX *ret; + SSL_CONF_CTX *ret = OPENSSL_malloc(sizeof(*ret)); size_t i; - ret = OPENSSL_malloc(sizeof(SSL_CONF_CTX)); + if (ret) { ret->flags = 0; ret->prefix = NULL; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 4dfd7ab..56d7e6c 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -272,7 +272,7 @@ SSL *SSL_new(SSL_CTX *ctx) return (NULL); } - s = OPENSSL_malloc(sizeof(SSL)); + s = OPENSSL_malloc(sizeof(*s)); if (s == NULL) goto err; memset(s, 0, sizeof(SSL)); @@ -1844,7 +1844,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); goto err; } - ret = OPENSSL_malloc(sizeof(SSL_CTX)); + ret = OPENSSL_malloc(sizeof(*ret)); if (ret == NULL) goto err; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 1a00c38..b592da4 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -193,7 +193,7 @@ SSL_SESSION *SSL_SESSION_new(void) { SSL_SESSION *ss; - ss = OPENSSL_malloc(sizeof(SSL_SESSION)); + ss = OPENSSL_malloc(sizeof(*ss)); if (ss == NULL) { SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); return (0); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5c7fb86..47bab99 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -375,7 +375,7 @@ int tls1_change_cipher_state(SSL *s, int which) if (s->enc_read_ctx != NULL) reuse_dd = 1; else if ((s->enc_read_ctx = - OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) + OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL) goto err; else /* diff --git a/test/Makefile b/test/Makefile index 74fdf45..97837e1 100644 --- a/test/Makefile +++ b/test/Makefile @@ -714,15 +714,15 @@ exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h exptest.o: ../include/openssl/ossl_typ.h ../include/openssl/rand.h exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h exptest.o: ../include/openssl/symhacks.h exptest.c -gost2814789test.o: ../engines/ccgost/gost89.h ../include/openssl/asn1.h -gost2814789test.o: ../include/openssl/bio.h ../include/openssl/buffer.h -gost2814789test.o: ../include/openssl/conf.h ../include/openssl/crypto.h -gost2814789test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -gost2814789test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -gost2814789test.o: ../include/openssl/engine.h ../include/openssl/err.h -gost2814789test.o: ../include/openssl/evp.h ../include/openssl/hmac.h -gost2814789test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -gost2814789test.o: ../include/openssl/objects.h +gost2814789test.o: ../e_os.h ../engines/ccgost/gost89.h +gost2814789test.o: ../include/openssl/asn1.h ../include/openssl/bio.h +gost2814789test.o: ../include/openssl/buffer.h ../include/openssl/conf.h +gost2814789test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h +gost2814789test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +gost2814789test.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h +gost2814789test.o: ../include/openssl/err.h ../include/openssl/evp.h +gost2814789test.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +gost2814789test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h gost2814789test.o: ../include/openssl/opensslconf.h gost2814789test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h gost2814789test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h @@ -760,7 +760,7 @@ hmactest.o: ../include/openssl/safestack.h ../include/openssl/stack.h hmactest.o: ../include/openssl/symhacks.h hmactest.c ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h ideatest.o: ../include/openssl/opensslconf.h ideatest.c -igetest.o: ../include/openssl/aes.h ../include/openssl/crypto.h +igetest.o: ../e_os.h ../include/openssl/aes.h ../include/openssl/crypto.h igetest.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h igetest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h igetest.o: ../include/openssl/rand.h ../include/openssl/safestack.h @@ -859,7 +859,8 @@ ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssltest.o: ../include/openssl/x509v3.h ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.o: ssltest.c -testutil.o: testutil.c testutil.h +testutil.o: ../e_os.h ../include/openssl/e_os2.h +testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h v3nametest.o: ../include/openssl/buffer.h ../include/openssl/conf.h v3nametest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/test/ecdsatest.c b/test/ecdsatest.c index 6aeff25..377e2c5 100644 --- a/test/ecdsatest.c +++ b/test/ecdsatest.c @@ -318,9 +318,7 @@ int test_builtin(BIO *out) /* get a list of all internal curves */ crv_len = EC_get_builtin_curves(NULL, 0); - - curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); - + curves = OPENSSL_malloc(sizeof(*curves) * crv_len); if (curves == NULL) { BIO_printf(out, "malloc error\n"); goto builtin_err; diff --git a/test/ectest.c b/test/ectest.c index 4b15708..f04812e 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -1359,9 +1359,7 @@ static void internal_curve_test(void) int ok = 1; crv_len = EC_get_builtin_curves(NULL, 0); - - curves = OPENSSL_malloc(sizeof(EC_builtin_curve) * crv_len); - + curves = OPENSSL_malloc(sizeof(*curves) * crv_len); if (curves == NULL) return; diff --git a/test/evp_test.c b/test/evp_test.c index 4b5b9aa..0bba274 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -400,7 +400,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) fprintf(stderr, "Duplicate key %s\n", value); return 0; } - key = OPENSSL_malloc(sizeof(struct key_list)); + key = OPENSSL_malloc(sizeof(*key)); if (!key) return 0; key->name = BUF_strdup(value); @@ -559,7 +559,7 @@ static int digest_test_init(struct evp_test *t, const char *alg) } return 0; } - mdat = OPENSSL_malloc(sizeof(struct digest_data)); + mdat = OPENSSL_malloc(sizeof(*mdat)); mdat->digest = digest; mdat->input = NULL; mdat->output = NULL; @@ -671,7 +671,7 @@ static int cipher_test_init(struct evp_test *t, const char *alg) } return 0; } - cdat = OPENSSL_malloc(sizeof(struct cipher_data)); + cdat = OPENSSL_malloc(sizeof(*cdat)); cdat->cipher = cipher; cdat->enc = -1; cdat->key = NULL; @@ -935,7 +935,7 @@ static int mac_test_init(struct evp_test *t, const char *alg) else return 0; - mdat = OPENSSL_malloc(sizeof(struct mac_data)); + mdat = OPENSSL_malloc(sizeof(*mdat)); mdat->type = type; mdat->alg = NULL; mdat->key = NULL; @@ -1103,7 +1103,7 @@ static int pkey_test_init(struct evp_test *t, const char *name, return 1; } - kdata = OPENSSL_malloc(sizeof(struct pkey_data)); + kdata = OPENSSL_malloc(sizeof(*kdata)); if (!kdata) { EVP_PKEY_free(pkey); return 0; From rsalz at openssl.org Mon May 4 19:07:59 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 04 May 2015 19:07:59 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430766479.659382.19332.nullmailer@dev.openssl.org> The branch master has been updated via 0fd75c7e6e8482489135beb3f536546f27f6d0e5 (commit) from b4faea50c35d92a67d1369355b49cc3efba78406 (commit) - Log ----------------------------------------------------------------- commit 0fd75c7e6e8482489135beb3f536546f27f6d0e5 Author: Rich Salz Date: Sun May 3 08:45:27 2015 -0400 GH271: Warning on ----------------------------------------------------------------------- Summary of changes: apps/CA.pl.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/CA.pl.in b/apps/CA.pl.in index 9d12a8c..5c8cdd0 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -121,7 +121,7 @@ if ($WHAT eq '-newcert' ) { # ask user for existing CA certificate print "CA certificate filename (or enter to create)\n"; $FILE = ; - chop $FILE; + chop $FILE if $FILE; if ($FILE) { copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); From rsalz at openssl.org Mon May 4 19:14:34 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 04 May 2015 19:14:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430766874.647468.21039.nullmailer@dev.openssl.org> The branch master has been updated via 45ddce21fa4c2fdcfe48fb3f7e0ca78531a7b922 (commit) from 0fd75c7e6e8482489135beb3f536546f27f6d0e5 (commit) - Log ----------------------------------------------------------------- commit 45ddce21fa4c2fdcfe48fb3f7e0ca78531a7b922 Author: Rich Salz Date: Sat May 2 11:19:06 2015 -0400 Remove the fake RLE compression method. RLE is a no-op only for testing. Remove it. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/comp/Makefile | 11 ++------- crypto/comp/c_rle.c | 62 --------------------------------------------------- crypto/crypto-lib.com | 2 +- test/ssltest.c | 13 +++-------- 4 files changed, 6 insertions(+), 82 deletions(-) delete mode 100644 crypto/comp/c_rle.c diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index 4d1ef52..1a180f4 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -16,10 +16,10 @@ GENERAL=Makefile LIB=$(TOP)/libcrypto.a LIBSRC= comp_lib.c comp_err.c \ - c_rle.c c_zlib.c + c_zlib.c LIBOBJ= comp_lib.o comp_err.o \ - c_rle.o c_zlib.o + c_zlib.o SRC= $(LIBSRC) @@ -61,13 +61,6 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. -c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -c_rle.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h -c_rle.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h -c_rle.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -c_rle.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_rle.o: ../../include/openssl/symhacks.h c_rle.c c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h c_zlib.o: ../../include/openssl/comp.h ../../include/openssl/crypto.h c_zlib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/comp/c_rle.c b/crypto/comp/c_rle.c deleted file mode 100644 index adf1663..0000000 --- a/crypto/comp/c_rle.c +++ /dev/null @@ -1,62 +0,0 @@ -#include -#include -#include -#include -#include - -static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); -static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen); - -static COMP_METHOD rle_method = { - NID_rle_compression, - LN_rle_compression, - NULL, - NULL, - rle_compress_block, - rle_expand_block, - NULL, - NULL, -}; - -COMP_METHOD *COMP_rle(void) -{ - return (&rle_method); -} - -static int rle_compress_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) -{ - /* int i; */ - - if (olen < (ilen + 1)) { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return (-1); - } - - *(out++) = 0; - memcpy(out, in, ilen); - return (ilen + 1); -} - -static int rle_expand_block(COMP_CTX *ctx, unsigned char *out, - unsigned int olen, unsigned char *in, - unsigned int ilen) -{ - int i; - - if (ilen == 0 || olen < (ilen - 1)) { - /* ZZZZZZZZZZZZZZZZZZZZZZ */ - return (-1); - } - - i = *(in++); - if (i == 0) { - memcpy(out, in, ilen - 1); - } - return (ilen - 1); -} diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 9495599..02f8741 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -339,7 +339,7 @@ $ LIB_PKCS12 = "p12_add,p12_asn,p12_attr,p12_crpt,p12_crt,p12_decr,"+ - "p12_init,p12_key,p12_kiss,p12_mutl,"+ - "p12_utl,p12_npas,pk12err,p12_p8d,p12_p8e" $ LIB_COMP = "comp_lib,comp_err,"+ - - "c_rle,c_zlib" + "c_zlib" $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err,v3_ocsp" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util" diff --git a/test/ssltest.c b/test/ssltest.c index 8b5ff3e..35df0f7 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -219,10 +219,9 @@ #endif /* - * There is really no standard for this, so let's assign some tentative - * numbers. In any case, these numbers are only for this test + * There is really no standard for this, so let's assign something + * only for this test */ -#define COMP_RLE 255 #define COMP_ZLIB 1 static int verify_callback(int ok, X509_STORE_CTX *ctx); @@ -804,7 +803,6 @@ static void sv_usage(void) fprintf(stderr, " -time - measure processor time used by client and server\n"); fprintf(stderr, " -zlib - use zlib compression\n"); - fprintf(stderr, " -rle - use rle compression\n"); #ifndef OPENSSL_NO_EC fprintf(stderr, " -named_curve arg - Elliptic curve name to use for ephemeral ECDH keys.\n" @@ -1212,8 +1210,6 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_COMP else if (strcmp(*argv, "-zlib") == 0) { comp = COMP_ZLIB; - } else if (strcmp(*argv, "-rle") == 0) { - comp = COMP_RLE; } #endif else if (strcmp(*argv, "-named_curve") == 0) { @@ -1376,8 +1372,6 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_COMP if (comp == COMP_ZLIB) cm = COMP_zlib(); - if (comp == COMP_RLE) - cm = COMP_rle(); if (cm != NULL) { if (cm->type != NID_undef) { if (SSL_COMP_add_compression_method(comp, cm) != 0) { @@ -1387,8 +1381,7 @@ int main(int argc, char *argv[]) } else { fprintf(stderr, "Warning: %s compression not supported\n", - (comp == COMP_RLE ? "rle" : - (comp == COMP_ZLIB ? "zlib" : "unknown"))); + comp == COMP_ZLIB ? "zlib" : "unknown"); ERR_print_errors_fp(stderr); } } From levitte at openssl.org Mon May 4 19:18:31 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 May 2015 19:18:31 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430767111.521742.22410.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 3cf40601b7d164ab48addbb0456d7aa59fa38c88 (commit) from 82e586a90b18fa91fb2756af4c36cc70ff097f6d (commit) - Log ----------------------------------------------------------------- commit 3cf40601b7d164ab48addbb0456d7aa59fa38c88 Author: Richard Levitte Date: Mon May 4 17:34:40 2015 +0200 RT2943: Check sizes if -iv and -K arguments RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. (cherry picked from commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4) Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/enc.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index 5c2cf7a..7b7c70b 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -548,9 +548,14 @@ int MAIN(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } From levitte at openssl.org Mon May 4 19:19:07 2015 From: levitte at openssl.org (Richard Levitte) Date: Mon, 04 May 2015 19:19:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1430767147.747189.22775.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 4b771121f2b657f50e8c7a27e9fab0bb043f91bc (commit) from ee827adf0483e8e66e3c447c42308bf8bc96c43f (commit) - Log ----------------------------------------------------------------- commit 4b771121f2b657f50e8c7a27e9fab0bb043f91bc Author: Richard Levitte Date: Mon May 4 17:34:40 2015 +0200 RT2943: Check sizes if -iv and -K arguments RT2943 only complains about the incorrect check of -K argument size, we might as well do the same thing with the -iv argument. Before this, we only checked that the given argument wouldn't give a bitstring larger than EVP_MAX_KEY_LENGTH. we can be more precise and check against the size of the actual cipher used. (cherry picked from commit 8920a7cd04f43b1a090d0b0a8c9e16b94c6898d4) Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/enc.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/apps/enc.c b/apps/enc.c index 5c2cf7a..7b7c70b 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -548,9 +548,14 @@ int MAIN(int argc, char **argv) else OPENSSL_cleanse(str, strlen(str)); } - if ((hiv != NULL) && !set_hex(hiv, iv, sizeof iv)) { - BIO_printf(bio_err, "invalid hex iv value\n"); - goto end; + if (hiv != NULL) { + int siz = EVP_CIPHER_iv_length(cipher); + if (siz == 0) { + BIO_printf(bio_err, "warning: iv not use by this cipher\n"); + } else if (!set_hex(hiv, iv, sizeof iv)) { + BIO_printf(bio_err, "invalid hex iv value\n"); + goto end; + } } if ((hiv == NULL) && (str == NULL) && EVP_CIPHER_iv_length(cipher) != 0) { @@ -562,7 +567,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "iv undefined\n"); goto end; } - if ((hkey != NULL) && !set_hex(hkey, key, sizeof key)) { + if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) { BIO_printf(bio_err, "invalid hex key value\n"); goto end; } From matt at openssl.org Tue May 5 08:13:03 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 05 May 2015 08:13:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430813583.707284.12516.nullmailer@dev.openssl.org> The branch master has been updated via cab4cd3fe9bd5c07a5cd303b8695cc032efe759c (commit) via 34fd7e68a9761260c650caca31b8d7dd7a372c33 (commit) via aacb4f1a6ec12efff96fa7e51ca7b57254e2b2c8 (commit) via d13bd6130bd856e9f512c43499e5fc70943bf133 (commit) from 45ddce21fa4c2fdcfe48fb3f7e0ca78531a7b922 (commit) - Log ----------------------------------------------------------------- commit cab4cd3fe9bd5c07a5cd303b8695cc032efe759c Author: Matt Caswell Date: Mon May 4 23:28:41 2015 +0100 make update Reviewed-by: Dr. Stephen Henson commit 34fd7e68a9761260c650caca31b8d7dd7a372c33 Author: mancha security Date: Mon May 4 06:36:42 2015 +0000 ssl/kssl.c: include missing header to complete SSL structure's defn. Signed-off-by: mancha security Signed-off-by: Matt Caswell Reviewed-by: Dr. Stephen Henson commit aacb4f1a6ec12efff96fa7e51ca7b57254e2b2c8 Author: mancha security Date: Sun May 3 02:45:45 2015 +0000 ssl/ssl_asn1.c: Fix typo introduced via cc5b6a03a320f1 Signed-off-by: mancha security Signed-off-by: Matt Caswell Reviewed-by: Dr. Stephen Henson commit d13bd6130bd856e9f512c43499e5fc70943bf133 Author: Matt Caswell Date: Mon May 4 23:15:46 2015 +0100 Remove libcrypto to libssl dependency Remove dependency on ssl_locl.h from v3_scts.c, and incidentally fix a build problem with kerberos (the dependency meant v3_scts.c was trying to include krb5.h, but without having been passed the relevanant -I flags to the compiler) Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/Makefile | 32 ++++++++++++-------------------- crypto/x509v3/v3_scts.c | 11 ++++++++++- ssl/Makefile | 15 +++++++++------ ssl/kssl.c | 1 + ssl/ssl_asn1.c | 2 +- 5 files changed, 33 insertions(+), 28 deletions(-) diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index 24bb60b..4affc2d 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -506,26 +506,18 @@ v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h v3_purp.o: ../cryptlib.h v3_purp.c v3_scts.o: ../../e_os.h ../../include/openssl/asn1.h v3_scts.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -v3_scts.o: ../../include/openssl/comp.h ../../include/openssl/conf.h -v3_scts.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h -v3_scts.o: ../../include/openssl/dtls1.h ../../include/openssl/e_os2.h -v3_scts.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -v3_scts.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -v3_scts.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h -v3_scts.o: ../../include/openssl/kssl.h ../../include/openssl/lhash.h -v3_scts.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -v3_scts.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -v3_scts.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -v3_scts.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -v3_scts.o: ../../include/openssl/pqueue.h ../../include/openssl/rsa.h -v3_scts.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -v3_scts.o: ../../include/openssl/srtp.h ../../include/openssl/ssl.h -v3_scts.o: ../../include/openssl/ssl2.h ../../include/openssl/ssl23.h -v3_scts.o: ../../include/openssl/ssl3.h ../../include/openssl/stack.h -v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/tls1.h -v3_scts.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_scts.o: ../../include/openssl/x509v3.h ../../ssl/record/record.h -v3_scts.o: ../../ssl/ssl_locl.h ../cryptlib.h v3_scts.c +v3_scts.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +v3_scts.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +v3_scts.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +v3_scts.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_scts.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +v3_scts.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +v3_scts.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +v3_scts.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h +v3_scts.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h +v3_scts.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_scts.o: ../cryptlib.h v3_scts.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 31e610d..a9e1a97 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -60,7 +60,16 @@ #include "cryptlib.h" #include #include -#include "../../ssl/ssl_locl.h" + +/* Signature and hash algorithms from RFC 5246 */ +#define TLSEXT_hash_sha256 4 + +#define TLSEXT_signature_rsa 1 +#define TLSEXT_signature_ecdsa 3 + + +#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ + (((unsigned int)(c[1])) )),c+=2) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define SCT_TIMESTAMP unsigned __int64 diff --git a/ssl/Makefile b/ssl/Makefile index bff2b9a..86f5077 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -278,24 +278,27 @@ dtls1_bitmap.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h dtls1_bitmap.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h dtls1_bitmap.o: dtls1_bitmap.c record/../record/record.h record/../ssl_locl.h dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h -kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h +kssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h -kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h -kssl.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -kssl.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +kssl.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +kssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h kssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -kssl.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +kssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h kssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -kssl.o: ../include/openssl/x509_vfy.h kssl.c kssl_lcl.h +kssl.o: ../include/openssl/x509_vfy.h kssl.c kssl_lcl.h record/record.h +kssl.o: ssl_locl.h rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h rec_layer_d1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h diff --git a/ssl/kssl.c b/ssl/kssl.c index 6ec3742..ce43529 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -79,6 +79,7 @@ #include #include #include "kssl_lcl.h" +#include "ssl_locl.h" #ifndef OPENSSL_NO_KRB5 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 905c8cf..3e84917 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -370,7 +370,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, #ifndef OPENSSL_NO_KRB5 if (!ssl_session_memcpy(ret->krb5_client_princ, &ret->krb5_client_princ_len, - as->krb5_princ, SSL_MAX_PRINCIPAL_LENGTH)) + as->krb5_princ, SSL_MAX_KRB5_PRINCIPAL_LENGTH)) goto err; #endif /* OPENSSL_NO_KRB5 */ From matt at openssl.org Tue May 5 08:13:17 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 05 May 2015 08:13:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430813597.556107.13219.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via cd5f206c2fb0d44ab55aec4ddab4a0109c134355 (commit) from 3cf40601b7d164ab48addbb0456d7aa59fa38c88 (commit) - Log ----------------------------------------------------------------- commit cd5f206c2fb0d44ab55aec4ddab4a0109c134355 Author: Matt Caswell Date: Mon May 4 23:15:46 2015 +0100 Remove libcrypto to libssl dependency Remove dependency on ssl_locl.h from v3_scts.c, and incidentally fix a build problem with kerberos (the dependency meant v3_scts.c was trying to include krb5.h, but without having been passed the relevanant -I flags to the compiler) Reviewed-by: Dr. Stephen Henson (cherry picked from commit d13bd6130bd856e9f512c43499e5fc70943bf133) Conflicts: crypto/x509v3/v3_scts.c ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_scts.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index 9a4c3eb..6e0b8d6 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -60,7 +60,16 @@ #include "cryptlib.h" #include #include -#include "../ssl/ssl_locl.h" + +/* Signature and hash algorithms from RFC 5246 */ +#define TLSEXT_hash_sha256 4 + +#define TLSEXT_signature_rsa 1 +#define TLSEXT_signature_ecdsa 3 + + +#define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ + (((unsigned int)(c[1])) )),c+=2) #if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) # define SCT_TIMESTAMP unsigned __int64 From stevem at openssl.org Tue May 5 11:31:07 2015 From: stevem at openssl.org (Steve Marquess) Date: Tue, 05 May 2015 11:31:07 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1430825467.018935.30572.nullmailer@dev.openssl.org> The branch master has been updated via 03dcacf7b4020fdf14b769e0c178c751740cc93c (commit) from 75a9eabfc38b3f8a23712c89c4c11786cfb436d8 (commit) - Log ----------------------------------------------------------------- commit 03dcacf7b4020fdf14b769e0c178c751740cc93c Author: Steve Marquess Date: Tue May 5 07:30:25 2015 -0400 Remove Nokia sponsor logo ----------------------------------------------------------------------- Summary of changes: support/acknowledgments.wml | 3 --- 1 file changed, 3 deletions(-) diff --git a/support/acknowledgments.wml b/support/acknowledgments.wml index ca8345e..5c583ac 100644 --- a/support/acknowledgments.wml +++ b/support/acknowledgments.wml @@ -60,9 +60,6 @@ Platinum sponsors (listed chronologically, left to right). The sustainable fund - - - From rsalz at openssl.org Tue May 5 13:29:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 05 May 2015 13:29:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430832555.955025.16345.nullmailer@dev.openssl.org> The branch master has been updated via ff660b93126931ec37b4c4734e4ad4f4ef3c81db (commit) from cab4cd3fe9bd5c07a5cd303b8695cc032efe759c (commit) - Log ----------------------------------------------------------------- commit ff660b93126931ec37b4c4734e4ad4f4ef3c81db Author: Rich Salz Date: Mon May 4 18:05:26 2015 -0400 Remove apps cache for gethostbyname Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/s_socket.c | 52 ++-------------------------------------------------- 1 file changed, 2 insertions(+), 50 deletions(-) diff --git a/apps/s_socket.c b/apps/s_socket.c index 29240e8..bba8e08 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -139,7 +139,6 @@ typedef unsigned int u_int; # include "netdb.h" # endif -static struct hostent *GetHostByName(const char *name); # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)) static void ssl_sock_cleanup(void); # endif @@ -564,7 +563,7 @@ static int do_accept(int acc_sock, int *sock, char **host) *host = app_malloc(strlen(h1->h_name) + 1, "copy hostname"); BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1); - h2 = GetHostByName(*host); + h2 = gethostbyname(*host); if (h2 == NULL) { BIO_printf(bio_err, "gethostbyname failure\n"); closesocket(ret); @@ -655,7 +654,7 @@ static int host_ip(const char *str, unsigned char ip[4]) if (!ssl_sock_init()) return (0); - he = GetHostByName(str); + he = gethostbyname(str); if (he == NULL) { BIO_printf(bio_err, "gethostbyname failure\n"); goto err; @@ -693,51 +692,4 @@ int extract_port(const char *str, unsigned short *port_ptr) return (1); } -# define GHBN_NUM 4 -static struct ghbn_cache_st { - char name[128]; - struct hostent ent; - unsigned long order; -} ghbn_cache[GHBN_NUM]; - -static unsigned long ghbn_hits = 0L; -static unsigned long ghbn_miss = 0L; - -static struct hostent *GetHostByName(const char *name) -{ - struct hostent *ret; - int i, lowi = 0; - unsigned long low = (unsigned long)-1; - - for (i = 0; i < GHBN_NUM; i++) { - if (low > ghbn_cache[i].order) { - low = ghbn_cache[i].order; - lowi = i; - } - if (ghbn_cache[i].order > 0) { - if (strncmp(name, ghbn_cache[i].name, 128) == 0) - break; - } - } - if (i == GHBN_NUM) { /* no hit */ - ghbn_miss++; - ret = gethostbyname(name); - if (ret == NULL) - return (NULL); - /* else add to cache */ - if (strlen(name) < sizeof ghbn_cache[0].name) { - strcpy(ghbn_cache[lowi].name, name); - memcpy((char *)&(ghbn_cache[lowi].ent), ret, - sizeof(struct hostent)); - ghbn_cache[lowi].order = ghbn_miss + ghbn_hits; - } - return (ret); - } else { - ghbn_hits++; - ret = &(ghbn_cache[i].ent); - ghbn_cache[i].order = ghbn_miss + ghbn_hits; - return (ret); - } -} - #endif From rsalz at openssl.org Tue May 5 16:01:00 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 05 May 2015 16:01:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430841660.825718.805.nullmailer@dev.openssl.org> The branch master has been updated via a28ef860be371e45f4818b22be378519538d70f9 (commit) from ff660b93126931ec37b4c4734e4ad4f4ef3c81db (commit) - Log ----------------------------------------------------------------- commit a28ef860be371e45f4818b22be378519538d70f9 Author: Rich Salz Date: Mon May 4 11:54:26 2015 -0400 Update multi-thread FAQ Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: FAQ | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/FAQ b/FAQ index 75fc9ac..2579d51 100644 --- a/FAQ +++ b/FAQ @@ -789,18 +789,15 @@ considered to be security issues. * Is OpenSSL thread-safe? -Yes (with limitations: an SSL connection may not concurrently be used -by multiple threads). On Windows and many Unix systems, OpenSSL -automatically uses the multi-threaded versions of the standard -libraries. If your platform is not one of these, consult the INSTALL -file. - -Multi-threaded applications must provide two callback functions to -OpenSSL by calling CRYPTO_set_locking_callback() and -CRYPTO_set_id_callback(), for all versions of OpenSSL up to and -including 0.9.8[abc...]. As of version 1.0.0, CRYPTO_set_id_callback() -and associated APIs are deprecated by CRYPTO_THREADID_set_callback() -and friends. This is described in the threads(3) manpage. +Provided an application sets up the thread callback functions, the +answer is yes. There are limitations; for example, an SSL connection +cannot be used concurrently by multiple threads. This is true for +most OpenSSL objects. + +To do this, your application must call CRYPTO_set_locking_callback() +and one of the CRYPTO_THREADID_set...() API's. See the OpenSSL threads +manpage for details and "note on multi-threading" in the INSTALL file in +the source distribution. * I've compiled a program under Windows and it crashes: why? From matt at openssl.org Tue May 5 19:10:44 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 05 May 2015 19:10:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430853044.496492.26087.nullmailer@dev.openssl.org> The branch master has been updated via cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2 (commit) via cc273a93617a5c1e69cb5db6f655e463f8e31806 (commit) via cf9b0b6fb253fd40225d7c648a08646686e62d2d (commit) via a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a (commit) from a28ef860be371e45f4818b22be378519538d70f9 (commit) - Log ----------------------------------------------------------------- commit cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2 Author: Matt Caswell Date: Thu Apr 30 11:50:08 2015 +0100 Add more error state transitions (DTLS) Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz commit cc273a93617a5c1e69cb5db6f655e463f8e31806 Author: Matt Caswell Date: Thu Apr 30 11:32:35 2015 +0100 Add more error state transitions (client) Ensure all fatal errors transition into the new error state on the client side. Reviewed-by: Rich Salz commit cf9b0b6fb253fd40225d7c648a08646686e62d2d Author: Matt Caswell Date: Thu Apr 30 11:11:04 2015 +0100 Add more error state transitions Ensure all fatal errors transition into the new error state on the server side. Reviewed-by: Rich Salz commit a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a Author: Matt Caswell Date: Thu Apr 23 20:01:33 2015 +0100 Add Error state Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: include/openssl/ssl.h | 1 + ssl/d1_clnt.c | 10 +++++++ ssl/d1_srvr.c | 13 ++++++++- ssl/s3_clnt.c | 30 ++++++++++++++++++-- ssl/s3_srvr.c | 76 ++++++++++++++++++++++++++++++++++++++++++--------- ssl/ssl_stat.c | 6 ++++ 6 files changed, 119 insertions(+), 17 deletions(-) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index ecd6c69..d99e9f2 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -975,6 +975,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index b8efa88..142438a 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -230,6 +230,7 @@ int dtls1_connect(SSL *s) (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -239,10 +240,12 @@ int dtls1_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -251,12 +254,14 @@ int dtls1_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -435,6 +440,7 @@ int dtls1_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -566,6 +572,7 @@ int dtls1_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -573,6 +580,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } #ifndef OPENSSL_NO_SCTP @@ -746,6 +754,7 @@ int dtls1_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -826,5 +835,6 @@ static int dtls1_get_hello_verify(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 663f118..cc4874f 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -238,11 +238,13 @@ int dtls1_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -250,6 +252,7 @@ int dtls1_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -271,6 +274,7 @@ int dtls1_accept(SSL *s) #endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -643,6 +647,7 @@ int dtls1_accept(SSL *s) break; if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } /* @@ -651,8 +656,10 @@ int dtls1_accept(SSL *s) */ if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; @@ -755,6 +762,7 @@ int dtls1_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -783,6 +791,7 @@ int dtls1_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -858,6 +867,7 @@ int dtls1_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -916,6 +926,7 @@ int dtls1_send_hello_verify_request(SSL *s) &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f81f160..f936fa3 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -237,6 +237,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -252,10 +253,12 @@ int ssl3_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -270,6 +273,7 @@ int ssl3_connect(SSL *s) /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -377,6 +381,7 @@ int ssl3_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -400,6 +405,7 @@ int ssl3_connect(SSL *s) if ((ret = SRP_Calc_A_param(s)) <= 0) { SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; goto end; } } @@ -491,6 +497,7 @@ int ssl3_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -498,6 +505,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -629,6 +637,7 @@ int ssl3_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -874,6 +883,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return ssl_do_write(s); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1145,6 +1155,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1185,7 +1196,7 @@ int ssl3_get_server_certificate(SSL *s) if ((sk = sk_X509_new_null()) == NULL) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto done; + goto err; } n2l3(p, llen); @@ -1218,7 +1229,7 @@ int ssl3_get_server_certificate(SSL *s) } if (!sk_X509_push(sk, x)) { SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, ERR_R_MALLOC_FAILURE); - goto done; + goto err; } x = NULL; nc += l + 3; @@ -1246,7 +1257,7 @@ int ssl3_get_server_certificate(SSL *s) sc = ssl_sess_cert_new(); if (sc == NULL) - goto done; + goto err; ssl_sess_cert_free(s->session->sess_cert); s->session->sess_cert = sc; @@ -1332,6 +1343,8 @@ int ssl3_get_server_certificate(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + err: + s->state = SSL_ST_ERR; done: EVP_PKEY_free(pkey); X509_free(x); @@ -1987,6 +2000,7 @@ int ssl3_get_key_exchange(SSL *s) EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2143,7 +2157,10 @@ int ssl3_get_certificate_request(SSL *s) ca_sk = NULL; ret = 1; + goto done; err: + s->state = SSL_ST_ERR; + done: sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); } @@ -2213,6 +2230,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2272,6 +2290,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return (-1); } #endif @@ -2293,6 +2312,7 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret = 1; @@ -3079,6 +3099,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3218,6 +3239,7 @@ int ssl3_send_client_verify(SSL *s) err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); + s->state = SSL_ST_ERR; return (-1); } @@ -3281,6 +3303,7 @@ int ssl3_send_client_certificate(SSL *s) } if (i == 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } s->rwstate = SSL_NOTHING; @@ -3339,6 +3362,7 @@ int ssl3_send_client_certificate(SSL *s) 2) ? NULL : s->cert->key)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 7a39967..e6884f3 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -262,6 +262,7 @@ int ssl3_accept(SSL *s) if ((s->version >> 8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } @@ -275,11 +276,13 @@ int ssl3_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -287,6 +290,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -305,6 +309,7 @@ int ssl3_accept(SSL *s) */ if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -322,6 +327,7 @@ int ssl3_accept(SSL *s) SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else { /* @@ -380,6 +386,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; + s->state = SSL_ST_ERR; goto end; } } @@ -530,9 +537,12 @@ int ssl3_accept(SSL *s) skip = 1; s->s3->tmp.cert_request = 0; s->state = SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -613,6 +623,7 @@ int ssl3_accept(SSL *s) break; if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } /* @@ -621,8 +632,10 @@ int ssl3_accept(SSL *s) */ if (!(s->s3->flags & SSL_SESS_FLAG_EXTMS)) { s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } } else { int offset = 0; @@ -637,9 +650,12 @@ int ssl3_accept(SSL *s) * CertificateVerify should be generalized. But it is next * step */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { int dgst_size; @@ -655,6 +671,7 @@ int ssl3_accept(SSL *s) dgst_size = EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -769,6 +786,7 @@ int ssl3_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -785,6 +803,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -847,6 +866,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -1444,8 +1464,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; } @@ -1462,8 +1484,10 @@ int ssl3_send_server_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { + s->state = SSL_ST_ERR; return -1; + } #endif /* Do the message type and length last */ d = p = ssl_handshake_start(s); @@ -1499,6 +1523,7 @@ int ssl3_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++) = sl; @@ -1521,6 +1546,7 @@ int ssl3_send_server_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + s->state = SSL_ST_ERR; return -1; } if ((p = @@ -1528,6 +1554,7 @@ int ssl3_send_server_hello(SSL *s) &al)) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, al); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -2016,6 +2043,7 @@ int ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2090,6 +2118,7 @@ int ssl3_send_certificate_request(SSL *s) /* SSL3_ST_SW_CERT_REQ_B */ return ssl_do_write(s); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2916,6 +2945,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3118,6 +3148,7 @@ int ssl3_get_cert_verify(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; } end: BIO_free(s->s3->handshake_buffer); @@ -3286,6 +3317,7 @@ int ssl3_get_client_certificate(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); done: + s->state = SSL_ST_ERR; X509_free(x); sk_X509_pop_free(sk, X509_free); return (ret); @@ -3303,12 +3335,14 @@ int ssl3_send_server_certificate(SSL *s) (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } } if (!ssl3_output_cert_chain(s, cpk)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } s->state = SSL3_ST_SW_CERT_B; @@ -3342,11 +3376,15 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full == 0 || slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) { + s->state = SSL_ST_ERR; return -1; + } senc = OPENSSL_malloc(slen_full); - if (!senc) + if (!senc) { + s->state = SSL_ST_ERR; return -1; + } EVP_CIPHER_CTX_init(&ctx); HMAC_CTX_init(&hctx); @@ -3461,6 +3499,7 @@ int ssl3_send_newsession_ticket(SSL *s) OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; return -1; } @@ -3474,8 +3513,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; return -1; + } p = (unsigned char *)s->init_buf->data; @@ -3518,6 +3559,7 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); + s->state = SSL_ST_ERR; return -1; } @@ -3537,11 +3579,14 @@ int ssl3_get_next_proto(SSL *s) */ if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); + s->state = SSL_ST_ERR; return -1; } - if (n < 2) + if (n < 2) { + s->state = SSL_ST_ERR; return 0; /* The body must be > 1 bytes long */ + } p = (unsigned char *)s->init_msg; @@ -3553,15 +3598,20 @@ int ssl3_get_next_proto(SSL *s) * uint8 padding[padding_len]; */ proto_len = p[0]; - if (proto_len + 2 > s->init_num) + if (proto_len + 2 > s->init_num) { + s->state = SSL_ST_ERR; return 0; + } padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) + if (proto_len + padding_len + 2 != s->init_num) { + s->state = SSL_ST_ERR; return 0; + } s->next_proto_negotiated = OPENSSL_malloc(proto_len); if (!s->next_proto_negotiated) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); + s->state = SSL_ST_ERR; return 0; } memcpy(s->next_proto_negotiated, p + 1, proto_len); diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 258c4eb..76b550c 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s) case SSL_ST_OK | SSL_ST_ACCEPT: str = "ok/accept SSL initialization"; break; + case SSL_ST_ERR: + str = "error"; + break; #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ @@ -360,6 +363,9 @@ const char *SSL_state_string(const SSL *s) case SSL_ST_OK: str = "SSLOK "; break; + case SSL_ST_ERR: + str = "SSLERR"; + break; #ifndef OPENSSL_NO_SSL3 /* SSLv3 additions */ From matt at openssl.org Tue May 5 19:11:04 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 05 May 2015 19:11:04 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1430853064.985953.27042.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 76d0c6d48e5a42dedb24691a67d733f6859aee4d (commit) via a329ae226826c3e1fe61156c20096da374844146 (commit) via f3c4abb3773efcee81768a5913cba5189a589eff (commit) via 189e20c68c2399782034fec9f65d6b9ee88aac3d (commit) from 4b771121f2b657f50e8c7a27e9fab0bb043f91bc (commit) - Log ----------------------------------------------------------------- commit 76d0c6d48e5a42dedb24691a67d733f6859aee4d Author: Matt Caswell Date: Thu Apr 30 11:50:08 2015 +0100 Add more error state transitions (DTLS) Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz (cherry picked from commit cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2) Conflicts: ssl/d1_srvr.c Conflicts: ssl/d1_srvr.c commit a329ae226826c3e1fe61156c20096da374844146 Author: Matt Caswell Date: Thu Apr 30 11:32:35 2015 +0100 Add more error state transitions (client) Ensure all fatal errors transition into the new error state on the client side. Reviewed-by: Rich Salz (cherry picked from commit cc273a93617a5c1e69cb5db6f655e463f8e31806) Conflicts: ssl/s3_clnt.c Conflicts: ssl/s3_clnt.c commit f3c4abb3773efcee81768a5913cba5189a589eff Author: Matt Caswell Date: Thu Apr 30 11:11:04 2015 +0100 Add more error state transitions Ensure all fatal errors transition into the new error state on the server side. Reviewed-by: Rich Salz (cherry picked from commit cf9b0b6fb253fd40225d7c648a08646686e62d2d) Conflicts: ssl/s3_srvr.c commit 189e20c68c2399782034fec9f65d6b9ee88aac3d Author: Matt Caswell Date: Thu Apr 23 20:01:33 2015 +0100 Add Error state Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz (cherry picked from commit a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a) Conflicts: ssl/s3_srvr.c ssl/ssl_stat.c ----------------------------------------------------------------------- Summary of changes: ssl/d1_clnt.c | 10 ++++++++ ssl/d1_srvr.c | 8 ++++++ ssl/s3_clnt.c | 25 ++++++++++++++++++- ssl/s3_srvr.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++----------- ssl/ssl.h | 1 + ssl/ssl_stat.c | 6 +++++ 6 files changed, 114 insertions(+), 15 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 1394781..377c1e6 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -212,6 +212,7 @@ int dtls1_connect(SSL *s) (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -221,10 +222,12 @@ int dtls1_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -233,12 +236,14 @@ int dtls1_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -417,6 +422,7 @@ int dtls1_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -548,6 +554,7 @@ int dtls1_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -555,6 +562,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } #ifndef OPENSSL_NO_SCTP @@ -735,6 +743,7 @@ int dtls1_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -945,6 +954,7 @@ static int dtls1_get_hello_verify(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index d12ad6d..d63e229 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -224,11 +224,13 @@ int dtls1_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -236,6 +238,7 @@ int dtls1_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -257,6 +260,7 @@ int dtls1_accept(SSL *s) #endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -744,6 +748,7 @@ int dtls1_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -772,6 +777,7 @@ int dtls1_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -852,6 +858,7 @@ int dtls1_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -932,6 +939,7 @@ int dtls1_send_hello_verify_request(SSL *s) &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 6025829..a521d56 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -238,6 +238,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -248,10 +249,12 @@ int ssl3_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -266,6 +269,7 @@ int ssl3_connect(SSL *s) /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -373,6 +377,7 @@ int ssl3_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -396,6 +401,7 @@ int ssl3_connect(SSL *s) if ((ret = SRP_Calc_A_param(s)) <= 0) { SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; goto end; } } @@ -487,6 +493,7 @@ int ssl3_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -494,6 +501,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -628,6 +636,7 @@ int ssl3_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -822,6 +831,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1082,6 +1092,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1260,8 +1271,10 @@ int ssl3_get_server_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -1931,6 +1944,7 @@ int ssl3_get_key_exchange(SSL *s) EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2087,7 +2101,10 @@ int ssl3_get_certificate_request(SSL *s) ca_sk = NULL; ret = 1; + goto done; err: + s->state = SSL_ST_ERR; + done: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -2164,6 +2181,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2224,6 +2242,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return (-1); } #endif @@ -2245,6 +2264,7 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret = 1; @@ -2988,6 +3008,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3121,6 +3142,7 @@ int ssl3_send_client_verify(SSL *s) err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); + s->state = SSL_ST_ERR; return (-1); } @@ -3189,6 +3211,7 @@ int ssl3_send_client_certificate(SSL *s) if (!l) { SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } s->init_num = (int)l; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 92acb0ab..65d7a35 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -266,6 +266,7 @@ int ssl3_accept(SSL *s) if ((s->version >> 8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->type = SSL_ST_ACCEPT; @@ -273,11 +274,13 @@ int ssl3_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -285,6 +288,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -303,6 +307,7 @@ int ssl3_accept(SSL *s) */ if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -320,6 +325,7 @@ int ssl3_accept(SSL *s) SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else { /* @@ -379,6 +385,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; + s->state = SSL_ST_ERR; goto end; } } @@ -529,9 +536,12 @@ int ssl3_accept(SSL *s) skip = 1; s->s3->tmp.cert_request = 0; s->state = SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -629,11 +639,14 @@ int ssl3_accept(SSL *s) */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } else { int offset = 0; int dgst_num; @@ -647,9 +660,12 @@ int ssl3_accept(SSL *s) * CertificateVerify should be generalized. But it is next * step */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { int dgst_size; @@ -665,6 +681,7 @@ int ssl3_accept(SSL *s) dgst_size = EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -779,6 +796,7 @@ int ssl3_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -795,6 +813,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -857,6 +876,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -1489,8 +1509,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return (ret); @@ -1507,8 +1529,10 @@ int ssl3_send_server_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { + s->state = SSL_ST_ERR; return -1; + } #endif /* Do the message type and length last */ d = p = &(buf[4]); @@ -1543,6 +1567,7 @@ int ssl3_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++) = sl; @@ -1565,6 +1590,7 @@ int ssl3_send_server_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + s->state = SSL_ST_ERR; return -1; } if ((p = @@ -1572,6 +1598,7 @@ int ssl3_send_server_hello(SSL *s) buf + SSL3_RT_MAX_PLAIN_LENGTH)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -2055,6 +2082,7 @@ int ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2152,6 +2180,7 @@ int ssl3_send_certificate_request(SSL *s) /* SSL3_ST_SW_CERT_REQ_B */ return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2918,6 +2947,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3132,6 +3162,7 @@ int ssl3_get_cert_verify(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; } end: if (s->s3->handshake_buffer) { @@ -3290,8 +3321,10 @@ int ssl3_get_client_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (x != NULL) X509_free(x); if (sk != NULL) @@ -3312,6 +3345,7 @@ int ssl3_send_server_certificate(SSL *s) (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } } @@ -3319,6 +3353,7 @@ int ssl3_send_server_certificate(SSL *s) l = ssl3_output_cert_chain(s, x); if (!l) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } s->state = SSL3_ST_SW_CERT_B; @@ -3354,11 +3389,15 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full == 0 || slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) { + s->state = SSL_ST_ERR; return -1; + } senc = OPENSSL_malloc(slen_full); - if (!senc) + if (!senc) { + s->state = SSL_ST_ERR; return -1; + } EVP_CIPHER_CTX_init(&ctx); HMAC_CTX_init(&hctx); @@ -3481,6 +3520,7 @@ int ssl3_send_newsession_ticket(SSL *s) OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; return -1; } @@ -3494,8 +3534,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; return -1; + } p = (unsigned char *)s->init_buf->data; @@ -3538,6 +3580,7 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); + s->state = SSL_ST_ERR; return -1; } @@ -3557,11 +3600,14 @@ int ssl3_get_next_proto(SSL *s) */ if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); + s->state = SSL_ST_ERR; return -1; } - if (n < 2) + if (n < 2) { + s->state = SSL_ST_ERR; return 0; /* The body must be > 1 bytes long */ + } p = (unsigned char *)s->init_msg; @@ -3573,15 +3619,20 @@ int ssl3_get_next_proto(SSL *s) * uint8 padding[padding_len]; */ proto_len = p[0]; - if (proto_len + 2 > s->init_num) + if (proto_len + 2 > s->init_num) { + s->state = SSL_ST_ERR; return 0; + } padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) + if (proto_len + padding_len + 2 != s->init_num) { + s->state = SSL_ST_ERR; return 0; + } s->next_proto_negotiated = OPENSSL_malloc(proto_len); if (!s->next_proto_negotiated) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); + s->state = SSL_ST_ERR; return 0; } memcpy(s->next_proto_negotiated, p + 1, proto_len); diff --git a/ssl/ssl.h b/ssl/ssl.h index 790589d..62472a1 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1544,6 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index d725d78..1b9069f 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s) case SSL_ST_OK | SSL_ST_ACCEPT: str = "ok/accept SSL initialization"; break; + case SSL_ST_ERR: + str = "error"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "SSLv2 client start encryption"; @@ -496,6 +499,9 @@ const char *SSL_state_string(const SSL *s) case SSL_ST_OK: str = "SSLOK "; break; + case SSL_ST_ERR: + str = "SSLERR"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "2CSENC"; From matt at openssl.org Tue May 5 19:10:54 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 05 May 2015 19:10:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1430853054.498154.26797.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via feb96e914ad3e30dbb6bf27cfaeeae98298a6a8d (commit) via 67fb63e9b713aa577347c8b297aeae79b068fa33 (commit) via eecc697b6577c5454560d397173627b3b91e1c91 (commit) via e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589 (commit) from cd5f206c2fb0d44ab55aec4ddab4a0109c134355 (commit) - Log ----------------------------------------------------------------- commit feb96e914ad3e30dbb6bf27cfaeeae98298a6a8d Author: Matt Caswell Date: Thu Apr 30 11:50:08 2015 +0100 Add more error state transitions (DTLS) Ensure all fatal errors transition into the new error state for DTLS. Reviewed-by: Rich Salz (cherry picked from commit cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2) Conflicts: ssl/d1_srvr.c commit 67fb63e9b713aa577347c8b297aeae79b068fa33 Author: Matt Caswell Date: Thu Apr 30 11:32:35 2015 +0100 Add more error state transitions (client) Ensure all fatal errors transition into the new error state on the client side. Reviewed-by: Rich Salz (cherry picked from commit cc273a93617a5c1e69cb5db6f655e463f8e31806) Conflicts: ssl/s3_clnt.c commit eecc697b6577c5454560d397173627b3b91e1c91 Author: Matt Caswell Date: Thu Apr 30 11:11:04 2015 +0100 Add more error state transitions Ensure all fatal errors transition into the new error state on the server side. Reviewed-by: Rich Salz (cherry picked from commit cf9b0b6fb253fd40225d7c648a08646686e62d2d) Conflicts: ssl/s3_srvr.c commit e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589 Author: Matt Caswell Date: Thu Apr 23 20:01:33 2015 +0100 Add Error state Reusing an SSL object when it has encountered a fatal error can have bad consequences. This is a bug in application code not libssl but libssl should be more forgiving and not crash. Reviewed-by: Rich Salz (cherry picked from commit a89db885e0d8aac3a9df1bbccb0c1ddfd8b2e10a) Conflicts: ssl/s3_srvr.c ssl/ssl_stat.c ----------------------------------------------------------------------- Summary of changes: ssl/d1_clnt.c | 10 ++++++++ ssl/d1_srvr.c | 13 +++++++++- ssl/s3_clnt.c | 26 ++++++++++++++++++- ssl/s3_srvr.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++----------- ssl/ssl.h | 1 + ssl/ssl_stat.c | 6 +++++ 6 files changed, 119 insertions(+), 16 deletions(-) diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 1858263..4c2ccbf 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -228,6 +228,7 @@ int dtls1_connect(SSL *s) (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00)) { SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR); ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -237,10 +238,12 @@ int dtls1_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -249,12 +252,14 @@ int dtls1_connect(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -433,6 +438,7 @@ int dtls1_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -564,6 +570,7 @@ int dtls1_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -571,6 +578,7 @@ int dtls1_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } #ifndef OPENSSL_NO_SCTP @@ -751,6 +759,7 @@ int dtls1_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -842,5 +851,6 @@ static int dtls1_get_hello_verify(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return -1; } diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index a184150..10726d6 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -240,11 +240,13 @@ int dtls1_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -252,6 +254,7 @@ int dtls1_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -273,6 +276,7 @@ int dtls1_accept(SSL *s) #endif if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -661,11 +665,14 @@ int dtls1_accept(SSL *s) */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_DTLS1_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } else { s->state = SSL3_ST_SR_CERT_VRFY_A; s->init_num = 0; @@ -767,6 +774,7 @@ int dtls1_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -795,6 +803,7 @@ int dtls1_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -875,6 +884,7 @@ int dtls1_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -933,6 +943,7 @@ int dtls1_send_hello_verify_request(SSL *s) &(s->d1->cookie_len)) == 0) { SSLerr(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 50544d1..eebd423 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -238,6 +238,7 @@ int ssl3_connect(SSL *s) if ((s->version & 0xff00) != 0x0300) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -248,10 +249,12 @@ int ssl3_connect(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -266,6 +269,7 @@ int ssl3_connect(SSL *s) /* setup buffing BIO */ if (!ssl_init_wbio_buffer(s, 0)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -373,6 +377,7 @@ int ssl3_connect(SSL *s) */ if (!ssl3_check_cert_and_algorithm(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } break; @@ -396,6 +401,7 @@ int ssl3_connect(SSL *s) if ((ret = SRP_Calc_A_param(s)) <= 0) { SSLerr(SSL_F_SSL3_CONNECT, SSL_R_SRP_A_CALC); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; goto end; } } @@ -487,6 +493,7 @@ int ssl3_connect(SSL *s) #endif if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -494,6 +501,7 @@ int ssl3_connect(SSL *s) SSL3_CHANGE_CIPHER_CLIENT_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -628,6 +636,7 @@ int ssl3_connect(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_CONNECT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -877,6 +886,7 @@ int ssl3_client_hello(SSL *s) /* SSL3_ST_CW_CLNT_HELLO_B */ return ssl_do_write(s); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1150,6 +1160,7 @@ int ssl3_get_server_hello(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -1335,8 +1346,10 @@ int ssl3_get_server_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + EVP_PKEY_free(pkey); X509_free(x); sk_X509_pop_free(sk, X509_free); @@ -2002,6 +2015,7 @@ int ssl3_get_key_exchange(SSL *s) EC_KEY_free(ecdh); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2177,7 +2191,10 @@ int ssl3_get_certificate_request(SSL *s) ca_sk = NULL; ret = 1; + goto done; err: + s->state = SSL_ST_ERR; + done: if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk, X509_NAME_free); return (ret); @@ -2254,6 +2271,7 @@ int ssl3_get_new_session_ticket(SSL *s) f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2314,6 +2332,7 @@ int ssl3_get_cert_status(SSL *s) return 1; f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; return (-1); } #endif @@ -2335,6 +2354,7 @@ int ssl3_get_server_done(SSL *s) /* should contain no data */ ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); SSLerr(SSL_F_SSL3_GET_SERVER_DONE, SSL_R_LENGTH_MISMATCH); + s->state = SSL_ST_ERR; return -1; } ret = 1; @@ -3101,6 +3121,7 @@ int ssl3_send_client_key_exchange(SSL *s) EC_KEY_free(clnt_ecdh); EVP_PKEY_free(srvr_pub_pkey); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3229,6 +3250,7 @@ int ssl3_send_client_verify(SSL *s) err: EVP_MD_CTX_cleanup(&mctx); EVP_PKEY_CTX_free(pctx); + s->state = SSL_ST_ERR; return (-1); } @@ -3292,6 +3314,7 @@ int ssl3_send_client_certificate(SSL *s) } if (i == 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } s->rwstate = SSL_NOTHING; @@ -3352,6 +3375,7 @@ int ssl3_send_client_certificate(SSL *s) 2) ? NULL : s->cert->key)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return 0; } } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 2e7cb7a..2e0f989 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -266,6 +266,7 @@ int ssl3_accept(SSL *s) if ((s->version >> 8) != 3) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->type = SSL_ST_ACCEPT; @@ -273,11 +274,13 @@ int ssl3_accept(SSL *s) if (s->init_buf == NULL) { if ((buf = BUF_MEM_new()) == NULL) { ret = -1; + s->state = SSL_ST_ERR; goto end; } if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { BUF_MEM_free(buf); ret = -1; + s->state = SSL_ST_ERR; goto end; } s->init_buf = buf; @@ -285,6 +288,7 @@ int ssl3_accept(SSL *s) if (!ssl3_setup_buffers(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -303,6 +307,7 @@ int ssl3_accept(SSL *s) */ if (!ssl_init_wbio_buffer(s, 1)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -320,6 +325,7 @@ int ssl3_accept(SSL *s) SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED); ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); ret = -1; + s->state = SSL_ST_ERR; goto end; } else { /* @@ -379,6 +385,7 @@ int ssl3_accept(SSL *s) SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_CLIENTHELLO_TLSEXT); ret = SSL_TLSEXT_ERR_ALERT_FATAL; ret = -1; + s->state = SSL_ST_ERR; goto end; } } @@ -529,9 +536,12 @@ int ssl3_accept(SSL *s) skip = 1; s->s3->tmp.cert_request = 0; s->state = SSL3_ST_SW_SRVR_DONE_A; - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } } else { s->s3->tmp.cert_request = 1; ret = ssl3_send_certificate_request(s); @@ -621,11 +631,14 @@ int ssl3_accept(SSL *s) */ if (!s->s3->handshake_buffer) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE; - if (!ssl3_digest_cached_records(s)) + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } } else { int offset = 0; int dgst_num; @@ -639,9 +652,12 @@ int ssl3_accept(SSL *s) * CertificateVerify should be generalized. But it is next * step */ - if (s->s3->handshake_buffer) - if (!ssl3_digest_cached_records(s)) + if (s->s3->handshake_buffer) { + if (!ssl3_digest_cached_records(s)) { + s->state = SSL_ST_ERR; return -1; + } + } for (dgst_num = 0; dgst_num < SSL_MAX_DIGEST; dgst_num++) if (s->s3->handshake_dgst[dgst_num]) { int dgst_size; @@ -657,6 +673,7 @@ int ssl3_accept(SSL *s) dgst_size = EVP_MD_CTX_size(s->s3->handshake_dgst[dgst_num]); if (dgst_size < 0) { + s->state = SSL_ST_ERR; ret = -1; goto end; } @@ -771,6 +788,7 @@ int ssl3_accept(SSL *s) s->session->cipher = s->s3->tmp.new_cipher; if (!s->method->ssl3_enc->setup_key_block(s)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -787,6 +805,7 @@ int ssl3_accept(SSL *s) SSL3_CHANGE_CIPHER_SERVER_WRITE)) { ret = -1; + s->state = SSL_ST_ERR; goto end; } @@ -849,6 +868,7 @@ int ssl3_accept(SSL *s) goto end; /* break; */ + case SSL_ST_ERR: default: SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_UNKNOWN_STATE); ret = -1; @@ -1463,8 +1483,10 @@ int ssl3_get_client_hello(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); return ret < 0 ? -1 : ret; @@ -1482,8 +1504,10 @@ int ssl3_send_server_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; #ifdef OPENSSL_NO_TLSEXT p = s->s3->server_random; - if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) + if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { + s->state = SSL_ST_ERR; return -1; + } #endif /* Do the message type and length last */ d = p = ssl_handshake_start(s); @@ -1518,6 +1542,7 @@ int ssl3_send_server_hello(SSL *s) sl = s->session->session_id_length; if (sl > (int)sizeof(s->session->session_id)) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } *(p++) = sl; @@ -1540,6 +1565,7 @@ int ssl3_send_server_hello(SSL *s) #ifndef OPENSSL_NO_TLSEXT if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); + s->state = SSL_ST_ERR; return -1; } if ((p = @@ -1547,6 +1573,7 @@ int ssl3_send_server_hello(SSL *s) &al)) == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, al); SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return -1; } #endif @@ -2009,6 +2036,7 @@ int ssl3_send_server_key_exchange(SSL *s) BN_CTX_free(bn_ctx); #endif EVP_MD_CTX_cleanup(&md_ctx); + s->state = SSL_ST_ERR; return (-1); } @@ -2102,6 +2130,7 @@ int ssl3_send_certificate_request(SSL *s) /* SSL3_ST_SW_CERT_REQ_B */ return ssl_do_write(s); err: + s->state = SSL_ST_ERR; return (-1); } @@ -2906,6 +2935,7 @@ int ssl3_get_client_key_exchange(SSL *s) EC_KEY_free(srvr_ecdh); BN_CTX_free(bn_ctx); #endif + s->state = SSL_ST_ERR; return (-1); } @@ -3108,6 +3138,7 @@ int ssl3_get_cert_verify(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); + s->state = SSL_ST_ERR; } end: if (s->s3->handshake_buffer) { @@ -3266,8 +3297,10 @@ int ssl3_get_client_certificate(SSL *s) if (0) { f_err: ssl3_send_alert(s, SSL3_AL_FATAL, al); - } err: + s->state = SSL_ST_ERR; + } + if (x != NULL) X509_free(x); if (sk != NULL) @@ -3287,12 +3320,14 @@ int ssl3_send_server_certificate(SSL *s) (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } } if (!ssl3_output_cert_chain(s, cpk)) { SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; return (0); } s->state = SSL3_ST_SW_CERT_B; @@ -3326,11 +3361,15 @@ int ssl3_send_newsession_ticket(SSL *s) * Some length values are 16 bits, so forget it if session is too * long */ - if (slen_full == 0 || slen_full > 0xFF00) + if (slen_full == 0 || slen_full > 0xFF00) { + s->state = SSL_ST_ERR; return -1; + } senc = OPENSSL_malloc(slen_full); - if (!senc) + if (!senc) { + s->state = SSL_ST_ERR; return -1; + } EVP_CIPHER_CTX_init(&ctx); HMAC_CTX_init(&hctx); @@ -3445,6 +3484,7 @@ int ssl3_send_newsession_ticket(SSL *s) OPENSSL_free(senc); EVP_CIPHER_CTX_cleanup(&ctx); HMAC_CTX_cleanup(&hctx); + s->state = SSL_ST_ERR; return -1; } @@ -3458,8 +3498,10 @@ int ssl3_send_cert_status(SSL *s) * 1 (ocsp response type) + 3 (ocsp response length) * + (ocsp response) */ - if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) + if (!BUF_MEM_grow(s->init_buf, 8 + s->tlsext_ocsp_resplen)) { + s->state = SSL_ST_ERR; return -1; + } p = (unsigned char *)s->init_buf->data; @@ -3502,6 +3544,7 @@ int ssl3_get_next_proto(SSL *s) if (!s->s3->next_proto_neg_seen) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION); + s->state = SSL_ST_ERR; return -1; } @@ -3521,11 +3564,14 @@ int ssl3_get_next_proto(SSL *s) */ if (!s->s3->change_cipher_spec) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS); + s->state = SSL_ST_ERR; return -1; } - if (n < 2) + if (n < 2) { + s->state = SSL_ST_ERR; return 0; /* The body must be > 1 bytes long */ + } p = (unsigned char *)s->init_msg; @@ -3537,15 +3583,20 @@ int ssl3_get_next_proto(SSL *s) * uint8 padding[padding_len]; */ proto_len = p[0]; - if (proto_len + 2 > s->init_num) + if (proto_len + 2 > s->init_num) { + s->state = SSL_ST_ERR; return 0; + } padding_len = p[proto_len + 1]; - if (proto_len + padding_len + 2 != s->init_num) + if (proto_len + padding_len + 2 != s->init_num) { + s->state = SSL_ST_ERR; return 0; + } s->next_proto_negotiated = OPENSSL_malloc(proto_len); if (!s->next_proto_negotiated) { SSLerr(SSL_F_SSL3_GET_NEXT_PROTO, ERR_R_MALLOC_FAILURE); + s->state = SSL_ST_ERR; return 0; } memcpy(s->next_proto_negotiated, p + 1, proto_len); diff --git a/ssl/ssl.h b/ssl/ssl.h index 32d1482..70fa00b 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -1727,6 +1727,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) +# define SSL_ST_ERR 0x05 # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index d725d78..1b9069f 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -117,6 +117,9 @@ const char *SSL_state_string_long(const SSL *s) case SSL_ST_OK | SSL_ST_ACCEPT: str = "ok/accept SSL initialization"; break; + case SSL_ST_ERR: + str = "error"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "SSLv2 client start encryption"; @@ -496,6 +499,9 @@ const char *SSL_state_string(const SSL *s) case SSL_ST_OK: str = "SSLOK "; break; + case SSL_ST_ERR: + str = "SSLERR"; + break; #ifndef OPENSSL_NO_SSL2 case SSL2_ST_CLIENT_START_ENCRYPTION: str = "2CSENC"; From levitte at openssl.org Tue May 5 20:34:00 2015 From: levitte at openssl.org (Richard Levitte) Date: Tue, 05 May 2015 20:34:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430858040.638160.4179.nullmailer@dev.openssl.org> The branch master has been updated via 2ed42bf639b12a2ec5bcc24ef5a45a1ca027ec95 (commit) via 3c161d081e2d30549e787437d05ffa08122a5114 (commit) from cefc93910c4c0f7fa9f8c1f8f7aad084a7fa87d2 (commit) - Log ----------------------------------------------------------------- commit 2ed42bf639b12a2ec5bcc24ef5a45a1ca027ec95 Author: Richard Levitte Date: Tue May 5 21:49:51 2015 +0200 make update Reviewed-by: Matt Caswell commit 3c161d081e2d30549e787437d05ffa08122a5114 Author: Richard Levitte Date: Tue May 5 21:48:43 2015 +0200 Remove the last traces of the fake RLE compression Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.h | 3210 ++++++++++++++++++++++---------------------- crypto/objects/objects.txt | 2 - include/openssl/comp.h | 1 - include/openssl/obj_mac.h | 5 - util/libeay.num | 2 +- 5 files changed, 1604 insertions(+), 1616 deletions(-) diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index c8102a0..9422b89 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -63,11 +63,11 @@ */ #define NUM_NID 973 -#define NUM_SN 967 -#define NUM_LN 967 -#define NUM_OBJ 903 +#define NUM_SN 966 +#define NUM_LN 966 +#define NUM_OBJ 902 -static const unsigned char lvalues[6361]={ +static const unsigned char lvalues[6355]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -165,806 +165,805 @@ static const unsigned char lvalues[6361]={ 0x2B,0x24,0x03,0x02,0x01, /* [607] OBJ_ripemd160 */ 0x2B,0x24,0x03,0x03,0x01,0x02, /* [612] OBJ_ripemd160WithRSA */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08, /* [618] OBJ_rc5_cbc */ -0x29,0x01,0x01,0x85,0x1A,0x01, /* [626] OBJ_rle_compression */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [632] OBJ_zlib_compression */ -0x55,0x1D,0x25, /* [643] OBJ_ext_key_usage */ -0x2B,0x06,0x01,0x05,0x05,0x07, /* [646] OBJ_id_pkix */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [652] OBJ_id_kp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [659] OBJ_server_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [667] OBJ_client_auth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [675] OBJ_code_sign */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [683] OBJ_email_protect */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [691] OBJ_time_stamp */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [699] OBJ_ms_code_ind */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [709] OBJ_ms_code_com */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [719] OBJ_ms_ctl_sign */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [729] OBJ_ms_sgc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [739] OBJ_ms_efs */ -0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [749] OBJ_ns_sgc */ -0x55,0x1D,0x1B, /* [758] OBJ_delta_crl */ -0x55,0x1D,0x15, /* [761] OBJ_crl_reason */ -0x55,0x1D,0x18, /* [764] OBJ_invalidity_date */ -0x2B,0x65,0x01,0x04,0x01, /* [767] OBJ_sxnet */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [772] OBJ_pbe_WithSHA1And128BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [782] OBJ_pbe_WithSHA1And40BitRC4 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [792] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [802] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [812] OBJ_pbe_WithSHA1And128BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [822] OBJ_pbe_WithSHA1And40BitRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [832] OBJ_keyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [843] OBJ_pkcs8ShroudedKeyBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [854] OBJ_certBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [865] OBJ_crlBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [876] OBJ_secretBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [887] OBJ_safeContentsBag */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [898] OBJ_friendlyName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [907] OBJ_localKeyID */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [916] OBJ_x509Certificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [926] OBJ_sdsiCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [936] OBJ_x509Crl */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [946] OBJ_pbes2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [955] OBJ_pbmac1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [964] OBJ_hmacWithSHA1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [972] OBJ_id_qt_cps */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [980] OBJ_id_qt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [988] OBJ_SMIMECapabilities */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [997] OBJ_pbeWithMD2AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [1006] OBJ_pbeWithMD5AndRC2_CBC */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1015] OBJ_pbeWithSHA1AndDES_CBC */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1024] OBJ_ms_ext_req */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1034] OBJ_ext_req */ -0x55,0x04,0x29, /* [1043] OBJ_name */ -0x55,0x04,0x2E, /* [1046] OBJ_dnQualifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1049] OBJ_id_pe */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1056] OBJ_id_ad */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1063] OBJ_info_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1071] OBJ_ad_OCSP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1079] OBJ_ad_ca_issuers */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1087] OBJ_OCSP_sign */ -0x2A, /* [1095] OBJ_member_body */ -0x2A,0x86,0x48, /* [1096] OBJ_ISO_US */ -0x2A,0x86,0x48,0xCE,0x38, /* [1099] OBJ_X9_57 */ -0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1104] OBJ_X9cm */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1110] OBJ_pkcs1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1118] OBJ_pkcs5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1126] OBJ_SMIME */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1135] OBJ_id_smime_mod */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1145] OBJ_id_smime_ct */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1155] OBJ_id_smime_aa */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1165] OBJ_id_smime_alg */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1175] OBJ_id_smime_cd */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1185] OBJ_id_smime_spq */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1195] OBJ_id_smime_cti */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1205] OBJ_id_smime_mod_cms */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1216] OBJ_id_smime_mod_ess */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1227] OBJ_id_smime_mod_oid */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1238] OBJ_id_smime_mod_msg_v3 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1249] OBJ_id_smime_mod_ets_eSignature_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1260] OBJ_id_smime_mod_ets_eSignature_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1271] OBJ_id_smime_mod_ets_eSigPolicy_88 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1282] OBJ_id_smime_mod_ets_eSigPolicy_97 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1293] OBJ_id_smime_ct_receipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1304] OBJ_id_smime_ct_authData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1315] OBJ_id_smime_ct_publishCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1326] OBJ_id_smime_ct_TSTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1337] OBJ_id_smime_ct_TDTInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1348] OBJ_id_smime_ct_contentInfo */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1359] OBJ_id_smime_ct_DVCSRequestData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1370] OBJ_id_smime_ct_DVCSResponseData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1381] OBJ_id_smime_aa_receiptRequest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1392] OBJ_id_smime_aa_securityLabel */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1403] OBJ_id_smime_aa_mlExpandHistory */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1414] OBJ_id_smime_aa_contentHint */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1425] OBJ_id_smime_aa_msgSigDigest */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1436] OBJ_id_smime_aa_encapContentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1447] OBJ_id_smime_aa_contentIdentifier */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1458] OBJ_id_smime_aa_macValue */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1469] OBJ_id_smime_aa_equivalentLabels */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1480] OBJ_id_smime_aa_contentReference */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1491] OBJ_id_smime_aa_encrypKeyPref */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1502] OBJ_id_smime_aa_signingCertificate */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1513] OBJ_id_smime_aa_smimeEncryptCerts */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1524] OBJ_id_smime_aa_timeStampToken */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1535] OBJ_id_smime_aa_ets_sigPolicyId */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1546] OBJ_id_smime_aa_ets_commitmentType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1557] OBJ_id_smime_aa_ets_signerLocation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1568] OBJ_id_smime_aa_ets_signerAttr */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1579] OBJ_id_smime_aa_ets_otherSigCert */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1590] OBJ_id_smime_aa_ets_contentTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1601] OBJ_id_smime_aa_ets_CertificateRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1612] OBJ_id_smime_aa_ets_RevocationRefs */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1623] OBJ_id_smime_aa_ets_certValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1634] OBJ_id_smime_aa_ets_revocationValues */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1645] OBJ_id_smime_aa_ets_escTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1656] OBJ_id_smime_aa_ets_certCRLTimestamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1667] OBJ_id_smime_aa_ets_archiveTimeStamp */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1678] OBJ_id_smime_aa_signatureType */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1689] OBJ_id_smime_aa_dvcs_dvc */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1700] OBJ_id_smime_alg_ESDHwith3DES */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1711] OBJ_id_smime_alg_ESDHwithRC2 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1722] OBJ_id_smime_alg_3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1733] OBJ_id_smime_alg_RC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1744] OBJ_id_smime_alg_ESDH */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1755] OBJ_id_smime_alg_CMS3DESwrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1766] OBJ_id_smime_alg_CMSRC2wrap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1777] OBJ_id_smime_cd_ldap */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1788] OBJ_id_smime_spq_ets_sqt_uri */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1799] OBJ_id_smime_spq_ets_sqt_unotice */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1810] OBJ_id_smime_cti_ets_proofOfOrigin */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1821] OBJ_id_smime_cti_ets_proofOfReceipt */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1832] OBJ_id_smime_cti_ets_proofOfDelivery */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1843] OBJ_id_smime_cti_ets_proofOfSender */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1854] OBJ_id_smime_cti_ets_proofOfApproval */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1865] OBJ_id_smime_cti_ets_proofOfCreation */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1876] OBJ_md4 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1884] OBJ_id_pkix_mod */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1891] OBJ_id_qt */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1898] OBJ_id_it */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1905] OBJ_id_pkip */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1912] OBJ_id_alg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1919] OBJ_id_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1926] OBJ_id_on */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1933] OBJ_id_pda */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1940] OBJ_id_aca */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1947] OBJ_id_qcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1954] OBJ_id_cct */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1961] OBJ_id_pkix1_explicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1969] OBJ_id_pkix1_implicit_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1977] OBJ_id_pkix1_explicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1985] OBJ_id_pkix1_implicit_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1993] OBJ_id_mod_crmf */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [2001] OBJ_id_mod_cmc */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2009] OBJ_id_mod_kea_profile_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2017] OBJ_id_mod_kea_profile_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2025] OBJ_id_mod_cmp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2033] OBJ_id_mod_qualified_cert_88 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2041] OBJ_id_mod_qualified_cert_93 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2049] OBJ_id_mod_attribute_cert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2057] OBJ_id_mod_timestamp_protocol */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2065] OBJ_id_mod_ocsp */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2073] OBJ_id_mod_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2081] OBJ_id_mod_cmp2000 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2089] OBJ_biometricInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2097] OBJ_qcStatements */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2105] OBJ_ac_auditEntity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2113] OBJ_ac_targeting */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2121] OBJ_aaControls */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2129] OBJ_sbgp_ipAddrBlock */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2137] OBJ_sbgp_autonomousSysNum */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2145] OBJ_sbgp_routerIdentifier */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2153] OBJ_textNotice */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2161] OBJ_ipsecEndSystem */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2169] OBJ_ipsecTunnel */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2177] OBJ_ipsecUser */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2185] OBJ_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2193] OBJ_id_it_caProtEncCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2201] OBJ_id_it_signKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2209] OBJ_id_it_encKeyPairTypes */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2217] OBJ_id_it_preferredSymmAlg */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2225] OBJ_id_it_caKeyUpdateInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2233] OBJ_id_it_currentCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2241] OBJ_id_it_unsupportedOIDs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2249] OBJ_id_it_subscriptionRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2257] OBJ_id_it_subscriptionResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2265] OBJ_id_it_keyPairParamReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2273] OBJ_id_it_keyPairParamRep */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2281] OBJ_id_it_revPassphrase */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2289] OBJ_id_it_implicitConfirm */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2297] OBJ_id_it_confirmWaitTime */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2305] OBJ_id_it_origPKIMessage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2313] OBJ_id_regCtrl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2321] OBJ_id_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2329] OBJ_id_regCtrl_regToken */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2338] OBJ_id_regCtrl_authenticator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2347] OBJ_id_regCtrl_pkiPublicationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2356] OBJ_id_regCtrl_pkiArchiveOptions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2365] OBJ_id_regCtrl_oldCertID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2374] OBJ_id_regCtrl_protocolEncrKey */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2383] OBJ_id_regInfo_utf8Pairs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2392] OBJ_id_regInfo_certReq */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2401] OBJ_id_alg_des40 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2409] OBJ_id_alg_noSignature */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2417] OBJ_id_alg_dh_sig_hmac_sha1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2425] OBJ_id_alg_dh_pop */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2433] OBJ_id_cmc_statusInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2441] OBJ_id_cmc_identification */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2449] OBJ_id_cmc_identityProof */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2457] OBJ_id_cmc_dataReturn */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2465] OBJ_id_cmc_transactionId */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2473] OBJ_id_cmc_senderNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2481] OBJ_id_cmc_recipientNonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2489] OBJ_id_cmc_addExtensions */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2497] OBJ_id_cmc_encryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2505] OBJ_id_cmc_decryptedPOP */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2513] OBJ_id_cmc_lraPOPWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2521] OBJ_id_cmc_getCert */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2529] OBJ_id_cmc_getCRL */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2537] OBJ_id_cmc_revokeRequest */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2545] OBJ_id_cmc_regInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2553] OBJ_id_cmc_responseInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2561] OBJ_id_cmc_queryPending */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2569] OBJ_id_cmc_popLinkRandom */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2577] OBJ_id_cmc_popLinkWitness */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2585] OBJ_id_cmc_confirmCertAcceptance */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2593] OBJ_id_on_personalData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2601] OBJ_id_pda_dateOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2609] OBJ_id_pda_placeOfBirth */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2617] OBJ_id_pda_gender */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2625] OBJ_id_pda_countryOfCitizenship */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2633] OBJ_id_pda_countryOfResidence */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2641] OBJ_id_aca_authenticationInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2649] OBJ_id_aca_accessIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2657] OBJ_id_aca_chargingIdentity */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2665] OBJ_id_aca_group */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2673] OBJ_id_aca_role */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2681] OBJ_id_qcs_pkixQCSyntax_v1 */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2689] OBJ_id_cct_crs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2697] OBJ_id_cct_PKIData */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2705] OBJ_id_cct_PKIResponse */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2713] OBJ_ad_timeStamping */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2721] OBJ_ad_dvcs */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2729] OBJ_id_pkix_OCSP_basic */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2738] OBJ_id_pkix_OCSP_Nonce */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2747] OBJ_id_pkix_OCSP_CrlID */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2756] OBJ_id_pkix_OCSP_acceptableResponses */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2765] OBJ_id_pkix_OCSP_noCheck */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2774] OBJ_id_pkix_OCSP_archiveCutoff */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2783] OBJ_id_pkix_OCSP_serviceLocator */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2792] OBJ_id_pkix_OCSP_extendedStatus */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2801] OBJ_id_pkix_OCSP_valid */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2810] OBJ_id_pkix_OCSP_path */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2819] OBJ_id_pkix_OCSP_trustRoot */ -0x2B,0x0E,0x03,0x02, /* [2828] OBJ_algorithm */ -0x2B,0x0E,0x03,0x02,0x0B, /* [2832] OBJ_rsaSignature */ -0x55,0x08, /* [2837] OBJ_X500algorithms */ -0x2B, /* [2839] OBJ_org */ -0x2B,0x06, /* [2840] OBJ_dod */ -0x2B,0x06,0x01, /* [2842] OBJ_iana */ -0x2B,0x06,0x01,0x01, /* [2845] OBJ_Directory */ -0x2B,0x06,0x01,0x02, /* [2849] OBJ_Management */ -0x2B,0x06,0x01,0x03, /* [2853] OBJ_Experimental */ -0x2B,0x06,0x01,0x04, /* [2857] OBJ_Private */ -0x2B,0x06,0x01,0x05, /* [2861] OBJ_Security */ -0x2B,0x06,0x01,0x06, /* [2865] OBJ_SNMPv2 */ -0x2B,0x06,0x01,0x07, /* [2869] OBJ_Mail */ -0x2B,0x06,0x01,0x04,0x01, /* [2873] OBJ_Enterprises */ -0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2878] OBJ_dcObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2887] OBJ_domainComponent */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2897] OBJ_Domain */ -0x55,0x01,0x05, /* [2907] OBJ_selected_attribute_types */ -0x55,0x01,0x05,0x37, /* [2910] OBJ_clearance */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2914] OBJ_md4WithRSAEncryption */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2923] OBJ_ac_proxying */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2931] OBJ_sinfo_access */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2939] OBJ_id_aca_encAttrs */ -0x55,0x04,0x48, /* [2947] OBJ_role */ -0x55,0x1D,0x24, /* [2950] OBJ_policy_constraints */ -0x55,0x1D,0x37, /* [2953] OBJ_target_information */ -0x55,0x1D,0x38, /* [2956] OBJ_no_rev_avail */ -0x2A,0x86,0x48,0xCE,0x3D, /* [2959] OBJ_ansi_X9_62 */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2964] OBJ_X9_62_prime_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2971] OBJ_X9_62_characteristic_two_field */ -0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2978] OBJ_X9_62_id_ecPublicKey */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2985] OBJ_X9_62_prime192v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2993] OBJ_X9_62_prime192v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [3001] OBJ_X9_62_prime192v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3009] OBJ_X9_62_prime239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3017] OBJ_X9_62_prime239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3025] OBJ_X9_62_prime239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3033] OBJ_X9_62_prime256v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3041] OBJ_ecdsa_with_SHA1 */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3048] OBJ_ms_csp_name */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3057] OBJ_aes_128_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3066] OBJ_aes_128_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3075] OBJ_aes_128_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3084] OBJ_aes_128_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3093] OBJ_aes_192_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3102] OBJ_aes_192_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3111] OBJ_aes_192_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3120] OBJ_aes_192_cfb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3129] OBJ_aes_256_ecb */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3138] OBJ_aes_256_cbc */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3147] OBJ_aes_256_ofb128 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3156] OBJ_aes_256_cfb128 */ -0x55,0x1D,0x17, /* [3165] OBJ_hold_instruction_code */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3168] OBJ_hold_instruction_none */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3175] OBJ_hold_instruction_call_issuer */ -0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3182] OBJ_hold_instruction_reject */ -0x09, /* [3189] OBJ_data */ -0x09,0x92,0x26, /* [3190] OBJ_pss */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3193] OBJ_ucl */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3200] OBJ_pilot */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3208] OBJ_pilotAttributeType */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3217] OBJ_pilotAttributeSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3226] OBJ_pilotObjectClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3235] OBJ_pilotGroups */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3244] OBJ_iA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3254] OBJ_caseIgnoreIA5StringSyntax */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3264] OBJ_pilotObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3274] OBJ_pilotPerson */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3284] OBJ_account */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3294] OBJ_document */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3304] OBJ_room */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3314] OBJ_documentSeries */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3324] OBJ_rFC822localPart */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3334] OBJ_dNSDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3344] OBJ_domainRelatedObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3354] OBJ_friendlyCountry */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3364] OBJ_simpleSecurityObject */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3374] OBJ_pilotOrganization */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3384] OBJ_pilotDSA */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3394] OBJ_qualityLabelledData */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3404] OBJ_userId */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3414] OBJ_textEncodedORAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3424] OBJ_rfc822Mailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3434] OBJ_info */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3444] OBJ_favouriteDrink */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3454] OBJ_roomNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3464] OBJ_photo */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3474] OBJ_userClass */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3484] OBJ_host */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3494] OBJ_manager */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3504] OBJ_documentIdentifier */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3514] OBJ_documentTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3524] OBJ_documentVersion */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3534] OBJ_documentAuthor */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3544] OBJ_documentLocation */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3554] OBJ_homeTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3564] OBJ_secretary */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3574] OBJ_otherMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3584] OBJ_lastModifiedTime */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3594] OBJ_lastModifiedBy */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3604] OBJ_aRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3614] OBJ_pilotAttributeType27 */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3624] OBJ_mXRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3634] OBJ_nSRecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3644] OBJ_sOARecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3654] OBJ_cNAMERecord */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3664] OBJ_associatedDomain */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3674] OBJ_associatedName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3684] OBJ_homePostalAddress */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3694] OBJ_personalTitle */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3704] OBJ_mobileTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3714] OBJ_pagerTelephoneNumber */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3724] OBJ_friendlyCountryName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3734] OBJ_organizationalStatus */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3744] OBJ_janetMailbox */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3754] OBJ_mailPreferenceOption */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3764] OBJ_buildingName */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3774] OBJ_dSAQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3784] OBJ_singleLevelQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3794] OBJ_subtreeMinimumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3804] OBJ_subtreeMaximumQuality */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3814] OBJ_personalSignature */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3824] OBJ_dITRedirect */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3834] OBJ_audio */ -0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3844] OBJ_documentPublisher */ -0x55,0x04,0x2D, /* [3854] OBJ_x500UniqueIdentifier */ -0x2B,0x06,0x01,0x07,0x01, /* [3857] OBJ_mime_mhs */ -0x2B,0x06,0x01,0x07,0x01,0x01, /* [3862] OBJ_mime_mhs_headings */ -0x2B,0x06,0x01,0x07,0x01,0x02, /* [3868] OBJ_mime_mhs_bodies */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3874] OBJ_id_hex_partial_message */ -0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3881] OBJ_id_hex_multipart_message */ -0x55,0x04,0x2C, /* [3888] OBJ_generationQualifier */ -0x55,0x04,0x41, /* [3891] OBJ_pseudonym */ -0x67,0x2A, /* [3894] OBJ_id_set */ -0x67,0x2A,0x00, /* [3896] OBJ_set_ctype */ -0x67,0x2A,0x01, /* [3899] OBJ_set_msgExt */ -0x67,0x2A,0x03, /* [3902] OBJ_set_attr */ -0x67,0x2A,0x05, /* [3905] OBJ_set_policy */ -0x67,0x2A,0x07, /* [3908] OBJ_set_certExt */ -0x67,0x2A,0x08, /* [3911] OBJ_set_brand */ -0x67,0x2A,0x00,0x00, /* [3914] OBJ_setct_PANData */ -0x67,0x2A,0x00,0x01, /* [3918] OBJ_setct_PANToken */ -0x67,0x2A,0x00,0x02, /* [3922] OBJ_setct_PANOnly */ -0x67,0x2A,0x00,0x03, /* [3926] OBJ_setct_OIData */ -0x67,0x2A,0x00,0x04, /* [3930] OBJ_setct_PI */ -0x67,0x2A,0x00,0x05, /* [3934] OBJ_setct_PIData */ -0x67,0x2A,0x00,0x06, /* [3938] OBJ_setct_PIDataUnsigned */ -0x67,0x2A,0x00,0x07, /* [3942] OBJ_setct_HODInput */ -0x67,0x2A,0x00,0x08, /* [3946] OBJ_setct_AuthResBaggage */ -0x67,0x2A,0x00,0x09, /* [3950] OBJ_setct_AuthRevReqBaggage */ -0x67,0x2A,0x00,0x0A, /* [3954] OBJ_setct_AuthRevResBaggage */ -0x67,0x2A,0x00,0x0B, /* [3958] OBJ_setct_CapTokenSeq */ -0x67,0x2A,0x00,0x0C, /* [3962] OBJ_setct_PInitResData */ -0x67,0x2A,0x00,0x0D, /* [3966] OBJ_setct_PI_TBS */ -0x67,0x2A,0x00,0x0E, /* [3970] OBJ_setct_PResData */ -0x67,0x2A,0x00,0x10, /* [3974] OBJ_setct_AuthReqTBS */ -0x67,0x2A,0x00,0x11, /* [3978] OBJ_setct_AuthResTBS */ -0x67,0x2A,0x00,0x12, /* [3982] OBJ_setct_AuthResTBSX */ -0x67,0x2A,0x00,0x13, /* [3986] OBJ_setct_AuthTokenTBS */ -0x67,0x2A,0x00,0x14, /* [3990] OBJ_setct_CapTokenData */ -0x67,0x2A,0x00,0x15, /* [3994] OBJ_setct_CapTokenTBS */ -0x67,0x2A,0x00,0x16, /* [3998] OBJ_setct_AcqCardCodeMsg */ -0x67,0x2A,0x00,0x17, /* [4002] OBJ_setct_AuthRevReqTBS */ -0x67,0x2A,0x00,0x18, /* [4006] OBJ_setct_AuthRevResData */ -0x67,0x2A,0x00,0x19, /* [4010] OBJ_setct_AuthRevResTBS */ -0x67,0x2A,0x00,0x1A, /* [4014] OBJ_setct_CapReqTBS */ -0x67,0x2A,0x00,0x1B, /* [4018] OBJ_setct_CapReqTBSX */ -0x67,0x2A,0x00,0x1C, /* [4022] OBJ_setct_CapResData */ -0x67,0x2A,0x00,0x1D, /* [4026] OBJ_setct_CapRevReqTBS */ -0x67,0x2A,0x00,0x1E, /* [4030] OBJ_setct_CapRevReqTBSX */ -0x67,0x2A,0x00,0x1F, /* [4034] OBJ_setct_CapRevResData */ -0x67,0x2A,0x00,0x20, /* [4038] OBJ_setct_CredReqTBS */ -0x67,0x2A,0x00,0x21, /* [4042] OBJ_setct_CredReqTBSX */ -0x67,0x2A,0x00,0x22, /* [4046] OBJ_setct_CredResData */ -0x67,0x2A,0x00,0x23, /* [4050] OBJ_setct_CredRevReqTBS */ -0x67,0x2A,0x00,0x24, /* [4054] OBJ_setct_CredRevReqTBSX */ -0x67,0x2A,0x00,0x25, /* [4058] OBJ_setct_CredRevResData */ -0x67,0x2A,0x00,0x26, /* [4062] OBJ_setct_PCertReqData */ -0x67,0x2A,0x00,0x27, /* [4066] OBJ_setct_PCertResTBS */ -0x67,0x2A,0x00,0x28, /* [4070] OBJ_setct_BatchAdminReqData */ -0x67,0x2A,0x00,0x29, /* [4074] OBJ_setct_BatchAdminResData */ -0x67,0x2A,0x00,0x2A, /* [4078] OBJ_setct_CardCInitResTBS */ -0x67,0x2A,0x00,0x2B, /* [4082] OBJ_setct_MeAqCInitResTBS */ -0x67,0x2A,0x00,0x2C, /* [4086] OBJ_setct_RegFormResTBS */ -0x67,0x2A,0x00,0x2D, /* [4090] OBJ_setct_CertReqData */ -0x67,0x2A,0x00,0x2E, /* [4094] OBJ_setct_CertReqTBS */ -0x67,0x2A,0x00,0x2F, /* [4098] OBJ_setct_CertResData */ -0x67,0x2A,0x00,0x30, /* [4102] OBJ_setct_CertInqReqTBS */ -0x67,0x2A,0x00,0x31, /* [4106] OBJ_setct_ErrorTBS */ -0x67,0x2A,0x00,0x32, /* [4110] OBJ_setct_PIDualSignedTBE */ -0x67,0x2A,0x00,0x33, /* [4114] OBJ_setct_PIUnsignedTBE */ -0x67,0x2A,0x00,0x34, /* [4118] OBJ_setct_AuthReqTBE */ -0x67,0x2A,0x00,0x35, /* [4122] OBJ_setct_AuthResTBE */ -0x67,0x2A,0x00,0x36, /* [4126] OBJ_setct_AuthResTBEX */ -0x67,0x2A,0x00,0x37, /* [4130] OBJ_setct_AuthTokenTBE */ -0x67,0x2A,0x00,0x38, /* [4134] OBJ_setct_CapTokenTBE */ -0x67,0x2A,0x00,0x39, /* [4138] OBJ_setct_CapTokenTBEX */ -0x67,0x2A,0x00,0x3A, /* [4142] OBJ_setct_AcqCardCodeMsgTBE */ -0x67,0x2A,0x00,0x3B, /* [4146] OBJ_setct_AuthRevReqTBE */ -0x67,0x2A,0x00,0x3C, /* [4150] OBJ_setct_AuthRevResTBE */ -0x67,0x2A,0x00,0x3D, /* [4154] OBJ_setct_AuthRevResTBEB */ -0x67,0x2A,0x00,0x3E, /* [4158] OBJ_setct_CapReqTBE */ -0x67,0x2A,0x00,0x3F, /* [4162] OBJ_setct_CapReqTBEX */ -0x67,0x2A,0x00,0x40, /* [4166] OBJ_setct_CapResTBE */ -0x67,0x2A,0x00,0x41, /* [4170] OBJ_setct_CapRevReqTBE */ -0x67,0x2A,0x00,0x42, /* [4174] OBJ_setct_CapRevReqTBEX */ -0x67,0x2A,0x00,0x43, /* [4178] OBJ_setct_CapRevResTBE */ -0x67,0x2A,0x00,0x44, /* [4182] OBJ_setct_CredReqTBE */ -0x67,0x2A,0x00,0x45, /* [4186] OBJ_setct_CredReqTBEX */ -0x67,0x2A,0x00,0x46, /* [4190] OBJ_setct_CredResTBE */ -0x67,0x2A,0x00,0x47, /* [4194] OBJ_setct_CredRevReqTBE */ -0x67,0x2A,0x00,0x48, /* [4198] OBJ_setct_CredRevReqTBEX */ -0x67,0x2A,0x00,0x49, /* [4202] OBJ_setct_CredRevResTBE */ -0x67,0x2A,0x00,0x4A, /* [4206] OBJ_setct_BatchAdminReqTBE */ -0x67,0x2A,0x00,0x4B, /* [4210] OBJ_setct_BatchAdminResTBE */ -0x67,0x2A,0x00,0x4C, /* [4214] OBJ_setct_RegFormReqTBE */ -0x67,0x2A,0x00,0x4D, /* [4218] OBJ_setct_CertReqTBE */ -0x67,0x2A,0x00,0x4E, /* [4222] OBJ_setct_CertReqTBEX */ -0x67,0x2A,0x00,0x4F, /* [4226] OBJ_setct_CertResTBE */ -0x67,0x2A,0x00,0x50, /* [4230] OBJ_setct_CRLNotificationTBS */ -0x67,0x2A,0x00,0x51, /* [4234] OBJ_setct_CRLNotificationResTBS */ -0x67,0x2A,0x00,0x52, /* [4238] OBJ_setct_BCIDistributionTBS */ -0x67,0x2A,0x01,0x01, /* [4242] OBJ_setext_genCrypt */ -0x67,0x2A,0x01,0x03, /* [4246] OBJ_setext_miAuth */ -0x67,0x2A,0x01,0x04, /* [4250] OBJ_setext_pinSecure */ -0x67,0x2A,0x01,0x05, /* [4254] OBJ_setext_pinAny */ -0x67,0x2A,0x01,0x07, /* [4258] OBJ_setext_track2 */ -0x67,0x2A,0x01,0x08, /* [4262] OBJ_setext_cv */ -0x67,0x2A,0x05,0x00, /* [4266] OBJ_set_policy_root */ -0x67,0x2A,0x07,0x00, /* [4270] OBJ_setCext_hashedRoot */ -0x67,0x2A,0x07,0x01, /* [4274] OBJ_setCext_certType */ -0x67,0x2A,0x07,0x02, /* [4278] OBJ_setCext_merchData */ -0x67,0x2A,0x07,0x03, /* [4282] OBJ_setCext_cCertRequired */ -0x67,0x2A,0x07,0x04, /* [4286] OBJ_setCext_tunneling */ -0x67,0x2A,0x07,0x05, /* [4290] OBJ_setCext_setExt */ -0x67,0x2A,0x07,0x06, /* [4294] OBJ_setCext_setQualf */ -0x67,0x2A,0x07,0x07, /* [4298] OBJ_setCext_PGWYcapabilities */ -0x67,0x2A,0x07,0x08, /* [4302] OBJ_setCext_TokenIdentifier */ -0x67,0x2A,0x07,0x09, /* [4306] OBJ_setCext_Track2Data */ -0x67,0x2A,0x07,0x0A, /* [4310] OBJ_setCext_TokenType */ -0x67,0x2A,0x07,0x0B, /* [4314] OBJ_setCext_IssuerCapabilities */ -0x67,0x2A,0x03,0x00, /* [4318] OBJ_setAttr_Cert */ -0x67,0x2A,0x03,0x01, /* [4322] OBJ_setAttr_PGWYcap */ -0x67,0x2A,0x03,0x02, /* [4326] OBJ_setAttr_TokenType */ -0x67,0x2A,0x03,0x03, /* [4330] OBJ_setAttr_IssCap */ -0x67,0x2A,0x03,0x00,0x00, /* [4334] OBJ_set_rootKeyThumb */ -0x67,0x2A,0x03,0x00,0x01, /* [4339] OBJ_set_addPolicy */ -0x67,0x2A,0x03,0x02,0x01, /* [4344] OBJ_setAttr_Token_EMV */ -0x67,0x2A,0x03,0x02,0x02, /* [4349] OBJ_setAttr_Token_B0Prime */ -0x67,0x2A,0x03,0x03,0x03, /* [4354] OBJ_setAttr_IssCap_CVM */ -0x67,0x2A,0x03,0x03,0x04, /* [4359] OBJ_setAttr_IssCap_T2 */ -0x67,0x2A,0x03,0x03,0x05, /* [4364] OBJ_setAttr_IssCap_Sig */ -0x67,0x2A,0x03,0x03,0x03,0x01, /* [4369] OBJ_setAttr_GenCryptgrm */ -0x67,0x2A,0x03,0x03,0x04,0x01, /* [4375] OBJ_setAttr_T2Enc */ -0x67,0x2A,0x03,0x03,0x04,0x02, /* [4381] OBJ_setAttr_T2cleartxt */ -0x67,0x2A,0x03,0x03,0x05,0x01, /* [4387] OBJ_setAttr_TokICCsig */ -0x67,0x2A,0x03,0x03,0x05,0x02, /* [4393] OBJ_setAttr_SecDevSig */ -0x67,0x2A,0x08,0x01, /* [4399] OBJ_set_brand_IATA_ATA */ -0x67,0x2A,0x08,0x1E, /* [4403] OBJ_set_brand_Diners */ -0x67,0x2A,0x08,0x22, /* [4407] OBJ_set_brand_AmericanExpress */ -0x67,0x2A,0x08,0x23, /* [4411] OBJ_set_brand_JCB */ -0x67,0x2A,0x08,0x04, /* [4415] OBJ_set_brand_Visa */ -0x67,0x2A,0x08,0x05, /* [4419] OBJ_set_brand_MasterCard */ -0x67,0x2A,0x08,0xAE,0x7B, /* [4423] OBJ_set_brand_Novus */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4428] OBJ_des_cdmf */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4436] OBJ_rsaOAEPEncryptionSET */ -0x67, /* [4445] OBJ_international_organizations */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4446] OBJ_ms_smartcard_login */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4456] OBJ_ms_upn */ -0x55,0x04,0x09, /* [4466] OBJ_streetAddress */ -0x55,0x04,0x11, /* [4469] OBJ_postalCode */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4472] OBJ_id_ppl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4479] OBJ_proxyCertInfo */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4487] OBJ_id_ppl_anyLanguage */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4495] OBJ_id_ppl_inheritAll */ -0x55,0x1D,0x1E, /* [4503] OBJ_name_constraints */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4506] OBJ_Independent */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4514] OBJ_sha256WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4523] OBJ_sha384WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4532] OBJ_sha512WithRSAEncryption */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4541] OBJ_sha224WithRSAEncryption */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4550] OBJ_sha256 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4559] OBJ_sha384 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4568] OBJ_sha512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4577] OBJ_sha224 */ -0x2B, /* [4586] OBJ_identified_organization */ -0x2B,0x81,0x04, /* [4587] OBJ_certicom_arc */ -0x67,0x2B, /* [4590] OBJ_wap */ -0x67,0x2B,0x01, /* [4592] OBJ_wap_wsg */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4595] OBJ_X9_62_id_characteristic_two_basis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4603] OBJ_X9_62_onBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4612] OBJ_X9_62_tpBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4621] OBJ_X9_62_ppBasis */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4630] OBJ_X9_62_c2pnb163v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4638] OBJ_X9_62_c2pnb163v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4646] OBJ_X9_62_c2pnb163v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4654] OBJ_X9_62_c2pnb176v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4662] OBJ_X9_62_c2tnb191v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4670] OBJ_X9_62_c2tnb191v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4678] OBJ_X9_62_c2tnb191v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4686] OBJ_X9_62_c2onb191v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4694] OBJ_X9_62_c2onb191v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4702] OBJ_X9_62_c2pnb208w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4710] OBJ_X9_62_c2tnb239v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4718] OBJ_X9_62_c2tnb239v2 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4726] OBJ_X9_62_c2tnb239v3 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4734] OBJ_X9_62_c2onb239v4 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4742] OBJ_X9_62_c2onb239v5 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4750] OBJ_X9_62_c2pnb272w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4758] OBJ_X9_62_c2pnb304w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4766] OBJ_X9_62_c2tnb359v1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4774] OBJ_X9_62_c2pnb368w1 */ -0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4782] OBJ_X9_62_c2tnb431r1 */ -0x2B,0x81,0x04,0x00,0x06, /* [4790] OBJ_secp112r1 */ -0x2B,0x81,0x04,0x00,0x07, /* [4795] OBJ_secp112r2 */ -0x2B,0x81,0x04,0x00,0x1C, /* [4800] OBJ_secp128r1 */ -0x2B,0x81,0x04,0x00,0x1D, /* [4805] OBJ_secp128r2 */ -0x2B,0x81,0x04,0x00,0x09, /* [4810] OBJ_secp160k1 */ -0x2B,0x81,0x04,0x00,0x08, /* [4815] OBJ_secp160r1 */ -0x2B,0x81,0x04,0x00,0x1E, /* [4820] OBJ_secp160r2 */ -0x2B,0x81,0x04,0x00,0x1F, /* [4825] OBJ_secp192k1 */ -0x2B,0x81,0x04,0x00,0x20, /* [4830] OBJ_secp224k1 */ -0x2B,0x81,0x04,0x00,0x21, /* [4835] OBJ_secp224r1 */ -0x2B,0x81,0x04,0x00,0x0A, /* [4840] OBJ_secp256k1 */ -0x2B,0x81,0x04,0x00,0x22, /* [4845] OBJ_secp384r1 */ -0x2B,0x81,0x04,0x00,0x23, /* [4850] OBJ_secp521r1 */ -0x2B,0x81,0x04,0x00,0x04, /* [4855] OBJ_sect113r1 */ -0x2B,0x81,0x04,0x00,0x05, /* [4860] OBJ_sect113r2 */ -0x2B,0x81,0x04,0x00,0x16, /* [4865] OBJ_sect131r1 */ -0x2B,0x81,0x04,0x00,0x17, /* [4870] OBJ_sect131r2 */ -0x2B,0x81,0x04,0x00,0x01, /* [4875] OBJ_sect163k1 */ -0x2B,0x81,0x04,0x00,0x02, /* [4880] OBJ_sect163r1 */ -0x2B,0x81,0x04,0x00,0x0F, /* [4885] OBJ_sect163r2 */ -0x2B,0x81,0x04,0x00,0x18, /* [4890] OBJ_sect193r1 */ -0x2B,0x81,0x04,0x00,0x19, /* [4895] OBJ_sect193r2 */ -0x2B,0x81,0x04,0x00,0x1A, /* [4900] OBJ_sect233k1 */ -0x2B,0x81,0x04,0x00,0x1B, /* [4905] OBJ_sect233r1 */ -0x2B,0x81,0x04,0x00,0x03, /* [4910] OBJ_sect239k1 */ -0x2B,0x81,0x04,0x00,0x10, /* [4915] OBJ_sect283k1 */ -0x2B,0x81,0x04,0x00,0x11, /* [4920] OBJ_sect283r1 */ -0x2B,0x81,0x04,0x00,0x24, /* [4925] OBJ_sect409k1 */ -0x2B,0x81,0x04,0x00,0x25, /* [4930] OBJ_sect409r1 */ -0x2B,0x81,0x04,0x00,0x26, /* [4935] OBJ_sect571k1 */ -0x2B,0x81,0x04,0x00,0x27, /* [4940] OBJ_sect571r1 */ -0x67,0x2B,0x01,0x04,0x01, /* [4945] OBJ_wap_wsg_idm_ecid_wtls1 */ -0x67,0x2B,0x01,0x04,0x03, /* [4950] OBJ_wap_wsg_idm_ecid_wtls3 */ -0x67,0x2B,0x01,0x04,0x04, /* [4955] OBJ_wap_wsg_idm_ecid_wtls4 */ -0x67,0x2B,0x01,0x04,0x05, /* [4960] OBJ_wap_wsg_idm_ecid_wtls5 */ -0x67,0x2B,0x01,0x04,0x06, /* [4965] OBJ_wap_wsg_idm_ecid_wtls6 */ -0x67,0x2B,0x01,0x04,0x07, /* [4970] OBJ_wap_wsg_idm_ecid_wtls7 */ -0x67,0x2B,0x01,0x04,0x08, /* [4975] OBJ_wap_wsg_idm_ecid_wtls8 */ -0x67,0x2B,0x01,0x04,0x09, /* [4980] OBJ_wap_wsg_idm_ecid_wtls9 */ -0x67,0x2B,0x01,0x04,0x0A, /* [4985] OBJ_wap_wsg_idm_ecid_wtls10 */ -0x67,0x2B,0x01,0x04,0x0B, /* [4990] OBJ_wap_wsg_idm_ecid_wtls11 */ -0x67,0x2B,0x01,0x04,0x0C, /* [4995] OBJ_wap_wsg_idm_ecid_wtls12 */ -0x55,0x1D,0x20,0x00, /* [5000] OBJ_any_policy */ -0x55,0x1D,0x21, /* [5004] OBJ_policy_mappings */ -0x55,0x1D,0x36, /* [5007] OBJ_inhibit_any_policy */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5010] OBJ_camellia_128_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5021] OBJ_camellia_192_cbc */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5032] OBJ_camellia_256_cbc */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5043] OBJ_camellia_128_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5051] OBJ_camellia_192_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5059] OBJ_camellia_256_ecb */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5067] OBJ_camellia_128_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5075] OBJ_camellia_192_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5083] OBJ_camellia_256_cfb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5091] OBJ_camellia_128_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5099] OBJ_camellia_192_ofb128 */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5107] OBJ_camellia_256_ofb128 */ -0x55,0x1D,0x09, /* [5115] OBJ_subject_directory_attributes */ -0x55,0x1D,0x1C, /* [5118] OBJ_issuing_distribution_point */ -0x55,0x1D,0x1D, /* [5121] OBJ_certificate_issuer */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5124] OBJ_kisa */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5130] OBJ_seed_ecb */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5138] OBJ_seed_cbc */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5146] OBJ_seed_ofb128 */ -0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5154] OBJ_seed_cfb128 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5162] OBJ_hmac_md5 */ -0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5170] OBJ_hmac_sha1 */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5178] OBJ_id_PasswordBasedMAC */ -0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5187] OBJ_id_DHBasedMac */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5196] OBJ_id_it_suppLangTags */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5204] OBJ_caRepository */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5212] OBJ_id_smime_ct_compressedData */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5223] OBJ_id_ct_asciiTextWithCRLF */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5234] OBJ_id_aes128_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5243] OBJ_id_aes192_wrap */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5252] OBJ_id_aes256_wrap */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5261] OBJ_ecdsa_with_Recommended */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5268] OBJ_ecdsa_with_Specified */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5275] OBJ_ecdsa_with_SHA224 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5283] OBJ_ecdsa_with_SHA256 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5291] OBJ_ecdsa_with_SHA384 */ -0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5299] OBJ_ecdsa_with_SHA512 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5307] OBJ_hmacWithMD5 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5315] OBJ_hmacWithSHA224 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5323] OBJ_hmacWithSHA256 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5331] OBJ_hmacWithSHA384 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5339] OBJ_hmacWithSHA512 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5347] OBJ_dsa_with_SHA224 */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5356] OBJ_dsa_with_SHA256 */ -0x28,0xCF,0x06,0x03,0x00,0x37, /* [5365] OBJ_whirlpool */ -0x2A,0x85,0x03,0x02,0x02, /* [5371] OBJ_cryptopro */ -0x2A,0x85,0x03,0x02,0x09, /* [5376] OBJ_cryptocom */ -0x2A,0x85,0x03,0x02,0x02,0x03, /* [5381] OBJ_id_GostR3411_94_with_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x04, /* [5387] OBJ_id_GostR3411_94_with_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x09, /* [5393] OBJ_id_GostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5399] OBJ_id_HMACGostR3411_94 */ -0x2A,0x85,0x03,0x02,0x02,0x13, /* [5405] OBJ_id_GostR3410_2001 */ -0x2A,0x85,0x03,0x02,0x02,0x14, /* [5411] OBJ_id_GostR3410_94 */ -0x2A,0x85,0x03,0x02,0x02,0x15, /* [5417] OBJ_id_Gost28147_89 */ -0x2A,0x85,0x03,0x02,0x02,0x16, /* [5423] OBJ_id_Gost28147_89_MAC */ -0x2A,0x85,0x03,0x02,0x02,0x17, /* [5429] OBJ_id_GostR3411_94_prf */ -0x2A,0x85,0x03,0x02,0x02,0x62, /* [5435] OBJ_id_GostR3410_2001DH */ -0x2A,0x85,0x03,0x02,0x02,0x63, /* [5441] OBJ_id_GostR3410_94DH */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5447] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5454] OBJ_id_Gost28147_89_None_KeyMeshing */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5461] OBJ_id_GostR3411_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5468] OBJ_id_GostR3411_94_CryptoProParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5475] OBJ_id_Gost28147_89_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5482] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5489] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5496] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5503] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5510] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5517] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5524] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5531] OBJ_id_GostR3410_94_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5538] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5545] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5552] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5559] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5566] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5573] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5580] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5587] OBJ_id_GostR3410_2001_TestParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5594] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5601] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5608] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5615] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5622] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5629] OBJ_id_GostR3410_94_a */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5636] OBJ_id_GostR3410_94_aBis */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5643] OBJ_id_GostR3410_94_b */ -0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5650] OBJ_id_GostR3410_94_bBis */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5657] OBJ_id_Gost28147_89_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5665] OBJ_id_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5673] OBJ_id_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5681] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5689] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ -0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5697] OBJ_id_GostR3410_2001_ParamSet_cc */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5705] OBJ_LocalKeySet */ -0x55,0x1D,0x2E, /* [5714] OBJ_freshest_crl */ -0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5717] OBJ_id_on_permanentIdentifier */ -0x55,0x04,0x0E, /* [5725] OBJ_searchGuide */ -0x55,0x04,0x0F, /* [5728] OBJ_businessCategory */ -0x55,0x04,0x10, /* [5731] OBJ_postalAddress */ -0x55,0x04,0x12, /* [5734] OBJ_postOfficeBox */ -0x55,0x04,0x13, /* [5737] OBJ_physicalDeliveryOfficeName */ -0x55,0x04,0x14, /* [5740] OBJ_telephoneNumber */ -0x55,0x04,0x15, /* [5743] OBJ_telexNumber */ -0x55,0x04,0x16, /* [5746] OBJ_teletexTerminalIdentifier */ -0x55,0x04,0x17, /* [5749] OBJ_facsimileTelephoneNumber */ -0x55,0x04,0x18, /* [5752] OBJ_x121Address */ -0x55,0x04,0x19, /* [5755] OBJ_internationaliSDNNumber */ -0x55,0x04,0x1A, /* [5758] OBJ_registeredAddress */ -0x55,0x04,0x1B, /* [5761] OBJ_destinationIndicator */ -0x55,0x04,0x1C, /* [5764] OBJ_preferredDeliveryMethod */ -0x55,0x04,0x1D, /* [5767] OBJ_presentationAddress */ -0x55,0x04,0x1E, /* [5770] OBJ_supportedApplicationContext */ -0x55,0x04,0x1F, /* [5773] OBJ_member */ -0x55,0x04,0x20, /* [5776] OBJ_owner */ -0x55,0x04,0x21, /* [5779] OBJ_roleOccupant */ -0x55,0x04,0x22, /* [5782] OBJ_seeAlso */ -0x55,0x04,0x23, /* [5785] OBJ_userPassword */ -0x55,0x04,0x24, /* [5788] OBJ_userCertificate */ -0x55,0x04,0x25, /* [5791] OBJ_cACertificate */ -0x55,0x04,0x26, /* [5794] OBJ_authorityRevocationList */ -0x55,0x04,0x27, /* [5797] OBJ_certificateRevocationList */ -0x55,0x04,0x28, /* [5800] OBJ_crossCertificatePair */ -0x55,0x04,0x2F, /* [5803] OBJ_enhancedSearchGuide */ -0x55,0x04,0x30, /* [5806] OBJ_protocolInformation */ -0x55,0x04,0x31, /* [5809] OBJ_distinguishedName */ -0x55,0x04,0x32, /* [5812] OBJ_uniqueMember */ -0x55,0x04,0x33, /* [5815] OBJ_houseIdentifier */ -0x55,0x04,0x34, /* [5818] OBJ_supportedAlgorithms */ -0x55,0x04,0x35, /* [5821] OBJ_deltaRevocationList */ -0x55,0x04,0x36, /* [5824] OBJ_dmdName */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5827] OBJ_id_alg_PWRI_KEK */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5838] OBJ_aes_128_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5847] OBJ_aes_128_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5856] OBJ_id_aes128_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5865] OBJ_aes_192_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5874] OBJ_aes_192_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5883] OBJ_id_aes192_wrap_pad */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5892] OBJ_aes_256_gcm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5901] OBJ_aes_256_ccm */ -0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5910] OBJ_id_aes256_wrap_pad */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5919] OBJ_id_camellia128_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5930] OBJ_id_camellia192_wrap */ -0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5941] OBJ_id_camellia256_wrap */ -0x55,0x1D,0x25,0x00, /* [5952] OBJ_anyExtendedKeyUsage */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5956] OBJ_mgf1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5965] OBJ_rsassaPss */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5974] OBJ_rsaesOaep */ -0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5983] OBJ_dhpublicnumber */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5990] OBJ_brainpoolP160r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5999] OBJ_brainpoolP160t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [6008] OBJ_brainpoolP192r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6017] OBJ_brainpoolP192t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6026] OBJ_brainpoolP224r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6035] OBJ_brainpoolP224t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6044] OBJ_brainpoolP256r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6053] OBJ_brainpoolP256t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6062] OBJ_brainpoolP320r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6071] OBJ_brainpoolP320t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6080] OBJ_brainpoolP384r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6089] OBJ_brainpoolP384t1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6098] OBJ_brainpoolP512r1 */ -0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6107] OBJ_brainpoolP512t1 */ -0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6116] OBJ_pSpecified */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6125] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6134] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6140] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6146] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6152] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ -0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6158] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6167] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6173] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6179] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ -0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6185] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6191] OBJ_ct_precert_scts */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6201] OBJ_ct_precert_poison */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6211] OBJ_ct_precert_signer */ -0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6221] OBJ_ct_cert_scts */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6231] OBJ_jurisdictionLocalityName */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6242] OBJ_jurisdictionStateOrProvinceName */ -0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6253] OBJ_jurisdictionCountryName */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [6264] OBJ_camellia_128_gcm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [6272] OBJ_camellia_128_ccm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [6280] OBJ_camellia_128_ctr */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [6288] OBJ_camellia_128_cmac */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [6296] OBJ_camellia_192_gcm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [6304] OBJ_camellia_192_ccm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [6312] OBJ_camellia_192_ctr */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [6320] OBJ_camellia_192_cmac */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [6328] OBJ_camellia_256_gcm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6336] OBJ_camellia_256_ccm */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6344] OBJ_camellia_256_ctr */ -0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6352] OBJ_camellia_256_cmac */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,/* [626] OBJ_zlib_compression */ +0x55,0x1D,0x25, /* [637] OBJ_ext_key_usage */ +0x2B,0x06,0x01,0x05,0x05,0x07, /* [640] OBJ_id_pkix */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03, /* [646] OBJ_id_kp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01, /* [653] OBJ_server_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02, /* [661] OBJ_client_auth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03, /* [669] OBJ_code_sign */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04, /* [677] OBJ_email_protect */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08, /* [685] OBJ_time_stamp */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,/* [693] OBJ_ms_code_ind */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,/* [703] OBJ_ms_code_com */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,/* [713] OBJ_ms_ctl_sign */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,/* [723] OBJ_ms_sgc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,/* [733] OBJ_ms_efs */ +0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,/* [743] OBJ_ns_sgc */ +0x55,0x1D,0x1B, /* [752] OBJ_delta_crl */ +0x55,0x1D,0x15, /* [755] OBJ_crl_reason */ +0x55,0x1D,0x18, /* [758] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [761] OBJ_sxnet */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,/* [766] OBJ_pbe_WithSHA1And128BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,/* [776] OBJ_pbe_WithSHA1And40BitRC4 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,/* [786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,/* [796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,/* [806] OBJ_pbe_WithSHA1And128BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,/* [816] OBJ_pbe_WithSHA1And40BitRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,/* [826] OBJ_keyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,/* [837] OBJ_pkcs8ShroudedKeyBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,/* [848] OBJ_certBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,/* [859] OBJ_crlBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,/* [870] OBJ_secretBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,/* [881] OBJ_safeContentsBag */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,/* [892] OBJ_friendlyName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,/* [901] OBJ_localKeyID */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,/* [910] OBJ_x509Certificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,/* [920] OBJ_sdsiCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,/* [930] OBJ_x509Crl */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,/* [940] OBJ_pbes2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,/* [949] OBJ_pbmac1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07, /* [958] OBJ_hmacWithSHA1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01, /* [966] OBJ_id_qt_cps */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02, /* [974] OBJ_id_qt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,/* [982] OBJ_SMIMECapabilities */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,/* [991] OBJ_pbeWithMD2AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,/* [1000] OBJ_pbeWithMD5AndRC2_CBC */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,/* [1009] OBJ_pbeWithSHA1AndDES_CBC */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,/* [1018] OBJ_ms_ext_req */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [1028] OBJ_ext_req */ +0x55,0x04,0x29, /* [1037] OBJ_name */ +0x55,0x04,0x2E, /* [1040] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1043] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1050] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1057] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1065] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1073] OBJ_ad_ca_issuers */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09, /* [1081] OBJ_OCSP_sign */ +0x2A, /* [1089] OBJ_member_body */ +0x2A,0x86,0x48, /* [1090] OBJ_ISO_US */ +0x2A,0x86,0x48,0xCE,0x38, /* [1093] OBJ_X9_57 */ +0x2A,0x86,0x48,0xCE,0x38,0x04, /* [1098] OBJ_X9cm */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01, /* [1104] OBJ_pkcs1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05, /* [1112] OBJ_pkcs5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,/* [1120] OBJ_SMIME */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,/* [1129] OBJ_id_smime_mod */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,/* [1139] OBJ_id_smime_ct */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,/* [1149] OBJ_id_smime_aa */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,/* [1159] OBJ_id_smime_alg */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,/* [1169] OBJ_id_smime_cd */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,/* [1179] OBJ_id_smime_spq */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,/* [1189] OBJ_id_smime_cti */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,/* [1199] OBJ_id_smime_mod_cms */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,/* [1210] OBJ_id_smime_mod_ess */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,/* [1221] OBJ_id_smime_mod_oid */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,/* [1232] OBJ_id_smime_mod_msg_v3 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,/* [1243] OBJ_id_smime_mod_ets_eSignature_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,/* [1254] OBJ_id_smime_mod_ets_eSignature_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,/* [1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,/* [1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,/* [1287] OBJ_id_smime_ct_receipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,/* [1298] OBJ_id_smime_ct_authData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,/* [1309] OBJ_id_smime_ct_publishCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,/* [1320] OBJ_id_smime_ct_TSTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,/* [1331] OBJ_id_smime_ct_TDTInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,/* [1342] OBJ_id_smime_ct_contentInfo */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,/* [1353] OBJ_id_smime_ct_DVCSRequestData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,/* [1364] OBJ_id_smime_ct_DVCSResponseData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,/* [1375] OBJ_id_smime_aa_receiptRequest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,/* [1386] OBJ_id_smime_aa_securityLabel */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,/* [1397] OBJ_id_smime_aa_mlExpandHistory */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,/* [1408] OBJ_id_smime_aa_contentHint */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,/* [1419] OBJ_id_smime_aa_msgSigDigest */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,/* [1430] OBJ_id_smime_aa_encapContentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,/* [1441] OBJ_id_smime_aa_contentIdentifier */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,/* [1452] OBJ_id_smime_aa_macValue */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,/* [1463] OBJ_id_smime_aa_equivalentLabels */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,/* [1474] OBJ_id_smime_aa_contentReference */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,/* [1485] OBJ_id_smime_aa_encrypKeyPref */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,/* [1496] OBJ_id_smime_aa_signingCertificate */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,/* [1507] OBJ_id_smime_aa_smimeEncryptCerts */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,/* [1518] OBJ_id_smime_aa_timeStampToken */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,/* [1529] OBJ_id_smime_aa_ets_sigPolicyId */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,/* [1540] OBJ_id_smime_aa_ets_commitmentType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,/* [1551] OBJ_id_smime_aa_ets_signerLocation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,/* [1562] OBJ_id_smime_aa_ets_signerAttr */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,/* [1573] OBJ_id_smime_aa_ets_otherSigCert */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,/* [1584] OBJ_id_smime_aa_ets_contentTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,/* [1595] OBJ_id_smime_aa_ets_CertificateRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,/* [1606] OBJ_id_smime_aa_ets_RevocationRefs */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,/* [1617] OBJ_id_smime_aa_ets_certValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,/* [1628] OBJ_id_smime_aa_ets_revocationValues */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,/* [1639] OBJ_id_smime_aa_ets_escTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,/* [1650] OBJ_id_smime_aa_ets_certCRLTimestamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,/* [1661] OBJ_id_smime_aa_ets_archiveTimeStamp */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,/* [1672] OBJ_id_smime_aa_signatureType */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,/* [1683] OBJ_id_smime_aa_dvcs_dvc */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,/* [1694] OBJ_id_smime_alg_ESDHwith3DES */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,/* [1705] OBJ_id_smime_alg_ESDHwithRC2 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,/* [1716] OBJ_id_smime_alg_3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,/* [1727] OBJ_id_smime_alg_RC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,/* [1738] OBJ_id_smime_alg_ESDH */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,/* [1749] OBJ_id_smime_alg_CMS3DESwrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,/* [1760] OBJ_id_smime_alg_CMSRC2wrap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,/* [1771] OBJ_id_smime_cd_ldap */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,/* [1782] OBJ_id_smime_spq_ets_sqt_uri */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,/* [1793] OBJ_id_smime_spq_ets_sqt_unotice */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,/* [1804] OBJ_id_smime_cti_ets_proofOfOrigin */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,/* [1815] OBJ_id_smime_cti_ets_proofOfReceipt */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,/* [1826] OBJ_id_smime_cti_ets_proofOfDelivery */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,/* [1837] OBJ_id_smime_cti_ets_proofOfSender */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,/* [1848] OBJ_id_smime_cti_ets_proofOfApproval */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,/* [1859] OBJ_id_smime_cti_ets_proofOfCreation */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04, /* [1870] OBJ_md4 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00, /* [1878] OBJ_id_pkix_mod */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02, /* [1885] OBJ_id_qt */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04, /* [1892] OBJ_id_it */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05, /* [1899] OBJ_id_pkip */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06, /* [1906] OBJ_id_alg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07, /* [1913] OBJ_id_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08, /* [1920] OBJ_id_on */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09, /* [1927] OBJ_id_pda */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A, /* [1934] OBJ_id_aca */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B, /* [1941] OBJ_id_qcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C, /* [1948] OBJ_id_cct */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01, /* [1955] OBJ_id_pkix1_explicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02, /* [1963] OBJ_id_pkix1_implicit_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03, /* [1971] OBJ_id_pkix1_explicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04, /* [1979] OBJ_id_pkix1_implicit_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05, /* [1987] OBJ_id_mod_crmf */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06, /* [1995] OBJ_id_mod_cmc */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07, /* [2003] OBJ_id_mod_kea_profile_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08, /* [2011] OBJ_id_mod_kea_profile_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09, /* [2019] OBJ_id_mod_cmp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A, /* [2027] OBJ_id_mod_qualified_cert_88 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B, /* [2035] OBJ_id_mod_qualified_cert_93 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C, /* [2043] OBJ_id_mod_attribute_cert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D, /* [2051] OBJ_id_mod_timestamp_protocol */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E, /* [2059] OBJ_id_mod_ocsp */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F, /* [2067] OBJ_id_mod_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10, /* [2075] OBJ_id_mod_cmp2000 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02, /* [2083] OBJ_biometricInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03, /* [2091] OBJ_qcStatements */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04, /* [2099] OBJ_ac_auditEntity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05, /* [2107] OBJ_ac_targeting */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06, /* [2115] OBJ_aaControls */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07, /* [2123] OBJ_sbgp_ipAddrBlock */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08, /* [2131] OBJ_sbgp_autonomousSysNum */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09, /* [2139] OBJ_sbgp_routerIdentifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03, /* [2147] OBJ_textNotice */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05, /* [2155] OBJ_ipsecEndSystem */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06, /* [2163] OBJ_ipsecTunnel */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07, /* [2171] OBJ_ipsecUser */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A, /* [2179] OBJ_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01, /* [2187] OBJ_id_it_caProtEncCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02, /* [2195] OBJ_id_it_signKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03, /* [2203] OBJ_id_it_encKeyPairTypes */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04, /* [2211] OBJ_id_it_preferredSymmAlg */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05, /* [2219] OBJ_id_it_caKeyUpdateInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06, /* [2227] OBJ_id_it_currentCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07, /* [2235] OBJ_id_it_unsupportedOIDs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08, /* [2243] OBJ_id_it_subscriptionRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09, /* [2251] OBJ_id_it_subscriptionResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A, /* [2259] OBJ_id_it_keyPairParamReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B, /* [2267] OBJ_id_it_keyPairParamRep */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C, /* [2275] OBJ_id_it_revPassphrase */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D, /* [2283] OBJ_id_it_implicitConfirm */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E, /* [2291] OBJ_id_it_confirmWaitTime */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F, /* [2299] OBJ_id_it_origPKIMessage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01, /* [2307] OBJ_id_regCtrl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02, /* [2315] OBJ_id_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,/* [2323] OBJ_id_regCtrl_regToken */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,/* [2332] OBJ_id_regCtrl_authenticator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,/* [2341] OBJ_id_regCtrl_pkiPublicationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,/* [2350] OBJ_id_regCtrl_pkiArchiveOptions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,/* [2359] OBJ_id_regCtrl_oldCertID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,/* [2368] OBJ_id_regCtrl_protocolEncrKey */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,/* [2377] OBJ_id_regInfo_utf8Pairs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,/* [2386] OBJ_id_regInfo_certReq */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01, /* [2395] OBJ_id_alg_des40 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02, /* [2403] OBJ_id_alg_noSignature */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03, /* [2411] OBJ_id_alg_dh_sig_hmac_sha1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04, /* [2419] OBJ_id_alg_dh_pop */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01, /* [2427] OBJ_id_cmc_statusInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02, /* [2435] OBJ_id_cmc_identification */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03, /* [2443] OBJ_id_cmc_identityProof */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04, /* [2451] OBJ_id_cmc_dataReturn */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05, /* [2459] OBJ_id_cmc_transactionId */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06, /* [2467] OBJ_id_cmc_senderNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07, /* [2475] OBJ_id_cmc_recipientNonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08, /* [2483] OBJ_id_cmc_addExtensions */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09, /* [2491] OBJ_id_cmc_encryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A, /* [2499] OBJ_id_cmc_decryptedPOP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B, /* [2507] OBJ_id_cmc_lraPOPWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F, /* [2515] OBJ_id_cmc_getCert */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10, /* [2523] OBJ_id_cmc_getCRL */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11, /* [2531] OBJ_id_cmc_revokeRequest */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12, /* [2539] OBJ_id_cmc_regInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13, /* [2547] OBJ_id_cmc_responseInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15, /* [2555] OBJ_id_cmc_queryPending */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16, /* [2563] OBJ_id_cmc_popLinkRandom */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17, /* [2571] OBJ_id_cmc_popLinkWitness */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18, /* [2579] OBJ_id_cmc_confirmCertAcceptance */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01, /* [2587] OBJ_id_on_personalData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01, /* [2595] OBJ_id_pda_dateOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02, /* [2603] OBJ_id_pda_placeOfBirth */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03, /* [2611] OBJ_id_pda_gender */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04, /* [2619] OBJ_id_pda_countryOfCitizenship */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05, /* [2627] OBJ_id_pda_countryOfResidence */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01, /* [2635] OBJ_id_aca_authenticationInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02, /* [2643] OBJ_id_aca_accessIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03, /* [2651] OBJ_id_aca_chargingIdentity */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04, /* [2659] OBJ_id_aca_group */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05, /* [2667] OBJ_id_aca_role */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01, /* [2675] OBJ_id_qcs_pkixQCSyntax_v1 */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01, /* [2683] OBJ_id_cct_crs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02, /* [2691] OBJ_id_cct_PKIData */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03, /* [2699] OBJ_id_cct_PKIResponse */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03, /* [2707] OBJ_ad_timeStamping */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04, /* [2715] OBJ_ad_dvcs */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2723] OBJ_id_pkix_OCSP_basic */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2732] OBJ_id_pkix_OCSP_Nonce */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2741] OBJ_id_pkix_OCSP_CrlID */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2750] OBJ_id_pkix_OCSP_acceptableResponses */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2759] OBJ_id_pkix_OCSP_noCheck */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2768] OBJ_id_pkix_OCSP_archiveCutoff */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2777] OBJ_id_pkix_OCSP_serviceLocator */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2786] OBJ_id_pkix_OCSP_extendedStatus */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2795] OBJ_id_pkix_OCSP_valid */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2804] OBJ_id_pkix_OCSP_path */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2813] OBJ_id_pkix_OCSP_trustRoot */ +0x2B,0x0E,0x03,0x02, /* [2822] OBJ_algorithm */ +0x2B,0x0E,0x03,0x02,0x0B, /* [2826] OBJ_rsaSignature */ +0x55,0x08, /* [2831] OBJ_X500algorithms */ +0x2B, /* [2833] OBJ_org */ +0x2B,0x06, /* [2834] OBJ_dod */ +0x2B,0x06,0x01, /* [2836] OBJ_iana */ +0x2B,0x06,0x01,0x01, /* [2839] OBJ_Directory */ +0x2B,0x06,0x01,0x02, /* [2843] OBJ_Management */ +0x2B,0x06,0x01,0x03, /* [2847] OBJ_Experimental */ +0x2B,0x06,0x01,0x04, /* [2851] OBJ_Private */ +0x2B,0x06,0x01,0x05, /* [2855] OBJ_Security */ +0x2B,0x06,0x01,0x06, /* [2859] OBJ_SNMPv2 */ +0x2B,0x06,0x01,0x07, /* [2863] OBJ_Mail */ +0x2B,0x06,0x01,0x04,0x01, /* [2867] OBJ_Enterprises */ +0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2872] OBJ_dcObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2881] OBJ_domainComponent */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2891] OBJ_Domain */ +0x55,0x01,0x05, /* [2901] OBJ_selected_attribute_types */ +0x55,0x01,0x05,0x37, /* [2904] OBJ_clearance */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2908] OBJ_md4WithRSAEncryption */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A, /* [2917] OBJ_ac_proxying */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B, /* [2925] OBJ_sinfo_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06, /* [2933] OBJ_id_aca_encAttrs */ +0x55,0x04,0x48, /* [2941] OBJ_role */ +0x55,0x1D,0x24, /* [2944] OBJ_policy_constraints */ +0x55,0x1D,0x37, /* [2947] OBJ_target_information */ +0x55,0x1D,0x38, /* [2950] OBJ_no_rev_avail */ +0x2A,0x86,0x48,0xCE,0x3D, /* [2953] OBJ_ansi_X9_62 */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01, /* [2958] OBJ_X9_62_prime_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02, /* [2965] OBJ_X9_62_characteristic_two_field */ +0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01, /* [2972] OBJ_X9_62_id_ecPublicKey */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01, /* [2979] OBJ_X9_62_prime192v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02, /* [2987] OBJ_X9_62_prime192v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03, /* [2995] OBJ_X9_62_prime192v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04, /* [3003] OBJ_X9_62_prime239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05, /* [3011] OBJ_X9_62_prime239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06, /* [3019] OBJ_X9_62_prime239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07, /* [3027] OBJ_X9_62_prime256v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01, /* [3035] OBJ_ecdsa_with_SHA1 */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,/* [3042] OBJ_ms_csp_name */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,/* [3051] OBJ_aes_128_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,/* [3060] OBJ_aes_128_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,/* [3069] OBJ_aes_128_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,/* [3078] OBJ_aes_128_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,/* [3087] OBJ_aes_192_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,/* [3096] OBJ_aes_192_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,/* [3105] OBJ_aes_192_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,/* [3114] OBJ_aes_192_cfb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,/* [3123] OBJ_aes_256_ecb */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,/* [3132] OBJ_aes_256_cbc */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,/* [3141] OBJ_aes_256_ofb128 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,/* [3150] OBJ_aes_256_cfb128 */ +0x55,0x1D,0x17, /* [3159] OBJ_hold_instruction_code */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x01, /* [3162] OBJ_hold_instruction_none */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x02, /* [3169] OBJ_hold_instruction_call_issuer */ +0x2A,0x86,0x48,0xCE,0x38,0x02,0x03, /* [3176] OBJ_hold_instruction_reject */ +0x09, /* [3183] OBJ_data */ +0x09,0x92,0x26, /* [3184] OBJ_pss */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C, /* [3187] OBJ_ucl */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64, /* [3194] OBJ_pilot */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,/* [3202] OBJ_pilotAttributeType */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,/* [3211] OBJ_pilotAttributeSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,/* [3220] OBJ_pilotObjectClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,/* [3229] OBJ_pilotGroups */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,/* [3238] OBJ_iA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,/* [3248] OBJ_caseIgnoreIA5StringSyntax */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,/* [3258] OBJ_pilotObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,/* [3268] OBJ_pilotPerson */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,/* [3278] OBJ_account */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,/* [3288] OBJ_document */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,/* [3298] OBJ_room */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,/* [3308] OBJ_documentSeries */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,/* [3318] OBJ_rFC822localPart */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,/* [3328] OBJ_dNSDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,/* [3338] OBJ_domainRelatedObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,/* [3348] OBJ_friendlyCountry */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,/* [3358] OBJ_simpleSecurityObject */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,/* [3368] OBJ_pilotOrganization */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,/* [3378] OBJ_pilotDSA */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,/* [3388] OBJ_qualityLabelledData */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,/* [3398] OBJ_userId */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,/* [3408] OBJ_textEncodedORAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,/* [3418] OBJ_rfc822Mailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,/* [3428] OBJ_info */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,/* [3438] OBJ_favouriteDrink */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,/* [3448] OBJ_roomNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,/* [3458] OBJ_photo */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,/* [3468] OBJ_userClass */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,/* [3478] OBJ_host */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,/* [3488] OBJ_manager */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,/* [3498] OBJ_documentIdentifier */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,/* [3508] OBJ_documentTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,/* [3518] OBJ_documentVersion */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,/* [3528] OBJ_documentAuthor */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,/* [3538] OBJ_documentLocation */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,/* [3548] OBJ_homeTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,/* [3558] OBJ_secretary */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,/* [3568] OBJ_otherMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,/* [3578] OBJ_lastModifiedTime */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,/* [3588] OBJ_lastModifiedBy */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,/* [3598] OBJ_aRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,/* [3608] OBJ_pilotAttributeType27 */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,/* [3618] OBJ_mXRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,/* [3628] OBJ_nSRecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,/* [3638] OBJ_sOARecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,/* [3648] OBJ_cNAMERecord */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,/* [3658] OBJ_associatedDomain */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,/* [3668] OBJ_associatedName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,/* [3678] OBJ_homePostalAddress */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,/* [3688] OBJ_personalTitle */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,/* [3698] OBJ_mobileTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,/* [3708] OBJ_pagerTelephoneNumber */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,/* [3718] OBJ_friendlyCountryName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,/* [3728] OBJ_organizationalStatus */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,/* [3738] OBJ_janetMailbox */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,/* [3748] OBJ_mailPreferenceOption */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,/* [3758] OBJ_buildingName */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,/* [3768] OBJ_dSAQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,/* [3778] OBJ_singleLevelQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,/* [3788] OBJ_subtreeMinimumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,/* [3798] OBJ_subtreeMaximumQuality */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,/* [3808] OBJ_personalSignature */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,/* [3818] OBJ_dITRedirect */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,/* [3828] OBJ_audio */ +0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,/* [3838] OBJ_documentPublisher */ +0x55,0x04,0x2D, /* [3848] OBJ_x500UniqueIdentifier */ +0x2B,0x06,0x01,0x07,0x01, /* [3851] OBJ_mime_mhs */ +0x2B,0x06,0x01,0x07,0x01,0x01, /* [3856] OBJ_mime_mhs_headings */ +0x2B,0x06,0x01,0x07,0x01,0x02, /* [3862] OBJ_mime_mhs_bodies */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x01, /* [3868] OBJ_id_hex_partial_message */ +0x2B,0x06,0x01,0x07,0x01,0x01,0x02, /* [3875] OBJ_id_hex_multipart_message */ +0x55,0x04,0x2C, /* [3882] OBJ_generationQualifier */ +0x55,0x04,0x41, /* [3885] OBJ_pseudonym */ +0x67,0x2A, /* [3888] OBJ_id_set */ +0x67,0x2A,0x00, /* [3890] OBJ_set_ctype */ +0x67,0x2A,0x01, /* [3893] OBJ_set_msgExt */ +0x67,0x2A,0x03, /* [3896] OBJ_set_attr */ +0x67,0x2A,0x05, /* [3899] OBJ_set_policy */ +0x67,0x2A,0x07, /* [3902] OBJ_set_certExt */ +0x67,0x2A,0x08, /* [3905] OBJ_set_brand */ +0x67,0x2A,0x00,0x00, /* [3908] OBJ_setct_PANData */ +0x67,0x2A,0x00,0x01, /* [3912] OBJ_setct_PANToken */ +0x67,0x2A,0x00,0x02, /* [3916] OBJ_setct_PANOnly */ +0x67,0x2A,0x00,0x03, /* [3920] OBJ_setct_OIData */ +0x67,0x2A,0x00,0x04, /* [3924] OBJ_setct_PI */ +0x67,0x2A,0x00,0x05, /* [3928] OBJ_setct_PIData */ +0x67,0x2A,0x00,0x06, /* [3932] OBJ_setct_PIDataUnsigned */ +0x67,0x2A,0x00,0x07, /* [3936] OBJ_setct_HODInput */ +0x67,0x2A,0x00,0x08, /* [3940] OBJ_setct_AuthResBaggage */ +0x67,0x2A,0x00,0x09, /* [3944] OBJ_setct_AuthRevReqBaggage */ +0x67,0x2A,0x00,0x0A, /* [3948] OBJ_setct_AuthRevResBaggage */ +0x67,0x2A,0x00,0x0B, /* [3952] OBJ_setct_CapTokenSeq */ +0x67,0x2A,0x00,0x0C, /* [3956] OBJ_setct_PInitResData */ +0x67,0x2A,0x00,0x0D, /* [3960] OBJ_setct_PI_TBS */ +0x67,0x2A,0x00,0x0E, /* [3964] OBJ_setct_PResData */ +0x67,0x2A,0x00,0x10, /* [3968] OBJ_setct_AuthReqTBS */ +0x67,0x2A,0x00,0x11, /* [3972] OBJ_setct_AuthResTBS */ +0x67,0x2A,0x00,0x12, /* [3976] OBJ_setct_AuthResTBSX */ +0x67,0x2A,0x00,0x13, /* [3980] OBJ_setct_AuthTokenTBS */ +0x67,0x2A,0x00,0x14, /* [3984] OBJ_setct_CapTokenData */ +0x67,0x2A,0x00,0x15, /* [3988] OBJ_setct_CapTokenTBS */ +0x67,0x2A,0x00,0x16, /* [3992] OBJ_setct_AcqCardCodeMsg */ +0x67,0x2A,0x00,0x17, /* [3996] OBJ_setct_AuthRevReqTBS */ +0x67,0x2A,0x00,0x18, /* [4000] OBJ_setct_AuthRevResData */ +0x67,0x2A,0x00,0x19, /* [4004] OBJ_setct_AuthRevResTBS */ +0x67,0x2A,0x00,0x1A, /* [4008] OBJ_setct_CapReqTBS */ +0x67,0x2A,0x00,0x1B, /* [4012] OBJ_setct_CapReqTBSX */ +0x67,0x2A,0x00,0x1C, /* [4016] OBJ_setct_CapResData */ +0x67,0x2A,0x00,0x1D, /* [4020] OBJ_setct_CapRevReqTBS */ +0x67,0x2A,0x00,0x1E, /* [4024] OBJ_setct_CapRevReqTBSX */ +0x67,0x2A,0x00,0x1F, /* [4028] OBJ_setct_CapRevResData */ +0x67,0x2A,0x00,0x20, /* [4032] OBJ_setct_CredReqTBS */ +0x67,0x2A,0x00,0x21, /* [4036] OBJ_setct_CredReqTBSX */ +0x67,0x2A,0x00,0x22, /* [4040] OBJ_setct_CredResData */ +0x67,0x2A,0x00,0x23, /* [4044] OBJ_setct_CredRevReqTBS */ +0x67,0x2A,0x00,0x24, /* [4048] OBJ_setct_CredRevReqTBSX */ +0x67,0x2A,0x00,0x25, /* [4052] OBJ_setct_CredRevResData */ +0x67,0x2A,0x00,0x26, /* [4056] OBJ_setct_PCertReqData */ +0x67,0x2A,0x00,0x27, /* [4060] OBJ_setct_PCertResTBS */ +0x67,0x2A,0x00,0x28, /* [4064] OBJ_setct_BatchAdminReqData */ +0x67,0x2A,0x00,0x29, /* [4068] OBJ_setct_BatchAdminResData */ +0x67,0x2A,0x00,0x2A, /* [4072] OBJ_setct_CardCInitResTBS */ +0x67,0x2A,0x00,0x2B, /* [4076] OBJ_setct_MeAqCInitResTBS */ +0x67,0x2A,0x00,0x2C, /* [4080] OBJ_setct_RegFormResTBS */ +0x67,0x2A,0x00,0x2D, /* [4084] OBJ_setct_CertReqData */ +0x67,0x2A,0x00,0x2E, /* [4088] OBJ_setct_CertReqTBS */ +0x67,0x2A,0x00,0x2F, /* [4092] OBJ_setct_CertResData */ +0x67,0x2A,0x00,0x30, /* [4096] OBJ_setct_CertInqReqTBS */ +0x67,0x2A,0x00,0x31, /* [4100] OBJ_setct_ErrorTBS */ +0x67,0x2A,0x00,0x32, /* [4104] OBJ_setct_PIDualSignedTBE */ +0x67,0x2A,0x00,0x33, /* [4108] OBJ_setct_PIUnsignedTBE */ +0x67,0x2A,0x00,0x34, /* [4112] OBJ_setct_AuthReqTBE */ +0x67,0x2A,0x00,0x35, /* [4116] OBJ_setct_AuthResTBE */ +0x67,0x2A,0x00,0x36, /* [4120] OBJ_setct_AuthResTBEX */ +0x67,0x2A,0x00,0x37, /* [4124] OBJ_setct_AuthTokenTBE */ +0x67,0x2A,0x00,0x38, /* [4128] OBJ_setct_CapTokenTBE */ +0x67,0x2A,0x00,0x39, /* [4132] OBJ_setct_CapTokenTBEX */ +0x67,0x2A,0x00,0x3A, /* [4136] OBJ_setct_AcqCardCodeMsgTBE */ +0x67,0x2A,0x00,0x3B, /* [4140] OBJ_setct_AuthRevReqTBE */ +0x67,0x2A,0x00,0x3C, /* [4144] OBJ_setct_AuthRevResTBE */ +0x67,0x2A,0x00,0x3D, /* [4148] OBJ_setct_AuthRevResTBEB */ +0x67,0x2A,0x00,0x3E, /* [4152] OBJ_setct_CapReqTBE */ +0x67,0x2A,0x00,0x3F, /* [4156] OBJ_setct_CapReqTBEX */ +0x67,0x2A,0x00,0x40, /* [4160] OBJ_setct_CapResTBE */ +0x67,0x2A,0x00,0x41, /* [4164] OBJ_setct_CapRevReqTBE */ +0x67,0x2A,0x00,0x42, /* [4168] OBJ_setct_CapRevReqTBEX */ +0x67,0x2A,0x00,0x43, /* [4172] OBJ_setct_CapRevResTBE */ +0x67,0x2A,0x00,0x44, /* [4176] OBJ_setct_CredReqTBE */ +0x67,0x2A,0x00,0x45, /* [4180] OBJ_setct_CredReqTBEX */ +0x67,0x2A,0x00,0x46, /* [4184] OBJ_setct_CredResTBE */ +0x67,0x2A,0x00,0x47, /* [4188] OBJ_setct_CredRevReqTBE */ +0x67,0x2A,0x00,0x48, /* [4192] OBJ_setct_CredRevReqTBEX */ +0x67,0x2A,0x00,0x49, /* [4196] OBJ_setct_CredRevResTBE */ +0x67,0x2A,0x00,0x4A, /* [4200] OBJ_setct_BatchAdminReqTBE */ +0x67,0x2A,0x00,0x4B, /* [4204] OBJ_setct_BatchAdminResTBE */ +0x67,0x2A,0x00,0x4C, /* [4208] OBJ_setct_RegFormReqTBE */ +0x67,0x2A,0x00,0x4D, /* [4212] OBJ_setct_CertReqTBE */ +0x67,0x2A,0x00,0x4E, /* [4216] OBJ_setct_CertReqTBEX */ +0x67,0x2A,0x00,0x4F, /* [4220] OBJ_setct_CertResTBE */ +0x67,0x2A,0x00,0x50, /* [4224] OBJ_setct_CRLNotificationTBS */ +0x67,0x2A,0x00,0x51, /* [4228] OBJ_setct_CRLNotificationResTBS */ +0x67,0x2A,0x00,0x52, /* [4232] OBJ_setct_BCIDistributionTBS */ +0x67,0x2A,0x01,0x01, /* [4236] OBJ_setext_genCrypt */ +0x67,0x2A,0x01,0x03, /* [4240] OBJ_setext_miAuth */ +0x67,0x2A,0x01,0x04, /* [4244] OBJ_setext_pinSecure */ +0x67,0x2A,0x01,0x05, /* [4248] OBJ_setext_pinAny */ +0x67,0x2A,0x01,0x07, /* [4252] OBJ_setext_track2 */ +0x67,0x2A,0x01,0x08, /* [4256] OBJ_setext_cv */ +0x67,0x2A,0x05,0x00, /* [4260] OBJ_set_policy_root */ +0x67,0x2A,0x07,0x00, /* [4264] OBJ_setCext_hashedRoot */ +0x67,0x2A,0x07,0x01, /* [4268] OBJ_setCext_certType */ +0x67,0x2A,0x07,0x02, /* [4272] OBJ_setCext_merchData */ +0x67,0x2A,0x07,0x03, /* [4276] OBJ_setCext_cCertRequired */ +0x67,0x2A,0x07,0x04, /* [4280] OBJ_setCext_tunneling */ +0x67,0x2A,0x07,0x05, /* [4284] OBJ_setCext_setExt */ +0x67,0x2A,0x07,0x06, /* [4288] OBJ_setCext_setQualf */ +0x67,0x2A,0x07,0x07, /* [4292] OBJ_setCext_PGWYcapabilities */ +0x67,0x2A,0x07,0x08, /* [4296] OBJ_setCext_TokenIdentifier */ +0x67,0x2A,0x07,0x09, /* [4300] OBJ_setCext_Track2Data */ +0x67,0x2A,0x07,0x0A, /* [4304] OBJ_setCext_TokenType */ +0x67,0x2A,0x07,0x0B, /* [4308] OBJ_setCext_IssuerCapabilities */ +0x67,0x2A,0x03,0x00, /* [4312] OBJ_setAttr_Cert */ +0x67,0x2A,0x03,0x01, /* [4316] OBJ_setAttr_PGWYcap */ +0x67,0x2A,0x03,0x02, /* [4320] OBJ_setAttr_TokenType */ +0x67,0x2A,0x03,0x03, /* [4324] OBJ_setAttr_IssCap */ +0x67,0x2A,0x03,0x00,0x00, /* [4328] OBJ_set_rootKeyThumb */ +0x67,0x2A,0x03,0x00,0x01, /* [4333] OBJ_set_addPolicy */ +0x67,0x2A,0x03,0x02,0x01, /* [4338] OBJ_setAttr_Token_EMV */ +0x67,0x2A,0x03,0x02,0x02, /* [4343] OBJ_setAttr_Token_B0Prime */ +0x67,0x2A,0x03,0x03,0x03, /* [4348] OBJ_setAttr_IssCap_CVM */ +0x67,0x2A,0x03,0x03,0x04, /* [4353] OBJ_setAttr_IssCap_T2 */ +0x67,0x2A,0x03,0x03,0x05, /* [4358] OBJ_setAttr_IssCap_Sig */ +0x67,0x2A,0x03,0x03,0x03,0x01, /* [4363] OBJ_setAttr_GenCryptgrm */ +0x67,0x2A,0x03,0x03,0x04,0x01, /* [4369] OBJ_setAttr_T2Enc */ +0x67,0x2A,0x03,0x03,0x04,0x02, /* [4375] OBJ_setAttr_T2cleartxt */ +0x67,0x2A,0x03,0x03,0x05,0x01, /* [4381] OBJ_setAttr_TokICCsig */ +0x67,0x2A,0x03,0x03,0x05,0x02, /* [4387] OBJ_setAttr_SecDevSig */ +0x67,0x2A,0x08,0x01, /* [4393] OBJ_set_brand_IATA_ATA */ +0x67,0x2A,0x08,0x1E, /* [4397] OBJ_set_brand_Diners */ +0x67,0x2A,0x08,0x22, /* [4401] OBJ_set_brand_AmericanExpress */ +0x67,0x2A,0x08,0x23, /* [4405] OBJ_set_brand_JCB */ +0x67,0x2A,0x08,0x04, /* [4409] OBJ_set_brand_Visa */ +0x67,0x2A,0x08,0x05, /* [4413] OBJ_set_brand_MasterCard */ +0x67,0x2A,0x08,0xAE,0x7B, /* [4417] OBJ_set_brand_Novus */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A, /* [4422] OBJ_des_cdmf */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,/* [4430] OBJ_rsaOAEPEncryptionSET */ +0x67, /* [4439] OBJ_international_organizations */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [4440] OBJ_ms_smartcard_login */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [4450] OBJ_ms_upn */ +0x55,0x04,0x09, /* [4460] OBJ_streetAddress */ +0x55,0x04,0x11, /* [4463] OBJ_postalCode */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15, /* [4466] OBJ_id_ppl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E, /* [4473] OBJ_proxyCertInfo */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00, /* [4481] OBJ_id_ppl_anyLanguage */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01, /* [4489] OBJ_id_ppl_inheritAll */ +0x55,0x1D,0x1E, /* [4497] OBJ_name_constraints */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02, /* [4500] OBJ_Independent */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,/* [4508] OBJ_sha256WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,/* [4517] OBJ_sha384WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,/* [4526] OBJ_sha512WithRSAEncryption */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,/* [4535] OBJ_sha224WithRSAEncryption */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,/* [4544] OBJ_sha256 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,/* [4553] OBJ_sha384 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,/* [4562] OBJ_sha512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,/* [4571] OBJ_sha224 */ +0x2B, /* [4580] OBJ_identified_organization */ +0x2B,0x81,0x04, /* [4581] OBJ_certicom_arc */ +0x67,0x2B, /* [4584] OBJ_wap */ +0x67,0x2B,0x01, /* [4586] OBJ_wap_wsg */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03, /* [4589] OBJ_X9_62_id_characteristic_two_basis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,/* [4597] OBJ_X9_62_onBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,/* [4606] OBJ_X9_62_tpBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,/* [4615] OBJ_X9_62_ppBasis */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01, /* [4624] OBJ_X9_62_c2pnb163v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02, /* [4632] OBJ_X9_62_c2pnb163v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03, /* [4640] OBJ_X9_62_c2pnb163v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04, /* [4648] OBJ_X9_62_c2pnb176v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05, /* [4656] OBJ_X9_62_c2tnb191v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06, /* [4664] OBJ_X9_62_c2tnb191v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07, /* [4672] OBJ_X9_62_c2tnb191v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08, /* [4680] OBJ_X9_62_c2onb191v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09, /* [4688] OBJ_X9_62_c2onb191v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A, /* [4696] OBJ_X9_62_c2pnb208w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B, /* [4704] OBJ_X9_62_c2tnb239v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C, /* [4712] OBJ_X9_62_c2tnb239v2 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D, /* [4720] OBJ_X9_62_c2tnb239v3 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E, /* [4728] OBJ_X9_62_c2onb239v4 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F, /* [4736] OBJ_X9_62_c2onb239v5 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10, /* [4744] OBJ_X9_62_c2pnb272w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11, /* [4752] OBJ_X9_62_c2pnb304w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12, /* [4760] OBJ_X9_62_c2tnb359v1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13, /* [4768] OBJ_X9_62_c2pnb368w1 */ +0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14, /* [4776] OBJ_X9_62_c2tnb431r1 */ +0x2B,0x81,0x04,0x00,0x06, /* [4784] OBJ_secp112r1 */ +0x2B,0x81,0x04,0x00,0x07, /* [4789] OBJ_secp112r2 */ +0x2B,0x81,0x04,0x00,0x1C, /* [4794] OBJ_secp128r1 */ +0x2B,0x81,0x04,0x00,0x1D, /* [4799] OBJ_secp128r2 */ +0x2B,0x81,0x04,0x00,0x09, /* [4804] OBJ_secp160k1 */ +0x2B,0x81,0x04,0x00,0x08, /* [4809] OBJ_secp160r1 */ +0x2B,0x81,0x04,0x00,0x1E, /* [4814] OBJ_secp160r2 */ +0x2B,0x81,0x04,0x00,0x1F, /* [4819] OBJ_secp192k1 */ +0x2B,0x81,0x04,0x00,0x20, /* [4824] OBJ_secp224k1 */ +0x2B,0x81,0x04,0x00,0x21, /* [4829] OBJ_secp224r1 */ +0x2B,0x81,0x04,0x00,0x0A, /* [4834] OBJ_secp256k1 */ +0x2B,0x81,0x04,0x00,0x22, /* [4839] OBJ_secp384r1 */ +0x2B,0x81,0x04,0x00,0x23, /* [4844] OBJ_secp521r1 */ +0x2B,0x81,0x04,0x00,0x04, /* [4849] OBJ_sect113r1 */ +0x2B,0x81,0x04,0x00,0x05, /* [4854] OBJ_sect113r2 */ +0x2B,0x81,0x04,0x00,0x16, /* [4859] OBJ_sect131r1 */ +0x2B,0x81,0x04,0x00,0x17, /* [4864] OBJ_sect131r2 */ +0x2B,0x81,0x04,0x00,0x01, /* [4869] OBJ_sect163k1 */ +0x2B,0x81,0x04,0x00,0x02, /* [4874] OBJ_sect163r1 */ +0x2B,0x81,0x04,0x00,0x0F, /* [4879] OBJ_sect163r2 */ +0x2B,0x81,0x04,0x00,0x18, /* [4884] OBJ_sect193r1 */ +0x2B,0x81,0x04,0x00,0x19, /* [4889] OBJ_sect193r2 */ +0x2B,0x81,0x04,0x00,0x1A, /* [4894] OBJ_sect233k1 */ +0x2B,0x81,0x04,0x00,0x1B, /* [4899] OBJ_sect233r1 */ +0x2B,0x81,0x04,0x00,0x03, /* [4904] OBJ_sect239k1 */ +0x2B,0x81,0x04,0x00,0x10, /* [4909] OBJ_sect283k1 */ +0x2B,0x81,0x04,0x00,0x11, /* [4914] OBJ_sect283r1 */ +0x2B,0x81,0x04,0x00,0x24, /* [4919] OBJ_sect409k1 */ +0x2B,0x81,0x04,0x00,0x25, /* [4924] OBJ_sect409r1 */ +0x2B,0x81,0x04,0x00,0x26, /* [4929] OBJ_sect571k1 */ +0x2B,0x81,0x04,0x00,0x27, /* [4934] OBJ_sect571r1 */ +0x67,0x2B,0x01,0x04,0x01, /* [4939] OBJ_wap_wsg_idm_ecid_wtls1 */ +0x67,0x2B,0x01,0x04,0x03, /* [4944] OBJ_wap_wsg_idm_ecid_wtls3 */ +0x67,0x2B,0x01,0x04,0x04, /* [4949] OBJ_wap_wsg_idm_ecid_wtls4 */ +0x67,0x2B,0x01,0x04,0x05, /* [4954] OBJ_wap_wsg_idm_ecid_wtls5 */ +0x67,0x2B,0x01,0x04,0x06, /* [4959] OBJ_wap_wsg_idm_ecid_wtls6 */ +0x67,0x2B,0x01,0x04,0x07, /* [4964] OBJ_wap_wsg_idm_ecid_wtls7 */ +0x67,0x2B,0x01,0x04,0x08, /* [4969] OBJ_wap_wsg_idm_ecid_wtls8 */ +0x67,0x2B,0x01,0x04,0x09, /* [4974] OBJ_wap_wsg_idm_ecid_wtls9 */ +0x67,0x2B,0x01,0x04,0x0A, /* [4979] OBJ_wap_wsg_idm_ecid_wtls10 */ +0x67,0x2B,0x01,0x04,0x0B, /* [4984] OBJ_wap_wsg_idm_ecid_wtls11 */ +0x67,0x2B,0x01,0x04,0x0C, /* [4989] OBJ_wap_wsg_idm_ecid_wtls12 */ +0x55,0x1D,0x20,0x00, /* [4994] OBJ_any_policy */ +0x55,0x1D,0x21, /* [4998] OBJ_policy_mappings */ +0x55,0x1D,0x36, /* [5001] OBJ_inhibit_any_policy */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,/* [5004] OBJ_camellia_128_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,/* [5015] OBJ_camellia_192_cbc */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,/* [5026] OBJ_camellia_256_cbc */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01, /* [5037] OBJ_camellia_128_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15, /* [5045] OBJ_camellia_192_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29, /* [5053] OBJ_camellia_256_ecb */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04, /* [5061] OBJ_camellia_128_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18, /* [5069] OBJ_camellia_192_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C, /* [5077] OBJ_camellia_256_cfb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03, /* [5085] OBJ_camellia_128_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17, /* [5093] OBJ_camellia_192_ofb128 */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B, /* [5101] OBJ_camellia_256_ofb128 */ +0x55,0x1D,0x09, /* [5109] OBJ_subject_directory_attributes */ +0x55,0x1D,0x1C, /* [5112] OBJ_issuing_distribution_point */ +0x55,0x1D,0x1D, /* [5115] OBJ_certificate_issuer */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44, /* [5118] OBJ_kisa */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03, /* [5124] OBJ_seed_ecb */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04, /* [5132] OBJ_seed_cbc */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06, /* [5140] OBJ_seed_ofb128 */ +0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05, /* [5148] OBJ_seed_cfb128 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01, /* [5156] OBJ_hmac_md5 */ +0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02, /* [5164] OBJ_hmac_sha1 */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,/* [5172] OBJ_id_PasswordBasedMAC */ +0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,/* [5181] OBJ_id_DHBasedMac */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10, /* [5190] OBJ_id_it_suppLangTags */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05, /* [5198] OBJ_caRepository */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,/* [5206] OBJ_id_smime_ct_compressedData */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,/* [5217] OBJ_id_ct_asciiTextWithCRLF */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,/* [5228] OBJ_id_aes128_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,/* [5237] OBJ_id_aes192_wrap */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,/* [5246] OBJ_id_aes256_wrap */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02, /* [5255] OBJ_ecdsa_with_Recommended */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03, /* [5262] OBJ_ecdsa_with_Specified */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01, /* [5269] OBJ_ecdsa_with_SHA224 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02, /* [5277] OBJ_ecdsa_with_SHA256 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03, /* [5285] OBJ_ecdsa_with_SHA384 */ +0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04, /* [5293] OBJ_ecdsa_with_SHA512 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06, /* [5301] OBJ_hmacWithMD5 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08, /* [5309] OBJ_hmacWithSHA224 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09, /* [5317] OBJ_hmacWithSHA256 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A, /* [5325] OBJ_hmacWithSHA384 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B, /* [5333] OBJ_hmacWithSHA512 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,/* [5341] OBJ_dsa_with_SHA224 */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,/* [5350] OBJ_dsa_with_SHA256 */ +0x28,0xCF,0x06,0x03,0x00,0x37, /* [5359] OBJ_whirlpool */ +0x2A,0x85,0x03,0x02,0x02, /* [5365] OBJ_cryptopro */ +0x2A,0x85,0x03,0x02,0x09, /* [5370] OBJ_cryptocom */ +0x2A,0x85,0x03,0x02,0x02,0x03, /* [5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x04, /* [5381] OBJ_id_GostR3411_94_with_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x09, /* [5387] OBJ_id_GostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x0A, /* [5393] OBJ_id_HMACGostR3411_94 */ +0x2A,0x85,0x03,0x02,0x02,0x13, /* [5399] OBJ_id_GostR3410_2001 */ +0x2A,0x85,0x03,0x02,0x02,0x14, /* [5405] OBJ_id_GostR3410_94 */ +0x2A,0x85,0x03,0x02,0x02,0x15, /* [5411] OBJ_id_Gost28147_89 */ +0x2A,0x85,0x03,0x02,0x02,0x16, /* [5417] OBJ_id_Gost28147_89_MAC */ +0x2A,0x85,0x03,0x02,0x02,0x17, /* [5423] OBJ_id_GostR3411_94_prf */ +0x2A,0x85,0x03,0x02,0x02,0x62, /* [5429] OBJ_id_GostR3410_2001DH */ +0x2A,0x85,0x03,0x02,0x02,0x63, /* [5435] OBJ_id_GostR3410_94DH */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x01, /* [5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x0E,0x00, /* [5448] OBJ_id_Gost28147_89_None_KeyMeshing */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x00, /* [5455] OBJ_id_GostR3411_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1E,0x01, /* [5462] OBJ_id_GostR3411_94_CryptoProParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x00, /* [5469] OBJ_id_Gost28147_89_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x01, /* [5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x02, /* [5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x03, /* [5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x04, /* [5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x05, /* [5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x06, /* [5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x1F,0x07, /* [5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x00, /* [5525] OBJ_id_GostR3410_94_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x02, /* [5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x03, /* [5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x04, /* [5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x20,0x05, /* [5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x01, /* [5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x02, /* [5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x21,0x03, /* [5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x00, /* [5581] OBJ_id_GostR3410_2001_TestParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x01, /* [5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x02, /* [5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x23,0x03, /* [5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x00, /* [5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x24,0x01, /* [5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x01, /* [5623] OBJ_id_GostR3410_94_a */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x02, /* [5630] OBJ_id_GostR3410_94_aBis */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x03, /* [5637] OBJ_id_GostR3410_94_b */ +0x2A,0x85,0x03,0x02,0x02,0x14,0x04, /* [5644] OBJ_id_GostR3410_94_bBis */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01, /* [5651] OBJ_id_Gost28147_89_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03, /* [5659] OBJ_id_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04, /* [5667] OBJ_id_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03, /* [5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04, /* [5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */ +0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01, /* [5691] OBJ_id_GostR3410_2001_ParamSet_cc */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5699] OBJ_LocalKeySet */ +0x55,0x1D,0x2E, /* [5708] OBJ_freshest_crl */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03, /* [5711] OBJ_id_on_permanentIdentifier */ +0x55,0x04,0x0E, /* [5719] OBJ_searchGuide */ +0x55,0x04,0x0F, /* [5722] OBJ_businessCategory */ +0x55,0x04,0x10, /* [5725] OBJ_postalAddress */ +0x55,0x04,0x12, /* [5728] OBJ_postOfficeBox */ +0x55,0x04,0x13, /* [5731] OBJ_physicalDeliveryOfficeName */ +0x55,0x04,0x14, /* [5734] OBJ_telephoneNumber */ +0x55,0x04,0x15, /* [5737] OBJ_telexNumber */ +0x55,0x04,0x16, /* [5740] OBJ_teletexTerminalIdentifier */ +0x55,0x04,0x17, /* [5743] OBJ_facsimileTelephoneNumber */ +0x55,0x04,0x18, /* [5746] OBJ_x121Address */ +0x55,0x04,0x19, /* [5749] OBJ_internationaliSDNNumber */ +0x55,0x04,0x1A, /* [5752] OBJ_registeredAddress */ +0x55,0x04,0x1B, /* [5755] OBJ_destinationIndicator */ +0x55,0x04,0x1C, /* [5758] OBJ_preferredDeliveryMethod */ +0x55,0x04,0x1D, /* [5761] OBJ_presentationAddress */ +0x55,0x04,0x1E, /* [5764] OBJ_supportedApplicationContext */ +0x55,0x04,0x1F, /* [5767] OBJ_member */ +0x55,0x04,0x20, /* [5770] OBJ_owner */ +0x55,0x04,0x21, /* [5773] OBJ_roleOccupant */ +0x55,0x04,0x22, /* [5776] OBJ_seeAlso */ +0x55,0x04,0x23, /* [5779] OBJ_userPassword */ +0x55,0x04,0x24, /* [5782] OBJ_userCertificate */ +0x55,0x04,0x25, /* [5785] OBJ_cACertificate */ +0x55,0x04,0x26, /* [5788] OBJ_authorityRevocationList */ +0x55,0x04,0x27, /* [5791] OBJ_certificateRevocationList */ +0x55,0x04,0x28, /* [5794] OBJ_crossCertificatePair */ +0x55,0x04,0x2F, /* [5797] OBJ_enhancedSearchGuide */ +0x55,0x04,0x30, /* [5800] OBJ_protocolInformation */ +0x55,0x04,0x31, /* [5803] OBJ_distinguishedName */ +0x55,0x04,0x32, /* [5806] OBJ_uniqueMember */ +0x55,0x04,0x33, /* [5809] OBJ_houseIdentifier */ +0x55,0x04,0x34, /* [5812] OBJ_supportedAlgorithms */ +0x55,0x04,0x35, /* [5815] OBJ_deltaRevocationList */ +0x55,0x04,0x36, /* [5818] OBJ_dmdName */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5821] OBJ_id_alg_PWRI_KEK */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5832] OBJ_aes_128_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5841] OBJ_aes_128_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5850] OBJ_id_aes128_wrap_pad */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5859] OBJ_aes_192_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5868] OBJ_aes_192_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5877] OBJ_id_aes192_wrap_pad */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5886] OBJ_aes_256_gcm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5895] OBJ_aes_256_ccm */ +0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5904] OBJ_id_aes256_wrap_pad */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5913] OBJ_id_camellia128_wrap */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5924] OBJ_id_camellia192_wrap */ +0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5935] OBJ_id_camellia256_wrap */ +0x55,0x1D,0x25,0x00, /* [5946] OBJ_anyExtendedKeyUsage */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5950] OBJ_mgf1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5959] OBJ_rsassaPss */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5968] OBJ_rsaesOaep */ +0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01, /* [5977] OBJ_dhpublicnumber */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,/* [5984] OBJ_brainpoolP160r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,/* [5993] OBJ_brainpoolP160t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,/* [6002] OBJ_brainpoolP192r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,/* [6011] OBJ_brainpoolP192t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,/* [6020] OBJ_brainpoolP224r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,/* [6029] OBJ_brainpoolP224t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,/* [6038] OBJ_brainpoolP256r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,/* [6047] OBJ_brainpoolP256t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,/* [6056] OBJ_brainpoolP320r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,/* [6065] OBJ_brainpoolP320t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,/* [6074] OBJ_brainpoolP384r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,/* [6083] OBJ_brainpoolP384t1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,/* [6092] OBJ_brainpoolP512r1 */ +0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,/* [6101] OBJ_brainpoolP512t1 */ +0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,/* [6110] OBJ_pSpecified */ +0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,/* [6119] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x00, /* [6128] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x01, /* [6134] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x02, /* [6140] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0B,0x03, /* [6146] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */ +0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,/* [6152] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x00, /* [6161] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x01, /* [6167] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x02, /* [6173] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */ +0x2B,0x81,0x04,0x01,0x0E,0x03, /* [6179] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,/* [6185] OBJ_ct_precert_scts */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,/* [6195] OBJ_ct_precert_poison */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,/* [6205] OBJ_ct_precert_signer */ +0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,/* [6215] OBJ_ct_cert_scts */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,/* [6225] OBJ_jurisdictionLocalityName */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,/* [6236] OBJ_jurisdictionStateOrProvinceName */ +0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,/* [6247] OBJ_jurisdictionCountryName */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06, /* [6258] OBJ_camellia_128_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07, /* [6266] OBJ_camellia_128_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09, /* [6274] OBJ_camellia_128_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A, /* [6282] OBJ_camellia_128_cmac */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A, /* [6290] OBJ_camellia_192_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B, /* [6298] OBJ_camellia_192_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D, /* [6306] OBJ_camellia_192_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E, /* [6314] OBJ_camellia_192_cmac */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E, /* [6322] OBJ_camellia_256_gcm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6330] OBJ_camellia_256_ccm */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6338] OBJ_camellia_256_ctr */ +0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6346] OBJ_camellia_256_cmac */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1134,880 +1133,880 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"RC5-ECB","rc5-ecb",NID_rc5_ecb,0,NULL,0}, {"RC5-CFB","rc5-cfb",NID_rc5_cfb64,0,NULL,0}, {"RC5-OFB","rc5-ofb",NID_rc5_ofb64,0,NULL,0}, -{"RLE","run length compression",NID_rle_compression,6,&(lvalues[626]),0}, -{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[632]),0}, +{NULL,NULL,NID_undef,0,NULL,0}, +{"ZLIB","zlib compression",NID_zlib_compression,11,&(lvalues[626]),0}, {"extendedKeyUsage","X509v3 Extended Key Usage",NID_ext_key_usage,3, - &(lvalues[643]),0}, -{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[646]),0}, -{"id-kp","id-kp",NID_id_kp,7,&(lvalues[652]),0}, + &(lvalues[637]),0}, +{"PKIX","PKIX",NID_id_pkix,6,&(lvalues[640]),0}, +{"id-kp","id-kp",NID_id_kp,7,&(lvalues[646]),0}, {"serverAuth","TLS Web Server Authentication",NID_server_auth,8, - &(lvalues[659]),0}, + &(lvalues[653]),0}, {"clientAuth","TLS Web Client Authentication",NID_client_auth,8, - &(lvalues[667]),0}, -{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[675]),0}, + &(lvalues[661]),0}, +{"codeSigning","Code Signing",NID_code_sign,8,&(lvalues[669]),0}, {"emailProtection","E-mail Protection",NID_email_protect,8, - &(lvalues[683]),0}, -{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[691]),0}, + &(lvalues[677]),0}, +{"timeStamping","Time Stamping",NID_time_stamp,8,&(lvalues[685]),0}, {"msCodeInd","Microsoft Individual Code Signing",NID_ms_code_ind,10, - &(lvalues[699]),0}, + &(lvalues[693]),0}, {"msCodeCom","Microsoft Commercial Code Signing",NID_ms_code_com,10, - &(lvalues[709]),0}, + &(lvalues[703]),0}, {"msCTLSign","Microsoft Trust List Signing",NID_ms_ctl_sign,10, - &(lvalues[719]),0}, -{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[729]),0}, + &(lvalues[713]),0}, +{"msSGC","Microsoft Server Gated Crypto",NID_ms_sgc,10,&(lvalues[723]),0}, {"msEFS","Microsoft Encrypted File System",NID_ms_efs,10, - &(lvalues[739]),0}, -{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[749]),0}, + &(lvalues[733]),0}, +{"nsSGC","Netscape Server Gated Crypto",NID_ns_sgc,9,&(lvalues[743]),0}, {"deltaCRL","X509v3 Delta CRL Indicator",NID_delta_crl,3, - &(lvalues[758]),0}, -{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[761]),0}, + &(lvalues[752]),0}, +{"CRLReason","X509v3 CRL Reason Code",NID_crl_reason,3,&(lvalues[755]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, - &(lvalues[764]),0}, -{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[767]),0}, + &(lvalues[758]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[761]),0}, {"PBE-SHA1-RC4-128","pbeWithSHA1And128BitRC4", - NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[772]),0}, + NID_pbe_WithSHA1And128BitRC4,10,&(lvalues[766]),0}, {"PBE-SHA1-RC4-40","pbeWithSHA1And40BitRC4", - NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[782]),0}, + NID_pbe_WithSHA1And40BitRC4,10,&(lvalues[776]),0}, {"PBE-SHA1-3DES","pbeWithSHA1And3-KeyTripleDES-CBC", - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[792]),0}, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC,10,&(lvalues[786]),0}, {"PBE-SHA1-2DES","pbeWithSHA1And2-KeyTripleDES-CBC", - NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[802]),0}, + NID_pbe_WithSHA1And2_Key_TripleDES_CBC,10,&(lvalues[796]),0}, {"PBE-SHA1-RC2-128","pbeWithSHA1And128BitRC2-CBC", - NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[812]),0}, + NID_pbe_WithSHA1And128BitRC2_CBC,10,&(lvalues[806]),0}, {"PBE-SHA1-RC2-40","pbeWithSHA1And40BitRC2-CBC", - NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[822]),0}, -{"keyBag","keyBag",NID_keyBag,11,&(lvalues[832]),0}, + NID_pbe_WithSHA1And40BitRC2_CBC,10,&(lvalues[816]),0}, +{"keyBag","keyBag",NID_keyBag,11,&(lvalues[826]),0}, {"pkcs8ShroudedKeyBag","pkcs8ShroudedKeyBag",NID_pkcs8ShroudedKeyBag, - 11,&(lvalues[843]),0}, -{"certBag","certBag",NID_certBag,11,&(lvalues[854]),0}, -{"crlBag","crlBag",NID_crlBag,11,&(lvalues[865]),0}, -{"secretBag","secretBag",NID_secretBag,11,&(lvalues[876]),0}, + 11,&(lvalues[837]),0}, +{"certBag","certBag",NID_certBag,11,&(lvalues[848]),0}, +{"crlBag","crlBag",NID_crlBag,11,&(lvalues[859]),0}, +{"secretBag","secretBag",NID_secretBag,11,&(lvalues[870]),0}, {"safeContentsBag","safeContentsBag",NID_safeContentsBag,11, - &(lvalues[887]),0}, -{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[898]),0}, -{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[907]),0}, + &(lvalues[881]),0}, +{"friendlyName","friendlyName",NID_friendlyName,9,&(lvalues[892]),0}, +{"localKeyID","localKeyID",NID_localKeyID,9,&(lvalues[901]),0}, {"x509Certificate","x509Certificate",NID_x509Certificate,10, - &(lvalues[916]),0}, + &(lvalues[910]),0}, {"sdsiCertificate","sdsiCertificate",NID_sdsiCertificate,10, - &(lvalues[926]),0}, -{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[936]),0}, -{"PBES2","PBES2",NID_pbes2,9,&(lvalues[946]),0}, -{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[955]),0}, -{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[964]),0}, -{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[972]),0}, + &(lvalues[920]),0}, +{"x509Crl","x509Crl",NID_x509Crl,10,&(lvalues[930]),0}, +{"PBES2","PBES2",NID_pbes2,9,&(lvalues[940]),0}, +{"PBMAC1","PBMAC1",NID_pbmac1,9,&(lvalues[949]),0}, +{"hmacWithSHA1","hmacWithSHA1",NID_hmacWithSHA1,8,&(lvalues[958]),0}, +{"id-qt-cps","Policy Qualifier CPS",NID_id_qt_cps,8,&(lvalues[966]),0}, {"id-qt-unotice","Policy Qualifier User Notice",NID_id_qt_unotice,8, - &(lvalues[980]),0}, + &(lvalues[974]),0}, {"RC2-64-CBC","rc2-64-cbc",NID_rc2_64_cbc,0,NULL,0}, {"SMIME-CAPS","S/MIME Capabilities",NID_SMIMECapabilities,9, - &(lvalues[988]),0}, + &(lvalues[982]),0}, {"PBE-MD2-RC2-64","pbeWithMD2AndRC2-CBC",NID_pbeWithMD2AndRC2_CBC,9, - &(lvalues[997]),0}, + &(lvalues[991]),0}, {"PBE-MD5-RC2-64","pbeWithMD5AndRC2-CBC",NID_pbeWithMD5AndRC2_CBC,9, - &(lvalues[1006]),0}, + &(lvalues[1000]),0}, {"PBE-SHA1-DES","pbeWithSHA1AndDES-CBC",NID_pbeWithSHA1AndDES_CBC,9, - &(lvalues[1015]),0}, + &(lvalues[1009]),0}, {"msExtReq","Microsoft Extension Request",NID_ms_ext_req,10, - &(lvalues[1024]),0}, -{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1034]),0}, -{"name","name",NID_name,3,&(lvalues[1043]),0}, -{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1046]),0}, -{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1049]),0}, -{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1056]),0}, + &(lvalues[1018]),0}, +{"extReq","Extension Request",NID_ext_req,9,&(lvalues[1028]),0}, +{"name","name",NID_name,3,&(lvalues[1037]),0}, +{"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1040]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1043]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1050]),0}, {"authorityInfoAccess","Authority Information Access",NID_info_access, - 8,&(lvalues[1063]),0}, -{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1071]),0}, -{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1079]),0}, -{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1087]),0}, + 8,&(lvalues[1057]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1065]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1073]),0}, +{"OCSPSigning","OCSP Signing",NID_OCSP_sign,8,&(lvalues[1081]),0}, {"ISO","iso",NID_iso,0,NULL,0}, -{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1095]),0}, -{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1096]),0}, -{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1099]),0}, -{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1104]),0}, -{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1110]),0}, -{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1118]),0}, -{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1126]),0}, -{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1135]),0}, -{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1145]),0}, -{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1155]),0}, -{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1165]),0}, -{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1175]),0}, -{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1185]),0}, -{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1195]),0}, +{"member-body","ISO Member Body",NID_member_body,1,&(lvalues[1089]),0}, +{"ISO-US","ISO US Member Body",NID_ISO_US,3,&(lvalues[1090]),0}, +{"X9-57","X9.57",NID_X9_57,5,&(lvalues[1093]),0}, +{"X9cm","X9.57 CM ?",NID_X9cm,6,&(lvalues[1098]),0}, +{"pkcs1","pkcs1",NID_pkcs1,8,&(lvalues[1104]),0}, +{"pkcs5","pkcs5",NID_pkcs5,8,&(lvalues[1112]),0}, +{"SMIME","S/MIME",NID_SMIME,9,&(lvalues[1120]),0}, +{"id-smime-mod","id-smime-mod",NID_id_smime_mod,10,&(lvalues[1129]),0}, +{"id-smime-ct","id-smime-ct",NID_id_smime_ct,10,&(lvalues[1139]),0}, +{"id-smime-aa","id-smime-aa",NID_id_smime_aa,10,&(lvalues[1149]),0}, +{"id-smime-alg","id-smime-alg",NID_id_smime_alg,10,&(lvalues[1159]),0}, +{"id-smime-cd","id-smime-cd",NID_id_smime_cd,10,&(lvalues[1169]),0}, +{"id-smime-spq","id-smime-spq",NID_id_smime_spq,10,&(lvalues[1179]),0}, +{"id-smime-cti","id-smime-cti",NID_id_smime_cti,10,&(lvalues[1189]),0}, {"id-smime-mod-cms","id-smime-mod-cms",NID_id_smime_mod_cms,11, - &(lvalues[1205]),0}, + &(lvalues[1199]),0}, {"id-smime-mod-ess","id-smime-mod-ess",NID_id_smime_mod_ess,11, - &(lvalues[1216]),0}, + &(lvalues[1210]),0}, {"id-smime-mod-oid","id-smime-mod-oid",NID_id_smime_mod_oid,11, - &(lvalues[1227]),0}, + &(lvalues[1221]),0}, {"id-smime-mod-msg-v3","id-smime-mod-msg-v3",NID_id_smime_mod_msg_v3, - 11,&(lvalues[1238]),0}, + 11,&(lvalues[1232]),0}, {"id-smime-mod-ets-eSignature-88","id-smime-mod-ets-eSignature-88", - NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1249]),0}, + NID_id_smime_mod_ets_eSignature_88,11,&(lvalues[1243]),0}, {"id-smime-mod-ets-eSignature-97","id-smime-mod-ets-eSignature-97", - NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1260]),0}, + NID_id_smime_mod_ets_eSignature_97,11,&(lvalues[1254]),0}, {"id-smime-mod-ets-eSigPolicy-88","id-smime-mod-ets-eSigPolicy-88", - NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1271]),0}, + NID_id_smime_mod_ets_eSigPolicy_88,11,&(lvalues[1265]),0}, {"id-smime-mod-ets-eSigPolicy-97","id-smime-mod-ets-eSigPolicy-97", - NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1282]),0}, + NID_id_smime_mod_ets_eSigPolicy_97,11,&(lvalues[1276]),0}, {"id-smime-ct-receipt","id-smime-ct-receipt",NID_id_smime_ct_receipt, - 11,&(lvalues[1293]),0}, + 11,&(lvalues[1287]),0}, {"id-smime-ct-authData","id-smime-ct-authData", - NID_id_smime_ct_authData,11,&(lvalues[1304]),0}, + NID_id_smime_ct_authData,11,&(lvalues[1298]),0}, {"id-smime-ct-publishCert","id-smime-ct-publishCert", - NID_id_smime_ct_publishCert,11,&(lvalues[1315]),0}, + NID_id_smime_ct_publishCert,11,&(lvalues[1309]),0}, {"id-smime-ct-TSTInfo","id-smime-ct-TSTInfo",NID_id_smime_ct_TSTInfo, - 11,&(lvalues[1326]),0}, + 11,&(lvalues[1320]),0}, {"id-smime-ct-TDTInfo","id-smime-ct-TDTInfo",NID_id_smime_ct_TDTInfo, - 11,&(lvalues[1337]),0}, + 11,&(lvalues[1331]),0}, {"id-smime-ct-contentInfo","id-smime-ct-contentInfo", - NID_id_smime_ct_contentInfo,11,&(lvalues[1348]),0}, + NID_id_smime_ct_contentInfo,11,&(lvalues[1342]),0}, {"id-smime-ct-DVCSRequestData","id-smime-ct-DVCSRequestData", - NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1359]),0}, + NID_id_smime_ct_DVCSRequestData,11,&(lvalues[1353]),0}, {"id-smime-ct-DVCSResponseData","id-smime-ct-DVCSResponseData", - NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1370]),0}, + NID_id_smime_ct_DVCSResponseData,11,&(lvalues[1364]),0}, {"id-smime-aa-receiptRequest","id-smime-aa-receiptRequest", - NID_id_smime_aa_receiptRequest,11,&(lvalues[1381]),0}, + NID_id_smime_aa_receiptRequest,11,&(lvalues[1375]),0}, {"id-smime-aa-securityLabel","id-smime-aa-securityLabel", - NID_id_smime_aa_securityLabel,11,&(lvalues[1392]),0}, + NID_id_smime_aa_securityLabel,11,&(lvalues[1386]),0}, {"id-smime-aa-mlExpandHistory","id-smime-aa-mlExpandHistory", - NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1403]),0}, + NID_id_smime_aa_mlExpandHistory,11,&(lvalues[1397]),0}, {"id-smime-aa-contentHint","id-smime-aa-contentHint", - NID_id_smime_aa_contentHint,11,&(lvalues[1414]),0}, + NID_id_smime_aa_contentHint,11,&(lvalues[1408]),0}, {"id-smime-aa-msgSigDigest","id-smime-aa-msgSigDigest", - NID_id_smime_aa_msgSigDigest,11,&(lvalues[1425]),0}, + NID_id_smime_aa_msgSigDigest,11,&(lvalues[1419]),0}, {"id-smime-aa-encapContentType","id-smime-aa-encapContentType", - NID_id_smime_aa_encapContentType,11,&(lvalues[1436]),0}, + NID_id_smime_aa_encapContentType,11,&(lvalues[1430]),0}, {"id-smime-aa-contentIdentifier","id-smime-aa-contentIdentifier", - NID_id_smime_aa_contentIdentifier,11,&(lvalues[1447]),0}, + NID_id_smime_aa_contentIdentifier,11,&(lvalues[1441]),0}, {"id-smime-aa-macValue","id-smime-aa-macValue", - NID_id_smime_aa_macValue,11,&(lvalues[1458]),0}, + NID_id_smime_aa_macValue,11,&(lvalues[1452]),0}, {"id-smime-aa-equivalentLabels","id-smime-aa-equivalentLabels", - NID_id_smime_aa_equivalentLabels,11,&(lvalues[1469]),0}, + NID_id_smime_aa_equivalentLabels,11,&(lvalues[1463]),0}, {"id-smime-aa-contentReference","id-smime-aa-contentReference", - NID_id_smime_aa_contentReference,11,&(lvalues[1480]),0}, + NID_id_smime_aa_contentReference,11,&(lvalues[1474]),0}, {"id-smime-aa-encrypKeyPref","id-smime-aa-encrypKeyPref", - NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1491]),0}, + NID_id_smime_aa_encrypKeyPref,11,&(lvalues[1485]),0}, {"id-smime-aa-signingCertificate","id-smime-aa-signingCertificate", - NID_id_smime_aa_signingCertificate,11,&(lvalues[1502]),0}, + NID_id_smime_aa_signingCertificate,11,&(lvalues[1496]),0}, {"id-smime-aa-smimeEncryptCerts","id-smime-aa-smimeEncryptCerts", - NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1513]),0}, + NID_id_smime_aa_smimeEncryptCerts,11,&(lvalues[1507]),0}, {"id-smime-aa-timeStampToken","id-smime-aa-timeStampToken", - NID_id_smime_aa_timeStampToken,11,&(lvalues[1524]),0}, + NID_id_smime_aa_timeStampToken,11,&(lvalues[1518]),0}, {"id-smime-aa-ets-sigPolicyId","id-smime-aa-ets-sigPolicyId", - NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1535]),0}, + NID_id_smime_aa_ets_sigPolicyId,11,&(lvalues[1529]),0}, {"id-smime-aa-ets-commitmentType","id-smime-aa-ets-commitmentType", - NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1546]),0}, + NID_id_smime_aa_ets_commitmentType,11,&(lvalues[1540]),0}, {"id-smime-aa-ets-signerLocation","id-smime-aa-ets-signerLocation", - NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1557]),0}, + NID_id_smime_aa_ets_signerLocation,11,&(lvalues[1551]),0}, {"id-smime-aa-ets-signerAttr","id-smime-aa-ets-signerAttr", - NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1568]),0}, + NID_id_smime_aa_ets_signerAttr,11,&(lvalues[1562]),0}, {"id-smime-aa-ets-otherSigCert","id-smime-aa-ets-otherSigCert", - NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1579]),0}, + NID_id_smime_aa_ets_otherSigCert,11,&(lvalues[1573]),0}, {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", - NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1590]),0}, + NID_id_smime_aa_ets_contentTimestamp,11,&(lvalues[1584]),0}, {"id-smime-aa-ets-CertificateRefs","id-smime-aa-ets-CertificateRefs", - NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1601]),0}, + NID_id_smime_aa_ets_CertificateRefs,11,&(lvalues[1595]),0}, {"id-smime-aa-ets-RevocationRefs","id-smime-aa-ets-RevocationRefs", - NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1612]),0}, + NID_id_smime_aa_ets_RevocationRefs,11,&(lvalues[1606]),0}, {"id-smime-aa-ets-certValues","id-smime-aa-ets-certValues", - NID_id_smime_aa_ets_certValues,11,&(lvalues[1623]),0}, + NID_id_smime_aa_ets_certValues,11,&(lvalues[1617]),0}, {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", - NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1634]),0}, + NID_id_smime_aa_ets_revocationValues,11,&(lvalues[1628]),0}, {"id-smime-aa-ets-escTimeStamp","id-smime-aa-ets-escTimeStamp", - NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1645]),0}, + NID_id_smime_aa_ets_escTimeStamp,11,&(lvalues[1639]),0}, {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", - NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1656]),0}, + NID_id_smime_aa_ets_certCRLTimestamp,11,&(lvalues[1650]),0}, {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", - NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1667]),0}, + NID_id_smime_aa_ets_archiveTimeStamp,11,&(lvalues[1661]),0}, {"id-smime-aa-signatureType","id-smime-aa-signatureType", - NID_id_smime_aa_signatureType,11,&(lvalues[1678]),0}, + NID_id_smime_aa_signatureType,11,&(lvalues[1672]),0}, {"id-smime-aa-dvcs-dvc","id-smime-aa-dvcs-dvc", - NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1689]),0}, + NID_id_smime_aa_dvcs_dvc,11,&(lvalues[1683]),0}, {"id-smime-alg-ESDHwith3DES","id-smime-alg-ESDHwith3DES", - NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1700]),0}, + NID_id_smime_alg_ESDHwith3DES,11,&(lvalues[1694]),0}, {"id-smime-alg-ESDHwithRC2","id-smime-alg-ESDHwithRC2", - NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1711]),0}, + NID_id_smime_alg_ESDHwithRC2,11,&(lvalues[1705]),0}, {"id-smime-alg-3DESwrap","id-smime-alg-3DESwrap", - NID_id_smime_alg_3DESwrap,11,&(lvalues[1722]),0}, + NID_id_smime_alg_3DESwrap,11,&(lvalues[1716]),0}, {"id-smime-alg-RC2wrap","id-smime-alg-RC2wrap", - NID_id_smime_alg_RC2wrap,11,&(lvalues[1733]),0}, + NID_id_smime_alg_RC2wrap,11,&(lvalues[1727]),0}, {"id-smime-alg-ESDH","id-smime-alg-ESDH",NID_id_smime_alg_ESDH,11, - &(lvalues[1744]),0}, + &(lvalues[1738]),0}, {"id-smime-alg-CMS3DESwrap","id-smime-alg-CMS3DESwrap", - NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1755]),0}, + NID_id_smime_alg_CMS3DESwrap,11,&(lvalues[1749]),0}, {"id-smime-alg-CMSRC2wrap","id-smime-alg-CMSRC2wrap", - NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1766]),0}, + NID_id_smime_alg_CMSRC2wrap,11,&(lvalues[1760]),0}, {"id-smime-cd-ldap","id-smime-cd-ldap",NID_id_smime_cd_ldap,11, - &(lvalues[1777]),0}, + &(lvalues[1771]),0}, {"id-smime-spq-ets-sqt-uri","id-smime-spq-ets-sqt-uri", - NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1788]),0}, + NID_id_smime_spq_ets_sqt_uri,11,&(lvalues[1782]),0}, {"id-smime-spq-ets-sqt-unotice","id-smime-spq-ets-sqt-unotice", - NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1799]),0}, + NID_id_smime_spq_ets_sqt_unotice,11,&(lvalues[1793]),0}, {"id-smime-cti-ets-proofOfOrigin","id-smime-cti-ets-proofOfOrigin", - NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1810]),0}, + NID_id_smime_cti_ets_proofOfOrigin,11,&(lvalues[1804]),0}, {"id-smime-cti-ets-proofOfReceipt","id-smime-cti-ets-proofOfReceipt", - NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1821]),0}, + NID_id_smime_cti_ets_proofOfReceipt,11,&(lvalues[1815]),0}, {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", - NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1832]),0}, + NID_id_smime_cti_ets_proofOfDelivery,11,&(lvalues[1826]),0}, {"id-smime-cti-ets-proofOfSender","id-smime-cti-ets-proofOfSender", - NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1843]),0}, + NID_id_smime_cti_ets_proofOfSender,11,&(lvalues[1837]),0}, {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", - NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1854]),0}, + NID_id_smime_cti_ets_proofOfApproval,11,&(lvalues[1848]),0}, {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", - NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1865]),0}, -{"MD4","md4",NID_md4,8,&(lvalues[1876]),0}, -{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1884]),0}, -{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1891]),0}, -{"id-it","id-it",NID_id_it,7,&(lvalues[1898]),0}, -{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1905]),0}, -{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1912]),0}, -{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1919]),0}, -{"id-on","id-on",NID_id_on,7,&(lvalues[1926]),0}, -{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1933]),0}, -{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1940]),0}, -{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1947]),0}, -{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1954]),0}, + NID_id_smime_cti_ets_proofOfCreation,11,&(lvalues[1859]),0}, +{"MD4","md4",NID_md4,8,&(lvalues[1870]),0}, +{"id-pkix-mod","id-pkix-mod",NID_id_pkix_mod,7,&(lvalues[1878]),0}, +{"id-qt","id-qt",NID_id_qt,7,&(lvalues[1885]),0}, +{"id-it","id-it",NID_id_it,7,&(lvalues[1892]),0}, +{"id-pkip","id-pkip",NID_id_pkip,7,&(lvalues[1899]),0}, +{"id-alg","id-alg",NID_id_alg,7,&(lvalues[1906]),0}, +{"id-cmc","id-cmc",NID_id_cmc,7,&(lvalues[1913]),0}, +{"id-on","id-on",NID_id_on,7,&(lvalues[1920]),0}, +{"id-pda","id-pda",NID_id_pda,7,&(lvalues[1927]),0}, +{"id-aca","id-aca",NID_id_aca,7,&(lvalues[1934]),0}, +{"id-qcs","id-qcs",NID_id_qcs,7,&(lvalues[1941]),0}, +{"id-cct","id-cct",NID_id_cct,7,&(lvalues[1948]),0}, {"id-pkix1-explicit-88","id-pkix1-explicit-88", - NID_id_pkix1_explicit_88,8,&(lvalues[1961]),0}, + NID_id_pkix1_explicit_88,8,&(lvalues[1955]),0}, {"id-pkix1-implicit-88","id-pkix1-implicit-88", - NID_id_pkix1_implicit_88,8,&(lvalues[1969]),0}, + NID_id_pkix1_implicit_88,8,&(lvalues[1963]),0}, {"id-pkix1-explicit-93","id-pkix1-explicit-93", - NID_id_pkix1_explicit_93,8,&(lvalues[1977]),0}, + NID_id_pkix1_explicit_93,8,&(lvalues[1971]),0}, {"id-pkix1-implicit-93","id-pkix1-implicit-93", - NID_id_pkix1_implicit_93,8,&(lvalues[1985]),0}, -{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1993]),0}, -{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[2001]),0}, + NID_id_pkix1_implicit_93,8,&(lvalues[1979]),0}, +{"id-mod-crmf","id-mod-crmf",NID_id_mod_crmf,8,&(lvalues[1987]),0}, +{"id-mod-cmc","id-mod-cmc",NID_id_mod_cmc,8,&(lvalues[1995]),0}, {"id-mod-kea-profile-88","id-mod-kea-profile-88", - NID_id_mod_kea_profile_88,8,&(lvalues[2009]),0}, + NID_id_mod_kea_profile_88,8,&(lvalues[2003]),0}, {"id-mod-kea-profile-93","id-mod-kea-profile-93", - NID_id_mod_kea_profile_93,8,&(lvalues[2017]),0}, -{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2025]),0}, + NID_id_mod_kea_profile_93,8,&(lvalues[2011]),0}, +{"id-mod-cmp","id-mod-cmp",NID_id_mod_cmp,8,&(lvalues[2019]),0}, {"id-mod-qualified-cert-88","id-mod-qualified-cert-88", - NID_id_mod_qualified_cert_88,8,&(lvalues[2033]),0}, + NID_id_mod_qualified_cert_88,8,&(lvalues[2027]),0}, {"id-mod-qualified-cert-93","id-mod-qualified-cert-93", - NID_id_mod_qualified_cert_93,8,&(lvalues[2041]),0}, + NID_id_mod_qualified_cert_93,8,&(lvalues[2035]),0}, {"id-mod-attribute-cert","id-mod-attribute-cert", - NID_id_mod_attribute_cert,8,&(lvalues[2049]),0}, + NID_id_mod_attribute_cert,8,&(lvalues[2043]),0}, {"id-mod-timestamp-protocol","id-mod-timestamp-protocol", - NID_id_mod_timestamp_protocol,8,&(lvalues[2057]),0}, -{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2065]),0}, -{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2073]),0}, + NID_id_mod_timestamp_protocol,8,&(lvalues[2051]),0}, +{"id-mod-ocsp","id-mod-ocsp",NID_id_mod_ocsp,8,&(lvalues[2059]),0}, +{"id-mod-dvcs","id-mod-dvcs",NID_id_mod_dvcs,8,&(lvalues[2067]),0}, {"id-mod-cmp2000","id-mod-cmp2000",NID_id_mod_cmp2000,8, - &(lvalues[2081]),0}, -{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2089]),0}, -{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2097]),0}, + &(lvalues[2075]),0}, +{"biometricInfo","Biometric Info",NID_biometricInfo,8,&(lvalues[2083]),0}, +{"qcStatements","qcStatements",NID_qcStatements,8,&(lvalues[2091]),0}, {"ac-auditEntity","ac-auditEntity",NID_ac_auditEntity,8, - &(lvalues[2105]),0}, -{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2113]),0}, -{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2121]),0}, + &(lvalues[2099]),0}, +{"ac-targeting","ac-targeting",NID_ac_targeting,8,&(lvalues[2107]),0}, +{"aaControls","aaControls",NID_aaControls,8,&(lvalues[2115]),0}, {"sbgp-ipAddrBlock","sbgp-ipAddrBlock",NID_sbgp_ipAddrBlock,8, - &(lvalues[2129]),0}, + &(lvalues[2123]),0}, {"sbgp-autonomousSysNum","sbgp-autonomousSysNum", - NID_sbgp_autonomousSysNum,8,&(lvalues[2137]),0}, + NID_sbgp_autonomousSysNum,8,&(lvalues[2131]),0}, {"sbgp-routerIdentifier","sbgp-routerIdentifier", - NID_sbgp_routerIdentifier,8,&(lvalues[2145]),0}, -{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2153]),0}, + NID_sbgp_routerIdentifier,8,&(lvalues[2139]),0}, +{"textNotice","textNotice",NID_textNotice,8,&(lvalues[2147]),0}, {"ipsecEndSystem","IPSec End System",NID_ipsecEndSystem,8, - &(lvalues[2161]),0}, -{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2169]),0}, -{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2177]),0}, -{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2185]),0}, + &(lvalues[2155]),0}, +{"ipsecTunnel","IPSec Tunnel",NID_ipsecTunnel,8,&(lvalues[2163]),0}, +{"ipsecUser","IPSec User",NID_ipsecUser,8,&(lvalues[2171]),0}, +{"DVCS","dvcs",NID_dvcs,8,&(lvalues[2179]),0}, {"id-it-caProtEncCert","id-it-caProtEncCert",NID_id_it_caProtEncCert, - 8,&(lvalues[2193]),0}, + 8,&(lvalues[2187]),0}, {"id-it-signKeyPairTypes","id-it-signKeyPairTypes", - NID_id_it_signKeyPairTypes,8,&(lvalues[2201]),0}, + NID_id_it_signKeyPairTypes,8,&(lvalues[2195]),0}, {"id-it-encKeyPairTypes","id-it-encKeyPairTypes", - NID_id_it_encKeyPairTypes,8,&(lvalues[2209]),0}, + NID_id_it_encKeyPairTypes,8,&(lvalues[2203]),0}, {"id-it-preferredSymmAlg","id-it-preferredSymmAlg", - NID_id_it_preferredSymmAlg,8,&(lvalues[2217]),0}, + NID_id_it_preferredSymmAlg,8,&(lvalues[2211]),0}, {"id-it-caKeyUpdateInfo","id-it-caKeyUpdateInfo", - NID_id_it_caKeyUpdateInfo,8,&(lvalues[2225]),0}, + NID_id_it_caKeyUpdateInfo,8,&(lvalues[2219]),0}, {"id-it-currentCRL","id-it-currentCRL",NID_id_it_currentCRL,8, - &(lvalues[2233]),0}, + &(lvalues[2227]),0}, {"id-it-unsupportedOIDs","id-it-unsupportedOIDs", - NID_id_it_unsupportedOIDs,8,&(lvalues[2241]),0}, + NID_id_it_unsupportedOIDs,8,&(lvalues[2235]),0}, {"id-it-subscriptionRequest","id-it-subscriptionRequest", - NID_id_it_subscriptionRequest,8,&(lvalues[2249]),0}, + NID_id_it_subscriptionRequest,8,&(lvalues[2243]),0}, {"id-it-subscriptionResponse","id-it-subscriptionResponse", - NID_id_it_subscriptionResponse,8,&(lvalues[2257]),0}, + NID_id_it_subscriptionResponse,8,&(lvalues[2251]),0}, {"id-it-keyPairParamReq","id-it-keyPairParamReq", - NID_id_it_keyPairParamReq,8,&(lvalues[2265]),0}, + NID_id_it_keyPairParamReq,8,&(lvalues[2259]),0}, {"id-it-keyPairParamRep","id-it-keyPairParamRep", - NID_id_it_keyPairParamRep,8,&(lvalues[2273]),0}, + NID_id_it_keyPairParamRep,8,&(lvalues[2267]),0}, {"id-it-revPassphrase","id-it-revPassphrase",NID_id_it_revPassphrase, - 8,&(lvalues[2281]),0}, + 8,&(lvalues[2275]),0}, {"id-it-implicitConfirm","id-it-implicitConfirm", - NID_id_it_implicitConfirm,8,&(lvalues[2289]),0}, + NID_id_it_implicitConfirm,8,&(lvalues[2283]),0}, {"id-it-confirmWaitTime","id-it-confirmWaitTime", - NID_id_it_confirmWaitTime,8,&(lvalues[2297]),0}, + NID_id_it_confirmWaitTime,8,&(lvalues[2291]),0}, {"id-it-origPKIMessage","id-it-origPKIMessage", - NID_id_it_origPKIMessage,8,&(lvalues[2305]),0}, -{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2313]),0}, -{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2321]),0}, + NID_id_it_origPKIMessage,8,&(lvalues[2299]),0}, +{"id-regCtrl","id-regCtrl",NID_id_regCtrl,8,&(lvalues[2307]),0}, +{"id-regInfo","id-regInfo",NID_id_regInfo,8,&(lvalues[2315]),0}, {"id-regCtrl-regToken","id-regCtrl-regToken",NID_id_regCtrl_regToken, - 9,&(lvalues[2329]),0}, + 9,&(lvalues[2323]),0}, {"id-regCtrl-authenticator","id-regCtrl-authenticator", - NID_id_regCtrl_authenticator,9,&(lvalues[2338]),0}, + NID_id_regCtrl_authenticator,9,&(lvalues[2332]),0}, {"id-regCtrl-pkiPublicationInfo","id-regCtrl-pkiPublicationInfo", - NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2347]),0}, + NID_id_regCtrl_pkiPublicationInfo,9,&(lvalues[2341]),0}, {"id-regCtrl-pkiArchiveOptions","id-regCtrl-pkiArchiveOptions", - NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2356]),0}, + NID_id_regCtrl_pkiArchiveOptions,9,&(lvalues[2350]),0}, {"id-regCtrl-oldCertID","id-regCtrl-oldCertID", - NID_id_regCtrl_oldCertID,9,&(lvalues[2365]),0}, + NID_id_regCtrl_oldCertID,9,&(lvalues[2359]),0}, {"id-regCtrl-protocolEncrKey","id-regCtrl-protocolEncrKey", - NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2374]),0}, + NID_id_regCtrl_protocolEncrKey,9,&(lvalues[2368]),0}, {"id-regInfo-utf8Pairs","id-regInfo-utf8Pairs", - NID_id_regInfo_utf8Pairs,9,&(lvalues[2383]),0}, + NID_id_regInfo_utf8Pairs,9,&(lvalues[2377]),0}, {"id-regInfo-certReq","id-regInfo-certReq",NID_id_regInfo_certReq,9, - &(lvalues[2392]),0}, -{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2401]),0}, + &(lvalues[2386]),0}, +{"id-alg-des40","id-alg-des40",NID_id_alg_des40,8,&(lvalues[2395]),0}, {"id-alg-noSignature","id-alg-noSignature",NID_id_alg_noSignature,8, - &(lvalues[2409]),0}, + &(lvalues[2403]),0}, {"id-alg-dh-sig-hmac-sha1","id-alg-dh-sig-hmac-sha1", - NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2417]),0}, -{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2425]),0}, + NID_id_alg_dh_sig_hmac_sha1,8,&(lvalues[2411]),0}, +{"id-alg-dh-pop","id-alg-dh-pop",NID_id_alg_dh_pop,8,&(lvalues[2419]),0}, {"id-cmc-statusInfo","id-cmc-statusInfo",NID_id_cmc_statusInfo,8, - &(lvalues[2433]),0}, + &(lvalues[2427]),0}, {"id-cmc-identification","id-cmc-identification", - NID_id_cmc_identification,8,&(lvalues[2441]),0}, + NID_id_cmc_identification,8,&(lvalues[2435]),0}, {"id-cmc-identityProof","id-cmc-identityProof", - NID_id_cmc_identityProof,8,&(lvalues[2449]),0}, + NID_id_cmc_identityProof,8,&(lvalues[2443]),0}, {"id-cmc-dataReturn","id-cmc-dataReturn",NID_id_cmc_dataReturn,8, - &(lvalues[2457]),0}, + &(lvalues[2451]),0}, {"id-cmc-transactionId","id-cmc-transactionId", - NID_id_cmc_transactionId,8,&(lvalues[2465]),0}, + NID_id_cmc_transactionId,8,&(lvalues[2459]),0}, {"id-cmc-senderNonce","id-cmc-senderNonce",NID_id_cmc_senderNonce,8, - &(lvalues[2473]),0}, + &(lvalues[2467]),0}, {"id-cmc-recipientNonce","id-cmc-recipientNonce", - NID_id_cmc_recipientNonce,8,&(lvalues[2481]),0}, + NID_id_cmc_recipientNonce,8,&(lvalues[2475]),0}, {"id-cmc-addExtensions","id-cmc-addExtensions", - NID_id_cmc_addExtensions,8,&(lvalues[2489]),0}, + NID_id_cmc_addExtensions,8,&(lvalues[2483]),0}, {"id-cmc-encryptedPOP","id-cmc-encryptedPOP",NID_id_cmc_encryptedPOP, - 8,&(lvalues[2497]),0}, + 8,&(lvalues[2491]),0}, {"id-cmc-decryptedPOP","id-cmc-decryptedPOP",NID_id_cmc_decryptedPOP, - 8,&(lvalues[2505]),0}, + 8,&(lvalues[2499]),0}, {"id-cmc-lraPOPWitness","id-cmc-lraPOPWitness", - NID_id_cmc_lraPOPWitness,8,&(lvalues[2513]),0}, + NID_id_cmc_lraPOPWitness,8,&(lvalues[2507]),0}, {"id-cmc-getCert","id-cmc-getCert",NID_id_cmc_getCert,8, - &(lvalues[2521]),0}, -{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2529]),0}, + &(lvalues[2515]),0}, +{"id-cmc-getCRL","id-cmc-getCRL",NID_id_cmc_getCRL,8,&(lvalues[2523]),0}, {"id-cmc-revokeRequest","id-cmc-revokeRequest", - NID_id_cmc_revokeRequest,8,&(lvalues[2537]),0}, + NID_id_cmc_revokeRequest,8,&(lvalues[2531]),0}, {"id-cmc-regInfo","id-cmc-regInfo",NID_id_cmc_regInfo,8, - &(lvalues[2545]),0}, + &(lvalues[2539]),0}, {"id-cmc-responseInfo","id-cmc-responseInfo",NID_id_cmc_responseInfo, - 8,&(lvalues[2553]),0}, + 8,&(lvalues[2547]),0}, {"id-cmc-queryPending","id-cmc-queryPending",NID_id_cmc_queryPending, - 8,&(lvalues[2561]),0}, + 8,&(lvalues[2555]),0}, {"id-cmc-popLinkRandom","id-cmc-popLinkRandom", - NID_id_cmc_popLinkRandom,8,&(lvalues[2569]),0}, + NID_id_cmc_popLinkRandom,8,&(lvalues[2563]),0}, {"id-cmc-popLinkWitness","id-cmc-popLinkWitness", - NID_id_cmc_popLinkWitness,8,&(lvalues[2577]),0}, + NID_id_cmc_popLinkWitness,8,&(lvalues[2571]),0}, {"id-cmc-confirmCertAcceptance","id-cmc-confirmCertAcceptance", - NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2585]),0}, + NID_id_cmc_confirmCertAcceptance,8,&(lvalues[2579]),0}, {"id-on-personalData","id-on-personalData",NID_id_on_personalData,8, - &(lvalues[2593]),0}, + &(lvalues[2587]),0}, {"id-pda-dateOfBirth","id-pda-dateOfBirth",NID_id_pda_dateOfBirth,8, - &(lvalues[2601]),0}, + &(lvalues[2595]),0}, {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth, - 8,&(lvalues[2609]),0}, + 8,&(lvalues[2603]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2617]),0}, +{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2611]),0}, {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship", - NID_id_pda_countryOfCitizenship,8,&(lvalues[2625]),0}, + NID_id_pda_countryOfCitizenship,8,&(lvalues[2619]),0}, {"id-pda-countryOfResidence","id-pda-countryOfResidence", - NID_id_pda_countryOfResidence,8,&(lvalues[2633]),0}, + NID_id_pda_countryOfResidence,8,&(lvalues[2627]),0}, {"id-aca-authenticationInfo","id-aca-authenticationInfo", - NID_id_aca_authenticationInfo,8,&(lvalues[2641]),0}, + NID_id_aca_authenticationInfo,8,&(lvalues[2635]),0}, {"id-aca-accessIdentity","id-aca-accessIdentity", - NID_id_aca_accessIdentity,8,&(lvalues[2649]),0}, + NID_id_aca_accessIdentity,8,&(lvalues[2643]),0}, {"id-aca-chargingIdentity","id-aca-chargingIdentity", - NID_id_aca_chargingIdentity,8,&(lvalues[2657]),0}, -{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2665]),0}, -{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2673]),0}, + NID_id_aca_chargingIdentity,8,&(lvalues[2651]),0}, +{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2659]),0}, +{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2667]),0}, {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1", - NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2681]),0}, -{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2689]),0}, + NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2675]),0}, +{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2683]),0}, {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8, - &(lvalues[2697]),0}, + &(lvalues[2691]),0}, {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8, - &(lvalues[2705]),0}, + &(lvalues[2699]),0}, {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8, - &(lvalues[2713]),0}, -{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2721]),0}, + &(lvalues[2707]),0}, +{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2715]),0}, {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9, - &(lvalues[2729]),0}, -{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2738]),0}, -{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2747]),0}, + &(lvalues[2723]),0}, +{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2732]),0}, +{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2741]),0}, {"acceptableResponses","Acceptable OCSP Responses", - NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2756]),0}, -{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2765]),0}, + NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2750]),0}, +{"noCheck","OCSP No Check",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2759]),0}, {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff, - 9,&(lvalues[2774]),0}, + 9,&(lvalues[2768]),0}, {"serviceLocator","OCSP Service Locator", - NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2783]),0}, + NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2777]),0}, {"extendedStatus","Extended OCSP Status", - NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2792]),0}, -{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2801]),0}, -{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2810]),0}, + NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2786]),0}, +{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2795]),0}, +{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2804]),0}, {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9, - &(lvalues[2819]),0}, -{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2828]),0}, -{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2832]),0}, + &(lvalues[2813]),0}, +{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2822]),0}, +{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2826]),0}, {"X500algorithms","directory services - algorithms", - NID_X500algorithms,2,&(lvalues[2837]),0}, -{"ORG","org",NID_org,1,&(lvalues[2839]),0}, -{"DOD","dod",NID_dod,2,&(lvalues[2840]),0}, -{"IANA","iana",NID_iana,3,&(lvalues[2842]),0}, -{"directory","Directory",NID_Directory,4,&(lvalues[2845]),0}, -{"mgmt","Management",NID_Management,4,&(lvalues[2849]),0}, -{"experimental","Experimental",NID_Experimental,4,&(lvalues[2853]),0}, -{"private","Private",NID_Private,4,&(lvalues[2857]),0}, -{"security","Security",NID_Security,4,&(lvalues[2861]),0}, -{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2865]),0}, -{"Mail","Mail",NID_Mail,4,&(lvalues[2869]),0}, -{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2873]),0}, -{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2878]),0}, -{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2887]),0}, -{"domain","Domain",NID_Domain,10,&(lvalues[2897]),0}, + NID_X500algorithms,2,&(lvalues[2831]),0}, +{"ORG","org",NID_org,1,&(lvalues[2833]),0}, +{"DOD","dod",NID_dod,2,&(lvalues[2834]),0}, +{"IANA","iana",NID_iana,3,&(lvalues[2836]),0}, +{"directory","Directory",NID_Directory,4,&(lvalues[2839]),0}, +{"mgmt","Management",NID_Management,4,&(lvalues[2843]),0}, +{"experimental","Experimental",NID_Experimental,4,&(lvalues[2847]),0}, +{"private","Private",NID_Private,4,&(lvalues[2851]),0}, +{"security","Security",NID_Security,4,&(lvalues[2855]),0}, +{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2859]),0}, +{"Mail","Mail",NID_Mail,4,&(lvalues[2863]),0}, +{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2867]),0}, +{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2872]),0}, +{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2881]),0}, +{"domain","Domain",NID_Domain,10,&(lvalues[2891]),0}, {"NULL","NULL",NID_joint_iso_ccitt,0,NULL,0}, {"selected-attribute-types","Selected Attribute Types", - NID_selected_attribute_types,3,&(lvalues[2907]),0}, -{"clearance","clearance",NID_clearance,4,&(lvalues[2910]),0}, + NID_selected_attribute_types,3,&(lvalues[2901]),0}, +{"clearance","clearance",NID_clearance,4,&(lvalues[2904]),0}, {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9, - &(lvalues[2914]),0}, -{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2923]),0}, + &(lvalues[2908]),0}, +{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2917]),0}, {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8, - &(lvalues[2931]),0}, + &(lvalues[2925]),0}, {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8, - &(lvalues[2939]),0}, -{"role","role",NID_role,3,&(lvalues[2947]),0}, + &(lvalues[2933]),0}, +{"role","role",NID_role,3,&(lvalues[2941]),0}, {"policyConstraints","X509v3 Policy Constraints", - NID_policy_constraints,3,&(lvalues[2950]),0}, + NID_policy_constraints,3,&(lvalues[2944]),0}, {"targetInformation","X509v3 AC Targeting",NID_target_information,3, - &(lvalues[2953]),0}, + &(lvalues[2947]),0}, {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3, - &(lvalues[2956]),0}, + &(lvalues[2950]),0}, {"NULL","NULL",NID_ccitt,0,NULL,0}, -{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2959]),0}, -{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2964]),0}, +{"ansi-X9-62","ANSI X9.62",NID_ansi_X9_62,5,&(lvalues[2953]),0}, +{"prime-field","prime-field",NID_X9_62_prime_field,7,&(lvalues[2958]),0}, {"characteristic-two-field","characteristic-two-field", - NID_X9_62_characteristic_two_field,7,&(lvalues[2971]),0}, + NID_X9_62_characteristic_two_field,7,&(lvalues[2965]),0}, {"id-ecPublicKey","id-ecPublicKey",NID_X9_62_id_ecPublicKey,7, - &(lvalues[2978]),0}, -{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2985]),0}, -{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2993]),0}, -{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[3001]),0}, -{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3009]),0}, -{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3017]),0}, -{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3025]),0}, -{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3033]),0}, + &(lvalues[2972]),0}, +{"prime192v1","prime192v1",NID_X9_62_prime192v1,8,&(lvalues[2979]),0}, +{"prime192v2","prime192v2",NID_X9_62_prime192v2,8,&(lvalues[2987]),0}, +{"prime192v3","prime192v3",NID_X9_62_prime192v3,8,&(lvalues[2995]),0}, +{"prime239v1","prime239v1",NID_X9_62_prime239v1,8,&(lvalues[3003]),0}, +{"prime239v2","prime239v2",NID_X9_62_prime239v2,8,&(lvalues[3011]),0}, +{"prime239v3","prime239v3",NID_X9_62_prime239v3,8,&(lvalues[3019]),0}, +{"prime256v1","prime256v1",NID_X9_62_prime256v1,8,&(lvalues[3027]),0}, {"ecdsa-with-SHA1","ecdsa-with-SHA1",NID_ecdsa_with_SHA1,7, - &(lvalues[3041]),0}, -{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3048]),0}, -{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3057]),0}, -{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3066]),0}, -{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3075]),0}, -{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3084]),0}, -{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3093]),0}, -{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3102]),0}, -{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3111]),0}, -{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3120]),0}, -{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3129]),0}, -{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3138]),0}, -{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3147]),0}, -{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3156]),0}, + &(lvalues[3035]),0}, +{"CSPName","Microsoft CSP Name",NID_ms_csp_name,9,&(lvalues[3042]),0}, +{"AES-128-ECB","aes-128-ecb",NID_aes_128_ecb,9,&(lvalues[3051]),0}, +{"AES-128-CBC","aes-128-cbc",NID_aes_128_cbc,9,&(lvalues[3060]),0}, +{"AES-128-OFB","aes-128-ofb",NID_aes_128_ofb128,9,&(lvalues[3069]),0}, +{"AES-128-CFB","aes-128-cfb",NID_aes_128_cfb128,9,&(lvalues[3078]),0}, +{"AES-192-ECB","aes-192-ecb",NID_aes_192_ecb,9,&(lvalues[3087]),0}, +{"AES-192-CBC","aes-192-cbc",NID_aes_192_cbc,9,&(lvalues[3096]),0}, +{"AES-192-OFB","aes-192-ofb",NID_aes_192_ofb128,9,&(lvalues[3105]),0}, +{"AES-192-CFB","aes-192-cfb",NID_aes_192_cfb128,9,&(lvalues[3114]),0}, +{"AES-256-ECB","aes-256-ecb",NID_aes_256_ecb,9,&(lvalues[3123]),0}, +{"AES-256-CBC","aes-256-cbc",NID_aes_256_cbc,9,&(lvalues[3132]),0}, +{"AES-256-OFB","aes-256-ofb",NID_aes_256_ofb128,9,&(lvalues[3141]),0}, +{"AES-256-CFB","aes-256-cfb",NID_aes_256_cfb128,9,&(lvalues[3150]),0}, {"holdInstructionCode","Hold Instruction Code", - NID_hold_instruction_code,3,&(lvalues[3165]),0}, + NID_hold_instruction_code,3,&(lvalues[3159]),0}, {"holdInstructionNone","Hold Instruction None", - NID_hold_instruction_none,7,&(lvalues[3168]),0}, + NID_hold_instruction_none,7,&(lvalues[3162]),0}, {"holdInstructionCallIssuer","Hold Instruction Call Issuer", - NID_hold_instruction_call_issuer,7,&(lvalues[3175]),0}, + NID_hold_instruction_call_issuer,7,&(lvalues[3169]),0}, {"holdInstructionReject","Hold Instruction Reject", - NID_hold_instruction_reject,7,&(lvalues[3182]),0}, -{"data","data",NID_data,1,&(lvalues[3189]),0}, -{"pss","pss",NID_pss,3,&(lvalues[3190]),0}, -{"ucl","ucl",NID_ucl,7,&(lvalues[3193]),0}, -{"pilot","pilot",NID_pilot,8,&(lvalues[3200]),0}, + NID_hold_instruction_reject,7,&(lvalues[3176]),0}, +{"data","data",NID_data,1,&(lvalues[3183]),0}, +{"pss","pss",NID_pss,3,&(lvalues[3184]),0}, +{"ucl","ucl",NID_ucl,7,&(lvalues[3187]),0}, +{"pilot","pilot",NID_pilot,8,&(lvalues[3194]),0}, {"pilotAttributeType","pilotAttributeType",NID_pilotAttributeType,9, - &(lvalues[3208]),0}, + &(lvalues[3202]),0}, {"pilotAttributeSyntax","pilotAttributeSyntax", - NID_pilotAttributeSyntax,9,&(lvalues[3217]),0}, + NID_pilotAttributeSyntax,9,&(lvalues[3211]),0}, {"pilotObjectClass","pilotObjectClass",NID_pilotObjectClass,9, - &(lvalues[3226]),0}, -{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3235]),0}, + &(lvalues[3220]),0}, +{"pilotGroups","pilotGroups",NID_pilotGroups,9,&(lvalues[3229]),0}, {"iA5StringSyntax","iA5StringSyntax",NID_iA5StringSyntax,10, - &(lvalues[3244]),0}, + &(lvalues[3238]),0}, {"caseIgnoreIA5StringSyntax","caseIgnoreIA5StringSyntax", - NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3254]),0}, -{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3264]),0}, -{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3274]),0}, -{"account","account",NID_account,10,&(lvalues[3284]),0}, -{"document","document",NID_document,10,&(lvalues[3294]),0}, -{"room","room",NID_room,10,&(lvalues[3304]),0}, + NID_caseIgnoreIA5StringSyntax,10,&(lvalues[3248]),0}, +{"pilotObject","pilotObject",NID_pilotObject,10,&(lvalues[3258]),0}, +{"pilotPerson","pilotPerson",NID_pilotPerson,10,&(lvalues[3268]),0}, +{"account","account",NID_account,10,&(lvalues[3278]),0}, +{"document","document",NID_document,10,&(lvalues[3288]),0}, +{"room","room",NID_room,10,&(lvalues[3298]),0}, {"documentSeries","documentSeries",NID_documentSeries,10, - &(lvalues[3314]),0}, + &(lvalues[3308]),0}, {"rFC822localPart","rFC822localPart",NID_rFC822localPart,10, - &(lvalues[3324]),0}, -{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3334]),0}, + &(lvalues[3318]),0}, +{"dNSDomain","dNSDomain",NID_dNSDomain,10,&(lvalues[3328]),0}, {"domainRelatedObject","domainRelatedObject",NID_domainRelatedObject, - 10,&(lvalues[3344]),0}, + 10,&(lvalues[3338]),0}, {"friendlyCountry","friendlyCountry",NID_friendlyCountry,10, - &(lvalues[3354]),0}, + &(lvalues[3348]),0}, {"simpleSecurityObject","simpleSecurityObject", - NID_simpleSecurityObject,10,&(lvalues[3364]),0}, + NID_simpleSecurityObject,10,&(lvalues[3358]),0}, {"pilotOrganization","pilotOrganization",NID_pilotOrganization,10, - &(lvalues[3374]),0}, -{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3384]),0}, + &(lvalues[3368]),0}, +{"pilotDSA","pilotDSA",NID_pilotDSA,10,&(lvalues[3378]),0}, {"qualityLabelledData","qualityLabelledData",NID_qualityLabelledData, - 10,&(lvalues[3394]),0}, -{"UID","userId",NID_userId,10,&(lvalues[3404]),0}, + 10,&(lvalues[3388]),0}, +{"UID","userId",NID_userId,10,&(lvalues[3398]),0}, {"textEncodedORAddress","textEncodedORAddress", - NID_textEncodedORAddress,10,&(lvalues[3414]),0}, -{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3424]),0}, -{"info","info",NID_info,10,&(lvalues[3434]),0}, + NID_textEncodedORAddress,10,&(lvalues[3408]),0}, +{"mail","rfc822Mailbox",NID_rfc822Mailbox,10,&(lvalues[3418]),0}, +{"info","info",NID_info,10,&(lvalues[3428]),0}, {"favouriteDrink","favouriteDrink",NID_favouriteDrink,10, - &(lvalues[3444]),0}, -{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3454]),0}, -{"photo","photo",NID_photo,10,&(lvalues[3464]),0}, -{"userClass","userClass",NID_userClass,10,&(lvalues[3474]),0}, -{"host","host",NID_host,10,&(lvalues[3484]),0}, -{"manager","manager",NID_manager,10,&(lvalues[3494]),0}, + &(lvalues[3438]),0}, +{"roomNumber","roomNumber",NID_roomNumber,10,&(lvalues[3448]),0}, +{"photo","photo",NID_photo,10,&(lvalues[3458]),0}, +{"userClass","userClass",NID_userClass,10,&(lvalues[3468]),0}, +{"host","host",NID_host,10,&(lvalues[3478]),0}, +{"manager","manager",NID_manager,10,&(lvalues[3488]),0}, {"documentIdentifier","documentIdentifier",NID_documentIdentifier,10, - &(lvalues[3504]),0}, -{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3514]),0}, + &(lvalues[3498]),0}, +{"documentTitle","documentTitle",NID_documentTitle,10,&(lvalues[3508]),0}, {"documentVersion","documentVersion",NID_documentVersion,10, - &(lvalues[3524]),0}, + &(lvalues[3518]),0}, {"documentAuthor","documentAuthor",NID_documentAuthor,10, - &(lvalues[3534]),0}, + &(lvalues[3528]),0}, {"documentLocation","documentLocation",NID_documentLocation,10, - &(lvalues[3544]),0}, + &(lvalues[3538]),0}, {"homeTelephoneNumber","homeTelephoneNumber",NID_homeTelephoneNumber, - 10,&(lvalues[3554]),0}, -{"secretary","secretary",NID_secretary,10,&(lvalues[3564]),0}, -{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3574]),0}, + 10,&(lvalues[3548]),0}, +{"secretary","secretary",NID_secretary,10,&(lvalues[3558]),0}, +{"otherMailbox","otherMailbox",NID_otherMailbox,10,&(lvalues[3568]),0}, {"lastModifiedTime","lastModifiedTime",NID_lastModifiedTime,10, - &(lvalues[3584]),0}, + &(lvalues[3578]),0}, {"lastModifiedBy","lastModifiedBy",NID_lastModifiedBy,10, - &(lvalues[3594]),0}, -{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3604]),0}, + &(lvalues[3588]),0}, +{"aRecord","aRecord",NID_aRecord,10,&(lvalues[3598]),0}, {"pilotAttributeType27","pilotAttributeType27", - NID_pilotAttributeType27,10,&(lvalues[3614]),0}, -{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3624]),0}, -{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3634]),0}, -{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3644]),0}, -{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3654]),0}, + NID_pilotAttributeType27,10,&(lvalues[3608]),0}, +{"mXRecord","mXRecord",NID_mXRecord,10,&(lvalues[3618]),0}, +{"nSRecord","nSRecord",NID_nSRecord,10,&(lvalues[3628]),0}, +{"sOARecord","sOARecord",NID_sOARecord,10,&(lvalues[3638]),0}, +{"cNAMERecord","cNAMERecord",NID_cNAMERecord,10,&(lvalues[3648]),0}, {"associatedDomain","associatedDomain",NID_associatedDomain,10, - &(lvalues[3664]),0}, + &(lvalues[3658]),0}, {"associatedName","associatedName",NID_associatedName,10, - &(lvalues[3674]),0}, + &(lvalues[3668]),0}, {"homePostalAddress","homePostalAddress",NID_homePostalAddress,10, - &(lvalues[3684]),0}, -{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3694]),0}, + &(lvalues[3678]),0}, +{"personalTitle","personalTitle",NID_personalTitle,10,&(lvalues[3688]),0}, {"mobileTelephoneNumber","mobileTelephoneNumber", - NID_mobileTelephoneNumber,10,&(lvalues[3704]),0}, + NID_mobileTelephoneNumber,10,&(lvalues[3698]),0}, {"pagerTelephoneNumber","pagerTelephoneNumber", - NID_pagerTelephoneNumber,10,&(lvalues[3714]),0}, + NID_pagerTelephoneNumber,10,&(lvalues[3708]),0}, {"friendlyCountryName","friendlyCountryName",NID_friendlyCountryName, - 10,&(lvalues[3724]),0}, + 10,&(lvalues[3718]),0}, {"organizationalStatus","organizationalStatus", - NID_organizationalStatus,10,&(lvalues[3734]),0}, -{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3744]),0}, + NID_organizationalStatus,10,&(lvalues[3728]),0}, +{"janetMailbox","janetMailbox",NID_janetMailbox,10,&(lvalues[3738]),0}, {"mailPreferenceOption","mailPreferenceOption", - NID_mailPreferenceOption,10,&(lvalues[3754]),0}, -{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3764]),0}, -{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3774]),0}, + NID_mailPreferenceOption,10,&(lvalues[3748]),0}, +{"buildingName","buildingName",NID_buildingName,10,&(lvalues[3758]),0}, +{"dSAQuality","dSAQuality",NID_dSAQuality,10,&(lvalues[3768]),0}, {"singleLevelQuality","singleLevelQuality",NID_singleLevelQuality,10, - &(lvalues[3784]),0}, + &(lvalues[3778]),0}, {"subtreeMinimumQuality","subtreeMinimumQuality", - NID_subtreeMinimumQuality,10,&(lvalues[3794]),0}, + NID_subtreeMinimumQuality,10,&(lvalues[3788]),0}, {"subtreeMaximumQuality","subtreeMaximumQuality", - NID_subtreeMaximumQuality,10,&(lvalues[3804]),0}, + NID_subtreeMaximumQuality,10,&(lvalues[3798]),0}, {"personalSignature","personalSignature",NID_personalSignature,10, - &(lvalues[3814]),0}, -{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3824]),0}, -{"audio","audio",NID_audio,10,&(lvalues[3834]),0}, + &(lvalues[3808]),0}, +{"dITRedirect","dITRedirect",NID_dITRedirect,10,&(lvalues[3818]),0}, +{"audio","audio",NID_audio,10,&(lvalues[3828]),0}, {"documentPublisher","documentPublisher",NID_documentPublisher,10, - &(lvalues[3844]),0}, + &(lvalues[3838]),0}, {"x500UniqueIdentifier","x500UniqueIdentifier", - NID_x500UniqueIdentifier,3,&(lvalues[3854]),0}, -{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3857]),0}, + NID_x500UniqueIdentifier,3,&(lvalues[3848]),0}, +{"mime-mhs","MIME MHS",NID_mime_mhs,5,&(lvalues[3851]),0}, {"mime-mhs-headings","mime-mhs-headings",NID_mime_mhs_headings,6, - &(lvalues[3862]),0}, + &(lvalues[3856]),0}, {"mime-mhs-bodies","mime-mhs-bodies",NID_mime_mhs_bodies,6, - &(lvalues[3868]),0}, + &(lvalues[3862]),0}, {"id-hex-partial-message","id-hex-partial-message", - NID_id_hex_partial_message,7,&(lvalues[3874]),0}, + NID_id_hex_partial_message,7,&(lvalues[3868]),0}, {"id-hex-multipart-message","id-hex-multipart-message", - NID_id_hex_multipart_message,7,&(lvalues[3881]),0}, + NID_id_hex_multipart_message,7,&(lvalues[3875]),0}, {"generationQualifier","generationQualifier",NID_generationQualifier, - 3,&(lvalues[3888]),0}, -{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3891]),0}, + 3,&(lvalues[3882]),0}, +{"pseudonym","pseudonym",NID_pseudonym,3,&(lvalues[3885]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {"id-set","Secure Electronic Transactions",NID_id_set,2, - &(lvalues[3894]),0}, -{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3896]),0}, -{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3899]),0}, -{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3902]),0}, -{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3905]),0}, + &(lvalues[3888]),0}, +{"set-ctype","content types",NID_set_ctype,3,&(lvalues[3890]),0}, +{"set-msgExt","message extensions",NID_set_msgExt,3,&(lvalues[3893]),0}, +{"set-attr","set-attr",NID_set_attr,3,&(lvalues[3896]),0}, +{"set-policy","set-policy",NID_set_policy,3,&(lvalues[3899]),0}, {"set-certExt","certificate extensions",NID_set_certExt,3, - &(lvalues[3908]),0}, -{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3911]),0}, -{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3914]),0}, + &(lvalues[3902]),0}, +{"set-brand","set-brand",NID_set_brand,3,&(lvalues[3905]),0}, +{"setct-PANData","setct-PANData",NID_setct_PANData,4,&(lvalues[3908]),0}, {"setct-PANToken","setct-PANToken",NID_setct_PANToken,4, - &(lvalues[3918]),0}, -{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3922]),0}, -{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3926]),0}, -{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3930]),0}, -{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3934]),0}, + &(lvalues[3912]),0}, +{"setct-PANOnly","setct-PANOnly",NID_setct_PANOnly,4,&(lvalues[3916]),0}, +{"setct-OIData","setct-OIData",NID_setct_OIData,4,&(lvalues[3920]),0}, +{"setct-PI","setct-PI",NID_setct_PI,4,&(lvalues[3924]),0}, +{"setct-PIData","setct-PIData",NID_setct_PIData,4,&(lvalues[3928]),0}, {"setct-PIDataUnsigned","setct-PIDataUnsigned", - NID_setct_PIDataUnsigned,4,&(lvalues[3938]),0}, + NID_setct_PIDataUnsigned,4,&(lvalues[3932]),0}, {"setct-HODInput","setct-HODInput",NID_setct_HODInput,4, - &(lvalues[3942]),0}, + &(lvalues[3936]),0}, {"setct-AuthResBaggage","setct-AuthResBaggage", - NID_setct_AuthResBaggage,4,&(lvalues[3946]),0}, + NID_setct_AuthResBaggage,4,&(lvalues[3940]),0}, {"setct-AuthRevReqBaggage","setct-AuthRevReqBaggage", - NID_setct_AuthRevReqBaggage,4,&(lvalues[3950]),0}, + NID_setct_AuthRevReqBaggage,4,&(lvalues[3944]),0}, {"setct-AuthRevResBaggage","setct-AuthRevResBaggage", - NID_setct_AuthRevResBaggage,4,&(lvalues[3954]),0}, + NID_setct_AuthRevResBaggage,4,&(lvalues[3948]),0}, {"setct-CapTokenSeq","setct-CapTokenSeq",NID_setct_CapTokenSeq,4, - &(lvalues[3958]),0}, + &(lvalues[3952]),0}, {"setct-PInitResData","setct-PInitResData",NID_setct_PInitResData,4, - &(lvalues[3962]),0}, -{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3966]),0}, + &(lvalues[3956]),0}, +{"setct-PI-TBS","setct-PI-TBS",NID_setct_PI_TBS,4,&(lvalues[3960]),0}, {"setct-PResData","setct-PResData",NID_setct_PResData,4, - &(lvalues[3970]),0}, + &(lvalues[3964]),0}, {"setct-AuthReqTBS","setct-AuthReqTBS",NID_setct_AuthReqTBS,4, - &(lvalues[3974]),0}, + &(lvalues[3968]),0}, {"setct-AuthResTBS","setct-AuthResTBS",NID_setct_AuthResTBS,4, - &(lvalues[3978]),0}, + &(lvalues[3972]),0}, {"setct-AuthResTBSX","setct-AuthResTBSX",NID_setct_AuthResTBSX,4, - &(lvalues[3982]),0}, + &(lvalues[3976]),0}, {"setct-AuthTokenTBS","setct-AuthTokenTBS",NID_setct_AuthTokenTBS,4, - &(lvalues[3986]),0}, + &(lvalues[3980]),0}, {"setct-CapTokenData","setct-CapTokenData",NID_setct_CapTokenData,4, - &(lvalues[3990]),0}, + &(lvalues[3984]),0}, {"setct-CapTokenTBS","setct-CapTokenTBS",NID_setct_CapTokenTBS,4, - &(lvalues[3994]),0}, + &(lvalues[3988]),0}, {"setct-AcqCardCodeMsg","setct-AcqCardCodeMsg", - NID_setct_AcqCardCodeMsg,4,&(lvalues[3998]),0}, + NID_setct_AcqCardCodeMsg,4,&(lvalues[3992]),0}, {"setct-AuthRevReqTBS","setct-AuthRevReqTBS",NID_setct_AuthRevReqTBS, - 4,&(lvalues[4002]),0}, + 4,&(lvalues[3996]),0}, {"setct-AuthRevResData","setct-AuthRevResData", - NID_setct_AuthRevResData,4,&(lvalues[4006]),0}, + NID_setct_AuthRevResData,4,&(lvalues[4000]),0}, {"setct-AuthRevResTBS","setct-AuthRevResTBS",NID_setct_AuthRevResTBS, - 4,&(lvalues[4010]),0}, + 4,&(lvalues[4004]),0}, {"setct-CapReqTBS","setct-CapReqTBS",NID_setct_CapReqTBS,4, - &(lvalues[4014]),0}, + &(lvalues[4008]),0}, {"setct-CapReqTBSX","setct-CapReqTBSX",NID_setct_CapReqTBSX,4, - &(lvalues[4018]),0}, + &(lvalues[4012]),0}, {"setct-CapResData","setct-CapResData",NID_setct_CapResData,4, - &(lvalues[4022]),0}, + &(lvalues[4016]),0}, {"setct-CapRevReqTBS","setct-CapRevReqTBS",NID_setct_CapRevReqTBS,4, - &(lvalues[4026]),0}, + &(lvalues[4020]),0}, {"setct-CapRevReqTBSX","setct-CapRevReqTBSX",NID_setct_CapRevReqTBSX, - 4,&(lvalues[4030]),0}, + 4,&(lvalues[4024]),0}, {"setct-CapRevResData","setct-CapRevResData",NID_setct_CapRevResData, - 4,&(lvalues[4034]),0}, + 4,&(lvalues[4028]),0}, {"setct-CredReqTBS","setct-CredReqTBS",NID_setct_CredReqTBS,4, - &(lvalues[4038]),0}, + &(lvalues[4032]),0}, {"setct-CredReqTBSX","setct-CredReqTBSX",NID_setct_CredReqTBSX,4, - &(lvalues[4042]),0}, + &(lvalues[4036]),0}, {"setct-CredResData","setct-CredResData",NID_setct_CredResData,4, - &(lvalues[4046]),0}, + &(lvalues[4040]),0}, {"setct-CredRevReqTBS","setct-CredRevReqTBS",NID_setct_CredRevReqTBS, - 4,&(lvalues[4050]),0}, + 4,&(lvalues[4044]),0}, {"setct-CredRevReqTBSX","setct-CredRevReqTBSX", - NID_setct_CredRevReqTBSX,4,&(lvalues[4054]),0}, + NID_setct_CredRevReqTBSX,4,&(lvalues[4048]),0}, {"setct-CredRevResData","setct-CredRevResData", - NID_setct_CredRevResData,4,&(lvalues[4058]),0}, + NID_setct_CredRevResData,4,&(lvalues[4052]),0}, {"setct-PCertReqData","setct-PCertReqData",NID_setct_PCertReqData,4, - &(lvalues[4062]),0}, + &(lvalues[4056]),0}, {"setct-PCertResTBS","setct-PCertResTBS",NID_setct_PCertResTBS,4, - &(lvalues[4066]),0}, + &(lvalues[4060]),0}, {"setct-BatchAdminReqData","setct-BatchAdminReqData", - NID_setct_BatchAdminReqData,4,&(lvalues[4070]),0}, + NID_setct_BatchAdminReqData,4,&(lvalues[4064]),0}, {"setct-BatchAdminResData","setct-BatchAdminResData", - NID_setct_BatchAdminResData,4,&(lvalues[4074]),0}, + NID_setct_BatchAdminResData,4,&(lvalues[4068]),0}, {"setct-CardCInitResTBS","setct-CardCInitResTBS", - NID_setct_CardCInitResTBS,4,&(lvalues[4078]),0}, + NID_setct_CardCInitResTBS,4,&(lvalues[4072]),0}, {"setct-MeAqCInitResTBS","setct-MeAqCInitResTBS", - NID_setct_MeAqCInitResTBS,4,&(lvalues[4082]),0}, + NID_setct_MeAqCInitResTBS,4,&(lvalues[4076]),0}, {"setct-RegFormResTBS","setct-RegFormResTBS",NID_setct_RegFormResTBS, - 4,&(lvalues[4086]),0}, + 4,&(lvalues[4080]),0}, {"setct-CertReqData","setct-CertReqData",NID_setct_CertReqData,4, - &(lvalues[4090]),0}, + &(lvalues[4084]),0}, {"setct-CertReqTBS","setct-CertReqTBS",NID_setct_CertReqTBS,4, - &(lvalues[4094]),0}, + &(lvalues[4088]),0}, {"setct-CertResData","setct-CertResData",NID_setct_CertResData,4, - &(lvalues[4098]),0}, + &(lvalues[4092]),0}, {"setct-CertInqReqTBS","setct-CertInqReqTBS",NID_setct_CertInqReqTBS, - 4,&(lvalues[4102]),0}, + 4,&(lvalues[4096]),0}, {"setct-ErrorTBS","setct-ErrorTBS",NID_setct_ErrorTBS,4, - &(lvalues[4106]),0}, + &(lvalues[4100]),0}, {"setct-PIDualSignedTBE","setct-PIDualSignedTBE", - NID_setct_PIDualSignedTBE,4,&(lvalues[4110]),0}, + NID_setct_PIDualSignedTBE,4,&(lvalues[4104]),0}, {"setct-PIUnsignedTBE","setct-PIUnsignedTBE",NID_setct_PIUnsignedTBE, - 4,&(lvalues[4114]),0}, + 4,&(lvalues[4108]),0}, {"setct-AuthReqTBE","setct-AuthReqTBE",NID_setct_AuthReqTBE,4, - &(lvalues[4118]),0}, + &(lvalues[4112]),0}, {"setct-AuthResTBE","setct-AuthResTBE",NID_setct_AuthResTBE,4, - &(lvalues[4122]),0}, + &(lvalues[4116]),0}, {"setct-AuthResTBEX","setct-AuthResTBEX",NID_setct_AuthResTBEX,4, - &(lvalues[4126]),0}, + &(lvalues[4120]),0}, {"setct-AuthTokenTBE","setct-AuthTokenTBE",NID_setct_AuthTokenTBE,4, - &(lvalues[4130]),0}, + &(lvalues[4124]),0}, {"setct-CapTokenTBE","setct-CapTokenTBE",NID_setct_CapTokenTBE,4, - &(lvalues[4134]),0}, + &(lvalues[4128]),0}, {"setct-CapTokenTBEX","setct-CapTokenTBEX",NID_setct_CapTokenTBEX,4, - &(lvalues[4138]),0}, + &(lvalues[4132]),0}, {"setct-AcqCardCodeMsgTBE","setct-AcqCardCodeMsgTBE", - NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4142]),0}, + NID_setct_AcqCardCodeMsgTBE,4,&(lvalues[4136]),0}, {"setct-AuthRevReqTBE","setct-AuthRevReqTBE",NID_setct_AuthRevReqTBE, - 4,&(lvalues[4146]),0}, + 4,&(lvalues[4140]),0}, {"setct-AuthRevResTBE","setct-AuthRevResTBE",NID_setct_AuthRevResTBE, - 4,&(lvalues[4150]),0}, + 4,&(lvalues[4144]),0}, {"setct-AuthRevResTBEB","setct-AuthRevResTBEB", - NID_setct_AuthRevResTBEB,4,&(lvalues[4154]),0}, + NID_setct_AuthRevResTBEB,4,&(lvalues[4148]),0}, {"setct-CapReqTBE","setct-CapReqTBE",NID_setct_CapReqTBE,4, - &(lvalues[4158]),0}, + &(lvalues[4152]),0}, {"setct-CapReqTBEX","setct-CapReqTBEX",NID_setct_CapReqTBEX,4, - &(lvalues[4162]),0}, + &(lvalues[4156]),0}, {"setct-CapResTBE","setct-CapResTBE",NID_setct_CapResTBE,4, - &(lvalues[4166]),0}, + &(lvalues[4160]),0}, {"setct-CapRevReqTBE","setct-CapRevReqTBE",NID_setct_CapRevReqTBE,4, - &(lvalues[4170]),0}, + &(lvalues[4164]),0}, {"setct-CapRevReqTBEX","setct-CapRevReqTBEX",NID_setct_CapRevReqTBEX, - 4,&(lvalues[4174]),0}, + 4,&(lvalues[4168]),0}, {"setct-CapRevResTBE","setct-CapRevResTBE",NID_setct_CapRevResTBE,4, - &(lvalues[4178]),0}, + &(lvalues[4172]),0}, {"setct-CredReqTBE","setct-CredReqTBE",NID_setct_CredReqTBE,4, - &(lvalues[4182]),0}, + &(lvalues[4176]),0}, {"setct-CredReqTBEX","setct-CredReqTBEX",NID_setct_CredReqTBEX,4, - &(lvalues[4186]),0}, + &(lvalues[4180]),0}, {"setct-CredResTBE","setct-CredResTBE",NID_setct_CredResTBE,4, - &(lvalues[4190]),0}, + &(lvalues[4184]),0}, {"setct-CredRevReqTBE","setct-CredRevReqTBE",NID_setct_CredRevReqTBE, - 4,&(lvalues[4194]),0}, + 4,&(lvalues[4188]),0}, {"setct-CredRevReqTBEX","setct-CredRevReqTBEX", - NID_setct_CredRevReqTBEX,4,&(lvalues[4198]),0}, + NID_setct_CredRevReqTBEX,4,&(lvalues[4192]),0}, {"setct-CredRevResTBE","setct-CredRevResTBE",NID_setct_CredRevResTBE, - 4,&(lvalues[4202]),0}, + 4,&(lvalues[4196]),0}, {"setct-BatchAdminReqTBE","setct-BatchAdminReqTBE", - NID_setct_BatchAdminReqTBE,4,&(lvalues[4206]),0}, + NID_setct_BatchAdminReqTBE,4,&(lvalues[4200]),0}, {"setct-BatchAdminResTBE","setct-BatchAdminResTBE", - NID_setct_BatchAdminResTBE,4,&(lvalues[4210]),0}, + NID_setct_BatchAdminResTBE,4,&(lvalues[4204]),0}, {"setct-RegFormReqTBE","setct-RegFormReqTBE",NID_setct_RegFormReqTBE, - 4,&(lvalues[4214]),0}, + 4,&(lvalues[4208]),0}, {"setct-CertReqTBE","setct-CertReqTBE",NID_setct_CertReqTBE,4, - &(lvalues[4218]),0}, + &(lvalues[4212]),0}, {"setct-CertReqTBEX","setct-CertReqTBEX",NID_setct_CertReqTBEX,4, - &(lvalues[4222]),0}, + &(lvalues[4216]),0}, {"setct-CertResTBE","setct-CertResTBE",NID_setct_CertResTBE,4, - &(lvalues[4226]),0}, + &(lvalues[4220]),0}, {"setct-CRLNotificationTBS","setct-CRLNotificationTBS", - NID_setct_CRLNotificationTBS,4,&(lvalues[4230]),0}, + NID_setct_CRLNotificationTBS,4,&(lvalues[4224]),0}, {"setct-CRLNotificationResTBS","setct-CRLNotificationResTBS", - NID_setct_CRLNotificationResTBS,4,&(lvalues[4234]),0}, + NID_setct_CRLNotificationResTBS,4,&(lvalues[4228]),0}, {"setct-BCIDistributionTBS","setct-BCIDistributionTBS", - NID_setct_BCIDistributionTBS,4,&(lvalues[4238]),0}, + NID_setct_BCIDistributionTBS,4,&(lvalues[4232]),0}, {"setext-genCrypt","generic cryptogram",NID_setext_genCrypt,4, - &(lvalues[4242]),0}, + &(lvalues[4236]),0}, {"setext-miAuth","merchant initiated auth",NID_setext_miAuth,4, - &(lvalues[4246]),0}, + &(lvalues[4240]),0}, {"setext-pinSecure","setext-pinSecure",NID_setext_pinSecure,4, - &(lvalues[4250]),0}, -{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4254]),0}, -{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4258]),0}, + &(lvalues[4244]),0}, +{"setext-pinAny","setext-pinAny",NID_setext_pinAny,4,&(lvalues[4248]),0}, +{"setext-track2","setext-track2",NID_setext_track2,4,&(lvalues[4252]),0}, {"setext-cv","additional verification",NID_setext_cv,4, - &(lvalues[4262]),0}, + &(lvalues[4256]),0}, {"set-policy-root","set-policy-root",NID_set_policy_root,4, - &(lvalues[4266]),0}, + &(lvalues[4260]),0}, {"setCext-hashedRoot","setCext-hashedRoot",NID_setCext_hashedRoot,4, - &(lvalues[4270]),0}, + &(lvalues[4264]),0}, {"setCext-certType","setCext-certType",NID_setCext_certType,4, - &(lvalues[4274]),0}, + &(lvalues[4268]),0}, {"setCext-merchData","setCext-merchData",NID_setCext_merchData,4, - &(lvalues[4278]),0}, + &(lvalues[4272]),0}, {"setCext-cCertRequired","setCext-cCertRequired", - NID_setCext_cCertRequired,4,&(lvalues[4282]),0}, + NID_setCext_cCertRequired,4,&(lvalues[4276]),0}, {"setCext-tunneling","setCext-tunneling",NID_setCext_tunneling,4, - &(lvalues[4286]),0}, + &(lvalues[4280]),0}, {"setCext-setExt","setCext-setExt",NID_setCext_setExt,4, - &(lvalues[4290]),0}, + &(lvalues[4284]),0}, {"setCext-setQualf","setCext-setQualf",NID_setCext_setQualf,4, - &(lvalues[4294]),0}, + &(lvalues[4288]),0}, {"setCext-PGWYcapabilities","setCext-PGWYcapabilities", - NID_setCext_PGWYcapabilities,4,&(lvalues[4298]),0}, + NID_setCext_PGWYcapabilities,4,&(lvalues[4292]),0}, {"setCext-TokenIdentifier","setCext-TokenIdentifier", - NID_setCext_TokenIdentifier,4,&(lvalues[4302]),0}, + NID_setCext_TokenIdentifier,4,&(lvalues[4296]),0}, {"setCext-Track2Data","setCext-Track2Data",NID_setCext_Track2Data,4, - &(lvalues[4306]),0}, + &(lvalues[4300]),0}, {"setCext-TokenType","setCext-TokenType",NID_setCext_TokenType,4, - &(lvalues[4310]),0}, + &(lvalues[4304]),0}, {"setCext-IssuerCapabilities","setCext-IssuerCapabilities", - NID_setCext_IssuerCapabilities,4,&(lvalues[4314]),0}, -{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4318]),0}, + NID_setCext_IssuerCapabilities,4,&(lvalues[4308]),0}, +{"setAttr-Cert","setAttr-Cert",NID_setAttr_Cert,4,&(lvalues[4312]),0}, {"setAttr-PGWYcap","payment gateway capabilities",NID_setAttr_PGWYcap, - 4,&(lvalues[4322]),0}, + 4,&(lvalues[4316]),0}, {"setAttr-TokenType","setAttr-TokenType",NID_setAttr_TokenType,4, - &(lvalues[4326]),0}, + &(lvalues[4320]),0}, {"setAttr-IssCap","issuer capabilities",NID_setAttr_IssCap,4, - &(lvalues[4330]),0}, + &(lvalues[4324]),0}, {"set-rootKeyThumb","set-rootKeyThumb",NID_set_rootKeyThumb,5, - &(lvalues[4334]),0}, -{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4339]),0}, + &(lvalues[4328]),0}, +{"set-addPolicy","set-addPolicy",NID_set_addPolicy,5,&(lvalues[4333]),0}, {"setAttr-Token-EMV","setAttr-Token-EMV",NID_setAttr_Token_EMV,5, - &(lvalues[4344]),0}, + &(lvalues[4338]),0}, {"setAttr-Token-B0Prime","setAttr-Token-B0Prime", - NID_setAttr_Token_B0Prime,5,&(lvalues[4349]),0}, + NID_setAttr_Token_B0Prime,5,&(lvalues[4343]),0}, {"setAttr-IssCap-CVM","setAttr-IssCap-CVM",NID_setAttr_IssCap_CVM,5, - &(lvalues[4354]),0}, + &(lvalues[4348]),0}, {"setAttr-IssCap-T2","setAttr-IssCap-T2",NID_setAttr_IssCap_T2,5, - &(lvalues[4359]),0}, + &(lvalues[4353]),0}, {"setAttr-IssCap-Sig","setAttr-IssCap-Sig",NID_setAttr_IssCap_Sig,5, - &(lvalues[4364]),0}, + &(lvalues[4358]),0}, {"setAttr-GenCryptgrm","generate cryptogram",NID_setAttr_GenCryptgrm, - 6,&(lvalues[4369]),0}, + 6,&(lvalues[4363]),0}, {"setAttr-T2Enc","encrypted track 2",NID_setAttr_T2Enc,6, - &(lvalues[4375]),0}, + &(lvalues[4369]),0}, {"setAttr-T2cleartxt","cleartext track 2",NID_setAttr_T2cleartxt,6, - &(lvalues[4381]),0}, + &(lvalues[4375]),0}, {"setAttr-TokICCsig","ICC or token signature",NID_setAttr_TokICCsig,6, - &(lvalues[4387]),0}, + &(lvalues[4381]),0}, {"setAttr-SecDevSig","secure device signature",NID_setAttr_SecDevSig, - 6,&(lvalues[4393]),0}, + 6,&(lvalues[4387]),0}, {"set-brand-IATA-ATA","set-brand-IATA-ATA",NID_set_brand_IATA_ATA,4, - &(lvalues[4399]),0}, + &(lvalues[4393]),0}, {"set-brand-Diners","set-brand-Diners",NID_set_brand_Diners,4, - &(lvalues[4403]),0}, + &(lvalues[4397]),0}, {"set-brand-AmericanExpress","set-brand-AmericanExpress", - NID_set_brand_AmericanExpress,4,&(lvalues[4407]),0}, -{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4411]),0}, + NID_set_brand_AmericanExpress,4,&(lvalues[4401]),0}, +{"set-brand-JCB","set-brand-JCB",NID_set_brand_JCB,4,&(lvalues[4405]),0}, {"set-brand-Visa","set-brand-Visa",NID_set_brand_Visa,4, - &(lvalues[4415]),0}, + &(lvalues[4409]),0}, {"set-brand-MasterCard","set-brand-MasterCard", - NID_set_brand_MasterCard,4,&(lvalues[4419]),0}, + NID_set_brand_MasterCard,4,&(lvalues[4413]),0}, {"set-brand-Novus","set-brand-Novus",NID_set_brand_Novus,5, - &(lvalues[4423]),0}, -{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4428]),0}, + &(lvalues[4417]),0}, +{"DES-CDMF","des-cdmf",NID_des_cdmf,8,&(lvalues[4422]),0}, {"rsaOAEPEncryptionSET","rsaOAEPEncryptionSET", - NID_rsaOAEPEncryptionSET,9,&(lvalues[4436]),0}, + NID_rsaOAEPEncryptionSET,9,&(lvalues[4430]),0}, {"ITU-T","itu-t",NID_itu_t,0,NULL,0}, {"JOINT-ISO-ITU-T","joint-iso-itu-t",NID_joint_iso_itu_t,0,NULL,0}, {"international-organizations","International Organizations", - NID_international_organizations,1,&(lvalues[4445]),0}, + NID_international_organizations,1,&(lvalues[4439]),0}, {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login, - 10,&(lvalues[4446]),0}, + 10,&(lvalues[4440]),0}, {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10, - &(lvalues[4456]),0}, + &(lvalues[4450]),0}, {"AES-128-CFB1","aes-128-cfb1",NID_aes_128_cfb1,0,NULL,0}, {"AES-192-CFB1","aes-192-cfb1",NID_aes_192_cfb1,0,NULL,0}, {"AES-256-CFB1","aes-256-cfb1",NID_aes_256_cfb1,0,NULL,0}, @@ -2018,138 +2017,138 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL,0}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL,0}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL,0}, -{"street","streetAddress",NID_streetAddress,3,&(lvalues[4466]),0}, -{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4469]),0}, -{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4472]),0}, +{"street","streetAddress",NID_streetAddress,3,&(lvalues[4460]),0}, +{"postalCode","postalCode",NID_postalCode,3,&(lvalues[4463]),0}, +{"id-ppl","id-ppl",NID_id_ppl,7,&(lvalues[4466]),0}, {"proxyCertInfo","Proxy Certificate Information",NID_proxyCertInfo,8, - &(lvalues[4479]),0}, + &(lvalues[4473]),0}, {"id-ppl-anyLanguage","Any language",NID_id_ppl_anyLanguage,8, - &(lvalues[4487]),0}, + &(lvalues[4481]),0}, {"id-ppl-inheritAll","Inherit all",NID_id_ppl_inheritAll,8, - &(lvalues[4495]),0}, + &(lvalues[4489]),0}, {"nameConstraints","X509v3 Name Constraints",NID_name_constraints,3, - &(lvalues[4503]),0}, -{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4506]),0}, + &(lvalues[4497]),0}, +{"id-ppl-independent","Independent",NID_Independent,8,&(lvalues[4500]),0}, {"RSA-SHA256","sha256WithRSAEncryption",NID_sha256WithRSAEncryption,9, - &(lvalues[4514]),0}, + &(lvalues[4508]),0}, {"RSA-SHA384","sha384WithRSAEncryption",NID_sha384WithRSAEncryption,9, - &(lvalues[4523]),0}, + &(lvalues[4517]),0}, {"RSA-SHA512","sha512WithRSAEncryption",NID_sha512WithRSAEncryption,9, - &(lvalues[4532]),0}, + &(lvalues[4526]),0}, {"RSA-SHA224","sha224WithRSAEncryption",NID_sha224WithRSAEncryption,9, - &(lvalues[4541]),0}, -{"SHA256","sha256",NID_sha256,9,&(lvalues[4550]),0}, -{"SHA384","sha384",NID_sha384,9,&(lvalues[4559]),0}, -{"SHA512","sha512",NID_sha512,9,&(lvalues[4568]),0}, -{"SHA224","sha224",NID_sha224,9,&(lvalues[4577]),0}, + &(lvalues[4535]),0}, +{"SHA256","sha256",NID_sha256,9,&(lvalues[4544]),0}, +{"SHA384","sha384",NID_sha384,9,&(lvalues[4553]),0}, +{"SHA512","sha512",NID_sha512,9,&(lvalues[4562]),0}, +{"SHA224","sha224",NID_sha224,9,&(lvalues[4571]),0}, {"identified-organization","identified-organization", - NID_identified_organization,1,&(lvalues[4586]),0}, -{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4587]),0}, -{"wap","wap",NID_wap,2,&(lvalues[4590]),0}, -{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4592]),0}, + NID_identified_organization,1,&(lvalues[4580]),0}, +{"certicom-arc","certicom-arc",NID_certicom_arc,3,&(lvalues[4581]),0}, +{"wap","wap",NID_wap,2,&(lvalues[4584]),0}, +{"wap-wsg","wap-wsg",NID_wap_wsg,3,&(lvalues[4586]),0}, {"id-characteristic-two-basis","id-characteristic-two-basis", - NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4595]),0}, -{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4603]),0}, -{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4612]),0}, -{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4621]),0}, -{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4630]),0}, -{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4638]),0}, -{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4646]),0}, -{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4654]),0}, -{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4662]),0}, -{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4670]),0}, -{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4678]),0}, -{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4686]),0}, -{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4694]),0}, -{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4702]),0}, -{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4710]),0}, -{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4718]),0}, -{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4726]),0}, -{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4734]),0}, -{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4742]),0}, -{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4750]),0}, -{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4758]),0}, -{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4766]),0}, -{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4774]),0}, -{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4782]),0}, -{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4790]),0}, -{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4795]),0}, -{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4800]),0}, -{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4805]),0}, -{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4810]),0}, -{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4815]),0}, -{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4820]),0}, -{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4825]),0}, -{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4830]),0}, -{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4835]),0}, -{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4840]),0}, -{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4845]),0}, -{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4850]),0}, -{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4855]),0}, -{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4860]),0}, -{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4865]),0}, -{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4870]),0}, -{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4875]),0}, -{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4880]),0}, -{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4885]),0}, -{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4890]),0}, -{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4895]),0}, -{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4900]),0}, -{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4905]),0}, -{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4910]),0}, -{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4915]),0}, -{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4920]),0}, -{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4925]),0}, -{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4930]),0}, -{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4935]),0}, -{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4940]),0}, + NID_X9_62_id_characteristic_two_basis,8,&(lvalues[4589]),0}, +{"onBasis","onBasis",NID_X9_62_onBasis,9,&(lvalues[4597]),0}, +{"tpBasis","tpBasis",NID_X9_62_tpBasis,9,&(lvalues[4606]),0}, +{"ppBasis","ppBasis",NID_X9_62_ppBasis,9,&(lvalues[4615]),0}, +{"c2pnb163v1","c2pnb163v1",NID_X9_62_c2pnb163v1,8,&(lvalues[4624]),0}, +{"c2pnb163v2","c2pnb163v2",NID_X9_62_c2pnb163v2,8,&(lvalues[4632]),0}, +{"c2pnb163v3","c2pnb163v3",NID_X9_62_c2pnb163v3,8,&(lvalues[4640]),0}, +{"c2pnb176v1","c2pnb176v1",NID_X9_62_c2pnb176v1,8,&(lvalues[4648]),0}, +{"c2tnb191v1","c2tnb191v1",NID_X9_62_c2tnb191v1,8,&(lvalues[4656]),0}, +{"c2tnb191v2","c2tnb191v2",NID_X9_62_c2tnb191v2,8,&(lvalues[4664]),0}, +{"c2tnb191v3","c2tnb191v3",NID_X9_62_c2tnb191v3,8,&(lvalues[4672]),0}, +{"c2onb191v4","c2onb191v4",NID_X9_62_c2onb191v4,8,&(lvalues[4680]),0}, +{"c2onb191v5","c2onb191v5",NID_X9_62_c2onb191v5,8,&(lvalues[4688]),0}, +{"c2pnb208w1","c2pnb208w1",NID_X9_62_c2pnb208w1,8,&(lvalues[4696]),0}, +{"c2tnb239v1","c2tnb239v1",NID_X9_62_c2tnb239v1,8,&(lvalues[4704]),0}, +{"c2tnb239v2","c2tnb239v2",NID_X9_62_c2tnb239v2,8,&(lvalues[4712]),0}, +{"c2tnb239v3","c2tnb239v3",NID_X9_62_c2tnb239v3,8,&(lvalues[4720]),0}, +{"c2onb239v4","c2onb239v4",NID_X9_62_c2onb239v4,8,&(lvalues[4728]),0}, +{"c2onb239v5","c2onb239v5",NID_X9_62_c2onb239v5,8,&(lvalues[4736]),0}, +{"c2pnb272w1","c2pnb272w1",NID_X9_62_c2pnb272w1,8,&(lvalues[4744]),0}, +{"c2pnb304w1","c2pnb304w1",NID_X9_62_c2pnb304w1,8,&(lvalues[4752]),0}, +{"c2tnb359v1","c2tnb359v1",NID_X9_62_c2tnb359v1,8,&(lvalues[4760]),0}, +{"c2pnb368w1","c2pnb368w1",NID_X9_62_c2pnb368w1,8,&(lvalues[4768]),0}, +{"c2tnb431r1","c2tnb431r1",NID_X9_62_c2tnb431r1,8,&(lvalues[4776]),0}, +{"secp112r1","secp112r1",NID_secp112r1,5,&(lvalues[4784]),0}, +{"secp112r2","secp112r2",NID_secp112r2,5,&(lvalues[4789]),0}, +{"secp128r1","secp128r1",NID_secp128r1,5,&(lvalues[4794]),0}, +{"secp128r2","secp128r2",NID_secp128r2,5,&(lvalues[4799]),0}, +{"secp160k1","secp160k1",NID_secp160k1,5,&(lvalues[4804]),0}, +{"secp160r1","secp160r1",NID_secp160r1,5,&(lvalues[4809]),0}, +{"secp160r2","secp160r2",NID_secp160r2,5,&(lvalues[4814]),0}, +{"secp192k1","secp192k1",NID_secp192k1,5,&(lvalues[4819]),0}, +{"secp224k1","secp224k1",NID_secp224k1,5,&(lvalues[4824]),0}, +{"secp224r1","secp224r1",NID_secp224r1,5,&(lvalues[4829]),0}, +{"secp256k1","secp256k1",NID_secp256k1,5,&(lvalues[4834]),0}, +{"secp384r1","secp384r1",NID_secp384r1,5,&(lvalues[4839]),0}, +{"secp521r1","secp521r1",NID_secp521r1,5,&(lvalues[4844]),0}, +{"sect113r1","sect113r1",NID_sect113r1,5,&(lvalues[4849]),0}, +{"sect113r2","sect113r2",NID_sect113r2,5,&(lvalues[4854]),0}, +{"sect131r1","sect131r1",NID_sect131r1,5,&(lvalues[4859]),0}, +{"sect131r2","sect131r2",NID_sect131r2,5,&(lvalues[4864]),0}, +{"sect163k1","sect163k1",NID_sect163k1,5,&(lvalues[4869]),0}, +{"sect163r1","sect163r1",NID_sect163r1,5,&(lvalues[4874]),0}, +{"sect163r2","sect163r2",NID_sect163r2,5,&(lvalues[4879]),0}, +{"sect193r1","sect193r1",NID_sect193r1,5,&(lvalues[4884]),0}, +{"sect193r2","sect193r2",NID_sect193r2,5,&(lvalues[4889]),0}, +{"sect233k1","sect233k1",NID_sect233k1,5,&(lvalues[4894]),0}, +{"sect233r1","sect233r1",NID_sect233r1,5,&(lvalues[4899]),0}, +{"sect239k1","sect239k1",NID_sect239k1,5,&(lvalues[4904]),0}, +{"sect283k1","sect283k1",NID_sect283k1,5,&(lvalues[4909]),0}, +{"sect283r1","sect283r1",NID_sect283r1,5,&(lvalues[4914]),0}, +{"sect409k1","sect409k1",NID_sect409k1,5,&(lvalues[4919]),0}, +{"sect409r1","sect409r1",NID_sect409r1,5,&(lvalues[4924]),0}, +{"sect571k1","sect571k1",NID_sect571k1,5,&(lvalues[4929]),0}, +{"sect571r1","sect571r1",NID_sect571r1,5,&(lvalues[4934]),0}, {"wap-wsg-idm-ecid-wtls1","wap-wsg-idm-ecid-wtls1", - NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4945]),0}, + NID_wap_wsg_idm_ecid_wtls1,5,&(lvalues[4939]),0}, {"wap-wsg-idm-ecid-wtls3","wap-wsg-idm-ecid-wtls3", - NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4950]),0}, + NID_wap_wsg_idm_ecid_wtls3,5,&(lvalues[4944]),0}, {"wap-wsg-idm-ecid-wtls4","wap-wsg-idm-ecid-wtls4", - NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4955]),0}, + NID_wap_wsg_idm_ecid_wtls4,5,&(lvalues[4949]),0}, {"wap-wsg-idm-ecid-wtls5","wap-wsg-idm-ecid-wtls5", - NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4960]),0}, + NID_wap_wsg_idm_ecid_wtls5,5,&(lvalues[4954]),0}, {"wap-wsg-idm-ecid-wtls6","wap-wsg-idm-ecid-wtls6", - NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4965]),0}, + NID_wap_wsg_idm_ecid_wtls6,5,&(lvalues[4959]),0}, {"wap-wsg-idm-ecid-wtls7","wap-wsg-idm-ecid-wtls7", - NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4970]),0}, + NID_wap_wsg_idm_ecid_wtls7,5,&(lvalues[4964]),0}, {"wap-wsg-idm-ecid-wtls8","wap-wsg-idm-ecid-wtls8", - NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4975]),0}, + NID_wap_wsg_idm_ecid_wtls8,5,&(lvalues[4969]),0}, {"wap-wsg-idm-ecid-wtls9","wap-wsg-idm-ecid-wtls9", - NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4980]),0}, + NID_wap_wsg_idm_ecid_wtls9,5,&(lvalues[4974]),0}, {"wap-wsg-idm-ecid-wtls10","wap-wsg-idm-ecid-wtls10", - NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4985]),0}, + NID_wap_wsg_idm_ecid_wtls10,5,&(lvalues[4979]),0}, {"wap-wsg-idm-ecid-wtls11","wap-wsg-idm-ecid-wtls11", - NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4990]),0}, + NID_wap_wsg_idm_ecid_wtls11,5,&(lvalues[4984]),0}, {"wap-wsg-idm-ecid-wtls12","wap-wsg-idm-ecid-wtls12", - NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4995]),0}, -{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[5000]),0}, + NID_wap_wsg_idm_ecid_wtls12,5,&(lvalues[4989]),0}, +{"anyPolicy","X509v3 Any Policy",NID_any_policy,4,&(lvalues[4994]),0}, {"policyMappings","X509v3 Policy Mappings",NID_policy_mappings,3, - &(lvalues[5004]),0}, + &(lvalues[4998]),0}, {"inhibitAnyPolicy","X509v3 Inhibit Any Policy", - NID_inhibit_any_policy,3,&(lvalues[5007]),0}, + NID_inhibit_any_policy,3,&(lvalues[5001]),0}, {"Oakley-EC2N-3","ipsec3",NID_ipsec3,0,NULL,0}, {"Oakley-EC2N-4","ipsec4",NID_ipsec4,0,NULL,0}, {"CAMELLIA-128-CBC","camellia-128-cbc",NID_camellia_128_cbc,11, - &(lvalues[5010]),0}, + &(lvalues[5004]),0}, {"CAMELLIA-192-CBC","camellia-192-cbc",NID_camellia_192_cbc,11, - &(lvalues[5021]),0}, + &(lvalues[5015]),0}, {"CAMELLIA-256-CBC","camellia-256-cbc",NID_camellia_256_cbc,11, - &(lvalues[5032]),0}, + &(lvalues[5026]),0}, {"CAMELLIA-128-ECB","camellia-128-ecb",NID_camellia_128_ecb,8, - &(lvalues[5043]),0}, + &(lvalues[5037]),0}, {"CAMELLIA-192-ECB","camellia-192-ecb",NID_camellia_192_ecb,8, - &(lvalues[5051]),0}, + &(lvalues[5045]),0}, {"CAMELLIA-256-ECB","camellia-256-ecb",NID_camellia_256_ecb,8, - &(lvalues[5059]),0}, + &(lvalues[5053]),0}, {"CAMELLIA-128-CFB","camellia-128-cfb",NID_camellia_128_cfb128,8, - &(lvalues[5067]),0}, + &(lvalues[5061]),0}, {"CAMELLIA-192-CFB","camellia-192-cfb",NID_camellia_192_cfb128,8, - &(lvalues[5075]),0}, + &(lvalues[5069]),0}, {"CAMELLIA-256-CFB","camellia-256-cfb",NID_camellia_256_cfb128,8, - &(lvalues[5083]),0}, + &(lvalues[5077]),0}, {"CAMELLIA-128-CFB1","camellia-128-cfb1",NID_camellia_128_cfb1,0,NULL,0}, {"CAMELLIA-192-CFB1","camellia-192-cfb1",NID_camellia_192_cfb1,0,NULL,0}, {"CAMELLIA-256-CFB1","camellia-256-cfb1",NID_camellia_256_cfb1,0,NULL,0}, @@ -2157,284 +2156,284 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"CAMELLIA-192-CFB8","camellia-192-cfb8",NID_camellia_192_cfb8,0,NULL,0}, {"CAMELLIA-256-CFB8","camellia-256-cfb8",NID_camellia_256_cfb8,0,NULL,0}, {"CAMELLIA-128-OFB","camellia-128-ofb",NID_camellia_128_ofb128,8, - &(lvalues[5091]),0}, + &(lvalues[5085]),0}, {"CAMELLIA-192-OFB","camellia-192-ofb",NID_camellia_192_ofb128,8, - &(lvalues[5099]),0}, + &(lvalues[5093]),0}, {"CAMELLIA-256-OFB","camellia-256-ofb",NID_camellia_256_ofb128,8, - &(lvalues[5107]),0}, + &(lvalues[5101]),0}, {"subjectDirectoryAttributes","X509v3 Subject Directory Attributes", - NID_subject_directory_attributes,3,&(lvalues[5115]),0}, + NID_subject_directory_attributes,3,&(lvalues[5109]),0}, {"issuingDistributionPoint","X509v3 Issuing Distribution Point", - NID_issuing_distribution_point,3,&(lvalues[5118]),0}, + NID_issuing_distribution_point,3,&(lvalues[5112]),0}, {"certificateIssuer","X509v3 Certificate Issuer", - NID_certificate_issuer,3,&(lvalues[5121]),0}, + NID_certificate_issuer,3,&(lvalues[5115]),0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"KISA","kisa",NID_kisa,6,&(lvalues[5124]),0}, +{"KISA","kisa",NID_kisa,6,&(lvalues[5118]),0}, {NULL,NULL,NID_undef,0,NULL,0}, {NULL,NULL,NID_undef,0,NULL,0}, -{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5130]),0}, -{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5138]),0}, -{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5146]),0}, -{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5154]),0}, -{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5162]),0}, -{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5170]),0}, +{"SEED-ECB","seed-ecb",NID_seed_ecb,8,&(lvalues[5124]),0}, +{"SEED-CBC","seed-cbc",NID_seed_cbc,8,&(lvalues[5132]),0}, +{"SEED-OFB","seed-ofb",NID_seed_ofb128,8,&(lvalues[5140]),0}, +{"SEED-CFB","seed-cfb",NID_seed_cfb128,8,&(lvalues[5148]),0}, +{"HMAC-MD5","hmac-md5",NID_hmac_md5,8,&(lvalues[5156]),0}, +{"HMAC-SHA1","hmac-sha1",NID_hmac_sha1,8,&(lvalues[5164]),0}, {"id-PasswordBasedMAC","password based MAC",NID_id_PasswordBasedMAC,9, - &(lvalues[5178]),0}, + &(lvalues[5172]),0}, {"id-DHBasedMac","Diffie-Hellman based MAC",NID_id_DHBasedMac,9, - &(lvalues[5187]),0}, + &(lvalues[5181]),0}, {"id-it-suppLangTags","id-it-suppLangTags",NID_id_it_suppLangTags,8, - &(lvalues[5196]),0}, -{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5204]),0}, + &(lvalues[5190]),0}, +{"caRepository","CA Repository",NID_caRepository,8,&(lvalues[5198]),0}, {"id-smime-ct-compressedData","id-smime-ct-compressedData", - NID_id_smime_ct_compressedData,11,&(lvalues[5212]),0}, + NID_id_smime_ct_compressedData,11,&(lvalues[5206]),0}, {"id-ct-asciiTextWithCRLF","id-ct-asciiTextWithCRLF", - NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5223]),0}, + NID_id_ct_asciiTextWithCRLF,11,&(lvalues[5217]),0}, {"id-aes128-wrap","id-aes128-wrap",NID_id_aes128_wrap,9, - &(lvalues[5234]),0}, + &(lvalues[5228]),0}, {"id-aes192-wrap","id-aes192-wrap",NID_id_aes192_wrap,9, - &(lvalues[5243]),0}, + &(lvalues[5237]),0}, {"id-aes256-wrap","id-aes256-wrap",NID_id_aes256_wrap,9, - &(lvalues[5252]),0}, + &(lvalues[5246]),0}, {"ecdsa-with-Recommended","ecdsa-with-Recommended", - NID_ecdsa_with_Recommended,7,&(lvalues[5261]),0}, + NID_ecdsa_with_Recommended,7,&(lvalues[5255]),0}, {"ecdsa-with-Specified","ecdsa-with-Specified", - NID_ecdsa_with_Specified,7,&(lvalues[5268]),0}, + NID_ecdsa_with_Specified,7,&(lvalues[5262]),0}, {"ecdsa-with-SHA224","ecdsa-with-SHA224",NID_ecdsa_with_SHA224,8, - &(lvalues[5275]),0}, + &(lvalues[5269]),0}, {"ecdsa-with-SHA256","ecdsa-with-SHA256",NID_ecdsa_with_SHA256,8, - &(lvalues[5283]),0}, + &(lvalues[5277]),0}, {"ecdsa-with-SHA384","ecdsa-with-SHA384",NID_ecdsa_with_SHA384,8, - &(lvalues[5291]),0}, + &(lvalues[5285]),0}, {"ecdsa-with-SHA512","ecdsa-with-SHA512",NID_ecdsa_with_SHA512,8, - &(lvalues[5299]),0}, -{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5307]),0}, + &(lvalues[5293]),0}, +{"hmacWithMD5","hmacWithMD5",NID_hmacWithMD5,8,&(lvalues[5301]),0}, {"hmacWithSHA224","hmacWithSHA224",NID_hmacWithSHA224,8, - &(lvalues[5315]),0}, + &(lvalues[5309]),0}, {"hmacWithSHA256","hmacWithSHA256",NID_hmacWithSHA256,8, - &(lvalues[5323]),0}, + &(lvalues[5317]),0}, {"hmacWithSHA384","hmacWithSHA384",NID_hmacWithSHA384,8, - &(lvalues[5331]),0}, + &(lvalues[5325]),0}, {"hmacWithSHA512","hmacWithSHA512",NID_hmacWithSHA512,8, - &(lvalues[5339]),0}, + &(lvalues[5333]),0}, {"dsa_with_SHA224","dsa_with_SHA224",NID_dsa_with_SHA224,9, - &(lvalues[5347]),0}, + &(lvalues[5341]),0}, {"dsa_with_SHA256","dsa_with_SHA256",NID_dsa_with_SHA256,9, - &(lvalues[5356]),0}, -{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5365]),0}, -{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5371]),0}, -{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5376]),0}, + &(lvalues[5350]),0}, +{"whirlpool","whirlpool",NID_whirlpool,6,&(lvalues[5359]),0}, +{"cryptopro","cryptopro",NID_cryptopro,5,&(lvalues[5365]),0}, +{"cryptocom","cryptocom",NID_cryptocom,5,&(lvalues[5370]),0}, {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", - NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5381]),0}, + NID_id_GostR3411_94_with_GostR3410_2001,6,&(lvalues[5375]),0}, {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", - NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5387]),0}, -{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5393]),0}, + NID_id_GostR3411_94_with_GostR3410_94,6,&(lvalues[5381]),0}, +{"md_gost94","GOST R 34.11-94",NID_id_GostR3411_94,6,&(lvalues[5387]),0}, {"id-HMACGostR3411-94","HMAC GOST 34.11-94",NID_id_HMACGostR3411_94,6, - &(lvalues[5399]),0}, + &(lvalues[5393]),0}, {"gost2001","GOST R 34.10-2001",NID_id_GostR3410_2001,6, - &(lvalues[5405]),0}, -{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5411]),0}, -{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5417]),0}, + &(lvalues[5399]),0}, +{"gost94","GOST R 34.10-94",NID_id_GostR3410_94,6,&(lvalues[5405]),0}, +{"gost89","GOST 28147-89",NID_id_Gost28147_89,6,&(lvalues[5411]),0}, {"gost89-cnt","gost89-cnt",NID_gost89_cnt,0,NULL,0}, {"gost-mac","GOST 28147-89 MAC",NID_id_Gost28147_89_MAC,6, - &(lvalues[5423]),0}, + &(lvalues[5417]),0}, {"prf-gostr3411-94","GOST R 34.11-94 PRF",NID_id_GostR3411_94_prf,6, - &(lvalues[5429]),0}, + &(lvalues[5423]),0}, {"id-GostR3410-2001DH","GOST R 34.10-2001 DH",NID_id_GostR3410_2001DH, - 6,&(lvalues[5435]),0}, + 6,&(lvalues[5429]),0}, {"id-GostR3410-94DH","GOST R 34.10-94 DH",NID_id_GostR3410_94DH,6, - &(lvalues[5441]),0}, + &(lvalues[5435]),0}, {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", - NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5447]),0}, + NID_id_Gost28147_89_CryptoPro_KeyMeshing,7,&(lvalues[5441]),0}, {"id-Gost28147-89-None-KeyMeshing","id-Gost28147-89-None-KeyMeshing", - NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5454]),0}, + NID_id_Gost28147_89_None_KeyMeshing,7,&(lvalues[5448]),0}, {"id-GostR3411-94-TestParamSet","id-GostR3411-94-TestParamSet", - NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5461]),0}, + NID_id_GostR3411_94_TestParamSet,7,&(lvalues[5455]),0}, {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", - NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5468]),0}, + NID_id_GostR3411_94_CryptoProParamSet,7,&(lvalues[5462]),0}, {"id-Gost28147-89-TestParamSet","id-Gost28147-89-TestParamSet", - NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5475]),0}, + NID_id_Gost28147_89_TestParamSet,7,&(lvalues[5469]),0}, {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", - NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5482]),0}, + NID_id_Gost28147_89_CryptoPro_A_ParamSet,7,&(lvalues[5476]),0}, {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", - NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5489]),0}, + NID_id_Gost28147_89_CryptoPro_B_ParamSet,7,&(lvalues[5483]),0}, {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", - NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5496]),0}, + NID_id_Gost28147_89_CryptoPro_C_ParamSet,7,&(lvalues[5490]),0}, {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", - NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5503]),0}, + NID_id_Gost28147_89_CryptoPro_D_ParamSet,7,&(lvalues[5497]),0}, {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5510]), + NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet,7,&(lvalues[5504]), 0}, {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", - NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5517]), + NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet,7,&(lvalues[5511]), 0}, {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", - NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5524]),0}, + NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet,7,&(lvalues[5518]),0}, {"id-GostR3410-94-TestParamSet","id-GostR3410-94-TestParamSet", - NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5531]),0}, + NID_id_GostR3410_94_TestParamSet,7,&(lvalues[5525]),0}, {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", - NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5538]),0}, + NID_id_GostR3410_94_CryptoPro_A_ParamSet,7,&(lvalues[5532]),0}, {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", - NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5545]),0}, + NID_id_GostR3410_94_CryptoPro_B_ParamSet,7,&(lvalues[5539]),0}, {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", - NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5552]),0}, + NID_id_GostR3410_94_CryptoPro_C_ParamSet,7,&(lvalues[5546]),0}, {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", - NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5559]),0}, + NID_id_GostR3410_94_CryptoPro_D_ParamSet,7,&(lvalues[5553]),0}, {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5566]),0}, + NID_id_GostR3410_94_CryptoPro_XchA_ParamSet,7,&(lvalues[5560]),0}, {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5573]),0}, + NID_id_GostR3410_94_CryptoPro_XchB_ParamSet,7,&(lvalues[5567]),0}, {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", - NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5580]),0}, + NID_id_GostR3410_94_CryptoPro_XchC_ParamSet,7,&(lvalues[5574]),0}, {"id-GostR3410-2001-TestParamSet","id-GostR3410-2001-TestParamSet", - NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5587]),0}, + NID_id_GostR3410_2001_TestParamSet,7,&(lvalues[5581]),0}, {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", - NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5594]),0}, + NID_id_GostR3410_2001_CryptoPro_A_ParamSet,7,&(lvalues[5588]),0}, {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", - NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5601]),0}, + NID_id_GostR3410_2001_CryptoPro_B_ParamSet,7,&(lvalues[5595]),0}, {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", - NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5608]),0}, + NID_id_GostR3410_2001_CryptoPro_C_ParamSet,7,&(lvalues[5602]),0}, {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5615]),0}, + NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet,7,&(lvalues[5609]),0}, {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", - NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5622]),0}, + NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet,7,&(lvalues[5616]),0}, {"id-GostR3410-94-a","id-GostR3410-94-a",NID_id_GostR3410_94_a,7, - &(lvalues[5629]),0}, + &(lvalues[5623]),0}, {"id-GostR3410-94-aBis","id-GostR3410-94-aBis", - NID_id_GostR3410_94_aBis,7,&(lvalues[5636]),0}, + NID_id_GostR3410_94_aBis,7,&(lvalues[5630]),0}, {"id-GostR3410-94-b","id-GostR3410-94-b",NID_id_GostR3410_94_b,7, - &(lvalues[5643]),0}, + &(lvalues[5637]),0}, {"id-GostR3410-94-bBis","id-GostR3410-94-bBis", - NID_id_GostR3410_94_bBis,7,&(lvalues[5650]),0}, + NID_id_GostR3410_94_bBis,7,&(lvalues[5644]),0}, {"id-Gost28147-89-cc","GOST 28147-89 Cryptocom ParamSet", - NID_id_Gost28147_89_cc,8,&(lvalues[5657]),0}, + NID_id_Gost28147_89_cc,8,&(lvalues[5651]),0}, {"gost94cc","GOST 34.10-94 Cryptocom",NID_id_GostR3410_94_cc,8, - &(lvalues[5665]),0}, + &(lvalues[5659]),0}, {"gost2001cc","GOST 34.10-2001 Cryptocom",NID_id_GostR3410_2001_cc,8, - &(lvalues[5673]),0}, + &(lvalues[5667]),0}, {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5681]),0}, + NID_id_GostR3411_94_with_GostR3410_94_cc,8,&(lvalues[5675]),0}, {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", - NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5689]),0}, + NID_id_GostR3411_94_with_GostR3410_2001_cc,8,&(lvalues[5683]),0}, {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", - NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5697]),0}, + NID_id_GostR3410_2001_ParamSet_cc,8,&(lvalues[5691]),0}, {"HMAC","hmac",NID_hmac,0,NULL,0}, {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9, - &(lvalues[5705]),0}, + &(lvalues[5699]),0}, {"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3, - &(lvalues[5714]),0}, + &(lvalues[5708]),0}, {"id-on-permanentIdentifier","Permanent Identifier", - NID_id_on_permanentIdentifier,8,&(lvalues[5717]),0}, -{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5725]),0}, + NID_id_on_permanentIdentifier,8,&(lvalues[5711]),0}, +{"searchGuide","searchGuide",NID_searchGuide,3,&(lvalues[5719]),0}, {"businessCategory","businessCategory",NID_businessCategory,3, - &(lvalues[5728]),0}, -{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5731]),0}, -{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5734]),0}, + &(lvalues[5722]),0}, +{"postalAddress","postalAddress",NID_postalAddress,3,&(lvalues[5725]),0}, +{"postOfficeBox","postOfficeBox",NID_postOfficeBox,3,&(lvalues[5728]),0}, {"physicalDeliveryOfficeName","physicalDeliveryOfficeName", - NID_physicalDeliveryOfficeName,3,&(lvalues[5737]),0}, + NID_physicalDeliveryOfficeName,3,&(lvalues[5731]),0}, {"telephoneNumber","telephoneNumber",NID_telephoneNumber,3, - &(lvalues[5740]),0}, -{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5743]),0}, + &(lvalues[5734]),0}, +{"telexNumber","telexNumber",NID_telexNumber,3,&(lvalues[5737]),0}, {"teletexTerminalIdentifier","teletexTerminalIdentifier", - NID_teletexTerminalIdentifier,3,&(lvalues[5746]),0}, + NID_teletexTerminalIdentifier,3,&(lvalues[5740]),0}, {"facsimileTelephoneNumber","facsimileTelephoneNumber", - NID_facsimileTelephoneNumber,3,&(lvalues[5749]),0}, -{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5752]),0}, + NID_facsimileTelephoneNumber,3,&(lvalues[5743]),0}, +{"x121Address","x121Address",NID_x121Address,3,&(lvalues[5746]),0}, {"internationaliSDNNumber","internationaliSDNNumber", - NID_internationaliSDNNumber,3,&(lvalues[5755]),0}, + NID_internationaliSDNNumber,3,&(lvalues[5749]),0}, {"registeredAddress","registeredAddress",NID_registeredAddress,3, - &(lvalues[5758]),0}, + &(lvalues[5752]),0}, {"destinationIndicator","destinationIndicator", - NID_destinationIndicator,3,&(lvalues[5761]),0}, + NID_destinationIndicator,3,&(lvalues[5755]),0}, {"preferredDeliveryMethod","preferredDeliveryMethod", - NID_preferredDeliveryMethod,3,&(lvalues[5764]),0}, + NID_preferredDeliveryMethod,3,&(lvalues[5758]),0}, {"presentationAddress","presentationAddress",NID_presentationAddress, - 3,&(lvalues[5767]),0}, + 3,&(lvalues[5761]),0}, {"supportedApplicationContext","supportedApplicationContext", - NID_supportedApplicationContext,3,&(lvalues[5770]),0}, -{"member","member",NID_member,3,&(lvalues[5773]),0}, -{"owner","owner",NID_owner,3,&(lvalues[5776]),0}, -{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5779]),0}, -{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5782]),0}, -{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5785]),0}, + NID_supportedApplicationContext,3,&(lvalues[5764]),0}, +{"member","member",NID_member,3,&(lvalues[5767]),0}, +{"owner","owner",NID_owner,3,&(lvalues[5770]),0}, +{"roleOccupant","roleOccupant",NID_roleOccupant,3,&(lvalues[5773]),0}, +{"seeAlso","seeAlso",NID_seeAlso,3,&(lvalues[5776]),0}, +{"userPassword","userPassword",NID_userPassword,3,&(lvalues[5779]),0}, {"userCertificate","userCertificate",NID_userCertificate,3, - &(lvalues[5788]),0}, -{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5791]),0}, + &(lvalues[5782]),0}, +{"cACertificate","cACertificate",NID_cACertificate,3,&(lvalues[5785]),0}, {"authorityRevocationList","authorityRevocationList", - NID_authorityRevocationList,3,&(lvalues[5794]),0}, + NID_authorityRevocationList,3,&(lvalues[5788]),0}, {"certificateRevocationList","certificateRevocationList", - NID_certificateRevocationList,3,&(lvalues[5797]),0}, + NID_certificateRevocationList,3,&(lvalues[5791]),0}, {"crossCertificatePair","crossCertificatePair", - NID_crossCertificatePair,3,&(lvalues[5800]),0}, + NID_crossCertificatePair,3,&(lvalues[5794]),0}, {"enhancedSearchGuide","enhancedSearchGuide",NID_enhancedSearchGuide, - 3,&(lvalues[5803]),0}, + 3,&(lvalues[5797]),0}, {"protocolInformation","protocolInformation",NID_protocolInformation, - 3,&(lvalues[5806]),0}, + 3,&(lvalues[5800]),0}, {"distinguishedName","distinguishedName",NID_distinguishedName,3, - &(lvalues[5809]),0}, -{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5812]),0}, + &(lvalues[5803]),0}, +{"uniqueMember","uniqueMember",NID_uniqueMember,3,&(lvalues[5806]),0}, {"houseIdentifier","houseIdentifier",NID_houseIdentifier,3, - &(lvalues[5815]),0}, + &(lvalues[5809]),0}, {"supportedAlgorithms","supportedAlgorithms",NID_supportedAlgorithms, - 3,&(lvalues[5818]),0}, + 3,&(lvalues[5812]),0}, {"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList, - 3,&(lvalues[5821]),0}, -{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5824]),0}, + 3,&(lvalues[5815]),0}, +{"dmdName","dmdName",NID_dmdName,3,&(lvalues[5818]),0}, {"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11, - &(lvalues[5827]),0}, + &(lvalues[5821]),0}, {"CMAC","cmac",NID_cmac,0,NULL,0}, -{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5838]),0}, -{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5847]),0}, +{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5832]),0}, +{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5841]),0}, {"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9, - &(lvalues[5856]),0}, -{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5865]),0}, -{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5874]),0}, + &(lvalues[5850]),0}, +{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5859]),0}, +{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5868]),0}, {"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9, - &(lvalues[5883]),0}, -{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5892]),0}, -{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5901]),0}, + &(lvalues[5877]),0}, +{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5886]),0}, +{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5895]),0}, {"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9, - &(lvalues[5910]),0}, + &(lvalues[5904]),0}, {"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0}, {"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0}, {"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0}, {"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap, - 11,&(lvalues[5919]),0}, + 11,&(lvalues[5913]),0}, {"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap, - 11,&(lvalues[5930]),0}, + 11,&(lvalues[5924]),0}, {"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap, - 11,&(lvalues[5941]),0}, + 11,&(lvalues[5935]),0}, {"anyExtendedKeyUsage","Any Extended Key Usage", - NID_anyExtendedKeyUsage,4,&(lvalues[5952]),0}, -{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5956]),0}, -{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5965]),0}, + NID_anyExtendedKeyUsage,4,&(lvalues[5946]),0}, +{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5950]),0}, +{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5959]),0}, {"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0}, {"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0}, {"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0}, @@ -2444,67 +2443,67 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ NID_aes_192_cbc_hmac_sha1,0,NULL,0}, {"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1,0,NULL,0}, -{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5974]),0}, -{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5983]),0}, +{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5968]),0}, +{"dhpublicnumber","X9.42 DH",NID_dhpublicnumber,7,&(lvalues[5977]),0}, {"brainpoolP160r1","brainpoolP160r1",NID_brainpoolP160r1,9, - &(lvalues[5990]),0}, + &(lvalues[5984]),0}, {"brainpoolP160t1","brainpoolP160t1",NID_brainpoolP160t1,9, - &(lvalues[5999]),0}, + &(lvalues[5993]),0}, {"brainpoolP192r1","brainpoolP192r1",NID_brainpoolP192r1,9, - &(lvalues[6008]),0}, + &(lvalues[6002]),0}, {"brainpoolP192t1","brainpoolP192t1",NID_brainpoolP192t1,9, - &(lvalues[6017]),0}, + &(lvalues[6011]),0}, {"brainpoolP224r1","brainpoolP224r1",NID_brainpoolP224r1,9, - &(lvalues[6026]),0}, + &(lvalues[6020]),0}, {"brainpoolP224t1","brainpoolP224t1",NID_brainpoolP224t1,9, - &(lvalues[6035]),0}, + &(lvalues[6029]),0}, {"brainpoolP256r1","brainpoolP256r1",NID_brainpoolP256r1,9, - &(lvalues[6044]),0}, + &(lvalues[6038]),0}, {"brainpoolP256t1","brainpoolP256t1",NID_brainpoolP256t1,9, - &(lvalues[6053]),0}, + &(lvalues[6047]),0}, {"brainpoolP320r1","brainpoolP320r1",NID_brainpoolP320r1,9, - &(lvalues[6062]),0}, + &(lvalues[6056]),0}, {"brainpoolP320t1","brainpoolP320t1",NID_brainpoolP320t1,9, - &(lvalues[6071]),0}, + &(lvalues[6065]),0}, {"brainpoolP384r1","brainpoolP384r1",NID_brainpoolP384r1,9, - &(lvalues[6080]),0}, + &(lvalues[6074]),0}, {"brainpoolP384t1","brainpoolP384t1",NID_brainpoolP384t1,9, - &(lvalues[6089]),0}, + &(lvalues[6083]),0}, {"brainpoolP512r1","brainpoolP512r1",NID_brainpoolP512r1,9, - &(lvalues[6098]),0}, + &(lvalues[6092]),0}, {"brainpoolP512t1","brainpoolP512t1",NID_brainpoolP512t1,9, - &(lvalues[6107]),0}, -{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6116]),0}, + &(lvalues[6101]),0}, +{"PSPECIFIED","pSpecified",NID_pSpecified,9,&(lvalues[6110]),0}, {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", - NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6125]),0}, + NID_dhSinglePass_stdDH_sha1kdf_scheme,9,&(lvalues[6119]),0}, {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", - NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6134]),0}, + NID_dhSinglePass_stdDH_sha224kdf_scheme,6,&(lvalues[6128]),0}, {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", - NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6140]),0}, + NID_dhSinglePass_stdDH_sha256kdf_scheme,6,&(lvalues[6134]),0}, {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", - NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6146]),0}, + NID_dhSinglePass_stdDH_sha384kdf_scheme,6,&(lvalues[6140]),0}, {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", - NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6152]),0}, + NID_dhSinglePass_stdDH_sha512kdf_scheme,6,&(lvalues[6146]),0}, {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", - NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6158]),0}, + NID_dhSinglePass_cofactorDH_sha1kdf_scheme,9,&(lvalues[6152]),0}, {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", - NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6167]),0}, + NID_dhSinglePass_cofactorDH_sha224kdf_scheme,6,&(lvalues[6161]),0}, {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", - NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6173]),0}, + NID_dhSinglePass_cofactorDH_sha256kdf_scheme,6,&(lvalues[6167]),0}, {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", - NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6179]),0}, + NID_dhSinglePass_cofactorDH_sha384kdf_scheme,6,&(lvalues[6173]),0}, {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", - NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6185]),0}, + NID_dhSinglePass_cofactorDH_sha512kdf_scheme,6,&(lvalues[6179]),0}, {"dh-std-kdf","dh-std-kdf",NID_dh_std_kdf,0,NULL,0}, {"dh-cofactor-kdf","dh-cofactor-kdf",NID_dh_cofactor_kdf,0,NULL,0}, {"AES-128-CBC-HMAC-SHA256","aes-128-cbc-hmac-sha256", @@ -2514,46 +2513,46 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ {"AES-256-CBC-HMAC-SHA256","aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256,0,NULL,0}, {"ct_precert_scts","CT Precertificate SCTs",NID_ct_precert_scts,10, - &(lvalues[6191]),0}, + &(lvalues[6185]),0}, {"ct_precert_poison","CT Precertificate Poison",NID_ct_precert_poison, - 10,&(lvalues[6201]),0}, + 10,&(lvalues[6195]),0}, {"ct_precert_signer","CT Precertificate Signer",NID_ct_precert_signer, - 10,&(lvalues[6211]),0}, + 10,&(lvalues[6205]),0}, {"ct_cert_scts","CT Certificate SCTs",NID_ct_cert_scts,10, - &(lvalues[6221]),0}, + &(lvalues[6215]),0}, {"jurisdictionL","jurisdictionLocalityName", - NID_jurisdictionLocalityName,11,&(lvalues[6231]),0}, + NID_jurisdictionLocalityName,11,&(lvalues[6225]),0}, {"jurisdictionST","jurisdictionStateOrProvinceName", - NID_jurisdictionStateOrProvinceName,11,&(lvalues[6242]),0}, + NID_jurisdictionStateOrProvinceName,11,&(lvalues[6236]),0}, {"jurisdictionC","jurisdictionCountryName", - NID_jurisdictionCountryName,11,&(lvalues[6253]),0}, + NID_jurisdictionCountryName,11,&(lvalues[6247]),0}, {"AES-128-OCB","aes-128-ocb",NID_aes_128_ocb,0,NULL,0}, {"AES-192-OCB","aes-192-ocb",NID_aes_192_ocb,0,NULL,0}, {"AES-256-OCB","aes-256-ocb",NID_aes_256_ocb,0,NULL,0}, {"CAMELLIA-128-GCM","camellia-128-gcm",NID_camellia_128_gcm,8, - &(lvalues[6264]),0}, + &(lvalues[6258]),0}, {"CAMELLIA-128-CCM","camellia-128-ccm",NID_camellia_128_ccm,8, - &(lvalues[6272]),0}, + &(lvalues[6266]),0}, {"CAMELLIA-128-CTR","camellia-128-ctr",NID_camellia_128_ctr,8, - &(lvalues[6280]),0}, + &(lvalues[6274]),0}, {"CAMELLIA-128-CMAC","camellia-128-cmac",NID_camellia_128_cmac,8, - &(lvalues[6288]),0}, + &(lvalues[6282]),0}, {"CAMELLIA-192-GCM","camellia-192-gcm",NID_camellia_192_gcm,8, - &(lvalues[6296]),0}, + &(lvalues[6290]),0}, {"CAMELLIA-192-CCM","camellia-192-ccm",NID_camellia_192_ccm,8, - &(lvalues[6304]),0}, + &(lvalues[6298]),0}, {"CAMELLIA-192-CTR","camellia-192-ctr",NID_camellia_192_ctr,8, - &(lvalues[6312]),0}, + &(lvalues[6306]),0}, {"CAMELLIA-192-CMAC","camellia-192-cmac",NID_camellia_192_cmac,8, - &(lvalues[6320]),0}, + &(lvalues[6314]),0}, {"CAMELLIA-256-GCM","camellia-256-gcm",NID_camellia_256_gcm,8, - &(lvalues[6328]),0}, + &(lvalues[6322]),0}, {"CAMELLIA-256-CCM","camellia-256-ccm",NID_camellia_256_ccm,8, - &(lvalues[6336]),0}, + &(lvalues[6330]),0}, {"CAMELLIA-256-CTR","camellia-256-ctr",NID_camellia_256_ctr,8, - &(lvalues[6344]),0}, + &(lvalues[6338]),0}, {"CAMELLIA-256-CMAC","camellia-256-cmac",NID_camellia_256_cmac,8, - &(lvalues[6352]),0}, + &(lvalues[6346]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -2725,7 +2724,6 @@ static const unsigned int sn_objs[NUM_SN]={ 121, /* "RC5-ECB" */ 123, /* "RC5-OFB" */ 117, /* "RIPEMD160" */ -124, /* "RLE" */ 19, /* "RSA" */ 7, /* "RSA-MD2" */ 396, /* "RSA-MD4" */ @@ -4269,7 +4267,6 @@ static const unsigned int ln_objs[NUM_LN]={ 377, /* "rsaSignature" */ 919, /* "rsaesOaep" */ 912, /* "rsassaPss" */ -124, /* "run length compression" */ 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ @@ -4804,7 +4801,6 @@ static const unsigned int obj_objs[NUM_OBJ]={ 744, /* OBJ_wap_wsg_idm_ecid_wtls11 2 23 43 1 4 11 */ 745, /* OBJ_wap_wsg_idm_ecid_wtls12 2 23 43 1 4 12 */ 804, /* OBJ_whirlpool 1 0 10118 3 0 55 */ -124, /* OBJ_rle_compression 1 1 1 1 666 1 */ 773, /* OBJ_kisa 1 2 410 200004 */ 807, /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */ 808, /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */ diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 2fc85b4..57d13b6 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -839,8 +839,6 @@ mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message # What the hell are these OIDs, really? -!Cname rle-compression -1 1 1 1 666 1 : RLE : run length compression !Cname zlib-compression id-smime-alg 8 : ZLIB : zlib compression diff --git a/include/openssl/comp.h b/include/openssl/comp.h index 406c428..6799b0f 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -43,7 +43,6 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); -COMP_METHOD *COMP_rle(void); COMP_METHOD *COMP_zlib(void); void COMP_zlib_cleanup(void); diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index e750a85..475a9dc 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2579,11 +2579,6 @@ #define NID_id_hex_multipart_message 508 #define OBJ_id_hex_multipart_message OBJ_mime_mhs_headings,2L -#define SN_rle_compression "RLE" -#define LN_rle_compression "run length compression" -#define NID_rle_compression 124 -#define OBJ_rle_compression 1L,1L,1L,1L,666L,1L - #define SN_zlib_compression "ZLIB" #define LN_zlib_compression "zlib compression" #define NID_zlib_compression 125 diff --git a/util/libeay.num b/util/libeay.num index bc4bb44..d1b0303 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1115,7 +1115,7 @@ PKCS7_get_issuer_and_serial 1142 EXIST::FUNCTION: PKCS7_get_signed_attribute 1143 EXIST::FUNCTION: COMP_compress_block 1144 EXIST::FUNCTION: COMP_expand_block 1145 EXIST::FUNCTION: -COMP_rle 1146 EXIST::FUNCTION: +COMP_rle 1146 NOEXIST::FUNCTION: COMP_zlib 1147 EXIST::FUNCTION: ms_time_diff 1148 NOEXIST::FUNCTION: ms_time_new 1149 NOEXIST::FUNCTION: From matt at openssl.org Tue May 5 21:30:55 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 05 May 2015 21:30:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430861455.163817.10421.nullmailer@dev.openssl.org> The branch master has been updated via b1ad95e328fd7de5aad72fc6fdcbefd6bf05c3fe (commit) from 2ed42bf639b12a2ec5bcc24ef5a45a1ca027ec95 (commit) - Log ----------------------------------------------------------------- commit b1ad95e328fd7de5aad72fc6fdcbefd6bf05c3fe Author: Matt Caswell Date: Tue May 5 22:09:01 2015 +0100 Fix windows build Fix error in WIN32_rename() introduced by commit b4faea50c35. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/apps.c b/apps/apps.c index 797e250..53b76e9 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2365,7 +2365,7 @@ static int WIN32_rename(const char *from, const char *to) } else { /* UNICODE path */ size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1; - tfrom = malloc(*sizeof(*tfrom) * (flen + tlen)); + tfrom = malloc(sizeof(*tfrom) * (flen + tlen)); if (tfrom == NULL) goto err; tto = tfrom + flen; From levitte at openssl.org Wed May 6 00:08:22 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 06 May 2015 00:08:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430870902.981499.23885.nullmailer@dev.openssl.org> The branch master has been updated via 12048657a91b12e499d03ec9ff406b42aba67366 (commit) from b1ad95e328fd7de5aad72fc6fdcbefd6bf05c3fe (commit) - Log ----------------------------------------------------------------- commit 12048657a91b12e499d03ec9ff406b42aba67366 Author: Richard Levitte Date: Wed May 6 00:47:42 2015 +0200 ZLIB compression deserves a better comment What could be better than to refer to the RFC that defines it? Reviewed-by: Stephen Henson ----------------------------------------------------------------------- Summary of changes: crypto/objects/objects.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 57d13b6..25a9bb8 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -838,7 +838,7 @@ mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message -# What the hell are these OIDs, really? +# RFC 3274 !Cname zlib-compression id-smime-alg 8 : ZLIB : zlib compression From rsalz at openssl.org Wed May 6 02:19:14 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 06 May 2015 02:19:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430878754.393547.4374.nullmailer@dev.openssl.org> The branch master has been updated via 16f8d4ebf0fd4847fa83d9c61f4150273cb4f533 (commit) from 12048657a91b12e499d03ec9ff406b42aba67366 (commit) - Log ----------------------------------------------------------------- commit 16f8d4ebf0fd4847fa83d9c61f4150273cb4f533 Author: Rich Salz Date: Mon May 4 18:00:15 2015 -0400 memset, memcpy, sizeof consistency fixes Just as with the OPENSSL_malloc calls, consistently use sizeof(*ptr) for memset and memcpy. Remove needless casts for those functions. For memset, replace alternative forms of zero with 0. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/opt.c | 4 ++-- apps/s_apps.h | 2 +- apps/s_socket.c | 10 ++++----- crypto/LPdir_unix.c | 2 +- crypto/LPdir_vms.c | 2 +- crypto/LPdir_win.c | 2 +- crypto/asn1/a_enum.c | 2 +- crypto/asn1/a_int.c | 2 +- crypto/asn1/a_verify.c | 10 --------- crypto/asn1/ameth_lib.c | 3 +-- crypto/bio/b_sock.c | 2 +- crypto/bio/bss_acpt.c | 2 +- crypto/bio/bss_conn.c | 4 ++-- crypto/bio/bss_dgram.c | 43 ++++++++++++++++++------------------- crypto/bn/bn_blind.c | 2 +- crypto/bn/bn_intern.c | 4 ++-- crypto/bn/bn_lcl.h | 6 +++--- crypto/bn/bn_lib.c | 8 +++---- crypto/bn/bn_mont.c | 2 +- crypto/bn/bn_mul.c | 14 ++++++------ crypto/bn/bn_shift.c | 5 +---- crypto/bn/bn_sqr.c | 2 +- crypto/comp/comp_lib.c | 2 +- crypto/dso/dso_lib.c | 2 +- crypto/dso/dso_win32.c | 2 +- crypto/ec/ecp_nistp224.c | 20 ++++++++--------- crypto/ec/ecp_nistp256.c | 19 ++++++++-------- crypto/ec/ecp_nistp521.c | 19 ++++++++-------- crypto/engine/eng_cryptodev.c | 14 ++++++------ crypto/engine/eng_dyn.c | 2 +- crypto/engine/eng_lib.c | 2 +- crypto/evp/bio_ok.c | 3 +-- crypto/evp/digest.c | 4 ++-- crypto/evp/e_null.c | 3 +-- crypto/evp/evp_enc.c | 5 ++--- crypto/evp/pmeth_lib.c | 2 +- crypto/jpake/jpake.c | 2 +- crypto/md2/md2_dgst.c | 8 +++---- crypto/modes/ocb128.c | 14 ++++++------ crypto/pqueue/pqueue.c | 2 +- crypto/rsa/rsa_lib.c | 6 +++--- crypto/sha/sha512.c | 8 ++++--- crypto/stack/stack.c | 2 +- crypto/store/str_mem.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_verify_ctx.c | 4 ++-- crypto/ui/ui_openssl.c | 2 +- crypto/x509/x509_vfy.c | 10 ++++----- crypto/x509v3/pcy_tree.c | 5 +---- demos/engines/ibmca/hw_ibmca.c | 4 ++-- demos/ssl/cli.cpp | 2 +- demos/ssl/serv.cpp | 2 +- demos/state_machine/state_machine.c | 2 +- engines/ccgost/gost_pmeth.c | 4 ++-- engines/ccgost/gosthash.c | 2 +- engines/e_atalla.c | 2 +- engines/e_padlock.c | 2 +- ssl/bio_ssl.c | 2 +- ssl/d1_both.c | 8 +++---- ssl/d1_lib.c | 12 +++++------ ssl/d1_msg.c | 2 +- ssl/kssl.c | 8 +++---- ssl/record/rec_layer_d1.c | 13 +++++------ ssl/record/rec_layer_s3.c | 2 +- ssl/s3_clnt.c | 4 ++-- ssl/s3_enc.c | 5 +++-- ssl/s3_srvr.c | 5 ++--- ssl/ssl_cert.c | 11 +++------- ssl/ssl_ciph.c | 4 ++-- ssl/ssl_lib.c | 6 +++--- ssl/ssl_sess.c | 2 +- ssl/t1_ext.c | 2 +- test/bftest.c | 4 ++-- test/enginetest.c | 2 +- test/heartbeat_test.c | 2 +- test/rc4test.c | 8 +++---- 76 files changed, 198 insertions(+), 223 deletions(-) diff --git a/apps/opt.c b/apps/opt.c index fbe4c4b..3e2831c 100644 --- a/apps/opt.c +++ b/apps/opt.c @@ -795,7 +795,7 @@ void opt_help(const OPTIONS *list) } /* Pad out prefix */ - memset(start, ' ', sizeof start - 1); + memset(start, ' ', sizeof(start) - 1); start[sizeof start - 1] = '\0'; if (o->name == OPT_MORE_STR) { @@ -821,7 +821,7 @@ void opt_help(const OPTIONS *list) if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) { *p = '\0'; BIO_printf(bio_err, "%s\n", start); - memset(start, ' ', sizeof start); + memset(start, ' ', sizeof(start)); } start[width] = '\0'; BIO_printf(bio_err, "%s %s\n", start, help); diff --git a/apps/s_apps.h b/apps/s_apps.h index cf3026d..c8069a0 100644 --- a/apps/s_apps.h +++ b/apps/s_apps.h @@ -144,7 +144,7 @@ typedef fd_mask fd_set; # define FD_SET(n, p) (*(p) |= (1 << ((n) % NFDBITS))) # define FD_CLR(n, p) (*(p) &= ~(1 << ((n) % NFDBITS))) # define FD_ISSET(n, p) (*(p) & (1 << ((n) % NFDBITS))) -# define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) +# define FD_ZERO(p) memset((p), 0, sizeof(*(p))) #endif #define PORT 4433 diff --git a/apps/s_socket.c b/apps/s_socket.c index bba8e08..1ca0d3a 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -252,7 +252,7 @@ static int init_client_ip(int *sock, const unsigned char ip[4], int port, if (!ssl_sock_init()) return (0); - memset((char *)&them, 0, sizeof(them)); + memset(&them, 0, sizeof(them)); them.sin_family = AF_INET; them.sin_port = htons((unsigned short)port); addr = (unsigned long) @@ -308,7 +308,7 @@ int init_client_unix(int *sock, const char *server) return (0); } - memset((char *)&them, 0, sizeof(them)); + memset(&them, 0, sizeof(them)); them.sun_family = AF_UNIX; strcpy(them.sun_path, server); @@ -410,7 +410,7 @@ static int init_server_long(int *sock, int port, char *ip, int type) if (!ssl_sock_init()) return (0); - memset((char *)&server, 0, sizeof(server)); + memset(&server, 0, sizeof(server)); server.sin_family = AF_INET; server.sin_port = htons((unsigned short)port); if (ip == NULL) @@ -475,7 +475,7 @@ static int init_server_unix(int *sock, const char *path) if (s == INVALID_SOCKET) goto err; - memset((char *)&server, 0, sizeof(server)); + memset(&server, 0, sizeof(server)); server.sun_family = AF_UNIX; strcpy(server.sun_path, path); @@ -518,7 +518,7 @@ static int do_accept(int acc_sock, int *sock, char **host) redoit: # endif - memset((char *)&from, 0, sizeof(from)); + memset(&from, 0, sizeof(from)); len = sizeof(from); /* * Note: under VMS with SOCKETSHR the fourth parameter is currently of diff --git a/crypto/LPdir_unix.c b/crypto/LPdir_unix.c index 3a14da1..1428cd1 100644 --- a/crypto/LPdir_unix.c +++ b/crypto/LPdir_unix.c @@ -83,7 +83,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) errno = ENOMEM; return 0; } - memset(*ctx, '\0', sizeof(**ctx)); + memset(*ctx, 0, sizeof(**ctx)); (*ctx)->dir = opendir(directory); if ((*ctx)->dir == NULL) { diff --git a/crypto/LPdir_vms.c b/crypto/LPdir_vms.c index 1e8f9e7..362918d 100644 --- a/crypto/LPdir_vms.c +++ b/crypto/LPdir_vms.c @@ -109,7 +109,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) errno = ENOMEM; return 0; } - memset(*ctx, '\0', sizeof(**ctx)); + memset(*ctx, 0, sizeof(**ctx)); strcpy((*ctx)->filespec, directory); strcat((*ctx)->filespec, "*.*;"); diff --git a/crypto/LPdir_win.c b/crypto/LPdir_win.c index 78a796d..4ff514f 100644 --- a/crypto/LPdir_win.c +++ b/crypto/LPdir_win.c @@ -74,7 +74,7 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory) errno = ENOMEM; return 0; } - memset(*ctx, '\0', sizeof(**ctx)); + memset(*ctx, 0, sizeof(**ctx)); if (directory[dirlen - 1] != '*') { extdirbuf = (char *)malloc(dirlen + 3); diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index 4abd80c..aed3de5 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -77,7 +77,7 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) if (a->length < (int)(sizeof(long) + 1)) { OPENSSL_free(a->data); if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL) - memset((char *)a->data, 0, sizeof(long) + 1); + memset(a->data, 0, sizeof(long) + 1); } if (a->data == NULL) { ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 68a312b..2282978 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -349,7 +349,7 @@ int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) if (a->length < (int)(sizeof(long) + 1)) { OPENSSL_free(a->data); if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL) - memset((char *)a->data, 0, sizeof(long) + 1); + memset(a->data, 0, sizeof(long) + 1); } if (a->data == NULL) { ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index b452999..5b908f1 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -121,11 +121,6 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, ret = 0; goto err; } - /* - * we don't need to zero the 'ctx' because we just checked public - * information - */ - /* memset(&ctx,0,sizeof(ctx)); */ ret = 1; err: EVP_MD_CTX_cleanup(&ctx); @@ -221,11 +216,6 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ret = 0; goto err; } - /* - * we don't need to zero the 'ctx' because we just checked public - * information - */ - /* memset(&ctx,0,sizeof(ctx)); */ ret = 1; err: EVP_MD_CTX_cleanup(&ctx); diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index c7acb46..de70f9b 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -288,8 +288,7 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, if (!ameth) return NULL; - memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD)); - + memset(ameth, 0, sizeof(*ameth)); ameth->pkey_id = id; ameth->pkey_base_id = id; ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC; diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index 39499de..e3a1ee9 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -484,7 +484,7 @@ int BIO_get_accept_socket(char *host, int bind_mode) if (!BIO_get_port(p, &port)) goto err; - memset((char *)&server, 0, sizeof(server)); + memset(&server, 0, sizeof(server)); server.sa_in.sin_family = AF_INET; server.sa_in.sin_port = htons(port); addrlen = sizeof(server.sa_in); diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index cde8da3..48435b0 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -140,7 +140,7 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void) if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); - memset(ret, 0, sizeof(BIO_ACCEPT)); + memset(ret, 0, sizeof(*ret)); ret->accept_sock = INVALID_SOCKET; ret->bind_mode = BIO_BIND_NORMAL; return (ret); diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index b8fa828..60f58e2 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -178,7 +178,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) case BIO_CONN_S_CREATE_SOCKET: /* now setup address */ - memset((char *)&c->them, 0, sizeof(c->them)); + memset(&c->them, 0, sizeof(c->them)); c->them.sin_family = AF_INET; c->them.sin_port = htons((unsigned short)c->port); l = (unsigned long) @@ -298,7 +298,7 @@ BIO_CONNECT *BIO_CONNECT_new(void) ret->ip[2] = 0; ret->ip[3] = 0; ret->port = 0; - memset((char *)&ret->them, 0, sizeof(ret->them)); + memset(&ret->them, 0, sizeof(ret->them)); return (ret); } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index fb1564c..53d8136 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -228,7 +228,7 @@ static int dgram_new(BIO *bi) data = OPENSSL_malloc(sizeof(*data)); if (data == NULL) return 0; - memset(data, 0x00, sizeof(bio_dgram_data)); + memset(data, 0, sizeof(*data)); bi->ptr = data; bi->flags = 0; @@ -395,7 +395,7 @@ static int dgram_read(BIO *b, char *out, int outl) if (out != NULL) { clear_socket_error(); - memset(&sa.peer, 0x00, sizeof(sa.peer)); + memset(&sa.peer, 0, sizeof(sa.peer)); dgram_adjust_rcv_timeout(b); ret = recvfrom(b->num, out, outl, 0, &sa.peer.sa, (void *)&sa.len); if (sizeof(sa.len.i) != sizeof(sa.len.s) && sa.len.i == 0) { @@ -569,7 +569,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DGRAM_MTU_DISCOVER: # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO) addr_len = (socklen_t) sizeof(addr); - memset((void *)&addr, 0, sizeof(addr)); + memset(&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; break; @@ -600,7 +600,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) case BIO_CTRL_DGRAM_QUERY_MTU: # if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU) addr_len = (socklen_t) sizeof(addr); - memset((void *)&addr, 0, sizeof(addr)); + memset(&addr, 0, sizeof(addr)); if (getsockname(b->num, &addr.sa, &addr_len) < 0) { ret = 0; break; @@ -693,7 +693,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr) } } else { data->connected = 0; - memset(&(data->peer), 0x00, sizeof(data->peer)); + memset(&data->peer, 0, sizeof(data->peer)); } break; case BIO_CTRL_DGRAM_GET_PEER: @@ -1028,7 +1028,7 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag) # ifdef SCTP_AUTHENTICATION_EVENT # ifdef SCTP_EVENT - memset(&event, 0, sizeof(struct sctp_event)); + memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_AUTHENTICATION_EVENT; event.se_on = 1; @@ -1088,7 +1088,7 @@ static int dgram_sctp_new(BIO *bi) data = OPENSSL_malloc(sizeof(*data)); if (data == NULL) return 0; - memset(data, 0x00, sizeof(bio_dgram_sctp_data)); + memset(data, 0, sizeof(*data)); # ifdef SCTP_PR_SCTP_NONE data->prinfo.pr_policy = SCTP_PR_SCTP_NONE; # endif @@ -1149,8 +1149,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) clear_socket_error(); do { - memset(&data->rcvinfo, 0x00, - sizeof(struct bio_dgram_sctp_rcvinfo)); + memset(&data->rcvinfo, 0, sizeof(data->rcvinfo)); iov.iov_base = out; iov.iov_len = outl; msg.msg_name = NULL; @@ -1229,7 +1228,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl) /* disable sender dry event */ # ifdef SCTP_EVENT - memset(&event, 0, sizeof(struct sctp_event)); + memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_SENDER_DRY_EVENT; event.se_on = 0; @@ -1393,7 +1392,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) * parameters and flags. */ if (in[0] != 23) { - memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo)); + memset(&handshake_sinfo, 0, sizeof(handshake_sinfo)); # ifdef SCTP_SACK_IMMEDIATELY handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY; # endif @@ -1433,7 +1432,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) cmsg->cmsg_type = SCTP_SNDINFO; cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo)); sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg); - memset(sndinfo, 0, sizeof(struct sctp_sndinfo)); + memset(sndinfo, 0, sizeof(*sndinfo)); sndinfo->snd_sid = sinfo->snd_sid; sndinfo->snd_flags = sinfo->snd_flags; sndinfo->snd_ppid = sinfo->snd_ppid; @@ -1446,7 +1445,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) cmsg->cmsg_type = SCTP_PRINFO; cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo)); prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg); - memset(prinfo, 0, sizeof(struct sctp_prinfo)); + memset(prinfo, 0, sizeof(*prinfo)); prinfo->pr_policy = pinfo->pr_policy; prinfo->pr_value = pinfo->pr_value; msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo)); @@ -1456,7 +1455,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) cmsg->cmsg_type = SCTP_SNDRCV; cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo)); sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg); - memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo)); + memset(sndrcvinfo, 0, sizeof(*sndrcvinfo)); sndrcvinfo->sinfo_stream = sinfo->snd_sid; sndrcvinfo->sinfo_flags = sinfo->snd_flags; # ifdef __FreeBSD__ @@ -1553,7 +1552,7 @@ static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr) ret = -1; break; } - memset(authkey, 0x00, sockopt_len); + memset(authkey, 0, sockopt_len); authkey->sca_keynumber = authkeyid.scact_keynumber + 1; # ifndef __FreeBSD__ /* @@ -1750,7 +1749,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) /* set sender dry event */ # ifdef SCTP_EVENT - memset(&event, 0, sizeof(struct sctp_event)); + memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_SENDER_DRY_EVENT; event.se_on = 1; @@ -1773,7 +1772,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) return -1; /* peek for notification */ - memset(&snp, 0x00, sizeof(union sctp_notification)); + memset(&snp, 0, sizeof(snp)); iov.iov_base = (char *)&snp; iov.iov_len = sizeof(union sctp_notification); msg.msg_name = NULL; @@ -1795,7 +1794,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) /* if we find a notification, process it and try again if necessary */ while (msg.msg_flags & MSG_NOTIFICATION) { - memset(&snp, 0x00, sizeof(union sctp_notification)); + memset(&snp, 0, sizeof(snp)); iov.iov_base = (char *)&snp; iov.iov_len = sizeof(union sctp_notification); msg.msg_name = NULL; @@ -1820,7 +1819,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) /* disable sender dry event */ # ifdef SCTP_EVENT - memset(&event, 0, sizeof(struct sctp_event)); + memset(&event, 0, sizeof(event)); event.se_assoc_id = 0; event.se_type = SCTP_SENDER_DRY_EVENT; event.se_on = 0; @@ -1854,7 +1853,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b) (void *)&snp); /* found notification, peek again */ - memset(&snp, 0x00, sizeof(union sctp_notification)); + memset(&snp, 0, sizeof(snp)); iov.iov_base = (char *)&snp; iov.iov_len = sizeof(union sctp_notification); msg.msg_name = NULL; @@ -1900,7 +1899,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) /* Check if there are any messages waiting to be read */ do { - memset(&snp, 0x00, sizeof(union sctp_notification)); + memset(&snp, 0, sizeof(snp)); iov.iov_base = (char *)&snp; iov.iov_len = sizeof(union sctp_notification); msg.msg_name = NULL; @@ -1923,7 +1922,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b) dgram_sctp_handle_auth_free_key_event(b, &snp); # endif - memset(&snp, 0x00, sizeof(union sctp_notification)); + memset(&snp, 0, sizeof(snp)); iov.iov_base = (char *)&snp; iov.iov_len = sizeof(union sctp_notification); msg.msg_name = NULL; diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 9338cdd..52f74d1 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -141,7 +141,7 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(BN_BLINDING)); + memset(ret, 0, sizeof(*ret)); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index 139d11b..c3ea561 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -211,8 +211,8 @@ int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size) if (in->top > size) return 0; - memset(out, 0, sizeof(BN_ULONG) * size); - memcpy(out, in->d, sizeof(BN_ULONG) * in->top); + memset(out, 0, sizeof(*out) * size); + memcpy(out, in->d, sizeof(*out) * in->top); return 1; } diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index a24ae7f..196df7e 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -167,10 +167,10 @@ int RAND_pseudo_bytes(unsigned char *buf, int num); * *genuinely* constant variables that aren't mutable \ * wouldn't be constructed with top!=dmax. */ \ BN_ULONG *_not_const; \ - memcpy(&_not_const, &_bnum1->d, sizeof(BN_ULONG*)); \ + memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \ RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\ - memset((unsigned char *)(_not_const + _bnum1->top), _tmp_char, \ - (_bnum1->dmax - _bnum1->top) * sizeof(BN_ULONG)); \ + memset(_not_const + _bnum1->top, _tmp_char, \ + sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \ } \ } while(0) # ifdef BN_DEBUG_TRIX diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index 6fc0e39..fec70a5 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -260,7 +260,7 @@ void BN_free(BIGNUM *a) void BN_init(BIGNUM *a) { - memset(a, 0, sizeof(BIGNUM)); + memset(a, 0, sizeof(*a)); bn_check_top(a); } @@ -311,7 +311,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) * function - what's important is constant time operation (we're not * actually going to use the data) */ - memset(a, 0, sizeof(BN_ULONG) * words); + memset(a, 0, sizeof(*a) * words); #endif #if 1 @@ -355,7 +355,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) } } #else - memset(A, 0, sizeof(BN_ULONG) * words); + memset(A, 0, sizeof(*A) * words); memcpy(A, b->d, sizeof(b->d[0]) * b->top); #endif @@ -492,7 +492,7 @@ void BN_clear(BIGNUM *a) { bn_check_top(a); if (a->d != NULL) - memset(a->d, 0, a->dmax * sizeof(a->d[0])); + memset(a->d, 0, sizeof(*a->d) * a->dmax); a->top = 0; a->neg = 0; } diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index d07afcc..613a384 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -196,7 +196,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont) rp = r->d; /* clear the top words of T */ - memset(&(rp[r->top]), 0, (max - r->top) * sizeof(BN_ULONG)); + memset(&rp[r->top], 0, sizeof(*rp) * (max - r->top)); r->top = max; n0 = mont->n0[0]; diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index 9b66e66..f3b4859 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -458,7 +458,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_comba4(&(t[n2]), t, &(t[n])); else - memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * 8); bn_mul_comba4(r, a, b); bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n])); @@ -468,7 +468,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_comba8(&(t[n2]), t, &(t[n])); else - memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * 16); bn_mul_comba8(r, a, b); bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n])); @@ -479,7 +479,7 @@ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, if (!zero) bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); else - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * n2); bn_mul_recursive(r, a, b, n, 0, 0, p); bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p); } @@ -584,14 +584,14 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, bn_mul_comba4(&(t[n2]), t, &(t[n])); bn_mul_comba4(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn); - memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2)); + memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2)); } else # endif if (n == 8) { bn_mul_comba8(&(t[n2]), t, &(t[n])); bn_mul_comba8(r, a, b); bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); - memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb)); + memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb)); } else { p = &(t[n2 * 2]); bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p); @@ -607,7 +607,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, if (j == 0) { bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); - memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2)); + memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2)); } else if (j > 0) { /* eg, n == 16, i == 8 and tn == 11 */ bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p); @@ -615,7 +615,7 @@ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, sizeof(BN_ULONG) * (n2 - tna - tnb)); } else { /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ - memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2); + memset(&r[n2], 0, sizeof(*r) * n2); if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) { bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb); diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index b6cd0d9..9895646 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -154,10 +154,7 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) t[nw + i + 1] |= (l >> rb) & BN_MASK2; t[nw + i] = (l << lb) & BN_MASK2; } - memset(t, 0, nw * sizeof(t[0])); - /* - * for (i=0; itop = a->top + nw + 1; bn_correct_top(r); bn_check_top(r); diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index f794c10..aa31f6e 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -238,7 +238,7 @@ void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) if (!zero) bn_sqr_recursive(&(t[n2]), t, n, p); else - memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG)); + memset(&t[n2], 0, sizeof(*t) * n2); bn_sqr_recursive(r, a, n, p); bn_sqr_recursive(&(r[n2]), &(a[n]), n, p); diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 9feb0af..42d9936 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -12,7 +12,7 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) /* ZZZZZZZZZZZZZZZZ */ return (NULL); } - memset(ret, 0, sizeof(COMP_CTX)); + memset(ret, 0, sizeof(*ret)); ret->meth = meth; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { OPENSSL_free(ret); diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index a0e711c..c555398 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -109,7 +109,7 @@ DSO *DSO_new_method(DSO_METHOD *meth) DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(DSO)); + memset(ret, 0, sizeof(*ret)); ret->meth_data = sk_void_new_null(); if (ret->meth_data == NULL) { /* sk_new doesn't generate any errors so we do */ diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index bd96c5d..81c983c 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -310,7 +310,7 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename, return (NULL); } - memset(result, 0, sizeof(struct file_st)); + memset(result, 0, sizeof(*result)); position = IN_DEVICE; if ((filename[0] == '\\' && filename[1] == '\\') diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index c79e6da..0e40db4 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -317,7 +317,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); if (num_bytes > sizeof b_out) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); @@ -1069,8 +1069,8 @@ static void select_point(const u64 idx, unsigned int size, { unsigned i, j; limb *outlimbs = &out[0][0]; - memset(outlimbs, 0, 3 * sizeof(felem)); + memset(out 0, sizeof(out)); for (i = 0; i < size; i++) { const limb *inlimbs = &pre_comp[i][0][0]; u64 mask = i ^ idx; @@ -1113,7 +1113,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, u8 sign, digit; /* set nq to the point at infinity */ - memset(nq, 0, 3 * sizeof(felem)); + memset(nq, 0, sizeof(nq)); /* * Loop over all scalars msb-to-lsb, interleaving additions of multiples @@ -1390,7 +1390,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; - felem(*pre_comp)[17][3] = NULL; + felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; felem_bytearray tmp; unsigned num_bytes; @@ -1457,11 +1457,11 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, */ mixed = 1; } - secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray)); - pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(felem)); + secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); + pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); if (mixed) tmp_felems = - OPENSSL_malloc((num_points * 17 + 1) * sizeof(felem)); + OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE); @@ -1472,8 +1472,8 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, * we treat NULL scalars as 0, and NULL points as points at infinity, * i.e., they contribute nothing to the linear combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); + memset(secrets, 0, sizeof(*secrets) * num_points); + memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { if (i == num) /* the generator */ @@ -1533,7 +1533,7 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, /* the scalar for the generator */ if ((scalar != NULL) && (have_pre_comp)) { - memset(g_secret, 0, sizeof g_secret); + memset(g_secret, 0, sizeof(g_secret)); /* reduce scalar to 0 <= scalar < 2^224 */ if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) { /* diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index 6ec5692..b4cd24d 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -156,7 +156,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); if (num_bytes > sizeof b_out) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); @@ -1624,7 +1624,8 @@ static void select_point(const u64 idx, unsigned int size, { unsigned i, j; u64 *outlimbs = &out[0][0]; - memset(outlimbs, 0, 3 * sizeof(smallfelem)); + + memset(out, 0, sizeof(out)); for (i = 0; i < size; i++) { const u64 *inlimbs = (u64 *)&pre_comp[i][0][0]; @@ -1668,7 +1669,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, u8 sign, digit; /* set nq to the point at infinity */ - memset(nq, 0, 3 * sizeof(felem)); + memset(nq, 0, sizeof(nq)); /* * Loop over all scalars msb-to-lsb, interleaving additions of multiples @@ -2005,7 +2006,7 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; - smallfelem(*pre_comp)[17][3] = NULL; + smallfelem (*pre_comp)[17][3] = NULL; smallfelem *tmp_smallfelems = NULL; felem_bytearray tmp; unsigned i, num_bytes; @@ -2072,11 +2073,11 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, */ mixed = 1; } - secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray)); - pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(smallfelem)); + secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); + pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); if (mixed) tmp_smallfelems = - OPENSSL_malloc((num_points * 17 + 1) * sizeof(smallfelem)); + OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) { ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE); @@ -2087,8 +2088,8 @@ int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, * we treat NULL scalars as 0, and NULL points as points at infinity, * i.e., they contribute nothing to the linear combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem)); + memset(secrets, 0, sizeof(*secrets) * num_points); + memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { if (i == num) /* diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index e208a83..6e572f1 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -185,7 +185,7 @@ static int BN_to_felem(felem out, const BIGNUM *bn) unsigned num_bytes; /* BN_bn2bin eats leading zeroes */ - memset(b_out, 0, sizeof b_out); + memset(b_out, 0, sizeof(b_out)); num_bytes = BN_num_bytes(bn); if (num_bytes > sizeof b_out) { ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE); @@ -1470,7 +1470,8 @@ static void select_point(const limb idx, unsigned int size, { unsigned i, j; limb *outlimbs = &out[0][0]; - memset(outlimbs, 0, 3 * sizeof(felem)); + + memset(out, 0, sizeof(out)); for (i = 0; i < size; i++) { const limb *inlimbs = &pre_comp[i][0][0]; @@ -1513,7 +1514,7 @@ static void batch_mul(felem x_out, felem y_out, felem z_out, u8 sign, digit; /* set nq to the point at infinity */ - memset(nq, 0, 3 * sizeof(felem)); + memset(nq, 0, sizeof(nq)); /* * Loop over all scalars msb-to-lsb, interleaving additions of multiples @@ -1834,7 +1835,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, BIGNUM *x, *y, *z, *tmp_scalar; felem_bytearray g_secret; felem_bytearray *secrets = NULL; - felem(*pre_comp)[17][3] = NULL; + felem (*pre_comp)[17][3] = NULL; felem *tmp_felems = NULL; felem_bytearray tmp; unsigned i, num_bytes; @@ -1901,11 +1902,11 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, */ mixed = 1; } - secrets = OPENSSL_malloc(num_points * sizeof(felem_bytearray)); - pre_comp = OPENSSL_malloc(num_points * 17 * 3 * sizeof(felem)); + secrets = OPENSSL_malloc(sizeof(*secrets) * num_points); + pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); if (mixed) tmp_felems = - OPENSSL_malloc((num_points * 17 + 1) * sizeof(felem)); + OPENSSL_malloc(sizeof(*tmp_felemts) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE); @@ -1916,8 +1917,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * we treat NULL scalars as 0, and NULL points as points at infinity, * i.e., they contribute nothing to the linear combination */ - memset(secrets, 0, num_points * sizeof(felem_bytearray)); - memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem)); + memset(secrets, 0, sizeof(*secrets) * num_points); + memset(pre_comp, 0, sizseof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { if (i == num) /* diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c index d801ae8..49a3989 100644 --- a/crypto/engine/eng_cryptodev.c +++ b/crypto/engine/eng_cryptodev.c @@ -478,7 +478,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return (0); } - memset(sess, 0, sizeof(struct session_op)); + memset(sess, 0, sizeof(*sess)); if ((state->d_fd = get_dev_crypto()) < 0) return (0); @@ -770,7 +770,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx) return (0); } - memset(state, 0, sizeof(struct dev_crypto_state)); + memset(state, 0, sizeof(*state)); if ((state->d_fd = get_dev_crypto()) < 0) { printf("cryptodev_digest_init: Can't get Dev \n"); @@ -1115,7 +1115,7 @@ cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return (ret); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP; /* inputs: a^p % m */ @@ -1166,7 +1166,7 @@ cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) return (0); } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_MOD_EXP_CRT; /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */ if (bn2crparam(rsa->p, &kop.crk_param[0])) @@ -1269,7 +1269,7 @@ static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, goto err; } - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_SIGN; /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */ @@ -1309,7 +1309,7 @@ cryptodev_dsa_verify(const unsigned char *dgst, int dlen, struct crypt_kop kop; int dsaret = 1; - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DSA_VERIFY; /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */ @@ -1382,7 +1382,7 @@ cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) keylen = BN_num_bits(dh->p); - memset(&kop, 0, sizeof kop); + memset(&kop, 0, sizeof(kop)); kop.crk_op = CRK_DH_COMPUTE_KEY; /* inputs: dh->priv_key pub_key dh->p key */ diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index ed1c220..06a7018 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -208,7 +208,7 @@ static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx) ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE); return 0; } - memset(c, 0, sizeof(dynamic_data_ctx)); + memset(c, 0, sizeof(*c)); c->dynamic_dso = NULL; c->v_check = NULL; c->bind_engine = NULL; diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c index 3bf06bb..c477c7e 100644 --- a/crypto/engine/eng_lib.c +++ b/crypto/engine/eng_lib.c @@ -71,7 +71,7 @@ ENGINE *ENGINE_new(void) ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ret, 0, sizeof(ENGINE)); + memset(ret, 0, sizeof(*ret)); ret->struct_ref = 1; engine_ref_debug(ret, 0, 1) CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data); diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 9a65a9d..7a38cd9 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -337,8 +337,7 @@ static int ok_write(BIO *b, const char *in, int inl) n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ? (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl; - memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])), - (unsigned char *)in, n); + memcpy(&ctx->buf[ctx->buf_len], in, n); ctx->buf_len += n; inl -= n; in += n; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index 04ab3a0..c7856c6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -119,7 +119,7 @@ void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { - memset(ctx, '\0', sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } EVP_MD_CTX *EVP_MD_CTX_create(void) @@ -360,7 +360,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) */ ENGINE_finish(ctx->engine); #endif - memset(ctx, '\0', sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); return 1; } diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index 488add4..a585128 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -86,7 +86,6 @@ const EVP_CIPHER *EVP_enc_null(void) static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv, int enc) { - /* memset(&(ctx->c),0,sizeof(ctx->c)); */ return 1; } @@ -94,6 +93,6 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) { if (in != out) - memcpy((char *)out, (const char *)in, inl); + memcpy(out, in, inl); return 1; } diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 4dfc159..242874c 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -70,8 +70,7 @@ const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT; void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) { - memset(ctx, 0, sizeof(EVP_CIPHER_CTX)); - /* ctx->cipher=NULL; */ + memset(ctx, 0, sizeof(*ctx)); } EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) @@ -546,7 +545,7 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) */ ENGINE_finish(c->engine); #endif - memset(c, 0, sizeof(EVP_CIPHER_CTX)); + memset(c, 0, sizeof(*c)); return 1; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 397d342..eeee53a 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -202,7 +202,7 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) if (!pmeth) return NULL; - memset(pmeth, 0, sizeof(EVP_PKEY_METHOD)); + memset(pmeth, 0, sizeof(*pmeth)); pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; diff --git a/crypto/jpake/jpake.c b/crypto/jpake/jpake.c index b494ac0..a8aa87d 100644 --- a/crypto/jpake/jpake.c +++ b/crypto/jpake/jpake.c @@ -107,7 +107,7 @@ static void JPAKE_CTX_release(JPAKE_CTX *ctx) OPENSSL_free(ctx->p.peer_name); OPENSSL_free(ctx->p.name); - memset(ctx, '\0', sizeof(*ctx)); + memset(ctx, 0, sizeof(*ctx)); } JPAKE_CTX *JPAKE_CTX_new(const char *name, const char *peer_name, diff --git a/crypto/md2/md2_dgst.c b/crypto/md2/md2_dgst.c index e206b3f..70c19fb 100644 --- a/crypto/md2/md2_dgst.c +++ b/crypto/md2/md2_dgst.c @@ -122,9 +122,9 @@ const char *MD2_options(void) int MD2_Init(MD2_CTX *c) { c->num = 0; - memset(c->state, 0, sizeof c->state); - memset(c->cksm, 0, sizeof c->cksm); - memset(c->data, 0, sizeof c->data); + memset(c->state, 0, sizeof(c->state)); + memset(c->cksm, 0, sizeof(c->cksm)); + memset(c->data, 0, sizeof(c->data)); return 1; } @@ -219,6 +219,6 @@ int MD2_Final(unsigned char *md, MD2_CTX *c) for (i = 0; i < 16; i++) md[i] = (UCHAR) (p1[i] & 0xff); - memset((char *)&c, 0, sizeof(c)); + memset(&c, 0, sizeof(c)); return 1; } diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c index 79b7862..ed48460 100644 --- a/crypto/modes/ocb128.c +++ b/crypto/modes/ocb128.c @@ -226,9 +226,7 @@ OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec, int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec, block128_f encrypt, block128_f decrypt) { - /* Clear everything to NULLs */ memset(ctx, 0, sizeof(*ctx)); - ctx->l_index = 0; ctx->max_l_index = 1; ctx->l = OPENSSL_malloc(ctx->max_l_index * 16); @@ -374,8 +372,8 @@ int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad, ocb_block16_xor(&ctx->offset_aad, &ctx->l_star, &ctx->offset_aad); /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ - memset((void *)&tmp1, 0, 16); - memcpy((void *)&tmp1, aad + (num_blocks * 16), last_len); + memset(&tmp1, 0, 16); + memcpy(&tmp1, aad + (num_blocks * 16), last_len); ((unsigned char *)&tmp1)[last_len] = 0x80; ocb_block16_xor(&ctx->offset_aad, &tmp1, &tmp2); @@ -453,8 +451,8 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, out + (num_blocks * 16)); /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset((void *)&tmp1, 0, 16); - memcpy((void *)&tmp1, in + (len / 16) * 16, last_len); + memset(&tmp1, 0, 16); + memcpy(&tmp1, in + (len / 16) * 16, last_len); ((unsigned char *)(&tmp1))[last_len] = 0x80; ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); } @@ -526,8 +524,8 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, out + (num_blocks * 16)); /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - memset((void *)&tmp1, 0, 16); - memcpy((void *)&tmp1, out + (len / 16) * 16, last_len); + memset(&tmp1, 0, 16); + memcpy(&tmp1, out + (len / 16) * 16, last_len); ((unsigned char *)(&tmp1))[last_len] = 0x80; ocb_block16_xor(&ctx->checksum, &tmp1, &ctx->checksum); } diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index d66efe1..1378abc 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -91,7 +91,7 @@ pqueue_s *pqueue_new() if (pq == NULL) return NULL; - memset(pq, 0x00, sizeof(pqueue_s)); + memset(pq, 0, sizeof(*pq)); return pq; } diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 7d8fd39..f4aaa29 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -293,14 +293,14 @@ int RSA_memory_lock(RSA *r) RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); return (0); } - memset(p, 0, (off + j) * sizeof(BN_ULONG)); + memset(p, 0, sizeof(*p) * (off + j)); bn = (BIGNUM *)p; ul = (BN_ULONG *)&(p[off]); for (i = 0; i < 6; i++) { b = *(t[i]); *(t[i]) = bn_array_el(bn, i); - memcpy((char *)bn_array_el(bn, i), (char *)b, bn_sizeof_BIGNUM()); - memcpy((char *)ul, bn_get_words(b), sizeof(BN_ULONG) * bn_get_top(b)); + memcpy(bn_array_el(bn, i), b, bn_sizeof_BIGNUM()); + memcpy(ul, bn_get_words(b), sizeof(*ul) * bn_get_top(b)); bn_set_static_words(bn_array_el(bn, i), ul, bn_get_top(b)); ul += bn_get_top(b); BN_clear_free(b); diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index f934c74..c58cc1b 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -107,9 +107,11 @@ int SHA512_Final(unsigned char *md, SHA512_CTX *c) p[n] = 0x80; /* There always is a room for one */ n++; - if (n > (sizeof(c->u) - 16)) - memset(p + n, 0, sizeof(c->u) - n), n = 0, - sha512_block_data_order(c, p, 1); + if (n > (sizeof(c->u) - 16)) { + memset(p + n, 0, sizeof(c->u) - n); + n = 0; + sha512_block_data_order(c, p, 1); + } memset(p + n, 0, sizeof(c->u) - 16 - n); #ifdef B_ENDIAN diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index efabe16..c395d58 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -296,7 +296,7 @@ void sk_zero(_STACK *st) return; if (st->num <= 0) return; - memset((char *)st->data, 0, sizeof(*st->data) * st->num); + memset(st->data, 0, sizeof(*st->data) * st->num); st->num = 0; } diff --git a/crypto/store/str_mem.c b/crypto/store/str_mem.c index 632ada8..b14e289 100644 --- a/crypto/store/str_mem.c +++ b/crypto/store/str_mem.c @@ -252,7 +252,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type, STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE); return 0; } - memset(context, 0, sizeof(struct mem_ctx_st)); + memset(context, 0, sizeof(*context)); attribute_context = STORE_parse_attrs_start(attributes); if (!attribute_context) { diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 2d1e438..077d03d 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -173,7 +173,7 @@ TS_RESP_CTX *TS_RESP_CTX_new() TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ctx, 0, sizeof(TS_RESP_CTX)); + memset(ctx, 0, sizeof(*ctx)); /* Setting default callbacks. */ ctx->serial_cb = def_serial_cb; diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 651b1d1..75bf2df 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -66,7 +66,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) TS_VERIFY_CTX *ctx = OPENSSL_malloc(sizeof(*ctx)); if (ctx) - memset(ctx, 0, sizeof(TS_VERIFY_CTX)); + memset(ctx, 0, sizeof(*ctx)); else TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); return ctx; @@ -75,7 +75,7 @@ TS_VERIFY_CTX *TS_VERIFY_CTX_new(void) void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx) { OPENSSL_assert(ctx != NULL); - memset(ctx, 0, sizeof(TS_VERIFY_CTX)); + memset(ctx, 0, sizeof(*ctx)); } void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx) diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 2ee9658..0696341 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -585,7 +585,7 @@ static void pushsig(void) # ifdef SIGACTION struct sigaction sa; - memset(&sa, 0, sizeof sa); + memset(&sa, 0, sizeof(sa)); sa.sa_handler = recsig; # endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 8c0680b..40a1e61 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2217,7 +2217,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } - memset(ctx, 0, sizeof(X509_STORE_CTX)); + memset(ctx, 0, sizeof(*ctx)); return ctx; } @@ -2337,11 +2337,9 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, ctx->check_policy = check_policy; /* - * This memset() can't make any sense anyway, so it's removed. As - * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a - * corresponding "new" here and remove this bogus initialisation. + * Since X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we + * put a corresponding "new" here. */ - /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data))) { OPENSSL_free(ctx); @@ -2376,7 +2374,7 @@ void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) sk_X509_pop_free(ctx->chain, X509_free); ctx->chain = NULL; CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); - memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA)); + memset(&ctx->ex_data, 0, sizeof(ctx->ex_data)); } void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth) diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 8870ec2..6b0167b 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -235,14 +235,11 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, return 0; } - memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL)); - + memset(tree->levels, 0, sizeof(*tree->levels) * n); tree->nlevel = n; - level = tree->levels; /* Root data: initialize to anyPolicy */ - data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0); if (!data || !level_add_node(level, data, NULL, tree)) diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index fb5b8db..5017d64 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -506,7 +506,7 @@ static int ibmca_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, if (publKey == NULL) { goto err; } - memset(publKey, 0, sizeof(ICA_KEY_RSA_MODEXPO)); + memset(publKey, 0, sizeof(*publKey)); publKey->keyType = CORRECT_ENDIANNESS(ME_KEY_TYPE); publKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_MODEXPO)); @@ -670,7 +670,7 @@ static int ibmca_mod_exp_crt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, /* end SAB additions */ - memset(privKey, 0, sizeof(ICA_KEY_RSA_CRT)); + memset(privKey, 0, sizeof(*privKey)); privKey->keyType = CORRECT_ENDIANNESS(CRT_KEY_TYPE); privKey->keyLength = CORRECT_ENDIANNESS(sizeof(ICA_KEY_RSA_CRT)); privKey->modulusBitLength = CORRECT_ENDIANNESS(BN_num_bytes(q) * 2 * 8); diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp index a5bee1c..cb5d329 100644 --- a/demos/ssl/cli.cpp +++ b/demos/ssl/cli.cpp @@ -47,7 +47,7 @@ void main () sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(sd, "socket"); - memset (&sa, '\0', sizeof(sa)); + memset(&sa, 0, sizeof(sa)); sa.sin_family = AF_INET; sa.sin_addr.s_addr = inet_addr ("127.0.0.1"); /* Server IP */ sa.sin_port = htons (1111); /* Server Port number */ diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp index b142c75..6d4cefd 100644 --- a/demos/ssl/serv.cpp +++ b/demos/ssl/serv.cpp @@ -81,7 +81,7 @@ void main () listen_sd = socket (AF_INET, SOCK_STREAM, 0); CHK_ERR(listen_sd, "socket"); - memset (&sa_serv, '\0', sizeof(sa_serv)); + memset(&sa_serv, 0, sizeof(sa_serv)); sa_serv.sin_family = AF_INET; sa_serv.sin_addr.s_addr = INADDR_ANY; sa_serv.sin_port = htons (1111); /* Server Port number */ diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c index cd990b2..1dd8c2b 100644 --- a/demos/state_machine/state_machine.c +++ b/demos/state_machine/state_machine.c @@ -257,7 +257,7 @@ int OpenSocket(int nPort) exit(2); } - memset(&saServer, 0, sizeof saServer); + memset(&saServer, 0, sizeof(saServer)); saServer.sin_family = AF_INET; saServer.sin_port = htons(nPort); nSize = sizeof saServer; diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index 2537579..b37bcf5 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -28,7 +28,7 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx) data = OPENSSL_malloc(sizeof(*data)); if (!data) return 0; - memset(data, 0, sizeof(struct gost_pmeth_data)); + memset(data, 0, sizeof(*data)); if (pkey && EVP_PKEY_get0(pkey)) { switch (EVP_PKEY_base_id(pkey)) { case NID_id_GostR3410_94: @@ -411,7 +411,7 @@ static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx) if (!data) return 0; - memset(data, 0, sizeof(struct gost_mac_pmeth_data)); + memset(data, 0, sizeof(*data)); EVP_PKEY_CTX_set_data(ctx, data); return 1; } diff --git a/engines/ccgost/gosthash.c b/engines/ccgost/gosthash.c index 72faa24..b3d80d4 100644 --- a/engines/ccgost/gosthash.c +++ b/engines/ccgost/gosthash.c @@ -154,7 +154,7 @@ static int hash_step(gost_ctx * c, byte * H, const byte * M) int init_gost_hash_ctx(gost_hash_ctx * ctx, const gost_subst_block * subst_block) { - memset(ctx, 0, sizeof(gost_hash_ctx)); + memset(ctx, 0, sizeof(*ctx)); ctx->cipher_ctx = (gost_ctx *) MYALLOC(sizeof(gost_ctx)); if (!ctx->cipher_ctx) { return 0; diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 278cff4..4bde213 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -492,7 +492,7 @@ static int atalla_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, goto err; } /* Prepare the key-data */ - memset(&keydata, 0, sizeof keydata); + memset(&keydata, 0, sizeof(keydata)); numbytes = BN_num_bytes(m); memset(exponent->d, 0, numbytes); memset(modulus->d, 0, numbytes); diff --git a/engines/e_padlock.c b/engines/e_padlock.c index 9acca7d..df636b5 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -661,7 +661,7 @@ padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 0; /* ERROR */ cdata = ALIGNED_CIPHER_DATA(ctx); - memset(cdata, 0, sizeof(struct padlock_cipher_data)); + memset(cdata, 0, sizeof(*cdata)); /* Prepare Control word. */ if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE) diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c index 18e7074..aa6d623 100644 --- a/ssl/bio_ssl.c +++ b/ssl/bio_ssl.c @@ -107,7 +107,7 @@ static int ssl_new(BIO *bi) BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE); return (0); } - memset(bs, 0, sizeof(BIO_SSL)); + memset(bs, 0, sizeof(*bs)); bi->init = 0; bi->ptr = (char *)bs; bi->flags = 0; diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 65a3a18..05b8f9e 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -467,7 +467,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) } msg_hdr = &s->d1->r_msg_hdr; - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + memset(msg_hdr, 0, sizeof(*msg_hdr)); again: i = dtls1_get_message_fragment(s, st1, stn, max, ok); @@ -497,7 +497,7 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len, s, s->msg_callback_arg); - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + memset(msg_hdr, 0, sizeof(*msg_hdr)); /* Don't change sequence numbers while listening */ if (!s->d1->listen) @@ -1289,7 +1289,7 @@ unsigned int dtls1_min_mtu(SSL *s) void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) { - memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); + memset(msg_hdr, 0, sizeof(*msg_hdr)); msg_hdr->type = *(data++); n2l3(data, msg_hdr->msg_len); @@ -1300,7 +1300,7 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) { - memset(ccs_hdr, 0x00, sizeof(struct ccs_header_st)); + memset(ccs_hdr, 0, sizeof(*ccs_hdr)); ccs_hdr->type = *(data++); } diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 3441fc5..c0ed8fb 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -215,7 +215,7 @@ void dtls1_clear(SSL *s) dtls1_clear_queues(s); - memset(s->d1, 0, sizeof(*(s->d1))); + memset(s->d1, 0, sizeof(*s->d1)); if (s->server) { s->d1->cookie_len = sizeof(s->d1->cookie); @@ -324,7 +324,7 @@ void dtls1_start_timer(SSL *s) #ifndef OPENSSL_NO_SCTP /* Disable timer for SCTP */ if (BIO_dgram_is_sctp(SSL_get_wbio(s))) { - memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); return; } #endif @@ -359,7 +359,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) if (s->d1->next_timeout.tv_sec < timenow.tv_sec || (s->d1->next_timeout.tv_sec == timenow.tv_sec && s->d1->next_timeout.tv_usec <= timenow.tv_usec)) { - memset(timeleft, 0, sizeof(struct timeval)); + memset(timeleft, 0, sizeof(*timeleft)); return timeleft; } @@ -377,7 +377,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) * because of small devergences with socket timeouts. */ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { - memset(timeleft, 0, sizeof(struct timeval)); + memset(timeleft, 0, sizeof(*timeleft)); } return timeleft; @@ -412,8 +412,8 @@ void dtls1_double_timeout(SSL *s) void dtls1_stop_timer(SSL *s) { /* Reset everything */ - memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st)); - memset(&(s->d1->next_timeout), 0, sizeof(struct timeval)); + memset(&s->d1->timeout, 0, sizeof(s->d1->timeout)); + memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout)); s->d1->timeout_duration = 1; BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout)); diff --git a/ssl/d1_msg.c b/ssl/d1_msg.c index f71b1cc..13bda46 100644 --- a/ssl/d1_msg.c +++ b/ssl/d1_msg.c @@ -161,7 +161,7 @@ int dtls1_dispatch_alert(SSL *s) s->s3->alert_dispatch = 0; - memset(buf, 0x00, sizeof(buf)); + memset(buf, 0, sizeof(buf)); *ptr++ = s->s3->send_alert[0]; *ptr++ = s->s3->send_alert[1]; diff --git a/ssl/kssl.c b/ssl/kssl.c index ce43529..d781042 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -1048,7 +1048,7 @@ krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, krb5_data krb5_app_req; kssl_err_set(kssl_err, 0, ""); - memset((char *)&krb5creds, 0, sizeof(krb5creds)); + memset(&krb5creds, 0, sizeof(krb5creds)); if (!kssl_ctx) { kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); @@ -1797,7 +1797,7 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx) krb5_creds krb5creds, *krb5credsp = NULL; int rc = 0; - memset((char *)&krb5creds, 0, sizeof(krb5creds)); + memset(&krb5creds, 0, sizeof(krb5creds)); if (!kssl_ctx) return (0); @@ -2072,7 +2072,7 @@ krb5_error_code kssl_check_authent( } # endif enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (enc == NULL) { /* @@ -2126,7 +2126,7 @@ krb5_error_code kssl_check_authent( goto err; } - memset(&tm_time, 0, sizeof(struct tm)); + memset(&tm_time, 0, sizeof(tm_tmime)); if (k_gmtime(auth->ctime, &tm_time) && ((tr = mktime(&tm_time)) != (time_t)(-1))) { now = time(&now); diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 2635894..45324ec 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -286,8 +286,8 @@ int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority) s->rlayer.packet = NULL; s->rlayer.packet_length = 0; - memset(&s->rlayer.rbuf, 0, sizeof(SSL3_BUFFER)); - memset(&s->rlayer.rrec, 0, sizeof(SSL3_RECORD)); + memset(&s->rlayer.rbuf, 0, sizeof(s->rlayer.rbuf)); + memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec)); if (!ssl3_setup_buffers(s)) { SSLerr(SSL_F_DTLS1_BUFFER_RECORD, ERR_R_INTERNAL_ERROR); @@ -1298,9 +1298,10 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) if (rw & SSL3_CC_READ) { seq = s->rlayer.read_sequence; s->rlayer.d->r_epoch++; - memcpy(&(s->rlayer.d->bitmap), &(s->rlayer.d->next_bitmap), - sizeof(DTLS1_BITMAP)); - memset(&(s->rlayer.d->next_bitmap), 0x00, sizeof(DTLS1_BITMAP)); + memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap, + sizeof(s->rlayer.d->bitmap)); + memset(&s->rlayer.d->next_bitmap, 0, + sizeof(s->rlayer.d->next_bitmap)); } else { seq = s->rlayer.write_sequence; memcpy(s->rlayer.d->last_write_sequence, seq, @@ -1308,5 +1309,5 @@ void dtls1_reset_seq_numbers(SSL *s, int rw) s->rlayer.d->w_epoch++; } - memset(seq, 0x00, seq_bytes); + memset(seq, 0, seq_bytes); } diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 0ed82f7..eccb517 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -155,7 +155,7 @@ void RECORD_LAYER_clear(RECORD_LAYER *rl) rlen = SSL3_BUFFER_get_len(&rl->rbuf); wp = SSL3_BUFFER_get_buf(&rl->wbuf); wlen = SSL3_BUFFER_get_len(&rl->wbuf); - memset(rl, 0, sizeof (RECORD_LAYER)); + memset(rl, 0, sizeof(*rl)); SSL3_BUFFER_set_buf(&rl->rbuf, rp); SSL3_BUFFER_set_len(&rl->rbuf, rlen); SSL3_BUFFER_set_buf(&rl->wbuf, wp); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index f936fa3..ea4503f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2518,7 +2518,7 @@ int ssl3_send_client_key_exchange(SSL *s) * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); */ - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); EVP_EncryptUpdate(&ciph_ctx, epms, &outl, pms, pmslen); EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); @@ -2788,7 +2788,7 @@ int ssl3_send_client_key_exchange(SSL *s) /* Encoded point will be copied here */ p += 1; /* copy the point */ - memcpy((unsigned char *)p, encodedPoint, n); + memcpy(p, encodedPoint, n); /* increment n to account for length field */ n += 1; } diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index d968a1c..ea9042b 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -519,12 +519,13 @@ int ssl3_digest_cached_records(SSL *s) /* Allocate handshake_dgst array */ ssl3_free_digest_list(s); s->s3->handshake_dgst = - OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); + OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST); if (s->s3->handshake_dgst == NULL) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE); return 0; } - memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *)); + memset(s->s3->handshake_dgst, 0, + sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST); hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0) { SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH); diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index e6884f3..ec94882 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -1935,8 +1935,7 @@ int ssl3_send_server_key_exchange(SSL *s) p += 1; *p = encodedlen; p += 1; - memcpy((unsigned char *)p, - (unsigned char *)encodedPoint, encodedlen); + memcpy(p, encodedPoint, encodedlen); OPENSSL_free(encodedPoint); encodedPoint = NULL; p += encodedlen; @@ -2509,7 +2508,7 @@ int ssl3_get_client_key_exchange(SSL *s) if (enc == NULL) goto err; - memset(iv, 0, sizeof iv); /* per RFC 1510 */ + memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index c7a2aa9..38e7b82 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -188,7 +188,7 @@ CERT *ssl_cert_new(void) SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } - memset(ret, 0, sizeof(CERT)); + memset(ret, 0, sizeof(*ret)); ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; @@ -209,14 +209,9 @@ CERT *ssl_cert_dup(CERT *cert) return (NULL); } - memset(ret, 0, sizeof(CERT)); - - ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; - /* - * or ret->key = ret->pkeys + (cert->key - cert->pkeys), if you find that - * more readable - */ + memset(ret, 0, sizeof(*ret)); + ret->key = &ret->pkeys[cert->key - cert->pkeys]; ret->valid = cert->valid; ret->mask_k = cert->mask_k; ret->mask_a = cert->mask_a; diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 0ddb56b..a81ab85 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1063,12 +1063,12 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p, curr = curr->next; } - number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); + number_uses = OPENSSL_malloc(sizeof(int) * (max_strength_bits + 1)); if (!number_uses) { SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE); return (0); } - memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); + memset(number_uses, 0, sizeof(int) * (max_strength_bits + 1)); /* * Now find the strength_bits values actually used diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 56d7e6c..0a2c04e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -275,7 +275,7 @@ SSL *SSL_new(SSL_CTX *ctx) s = OPENSSL_malloc(sizeof(*s)); if (s == NULL) goto err; - memset(s, 0, sizeof(SSL)); + memset(s, 0, sizeof(*s)); RECORD_LAYER_init(&s->rlayer, s); @@ -1848,7 +1848,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) if (ret == NULL) goto err; - memset(ret, 0, sizeof(SSL_CTX)); + memset(ret, 0, sizeof(*ret)); ret->method = meth; @@ -1866,7 +1866,7 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->get_session_cb = 0; ret->generate_session_id = 0; - memset((char *)&ret->stats, 0, sizeof(ret->stats)); + memset(&ret->stats, 0, sizeof(ret->stats)); ret->references = 1; ret->quiet_shutdown = 0; diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index b592da4..4e73f04 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -198,7 +198,7 @@ SSL_SESSION *SSL_SESSION_new(void) SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE); return (0); } - memset(ss, 0, sizeof(SSL_SESSION)); + memset(ss, 0, sizeof(*ss)); ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ ss->references = 1; diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index 193cae8..f1092ac 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -232,7 +232,7 @@ static int custom_ext_meth_add(custom_ext_methods *exts, } meth = exts->meths + exts->meths_count; - memset(meth, 0, sizeof(custom_ext_method)); + memset(meth, 0, sizeof(*meth)); meth->parse_cb = parse_cb; meth->add_cb = add_cb; meth->free_cb = free_cb; diff --git a/test/bftest.c b/test/bftest.c index e581bf5..b19ab8e 100644 --- a/test/bftest.c +++ b/test/bftest.c @@ -461,8 +461,8 @@ static int test(void) len = strlen(cbc_data) + 1; BF_set_key(&key, 16, cbc_key); - memset(cbc_in, 0, sizeof cbc_in); - memset(cbc_out, 0, sizeof cbc_out); + memset(cbc_in, 0, sizeof(cbc_in)); + memset(cbc_out, 0, sizeof(cbc_out)); memcpy(iv, cbc_iv, sizeof iv); BF_cbc_encrypt((unsigned char *)cbc_data, cbc_out, len, &key, iv, BF_ENCRYPT); diff --git a/test/enginetest.c b/test/enginetest.c index 2d9afaa..54e6ead 100644 --- a/test/enginetest.c +++ b/test/enginetest.c @@ -119,7 +119,7 @@ int main(int argc, char *argv[]) CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); - memset(block, 0, 512 * sizeof(ENGINE *)); + memset(block, 0, sizeof(block)); if (((new_h1 = ENGINE_new()) == NULL) || !ENGINE_set_id(new_h1, "test_id0") || !ENGINE_set_name(new_h1, "First test item") || diff --git a/test/heartbeat_test.c b/test/heartbeat_test.c index 491bbed..42cbc02 100644 --- a/test/heartbeat_test.c +++ b/test/heartbeat_test.c @@ -211,7 +211,7 @@ static int execute_heartbeat(HEARTBEAT_TEST_FIXTURE fixture) * Make a local copy of the request, since it gets overwritten at some * point */ - memcpy((char *)sent_buf, (const char *)payload, sizeof(sent_buf)); + memcpy(sent_buf, payload, sizeof(sent_buf)); return_value = fixture.process_heartbeat(s, s->rlayer.rrec.data, s->rlayer.rrec.length); diff --git a/test/rc4test.c b/test/rc4test.c index a1f96e4..a8e5a8e 100644 --- a/test/rc4test.c +++ b/test/rc4test.c @@ -129,7 +129,7 @@ int main(int argc, char *argv[]) for (i = 0; i < 6; i++) { RC4_set_key(&key, keys[i][0], &(keys[i][1])); - memset(obuf, 0x00, sizeof(obuf)); + memset(obuf, 0, sizeof(obuf)); RC4(&key, data_len[i], &(data[i][0]), obuf); if (memcmp(obuf, output[i], data_len[i] + 1) != 0) { printf("error calculating RC4\n"); @@ -149,7 +149,7 @@ int main(int argc, char *argv[]) printf("test end processing "); for (i = 0; i < data_len[3]; i++) { RC4_set_key(&key, keys[3][0], &(keys[3][1])); - memset(obuf, 0x00, sizeof(obuf)); + memset(obuf, 0, sizeof(obuf)); RC4(&key, i, &(data[3][0]), obuf); if ((memcmp(obuf, output[3], i) != 0) || (obuf[i] != 0)) { printf("error in RC4 length processing\n"); @@ -172,7 +172,7 @@ int main(int argc, char *argv[]) printf("test multi-call "); for (i = 0; i < data_len[3]; i++) { RC4_set_key(&key, keys[3][0], &(keys[3][1])); - memset(obuf, 0x00, sizeof(obuf)); + memset(obuf, 0, sizeof(obuf)); RC4(&key, i, &(data[3][0]), obuf); RC4(&key, data_len[3] - i, &(data[3][i]), &(obuf[i])); if (memcmp(obuf, output[3], data_len[3] + 1) != 0) { @@ -203,7 +203,7 @@ int main(int argc, char *argv[]) }; RC4_set_key(&key, keys[0][0], &(keys[3][1])); - memset(buf, '\0', sizeof(buf)); + memset(buf, 0, sizeof(buf)); SHA1_Init(&c); for (i = 0; i < 2571; i++) { RC4(&key, sizeof(buf), buf, buf); From matt at openssl.org Wed May 6 12:05:52 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 06 May 2015 12:05:52 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430913952.041201.32473.nullmailer@dev.openssl.org> The branch master has been updated via 4407d070e591cc8dc3f4b34779933f97cf2df222 (commit) from 16f8d4ebf0fd4847fa83d9c61f4150273cb4f533 (commit) - Log ----------------------------------------------------------------- commit 4407d070e591cc8dc3f4b34779933f97cf2df222 Author: Matt Caswell Date: Wed May 6 11:17:07 2015 +0100 Fix s_server version specific methods A copy&paste error as a result of the big apps cleanup broke the version specific methods in s_server. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index c1b799f..55781ac 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1336,29 +1336,29 @@ int s_server_main(int argc, char *argv[]) break; #ifndef OPENSSL_NO_SSL3 case OPT_SSL3: - meth = SSLv3_client_method(); + meth = SSLv3_server_method(); break; #endif case OPT_TLS1_2: - meth = TLSv1_2_client_method(); + meth = TLSv1_2_server_method(); break; case OPT_TLS1_1: - meth = TLSv1_1_client_method(); + meth = TLSv1_1_server_method(); break; case OPT_TLS1: - meth = TLSv1_client_method(); + meth = TLSv1_server_method(); break; #ifndef OPENSSL_NO_DTLS1 case OPT_DTLS: - meth = DTLS_client_method(); + meth = DTLS_server_method(); socket_type = SOCK_DGRAM; break; case OPT_DTLS1: - meth = DTLSv1_client_method(); + meth = DTLSv1_server_method(); socket_type = SOCK_DGRAM; break; case OPT_DTLS1_2: - meth = DTLSv1_2_client_method(); + meth = DTLSv1_2_server_method(); socket_type = SOCK_DGRAM; break; case OPT_TIMEOUT: From matt at openssl.org Wed May 6 12:09:17 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 06 May 2015 12:09:17 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430914157.112818.944.nullmailer@dev.openssl.org> The branch master has been updated via 4c9b0a0314c8bab3c9faeac06d0aa734836b2f81 (commit) from 4407d070e591cc8dc3f4b34779933f97cf2df222 (commit) - Log ----------------------------------------------------------------- commit 4c9b0a0314c8bab3c9faeac06d0aa734836b2f81 Author: Gunnar Kudrjavets Date: Wed May 6 10:16:55 2015 +0100 Initialize potentially uninitialized local variables Compiling OpenSSL code with MSVC and /W4 results in a number of warnings. One category of warnings is particularly interesting - C4701 (potentially uninitialized local variable 'name' used). This warning pretty much means that there's a code path which results in uninitialized variables being used or returned. Depending on compiler, its options, OS, values in registers and/or stack, the results can be nondeterministic. Cases like this are very hard to debug so it's rational to fix these issues. This patch contains a set of trivial fixes for all the C4701 warnings (just initializing variables to 0 or NULL or appropriate error code) to make sure that deterministic values will be returned from all the execution paths. RT#3835 Signed-off-by: Matt Caswell Matt's note: All of these appear to be bogus warnings, i.e. there isn't actually a code path where an unitialised variable could be used - its just that the compiler hasn't been able to figure that out from the logic. So this commit is just about silencing spurious warnings. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 +- apps/dsaparam.c | 2 +- apps/s_server.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/tasn_dec.c | 2 +- crypto/evp/m_sigver.c | 10 +++++----- crypto/evp/p_sign.c | 6 +++--- crypto/evp/p_verify.c | 6 +++--- crypto/pem/pem_lib.c | 2 +- crypto/x509/x509_vfy.c | 8 ++++---- crypto/x509v3/v3_addr.c | 2 +- crypto/x509v3/v3_asid.c | 2 +- crypto/x509v3/v3_conf.c | 2 +- ssl/t1_lib.c | 2 +- test/evp_test.c | 8 ++++---- 15 files changed, 29 insertions(+), 29 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 53b76e9..215acb1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -175,7 +175,7 @@ int app_init(long mesgwin); int chopup_args(ARGS *arg, char *buf) { int quoted; - char c, *p; + char c = '\0', *p = NULL; arg->argc = 0; if (arg->size == 0) { diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 62d5fe7..cf29b80 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -117,7 +117,7 @@ int dsaparam_main(int argc, char **argv) DSA *dsa = NULL; BIO *in = NULL, *out = NULL; BN_GENCB *cb = NULL; - int numbits = -1, num, genkey = 0, need_rand = 0, non_fips_allow = 0; + int numbits = -1, num = 0, genkey = 0, need_rand = 0, non_fips_allow = 0; int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0, ret = 1; int i, text = 0; diff --git a/apps/s_server.c b/apps/s_server.c index 55781ac..7f8a2a6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -631,7 +631,7 @@ static tlsextstatusctx tlscstatp = { NULL, NULL, NULL, 0, -1, 0 }; static int cert_status_cb(SSL *s, void *arg) { tlsextstatusctx *srctx = arg; - char *host, *port, *path; + char *host = NULL, *port = NULL, *path = NULL; int use_ssl; unsigned char *rspder = NULL; int rspderlen; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 049515d..ab82b52 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -159,7 +159,7 @@ static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, unsigned char *p; const unsigned char *cp; int cpy_len; - long hdr_len; + long hdr_len = 0; int hdr_constructed = 0, hdr_tag, hdr_class; int r; diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index c5caff7..7a6414a 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -645,7 +645,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, long plen; char cst, inf, free_cont = 0; const unsigned char *p; - BUF_MEM buf; + BUF_MEM buf = { 0 }; const unsigned char *cont = NULL; long len; if (!pval) { diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 65a49ad..288c563 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -128,7 +128,7 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { - int sctx, r = 0; + int sctx = 0, r = 0; EVP_PKEY_CTX *pctx = ctx->pctx; if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) { if (!sigret) @@ -150,7 +150,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, sctx = 0; if (sigret) { unsigned char md[EVP_MAX_MD_SIZE]; - unsigned int mdlen; + unsigned int mdlen = 0; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { if (sctx) r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx); @@ -189,9 +189,9 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t siglen) { unsigned char md[EVP_MAX_MD_SIZE]; - int r; - unsigned int mdlen; - int vctx; + int r = 0; + unsigned int mdlen = 0; + int vctx = 0; if (ctx->pctx->pmeth->verifyctx) vctx = 1; diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 541c6e7..07ae252 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -66,8 +66,8 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len; - int i = 0, ok = 0, v; + unsigned int m_len = 0; + int i = 0, ok = 0, v = 0; EVP_PKEY_CTX *pkctx = NULL; *siglen = 0; @@ -75,7 +75,7 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { - int rv; + int rv = 0; EVP_MD_CTX tmp_ctx; EVP_MD_CTX_init(&tmp_ctx); rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 3242931..2277a91 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -66,15 +66,15 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { unsigned char m[EVP_MAX_MD_SIZE]; - unsigned int m_len; - int i = 0, ok = 0, v; + unsigned int m_len = 0; + int i = 0, ok = 0, v = 0; EVP_PKEY_CTX *pkctx = NULL; if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) { if (!EVP_DigestFinal_ex(ctx, m, &m_len)) goto err; } else { - int rv; + int rv = 0; EVP_MD_CTX tmp_ctx; EVP_MD_CTX_init(&tmp_ctx); rv = EVP_MD_CTX_copy_ex(&tmp_ctx, ctx); diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 143d001..bb3b31e 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -339,7 +339,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, int klen, pem_password_cb *callback, void *u) { EVP_CIPHER_CTX ctx; - int dsize = 0, i, j, ret = 0; + int dsize = 0, i = 0, j = 0, ret = 0; unsigned char *p, *data = NULL; const char *objstr = NULL; char buf[PEM_BUFSIZE]; diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 40a1e61..4538b8b 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -842,7 +842,7 @@ static int check_trust(X509_STORE_CTX *ctx) static int check_revocation(X509_STORE_CTX *ctx) { - int i, last, ok; + int i = 0, last = 0, ok = 0; if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK)) return 1; if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL) @@ -865,9 +865,9 @@ static int check_revocation(X509_STORE_CTX *ctx) static int check_cert(X509_STORE_CTX *ctx) { X509_CRL *crl = NULL, *dcrl = NULL; - X509 *x; - int ok, cnum; - unsigned int last_reasons; + X509 *x = NULL; + int ok = 0, cnum = 0; + unsigned int last_reasons = 0; cnum = ctx->error_depth; x = sk_X509_value(ctx->chain, cnum); ctx->current_cert = x; diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index fecf765..cdc1346 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -945,7 +945,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, CONF_VALUE *val = sk_CONF_VALUE_value(values, i); unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN]; unsigned afi, *safi = NULL, safi_; - const char *addr_chars; + const char *addr_chars = NULL; int prefixlen, i1, i2, delim, length; if (!name_cmp(val->name, "IPv4")) { diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index d7f5848..26ca158 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -553,7 +553,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { CONF_VALUE *val = sk_CONF_VALUE_value(values, i); - int i1, i2, i3, is_range, which; + int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0; /* * Figure out whether this is an AS or an RDI. diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 0997d59..bb1146e 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -267,7 +267,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, X509V3_CTX *ctx) { unsigned char *ext_der = NULL; - long ext_len; + long ext_len = 0; ASN1_OBJECT *obj = NULL; ASN1_OCTET_STRING *oct = NULL; X509_EXTENSION *extension = NULL; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7af9c7e..9068195 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2720,7 +2720,7 @@ int tls1_set_server_sigalgs(SSL *s) int ssl_check_clienthello_tlsext_late(SSL *s) { int ret = SSL_TLSEXT_ERR_OK; - int al; + int al = SSL_AD_INTERNAL_ERROR; /* * If status request then ask callback what to do. Note: this must be diff --git a/test/evp_test.c b/test/evp_test.c index 0bba274..51fc6af 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -361,12 +361,12 @@ static int check_unsupported() static int process_test(struct evp_test *t, char *buf, int verbose) { - char *keyword, *value; + char *keyword = NULL, *value = NULL; int rv = 0, add_key = 0; - long save_pos; - struct key_list **lst, *key; + long save_pos = 0; + struct key_list **lst = NULL, *key = NULL; EVP_PKEY *pk = NULL; - const struct evp_test_method *tmeth; + const struct evp_test_method *tmeth = NULL; if (verbose) fputs(buf, stdout); if (!parse_line(&keyword, &value, buf)) From steve at openssl.org Wed May 6 13:22:14 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 06 May 2015 13:22:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430918534.808277.8817.nullmailer@dev.openssl.org> The branch master has been updated via 656b26055c713cb5623f26b415f6aeec6fb24c6f (commit) from 4c9b0a0314c8bab3c9faeac06d0aa734836b2f81 (commit) - Log ----------------------------------------------------------------- commit 656b26055c713cb5623f26b415f6aeec6fb24c6f Author: Dr. Stephen Henson Date: Sun Apr 26 13:56:40 2015 +0100 SSL_CONF table reorganisation. Add command line switch entries to table and return SSL_CONF_TYPE_NONE for them in SSL_CONF_cmd_value_type. Update docs. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CONF_cmd.pod | 9 ++ include/openssl/ssl.h | 1 + ssl/ssl_conf.c | 239 ++++++++++++++++++++++++++++------------------- 3 files changed, 154 insertions(+), 95 deletions(-) diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index c4f1309..dbdacd1 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -332,6 +332,11 @@ The value is a file name. The value is a directory name. +=item B + +The value string is not used e.g. a command line option which doesn't take an +argument. + =back =head1 NOTES @@ -438,4 +443,8 @@ SSL_CONF_cmd() was first added to OpenSSL 1.0.2 B doesn't have effect anymore since 1.1.0 but the define is kept for backward compatibility. +B was first added to OpenSSL 1.1.0. In earlier versions of +OpenSSL passing a command which didn't take an argument would return +B. + =cut diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index d99e9f2..eb67cb0 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -594,6 +594,7 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, # define SSL_CONF_TYPE_STRING 0x1 # define SSL_CONF_TYPE_FILE 0x2 # define SSL_CONF_TYPE_DIR 0x3 +# define SSL_CONF_TYPE_NONE 0x4 /* * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index a14f564..c920af5 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -68,7 +68,7 @@ /* * structure holding name tables. This is used for pemitted elements in lists - * such as TLSv1 and single command line switches such as no_tls1 + * such as TLSv1. */ typedef struct { @@ -78,6 +78,12 @@ typedef struct { unsigned long option_value; } ssl_flag_tbl; +/* Switch table: use for single command line switches like no_tls2 */ +typedef struct { + unsigned long option_value; + unsigned int name_flags; +} ssl_switch_tbl; + /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */ #define SSL_TFLAG_INV 0x1 /* Flags refers to cert_flags not options */ @@ -129,6 +135,26 @@ struct ssl_conf_ctx_st { size_t ntbl; }; +static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags, + unsigned long option_value, int onoff) +{ + if (cctx->poptions == NULL) + return; + if (name_flags & SSL_TFLAG_INV) + onoff ^= 1; + if (name_flags & SSL_TFLAG_CERT) { + if (onoff) + *cctx->pcert_flags |= option_value; + else + *cctx->pcert_flags &= ~option_value; + } else { + if (onoff) + *cctx->poptions |= option_value; + else + *cctx->poptions &= ~option_value; + } +} + static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, const char *name, int namelen, int onoff) { @@ -141,21 +167,7 @@ static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl, } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen)) return 0; - if (cctx->poptions) { - if (tbl->name_flags & SSL_TFLAG_INV) - onoff ^= 1; - if (tbl->name_flags & SSL_TFLAG_CERT) { - if (onoff) - *cctx->pcert_flags |= tbl->option_value; - else - *cctx->pcert_flags &= ~tbl->option_value; - } else { - if (onoff) - *cctx->poptions |= tbl->option_value; - else - *cctx->poptions &= ~tbl->option_value; - } - } + ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff); return 1; } @@ -189,41 +201,6 @@ static int ssl_set_option_list(const char *elem, int len, void *usr) return 0; } -/* Single command line switches with no argument e.g. -no_ssl3 */ -static int ctrl_str_option(SSL_CONF_CTX *cctx, const char *cmd) -{ - /* See apps/apps.h if you change this table. */ - static const ssl_flag_tbl ssl_option_single[] = { - SSL_FLAG_TBL("no_ssl3", SSL_OP_NO_SSLv3), - SSL_FLAG_TBL("no_tls1", SSL_OP_NO_TLSv1), - SSL_FLAG_TBL("no_tls1_1", SSL_OP_NO_TLSv1_1), - SSL_FLAG_TBL("no_tls1_2", SSL_OP_NO_TLSv1_2), - SSL_FLAG_TBL("bugs", SSL_OP_ALL), - SSL_FLAG_TBL("no_comp", SSL_OP_NO_COMPRESSION), - SSL_FLAG_TBL_SRV("ecdh_single", SSL_OP_SINGLE_ECDH_USE), -#ifndef OPENSSL_NO_TLSEXT - SSL_FLAG_TBL("no_ticket", SSL_OP_NO_TICKET), -#endif - SSL_FLAG_TBL_SRV("serverpref", SSL_OP_CIPHER_SERVER_PREFERENCE), - SSL_FLAG_TBL("legacy_renegotiation", - SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), - SSL_FLAG_TBL_SRV("legacy_server_connect", - SSL_OP_LEGACY_SERVER_CONNECT), - SSL_FLAG_TBL_SRV("no_resumption_on_reneg", - SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION), - SSL_FLAG_TBL_SRV_INV("no_legacy_server_connect", - SSL_OP_LEGACY_SERVER_CONNECT), - SSL_FLAG_TBL_CERT("strict", SSL_CERT_FLAG_TLS_STRICT), -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL - SSL_FLAG_TBL_CERT("debug_broken_protocol", - SSL_CERT_FLAG_BROKEN_PROTOCOL), -#endif - }; - cctx->tbl = ssl_option_single; - cctx->ntbl = OSSL_NELEM(ssl_option_single); - return ssl_set_option_list(cmd, -1, cctx); -} - /* Set supported signature algorithms */ static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value) { @@ -265,8 +242,6 @@ static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value) static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) { int onoff = -1, rv = 1; - if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) - return -2; if (cctx->flags & SSL_CONF_FLAG_FILE) { if (*value == '+') { onoff = 1; @@ -332,8 +307,6 @@ static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1), SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2) }; - if (!(cctx->flags & SSL_CONF_FLAG_FILE)) - return -2; cctx->tbl = ssl_protocol_list; cctx->ntbl = OSSL_NELEM(ssl_protocol_list); return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx); @@ -355,8 +328,6 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value) SSL_FLAG_TBL("UnsafeLegacyRenegotiation", SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION), }; - if (!(cctx->flags & SSL_CONF_FLAG_FILE)) - return -2; if (value == NULL) return -3; cctx->tbl = ssl_option_list; @@ -368,8 +339,6 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; CERT *c = NULL; - if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) - return -2; if (cctx->ctx) { rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value); c = cctx->ctx->cert; @@ -404,10 +373,6 @@ static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value) static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value) { int rv = 1; - if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) - return -2; - if (!(cctx->flags & SSL_CONF_FLAG_SERVER)) - return -2; if (cctx->ctx) rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value); return rv > 0; @@ -419,8 +384,6 @@ static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value) int rv = 0; DH *dh = NULL; BIO *in = NULL; - if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE)) - return -2; if (cctx->ctx || cctx->ssl) { in = BIO_new(BIO_s_file_internal()); if (!in) @@ -446,33 +409,89 @@ typedef struct { int (*cmd) (SSL_CONF_CTX *cctx, const char *value); const char *str_file; const char *str_cmdline; - unsigned int value_type; + unsigned short flags; + unsigned short value_type; } ssl_conf_cmd_tbl; /* Table of supported parameters */ -#define SSL_CONF_CMD(name, cmdopt, type) \ - {cmd_##name, #name, cmdopt, type} +#define SSL_CONF_CMD(name, cmdopt, flags, type) \ + {cmd_##name, #name, cmdopt, flags, type} + +#define SSL_CONF_CMD_STRING(name, cmdopt, flags) \ + SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING) -#define SSL_CONF_CMD_STRING(name, cmdopt) \ - SSL_CONF_CMD(name, cmdopt, SSL_CONF_TYPE_STRING) +#define SSL_CONF_CMD_SWITCH(name, flags) \ + {0, NULL, name, flags, SSL_CONF_TYPE_NONE} /* See apps/apps.h if you change this table. */ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { - SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs"), - SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs"), - SSL_CONF_CMD_STRING(Curves, "curves"), + SSL_CONF_CMD_SWITCH("no_ssl3", 0), + SSL_CONF_CMD_SWITCH("no_tls1", 0), + SSL_CONF_CMD_SWITCH("no_tls1_1", 0), + SSL_CONF_CMD_SWITCH("no_tls1_2", 0), + SSL_CONF_CMD_SWITCH("bugs", 0), + SSL_CONF_CMD_SWITCH("no_comp", 0), + SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER), +#ifndef OPENSSL_NO_TLSEXT + SSL_CONF_CMD_SWITCH("no_ticket", 0), +#endif + SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0), + SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER), + SSL_CONF_CMD_SWITCH("strict", 0), +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + SSL_CONF_CMD_SWITCH("debug_broken_protocol", 0), +#endif + SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0), + SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0), + SSL_CONF_CMD_STRING(Curves, "curves", 0), #ifndef OPENSSL_NO_EC - SSL_CONF_CMD_STRING(ECDHParameters, "named_curve"), + SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER), #endif - SSL_CONF_CMD_STRING(CipherString, "cipher"), - SSL_CONF_CMD_STRING(Protocol, NULL), - SSL_CONF_CMD_STRING(Options, NULL), - SSL_CONF_CMD(Certificate, "cert", SSL_CONF_TYPE_FILE), - SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_TYPE_FILE), - SSL_CONF_CMD(ServerInfoFile, NULL, SSL_CONF_TYPE_FILE), + SSL_CONF_CMD_STRING(CipherString, "cipher", 0), + SSL_CONF_CMD_STRING(Protocol, NULL, 0), + SSL_CONF_CMD_STRING(Options, NULL, 0), + SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), + SSL_CONF_CMD(ServerInfoFile, NULL, + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE), #ifndef OPENSSL_NO_DH - SSL_CONF_CMD(DHParameters, "dhparam", SSL_CONF_TYPE_FILE) + SSL_CONF_CMD(DHParameters, "dhparam", + SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE, + SSL_CONF_TYPE_FILE) +#endif +}; + +/* Supported switches: must match order of switches in ssl_conf_cmds */ +static const ssl_switch_tbl ssl_cmd_switches[] = { + {SSL_OP_NO_SSLv3, 0}, /* no_ssl3 */ + {SSL_OP_NO_TLSv1, 0}, /* no_tls1 */ + {SSL_OP_NO_TLSv1_1, 0}, /* no_tls1_1 */ + {SSL_OP_NO_TLSv1_2, 0}, /* no_tls1_2 */ + {SSL_OP_ALL, 0}, /* bugs */ + {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ + {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ +#ifndef OPENSSL_NO_TLSEXT + {SSL_OP_NO_TICKET, 0}, /* no_ticket */ +#endif + {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ + /* legacy_renegotiation */ + {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, + /* legacy_server_connect */ + {SSL_OP_LEGACY_SERVER_CONNECT, 0}, + /* no_resumption_on_reneg */ + {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0}, + /* no_legacy_server_connect */ + {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV}, + {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */ +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + {SSL_CERT_FLAG_BROKEN_PROTOCOL, SSL_TFLAG_CERT} /* debug_broken_protocol */ #endif }; @@ -499,6 +518,22 @@ static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd) return 1; } +/* Determine if a command is allowed according to cctx flags */ +static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, + const ssl_conf_cmd_tbl * t) +{ + unsigned int tfl = t->flags; + unsigned int cfl = cctx->flags; + if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER)) + return 0; + if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT)) + return 0; + if ((tfl & SSL_CONF_FLAG_CERTIFICATE) + && !(cfl & SSL_CONF_FLAG_CERTIFICATE)) + return 0; + return 1; +} + static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, const char *cmd) { @@ -509,18 +544,35 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, /* Look for matching parameter name in table */ for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) { - if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { - if (t->str_cmdline && !strcmp(t->str_cmdline, cmd)) - return t; - } - if (cctx->flags & SSL_CONF_FLAG_FILE) { - if (t->str_file && !strcasecmp(t->str_file, cmd)) - return t; + if (ssl_conf_cmd_allowed(cctx, t)) { + if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { + if (t->str_cmdline && !strcmp(t->str_cmdline, cmd)) + return t; + } + if (cctx->flags & SSL_CONF_FLAG_FILE) { + if (t->str_file && !strcasecmp(t->str_file, cmd)) + return t; + } } } return NULL; } +static int ctrl_switch_option(SSL_CONF_CTX *cctx, + const ssl_conf_cmd_tbl * cmd) +{ + /* Find index of command in table */ + size_t idx = cmd - ssl_conf_cmds; + const ssl_switch_tbl *scmd; + /* Sanity check index */ + if (idx >= OSSL_NELEM(ssl_cmd_switches)) + return 0; + /* Obtain switches entry with same index */ + scmd = ssl_cmd_switches + idx; + ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); + return 1; +} + int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) { const ssl_conf_cmd_tbl *runcmd; @@ -536,6 +588,9 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) if (runcmd) { int rv; + if (runcmd->value_type == SSL_CONF_TYPE_NONE) { + return ctrl_switch_option(cctx, runcmd); + } if (value == NULL) return -3; rv = runcmd->cmd(cctx, value); @@ -550,11 +605,6 @@ int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value) return 0; } - if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { - if (ctrl_str_option(cctx, cmd)) - return 1; - } - if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) { SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME); ERR_add_error_data(2, "cmd=", cmd); @@ -656,9 +706,8 @@ void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx) { if (cctx) { size_t i; - for (i = 0; i < SSL_PKEY_NUM; i++) { + for (i = 0; i < SSL_PKEY_NUM; i++) OPENSSL_free(cctx->cert_filename[i]); - } OPENSSL_free(cctx->prefix); OPENSSL_free(cctx); } From levitte at openssl.org Wed May 6 17:44:15 2015 From: levitte at openssl.org (Richard Levitte) Date: Wed, 06 May 2015 17:44:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430934255.642053.4659.nullmailer@dev.openssl.org> The branch master has been updated via 5c4e3a4e60f7d92ef829eb70071e29270b7b6653 (commit) via 2455eaf43f29cf11a949b965d7aa5b2ed816dd5c (commit) from 656b26055c713cb5623f26b415f6aeec6fb24c6f (commit) - Log ----------------------------------------------------------------- commit 5c4e3a4e60f7d92ef829eb70071e29270b7b6653 Author: Richard Levitte Date: Wed May 6 18:50:57 2015 +0200 Make -CAserial a type 's' option The file name given to -CAserial might not exist yet. The -CAcreateserial option decides if this is ok or not. Previous to this change, -CAserial was a type '<' option, and in that case, the existence of the file given as argument is tested quite early, and is a failure if it doesn't. With the type 's' option, the argument is just a string that the application can do whatever it wants with. Reviewed-by: Rich Salz commit 2455eaf43f29cf11a949b965d7aa5b2ed816dd5c Author: Richard Levitte Date: Wed May 6 18:48:48 2015 +0200 Add a -CAserial argument for signing the user cert request This is just to make sure that option is tested on a Unix build. This option is already present in ms/testss.bat, so it's an easy steal. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/x509.c | 2 +- test/testss | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/apps/x509.c b/apps/x509.c index fe9b109..5938b43 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -175,7 +175,7 @@ OPTIONS x509_options[] = { "The CA key, must be PEM format; if not in CAfile"}, {"CAcreateserial", OPT_CACREATESERIAL, '-', "Create serial number file if it does not exist"}, - {"CAserial", OPT_CASERIAL, '<', "Serial file"}, + {"CAserial", OPT_CASERIAL, 's', "Serial file"}, {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"}, {"text", OPT_TEXT, '-', "Print the certificate in text form"}, {"C", OPT_C, '-', "Print out C code forms"}, diff --git a/test/testss b/test/testss index 3afeb11..0f2f6dd 100644 --- a/test/testss +++ b/test/testss @@ -9,6 +9,7 @@ OPENSSL_CONF=/dev/null ; export OPENSSL_CONF CAkey="keyCA.ss" CAcert="certCA.ss" +CAserial="certCA.srl" CAreq="reqCA.ss" CAconf="CAss.cnf" CAreq2="req2CA.ss" # temp @@ -61,7 +62,7 @@ echo make a user cert request $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss || exit 1 echo sign user cert request -$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss || exit 1 +$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -CAserial $CAserial -extfile $Uconf -extensions v3_ee >err.ss || exit 1 $verifycmd -CAfile $CAcert $Ucert || exit 1 echo Certificate details From rsalz at openssl.org Wed May 6 20:51:00 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 06 May 2015 20:51:00 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430945460.590041.20476.nullmailer@dev.openssl.org> The branch master has been updated via 45ebd7312874548904f3e438b39704d0134c7a1b (commit) from 5c4e3a4e60f7d92ef829eb70071e29270b7b6653 (commit) - Log ----------------------------------------------------------------- commit 45ebd7312874548904f3e438b39704d0134c7a1b Author: Rich Salz Date: Wed May 6 16:03:07 2015 -0400 Make sig_app, sigx_app static Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_xref.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crypto/objects/obj_xref.c b/crypto/objects/obj_xref.c index 44471a3..da3469f 100644 --- a/crypto/objects/obj_xref.c +++ b/crypto/objects/obj_xref.c @@ -62,7 +62,8 @@ #include "e_os.h" DECLARE_STACK_OF(nid_triple) -STACK_OF(nid_triple) *sig_app, *sigx_app; + +static STACK_OF(nid_triple) *sig_app, *sigx_app; static int sig_cmp(const nid_triple *a, const nid_triple *b) { From steve at openssl.org Wed May 6 23:41:43 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 06 May 2015 23:41:43 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430955703.810000.2854.nullmailer@dev.openssl.org> The branch master has been updated via dab18ab596acb35eff2545643e25757e4f9cd777 (commit) from 45ebd7312874548904f3e438b39704d0134c7a1b (commit) - Log ----------------------------------------------------------------- commit dab18ab596acb35eff2545643e25757e4f9cd777 Author: Dr. Stephen Henson Date: Thu May 7 00:04:48 2015 +0100 Digest cached records if not sending a certificate. If server requests a certificate, but the client doesn't send one, cache digested records. This is an optimisation and ensures the correct finished mac is used when extended master secret is used with client authentication. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ea4503f..86b7994 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3348,6 +3348,11 @@ int ssl3_send_client_certificate(SSL *s) return (1); } else { s->s3->tmp.cert_req = 2; + if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s)) { + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); + s->state = SSL_ST_ERR; + return 0; + } } } From rsalz at openssl.org Thu May 7 02:38:09 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 07 May 2015 02:38:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1430966289.611520.17781.nullmailer@dev.openssl.org> The branch master has been updated via 86885c289580066792415218754bd935b449f170 (commit) from dab18ab596acb35eff2545643e25757e4f9cd777 (commit) - Log ----------------------------------------------------------------- commit 86885c289580066792415218754bd935b449f170 Author: Rich Salz Date: Wed May 6 14:56:14 2015 -0400 Use "==0" instead of "!strcmp" etc For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 21 +++++++++-------- apps/ca.c | 8 +++---- apps/ecparam.c | 4 ++-- apps/pkcs12.c | 2 +- apps/req.c | 6 ++--- apps/s_cb.c | 4 ++-- apps/s_server.c | 2 +- apps/speed.c | 12 +++++----- apps/srp.c | 6 ++--- crypto/asn1/a_strnid.c | 10 ++++---- crypto/asn1/ameth_lib.c | 4 ++-- crypto/asn1/asn1_gen.c | 12 +++++----- crypto/asn1/asn_mime.c | 7 +++--- crypto/asn1/asn_mstbl.c | 12 +++++----- crypto/asn1/t_bitst.c | 3 ++- crypto/cmac/cm_pmeth.c | 6 ++--- crypto/conf/conf_mod.c | 2 +- crypto/dh/dh_pmeth.c | 10 ++++---- crypto/dsa/dsa_pmeth.c | 6 ++--- crypto/ec/ec_curve.c | 2 +- crypto/ec/ec_pmeth.c | 12 +++++----- crypto/engine/eng_cnf.c | 12 +++++----- crypto/engine/eng_fat.c | 24 +++++++++---------- crypto/engine/eng_openssl.c | 4 ++-- crypto/engine/tb_asnmth.c | 8 +++---- crypto/evp/evp_cnf.c | 2 +- crypto/evp/pmeth_lib.c | 2 +- crypto/hmac/hm_pmeth.c | 4 ++-- crypto/ocsp/ocsp_lib.c | 4 ++-- crypto/pem/pem_lib.c | 42 ++++++++++++++++++--------------- crypto/pem/pem_pkey.c | 2 +- crypto/rsa/rsa_pmeth.c | 28 +++++++++++----------- crypto/x509v3/v3_addr.c | 2 +- crypto/x509v3/v3_akey.c | 8 +++---- crypto/x509v3/v3_alt.c | 12 +++++----- crypto/x509v3/v3_asid.c | 2 +- crypto/x509v3/v3_bcons.c | 4 ++-- crypto/x509v3/v3_bitst.c | 4 ++-- crypto/x509v3/v3_conf.c | 4 ++-- crypto/x509v3/v3_cpols.c | 10 ++++---- crypto/x509v3/v3_crld.c | 21 +++++++++-------- crypto/x509v3/v3_ncons.c | 9 +++---- crypto/x509v3/v3_pcons.c | 4 ++-- crypto/x509v3/v3_purp.c | 2 +- crypto/x509v3/v3_utl.c | 19 ++++++++++----- demos/bio/client-arg.c | 2 +- demos/bio/client-conf.c | 2 +- demos/bio/server-arg.c | 2 +- demos/bio/server-conf.c | 2 +- engines/ccgost/gost_pmeth.c | 10 ++++---- engines/ccgost/gostsum.c | 2 +- ssl/d1_srtp.c | 4 ++-- ssl/ssl_ciph.c | 16 ++++++------- ssl/ssl_conf.c | 8 +++---- ssl/t1_lib.c | 6 ++--- test/evp_test.c | 57 +++++++++++++++++++++++---------------------- test/ssltest.c | 2 +- 57 files changed, 258 insertions(+), 239 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 215acb1..1c182ba 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -428,9 +428,10 @@ static char *app_get_pass(char *arg, int keepbio) char *tmp, tpass[APP_PASS_LEN]; static BIO *pwdbio = NULL; int i; - if (!strncmp(arg, "pass:", 5)) + + if (strncmp(arg, "pass:", 5) == 0) return BUF_strdup(arg + 5); - if (!strncmp(arg, "env:", 4)) { + if (strncmp(arg, "env:", 4) == 0) { tmp = getenv(arg + 4); if (!tmp) { BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4); @@ -439,7 +440,7 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tmp); } if (!keepbio || !pwdbio) { - if (!strncmp(arg, "file:", 5)) { + if (strncmp(arg, "file:", 5) == 0) { pwdbio = BIO_new_file(arg + 5, "r"); if (!pwdbio) { BIO_printf(bio_err, "Can't open file %s\n", arg + 5); @@ -454,7 +455,7 @@ static char *app_get_pass(char *arg, int keepbio) * on real Windows descriptors, such as those obtained * with CreateFile. */ - } else if (!strncmp(arg, "fd:", 3)) { + } else if (strncmp(arg, "fd:", 3) == 0) { BIO *btmp; i = atoi(arg + 3); if (i >= 0) @@ -469,7 +470,7 @@ static char *app_get_pass(char *arg, int keepbio) btmp = BIO_new(BIO_f_buffer()); pwdbio = BIO_push(btmp, pwdbio); #endif - } else if (!strcmp(arg, "stdin")) { + } else if (strcmp(arg, "stdin") == 0) { pwdbio = dup_bio_in(); if (!pwdbio) { BIO_printf(bio_err, "Can't open BIO for stdin\n"); @@ -1083,11 +1084,11 @@ int set_name_ex(unsigned long *flags, const char *arg) int set_ext_copy(int *copy_type, const char *arg) { - if (!strcasecmp(arg, "none")) + if (strcasecmp(arg, "none") == 0) *copy_type = EXT_COPY_NONE; - else if (!strcasecmp(arg, "copy")) + else if (strcasecmp(arg, "copy") == 0) *copy_type = EXT_COPY_ADD; - else if (!strcasecmp(arg, "copyall")) + else if (strcasecmp(arg, "copyall") == 0) *copy_type = EXT_COPY_ALL; else return 0; @@ -1169,7 +1170,7 @@ static int set_table_opts(unsigned long *flags, const char *arg, c = 1; for (ptbl = in_tbl; ptbl->name; ptbl++) { - if (!strcasecmp(arg, ptbl->name)) { + if (strcasecmp(arg, ptbl->name) == 0) { *flags &= ~ptbl->mask; if (c) *flags |= ptbl->flag; @@ -2279,7 +2280,7 @@ static const char *get_dp_url(DIST_POINT *dp) uri = GENERAL_NAME_get0_value(gen, >ype); if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) { char *uptr = (char *)ASN1_STRING_data(uri); - if (!strncmp(uptr, "http://", 7)) + if (strncmp(uptr, "http://", 7) == 0) return uptr; } } diff --git a/apps/ca.c b/apps/ca.c index abce534..d7a9aca 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -569,7 +569,7 @@ end_of_options: f = NCONF_get_string(conf, section, UTF8_IN); if (!f) ERR_clear_error(); - else if (!strcmp(f, "yes")) + else if (strcmp(f, "yes") == 0) chtype = MBSTRING_UTF8; } @@ -841,7 +841,7 @@ end_of_options: goto end; } - if (!strcmp(md, "default")) { + if (strcmp(md, "default") == 0) { int def_nid; if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) { BIO_puts(bio_err, "no default digest\n"); @@ -2419,7 +2419,7 @@ char *make_revocation_str(int rev_type, char *rev_arg) case REV_CRL_REASON: for (i = 0; i < 8; i++) { - if (!strcasecmp(rev_arg, crl_reasons[i])) { + if (strcasecmp(rev_arg, crl_reasons[i]) == 0) { reason = crl_reasons[i]; break; } @@ -2637,7 +2637,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold, } if (reason_str) { for (i = 0; i < NUM_REASONS; i++) { - if (!strcasecmp(reason_str, crl_reasons[i])) { + if (strcasecmp(reason_str, crl_reasons[i]) == 0) { reason_code = i; break; } diff --git a/apps/ecparam.c b/apps/ecparam.c index 5ceaec7..755b1be 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -265,11 +265,11 @@ int ecparam_main(int argc, char **argv) * are the same as the curves prime192v1 and prime256v1 defined in * X9.62) */ - if (!strcmp(curve_name, "secp192r1")) { + if (strcmp(curve_name, "secp192r1") == 0) { BIO_printf(bio_err, "using curve name prime192v1 " "instead of secp192r1\n"); nid = NID_X9_62_prime192v1; - } else if (!strcmp(curve_name, "secp256r1")) { + } else if (strcmp(curve_name, "secp256r1") == 0) { BIO_printf(bio_err, "using curve name prime256v1 " "instead of secp256r1\n"); nid = NID_X9_62_prime256v1; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 0a4ee3e..67d33a2 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -836,7 +836,7 @@ static int set_pbe(int *ppbe, const char *str) { if (!str) return 0; - if (!strcmp(str, "NONE")) { + if (strcmp(str, "NONE") == 0) { *ppbe = -1; return 1; } diff --git a/apps/req.c b/apps/req.c index b9dc35c..225474b 100644 --- a/apps/req.c +++ b/apps/req.c @@ -477,7 +477,7 @@ int req_main(int argc, char **argv) p = NCONF_get_string(req_conf, SECTION, UTF8_IN); if (!p) ERR_clear_error(); - else if (!strcmp(p, "yes")) + else if (strcmp(p, "yes") == 0) chtype = MBSTRING_UTF8; } @@ -904,7 +904,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, tmp = NCONF_get_string(req_conf, SECTION, PROMPT); if (tmp == NULL) ERR_clear_error(); - if ((tmp != NULL) && !strcmp(tmp, "no")) + if ((tmp != NULL) && strcmp(tmp, "no") == 0) no_prompt = 1; dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME); @@ -1373,7 +1373,7 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, *pkey_type = EVP_PKEY_RSA; keylen = atol(gstr); *pkeylen = keylen; - } else if (!strncmp(gstr, "param:", 6)) + } else if (strncmp(gstr, "param:", 6) == 0) paramfile = gstr + 6; else { const char *p = strchr(gstr, ':'); diff --git a/apps/s_cb.c b/apps/s_cb.c index d371cc9..442b335 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -1392,10 +1392,10 @@ int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, const char *flag = sk_OPENSSL_STRING_value(str, i); const char *arg = sk_OPENSSL_STRING_value(str, i + 1); /* If no_ecdhe or named curve already specified don't need a default. */ - if (!no_ecdhe && !strcmp(flag, "-named_curve")) + if (!no_ecdhe && strcmp(flag, "-named_curve") == 0) no_ecdhe = 1; #ifndef OPENSSL_NO_JPAKE - if (!no_jpake && !strcmp(flag, "-cipher")) { + if (!no_jpake && (strcmp(flag, "-cipher") == 0)) { BIO_puts(bio_err, "JPAKE sets cipher to PSK\n"); return 0; } diff --git a/apps/s_server.c b/apps/s_server.c index 7f8a2a6..ba281e0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -3025,7 +3025,7 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) p--; i--; } - if (!s_ign_eof && i == 5 && !strncmp(buf, "CLOSE", 5)) { + if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) { ret = 1; BIO_printf(bio_err, "CONNECTION CLOSED\n"); goto end; diff --git a/apps/speed.c b/apps/speed.c index 00c7c41..9ab1648 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -2327,7 +2327,7 @@ static int do_multi(int multi) continue; } printf("Got: %s from %d\n", buf, n); - if (!strncmp(buf, "+F:", 3)) { + if (strncmp(buf, "+F:", 3) == 0) { int alg; int j; @@ -2336,7 +2336,7 @@ static int do_multi(int multi) sstrsep(&p, sep); for (j = 0; j < SIZE_NUM; ++j) results[alg][j] += atof(sstrsep(&p, sep)); - } else if (!strncmp(buf, "+F2:", 4)) { + } else if (strncmp(buf, "+F2:", 4) == 0) { int k; double d; @@ -2357,7 +2357,7 @@ static int do_multi(int multi) rsa_results[k][1] = d; } # ifndef OPENSSL_NO_DSA - else if (!strncmp(buf, "+F3:", 4)) { + else if (strncmp(buf, "+F3:", 4) == 0) { int k; double d; @@ -2379,7 +2379,7 @@ static int do_multi(int multi) } # endif # ifndef OPENSSL_NO_EC - else if (!strncmp(buf, "+F4:", 4)) { + else if (strncmp(buf, "+F4:", 4) == 0) { int k; double d; @@ -2404,7 +2404,7 @@ static int do_multi(int multi) # endif # ifndef OPENSSL_NO_EC - else if (!strncmp(buf, "+F5:", 4)) { + else if (strncmp(buf, "+F5:", 4) == 0) { int k; double d; @@ -2421,7 +2421,7 @@ static int do_multi(int multi) } # endif - else if (!strncmp(buf, "+H:", 3)) { + else if (strncmp(buf, "+H:", 3) == 0) { ; } else fprintf(stderr, "Unknown type '%s' from child %d\n", buf, n); diff --git a/apps/srp.c b/apps/srp.c index c7a93cf..111f829 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -88,14 +88,14 @@ static int get_index(CA_DB *db, char *id, char type) for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] == DB_SRP_INDEX - && !strcmp(id, pp[DB_srpid])) + && strcmp(id, pp[DB_srpid]) == 0) return i; } else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { pp = sk_OPENSSL_PSTRING_value(db->db->data, i); if (pp[DB_srptype][0] != DB_SRP_INDEX - && !strcmp(id, pp[DB_srpid])) + && strcmp(id, pp[DB_srpid]) == 0) return i; } @@ -434,7 +434,7 @@ int srp_main(int argc, char **argv) if (pp[DB_srptype][0] == DB_SRP_INDEX) { maxgN = i; - if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid])) + if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0) gNindex = i; print_index(db, i, verbose > 1); diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 071613b..92d4134 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -100,19 +100,19 @@ int ASN1_STRING_set_default_mask_asc(const char *p) { unsigned long mask; char *end; - if (!strncmp(p, "MASK:", 5)) { + if (strncmp(p, "MASK:", 5) == 0) { if (!p[5]) return 0; mask = strtoul(p + 5, &end, 0); if (*end) return 0; - } else if (!strcmp(p, "nombstr")) + } else if (strcmp(p, "nombstr") == 0) mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); - else if (!strcmp(p, "pkix")) + else if (strcmp(p, "pkix") == 0) mask = ~((unsigned long)B_ASN1_T61STRING); - else if (!strcmp(p, "utf8only")) + else if (strcmp(p, "utf8only") == 0) mask = B_ASN1_UTF8STRING; - else if (!strcmp(p, "default")) + else if (strcmp(p, "default") == 0) mask = 0xFFFFFFFFL; else return 0; diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index de70f9b..ce4c0dc 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -221,8 +221,8 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, ameth = EVP_PKEY_asn1_get0(i); if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; - if (((int)strlen(ameth->pem_str) == len) && - !strncasecmp(ameth->pem_str, str, len)) + if (((int)strlen(ameth->pem_str) == len) + && (strncasecmp(ameth->pem_str, str, len) == 0)) return ameth; } return NULL; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index ab82b52..84d85e6 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -375,13 +375,13 @@ static int asn1_cb(const char *elem, int len, void *bitstr) ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); return -1; } - if (!strncmp(vstart, "ASCII", 5)) + if (strncmp(vstart, "ASCII", 5) == 0) arg->format = ASN1_GEN_FORMAT_ASCII; - else if (!strncmp(vstart, "UTF8", 4)) + else if (strncmp(vstart, "UTF8", 4) == 0) arg->format = ASN1_GEN_FORMAT_UTF8; - else if (!strncmp(vstart, "HEX", 3)) + else if (strncmp(vstart, "HEX", 3) == 0) arg->format = ASN1_GEN_FORMAT_HEX; - else if (!strncmp(vstart, "BITLIST", 7)) + else if (strncmp(vstart, "BITLIST", 7) == 0) arg->format = ASN1_GEN_FORMAT_BITLIST; else { ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); @@ -621,7 +621,7 @@ static int asn1_str2tag(const char *tagstr, int len) tntmp = tnst; for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { - if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) + if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0)) return tntmp->tag; } @@ -829,7 +829,7 @@ static int mask_cb(const char *elem, int len, void *arg) int tag; if (elem == NULL) return 0; - if (len == 3 && !strncmp(elem, "DIR", 3)) { + if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { *pmask |= B_ASN1_DIRECTORYSTRING; return 1; } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index da5b417..2fe6cf9 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -440,7 +440,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) /* Handle multipart/signed */ - if (!strcmp(hdr->value, "multipart/signed")) { + if (strcmp(hdr->value, "multipart/signed") == 0) { /* Split into two parts */ prm = mime_param_find(hdr, "boundary"); if (!prm || !prm->param_value) { @@ -971,8 +971,9 @@ static int mime_bound_check(char *line, int linelen, char *bound, int blen) if (blen + 2 > linelen) return 0; /* Check for part boundary */ - if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { - if (!strncmp(line + blen + 2, "--", 2)) + if ((strncmp(line, "--", 2) == 0) + && strncmp(line + 2, bound, blen) == 0) { + if (strncmp(line + blen + 2, "--", 2) == 0) return 2; else return 1; diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index 94ffbd8..9b50d14 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -118,21 +118,21 @@ static int do_tcreate(char *value, char *name) goto err; for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { cnf = sk_CONF_VALUE_value(lst, i); - if (!strcmp(cnf->name, "min")) { + if (strcmp(cnf->name, "min") == 0) { tbl_min = strtoul(cnf->value, &eptr, 0); if (*eptr) goto err; - } else if (!strcmp(cnf->name, "max")) { + } else if (strcmp(cnf->name, "max") == 0) { tbl_max = strtoul(cnf->value, &eptr, 0); if (*eptr) goto err; - } else if (!strcmp(cnf->name, "mask")) { + } else if (strcmp(cnf->name, "mask") == 0) { if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask) goto err; - } else if (!strcmp(cnf->name, "flags")) { - if (!strcmp(cnf->value, "nomask")) + } else if (strcmp(cnf->name, "flags") == 0) { + if (strcmp(cnf->value, "nomask") == 0) tbl_flags = STABLE_NO_MASK; - else if (!strcmp(cnf->value, "none")) + else if (strcmp(cnf->value, "none") == 0) tbl_flags = STABLE_FLAGS_CLEAR; else goto err; diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c index d5cf3c7..83c5af7 100644 --- a/crypto/asn1/t_bitst.c +++ b/crypto/asn1/t_bitst.c @@ -98,7 +98,8 @@ int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) { BIT_STRING_BITNAME *bnam; for (bnam = tbl; bnam->lname; bnam++) { - if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name)) + if ((strcmp(bnam->sname, name) == 0) + || (strcmp(bnam->lname, name) == 0)) return bnam->bitnum; } return -1; diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 389ae5d..013ac57 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -157,18 +157,18 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx, if (!value) { return 0; } - if (!strcmp(type, "key")) { + if (strcmp(type, "key") == 0) { void *p = (void *)value; return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, strlen(p), p); } - if (!strcmp(type, "cipher")) { + if (strcmp(type, "cipher") == 0) { const EVP_CIPHER *c; c = EVP_get_cipherbyname(value); if (!c) return 0; return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c); } - if (!strcmp(type, "hexkey")) { + if (strcmp(type, "hexkey") == 0) { unsigned char *key; int r; long keylen; diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 23d2a58..b01319f 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -319,7 +319,7 @@ static CONF_MODULE *module_find(char *name) for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { tmod = sk_CONF_MODULE_value(supported_modules, i); - if (!strncmp(tmod->name, name, nchar)) + if (strncmp(tmod->name, name, nchar) == 0) return tmod; } diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 1e10364..07d74dc 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -259,12 +259,12 @@ static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (!strcmp(type, "dh_paramgen_prime_len")) { + if (strcmp(type, "dh_paramgen_prime_len") == 0) { int len; len = atoi(value); return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len); } - if (!strcmp(type, "dh_rfc5114")) { + if (strcmp(type, "dh_rfc5114") == 0) { DH_PKEY_CTX *dctx = ctx->data; int len; len = atoi(value); @@ -273,17 +273,17 @@ static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx, dctx->rfc5114_param = len; return 1; } - if (!strcmp(type, "dh_paramgen_generator")) { + if (strcmp(type, "dh_paramgen_generator") == 0) { int len; len = atoi(value); return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len); } - if (!strcmp(type, "dh_paramgen_subprime_len")) { + if (strcmp(type, "dh_paramgen_subprime_len") == 0) { int len; len = atoi(value); return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len); } - if (!strcmp(type, "dh_paramgen_type")) { + if (strcmp(type, "dh_paramgen_type") == 0) { int typ; typ = atoi(value); return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ); diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 853612a..1bb3683 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -218,18 +218,18 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (!strcmp(type, "dsa_paramgen_bits")) { + if (strcmp(type, "dsa_paramgen_bits") == 0) { int nbits; nbits = atoi(value); return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits); } - if (!strcmp(type, "dsa_paramgen_q_bits")) { + if (strcmp(type, "dsa_paramgen_q_bits") == 0) { int qbits = atoi(value); return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL); } - if (!strcmp(type, "dsa_paramgen_md")) { + if (strcmp(type, "dsa_paramgen_md") == 0) { return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)EVP_get_digestbyname(value)); diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index d0f1fcb..8f9308d 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3206,7 +3206,7 @@ int EC_curve_nist2nid(const char *name) { size_t i; for (i = 0; i < OSSL_NELEM(nist_curves); i++) { - if (!strcmp(nist_curves[i].name, name)) + if (strcmp(nist_curves[i].name, name) == 0) return nist_curves[i].nid; } return NID_undef; diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 3fbeac5..37d3efb 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -404,7 +404,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (!strcmp(type, "ec_paramgen_curve")) { + if (strcmp(type, "ec_paramgen_curve") == 0) { int nid; nid = EC_curve_nist2nid(value); if (nid == NID_undef) @@ -416,23 +416,23 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, return 0; } return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); - } else if (!strcmp(type, "ec_param_enc")) { + } else if (strcmp(type, "ec_param_enc") == 0) { int param_enc; - if (!strcmp(value, "explicit")) + if (strcmp(value, "explicit") == 0) param_enc = 0; - else if (!strcmp(value, "named_curve")) + else if (strcmp(value, "named_curve") == 0) param_enc = OPENSSL_EC_NAMED_CURVE; else return -2; return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); - } else if (!strcmp(type, "ecdh_kdf_md")) { + } else if (strcmp(type, "ecdh_kdf_md") == 0) { const EVP_MD *md; if (!(md = EVP_get_digestbyname(value))) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST); return 0; } return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md); - } else if (!strcmp(type, "ecdh_cofactor_mode")) { + } else if (strcmp(type, "ecdh_cofactor_mode") == 0) { int co_mode; co_mode = atoi(value); return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode); diff --git a/crypto/engine/eng_cnf.c b/crypto/engine/eng_cnf.c index e84281f..ca45af5 100644 --- a/crypto/engine/eng_cnf.c +++ b/crypto/engine/eng_cnf.c @@ -124,12 +124,12 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) /* First handle some special pseudo ctrls */ /* Override engine name to use */ - if (!strcmp(ctrlname, "engine_id")) + if (strcmp(ctrlname, "engine_id") == 0) name = ctrlvalue; - else if (!strcmp(ctrlname, "soft_load")) + else if (strcmp(ctrlname, "soft_load") == 0) soft = 1; /* Load a dynamic ENGINE */ - else if (!strcmp(ctrlname, "dynamic_path")) { + else if (strcmp(ctrlname, "dynamic_path") == 0) { e = ENGINE_by_id("dynamic"); if (!e) goto err; @@ -159,9 +159,9 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) * Allow "EMPTY" to mean no value: this allows a valid "value" to * be passed to ctrls of type NO_INPUT */ - if (!strcmp(ctrlvalue, "EMPTY")) + if (strcmp(ctrlvalue, "EMPTY") == 0) ctrlvalue = NULL; - if (!strcmp(ctrlname, "init")) { + if (strcmp(ctrlname, "init") == 0) { if (!NCONF_get_number_e(cnf, value, "init", &do_init)) goto err; if (do_init == 1) { @@ -172,7 +172,7 @@ static int int_engine_configure(char *name, char *value, const CONF *cnf) ENGINE_R_INVALID_INIT_VALUE); goto err; } - } else if (!strcmp(ctrlname, "default_algorithms")) { + } else if (strcmp(ctrlname, "default_algorithms") == 0) { if (!ENGINE_set_default_string(e, ctrlvalue)) goto err; } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0)) diff --git a/crypto/engine/eng_fat.c b/crypto/engine/eng_fat.c index af353bd..e0c8f96 100644 --- a/crypto/engine/eng_fat.c +++ b/crypto/engine/eng_fat.c @@ -103,29 +103,29 @@ static int int_def_cb(const char *alg, int len, void *arg) unsigned int *pflags = arg; if (alg == NULL) return 0; - if (!strncmp(alg, "ALL", len)) + if (strncmp(alg, "ALL", len) == 0) *pflags |= ENGINE_METHOD_ALL; - else if (!strncmp(alg, "RSA", len)) + else if (strncmp(alg, "RSA", len) == 0) *pflags |= ENGINE_METHOD_RSA; - else if (!strncmp(alg, "DSA", len)) + else if (strncmp(alg, "DSA", len) == 0) *pflags |= ENGINE_METHOD_DSA; - else if (!strncmp(alg, "ECDH", len)) + else if (strncmp(alg, "ECDH", len) == 0) *pflags |= ENGINE_METHOD_ECDH; - else if (!strncmp(alg, "ECDSA", len)) + else if (strncmp(alg, "ECDSA", len) == 0) *pflags |= ENGINE_METHOD_ECDSA; - else if (!strncmp(alg, "DH", len)) + else if (strncmp(alg, "DH", len) == 0) *pflags |= ENGINE_METHOD_DH; - else if (!strncmp(alg, "RAND", len)) + else if (strncmp(alg, "RAND", len) == 0) *pflags |= ENGINE_METHOD_RAND; - else if (!strncmp(alg, "CIPHERS", len)) + else if (strncmp(alg, "CIPHERS", len) == 0) *pflags |= ENGINE_METHOD_CIPHERS; - else if (!strncmp(alg, "DIGESTS", len)) + else if (strncmp(alg, "DIGESTS", len) == 0) *pflags |= ENGINE_METHOD_DIGESTS; - else if (!strncmp(alg, "PKEY", len)) + else if (strncmp(alg, "PKEY", len) == 0) *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS; - else if (!strncmp(alg, "PKEY_CRYPTO", len)) + else if (strncmp(alg, "PKEY_CRYPTO", len) == 0) *pflags |= ENGINE_METHOD_PKEY_METHS; - else if (!strncmp(alg, "PKEY_ASN1", len)) + else if (strncmp(alg, "PKEY_ASN1", len) == 0) *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS; else return 0; diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index e9bdd01..560c9b3 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -556,11 +556,11 @@ static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx, if (!value) { return 0; } - if (!strcmp(type, "key")) { + if (strcmp(type, "key") == 0) { void *p = (void *)value; return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); } - if (!strcmp(type, "hexkey")) { + if (strcmp(type, "hexkey") == 0) { unsigned char *key; int r; long keylen; diff --git a/crypto/engine/tb_asnmth.c b/crypto/engine/tb_asnmth.c index 4685fcf..407023f 100644 --- a/crypto/engine/tb_asnmth.c +++ b/crypto/engine/tb_asnmth.c @@ -191,8 +191,8 @@ const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e, nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0); for (i = 0; i < nidcount; i++) { e->pkey_asn1_meths(e, &ameth, NULL, nids[i]); - if (((int)strlen(ameth->pem_str) == len) && - !strncasecmp(ameth->pem_str, str, len)) + if (((int)strlen(ameth->pem_str) == len) + && strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } return NULL; @@ -215,8 +215,8 @@ static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg) ENGINE *e = sk_ENGINE_value(sk, i); EVP_PKEY_ASN1_METHOD *ameth; e->pkey_asn1_meths(e, &ameth, NULL, nid); - if (((int)strlen(ameth->pem_str) == lk->len) && - !strncasecmp(ameth->pem_str, lk->str, lk->len)) { + if (((int)strlen(ameth->pem_str) == lk->len) + && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) { lk->e = e; lk->ameth = ameth; return; diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 31a9054..3073091 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -81,7 +81,7 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) } for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { oval = sk_CONF_VALUE_value(sktmp, i); - if (!strcmp(oval->name, "fips_mode")) { + if (strcmp(oval->name, "fips_mode") == 0) { int m; if (!X509V3_get_value_bool(oval, &m)) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index eeee53a..10d9746 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -414,7 +414,7 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED); return -2; } - if (!strcmp(name, "digest")) { + if (strcmp(name, "digest") == 0) { const EVP_MD *md; if (!value || !(md = EVP_get_digestbyname(value))) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 845a72b..2980254 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -206,11 +206,11 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, if (!value) { return 0; } - if (!strcmp(type, "key")) { + if (strcmp(type, "key") == 0) { void *p = (void *)value; return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p); } - if (!strcmp(type, "hexkey")) { + if (strcmp(type, "hexkey") == 0) { unsigned char *key; int r; long keylen; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 62a5812..1f383f6 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -196,10 +196,10 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath, *(p++) = '\0'; - if (!strcmp(buf, "http")) { + if (strcmp(buf, "http") == 0) { *pssl = 0; port = "80"; - } else if (!strcmp(buf, "https")) { + } else if (strcmp(buf, "https") == 0) { *pssl = 1; port = "443"; } else diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index bb3b31e..088288d 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -182,17 +182,17 @@ void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x, static int check_pem(const char *nm, const char *name) { /* Normal matching nm and name */ - if (!strcmp(nm, name)) + if (strcmp(nm, name) == 0) return 1; /* Make PEM_STRING_EVP_PKEY match any private key */ - if (!strcmp(name, PEM_STRING_EVP_PKEY)) { + if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) { int slen; const EVP_PKEY_ASN1_METHOD *ameth; - if (!strcmp(nm, PEM_STRING_PKCS8)) + if (strcmp(nm, PEM_STRING_PKCS8) == 0) return 1; - if (!strcmp(nm, PEM_STRING_PKCS8INF)) + if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) return 1; slen = pem_check_suffix(nm, "PRIVATE KEY"); if (slen > 0) { @@ -207,7 +207,7 @@ static int check_pem(const char *nm, const char *name) return 0; } - if (!strcmp(name, PEM_STRING_PARAMETERS)) { + if (strcmp(name, PEM_STRING_PARAMETERS) == 0) { int slen; const EVP_PKEY_ASN1_METHOD *ameth; slen = pem_check_suffix(nm, "PARAMETERS"); @@ -230,41 +230,45 @@ static int check_pem(const char *nm, const char *name) return 0; } /* If reading DH parameters handle X9.42 DH format too */ - if (!strcmp(nm, PEM_STRING_DHXPARAMS) && - !strcmp(name, PEM_STRING_DHPARAMS)) + if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0 + && strcmp(name, PEM_STRING_DHPARAMS) == 0) return 1; /* Permit older strings */ - if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509)) + if (strcmp(nm, PEM_STRING_X509_OLD) == 0 + && strcmp(name, PEM_STRING_X509) == 0) return 1; - if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) && - !strcmp(name, PEM_STRING_X509_REQ)) + if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0 + && strcmp(name, PEM_STRING_X509_REQ) == 0) return 1; /* Allow normal certs to be read as trusted certs */ - if (!strcmp(nm, PEM_STRING_X509) && - !strcmp(name, PEM_STRING_X509_TRUSTED)) + if (strcmp(nm, PEM_STRING_X509) == 0 + && strcmp(name, PEM_STRING_X509_TRUSTED) == 0) return 1; - if (!strcmp(nm, PEM_STRING_X509_OLD) && - !strcmp(name, PEM_STRING_X509_TRUSTED)) + if (strcmp(nm, PEM_STRING_X509_OLD) == 0 + && strcmp(name, PEM_STRING_X509_TRUSTED) == 0) return 1; /* Some CAs use PKCS#7 with CERTIFICATE headers */ - if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7)) + if (strcmp(nm, PEM_STRING_X509) == 0 + && strcmp(name, PEM_STRING_PKCS7) == 0) return 1; - if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) && - !strcmp(name, PEM_STRING_PKCS7)) + if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0 + && strcmp(name, PEM_STRING_PKCS7) == 0) return 1; #ifndef OPENSSL_NO_CMS - if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_CMS)) + if (strcmp(nm, PEM_STRING_X509) == 0 + && strcmp(name, PEM_STRING_CMS) == 0) return 1; /* Allow CMS to be read from PKCS#7 headers */ - if (!strcmp(nm, PEM_STRING_PKCS7) && !strcmp(name, PEM_STRING_CMS)) + if (strcmp(nm, PEM_STRING_PKCS7) == 0 + && strcmp(name, PEM_STRING_CMS) == 0) return 1; #endif diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index 0a110e1..a7dd27f 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -257,7 +257,7 @@ DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) return NULL; p = data; - if (!strcmp(nm, PEM_STRING_DHXPARAMS)) + if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0) ret = d2i_DHxparams(x, &p, len); else ret = d2i_DHparams(x, &p, len); diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index e407671..ced7232 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -558,21 +558,21 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); return 0; } - if (!strcmp(type, "rsa_padding_mode")) { + if (strcmp(type, "rsa_padding_mode") == 0) { int pm; - if (!strcmp(value, "pkcs1")) + if (strcmp(value, "pkcs1") == 0) pm = RSA_PKCS1_PADDING; - else if (!strcmp(value, "sslv23")) + else if (strcmp(value, "sslv23") == 0) pm = RSA_SSLV23_PADDING; - else if (!strcmp(value, "none")) + else if (strcmp(value, "none") == 0) pm = RSA_NO_PADDING; - else if (!strcmp(value, "oeap")) + else if (strcmp(value, "oeap") == 0) pm = RSA_PKCS1_OAEP_PADDING; - else if (!strcmp(value, "oaep")) + else if (strcmp(value, "oaep") == 0) pm = RSA_PKCS1_OAEP_PADDING; - else if (!strcmp(value, "x931")) + else if (strcmp(value, "x931") == 0) pm = RSA_X931_PADDING; - else if (!strcmp(value, "pss")) + else if (strcmp(value, "pss") == 0) pm = RSA_PKCS1_PSS_PADDING; else { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); @@ -581,19 +581,19 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); } - if (!strcmp(type, "rsa_pss_saltlen")) { + if (strcmp(type, "rsa_pss_saltlen") == 0) { int saltlen; saltlen = atoi(value); return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); } - if (!strcmp(type, "rsa_keygen_bits")) { + if (strcmp(type, "rsa_keygen_bits") == 0) { int nbits; nbits = atoi(value); return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); } - if (!strcmp(type, "rsa_keygen_pubexp")) { + if (strcmp(type, "rsa_keygen_pubexp") == 0) { int ret; BIGNUM *pubexp = NULL; if (!BN_asc2bn(&pubexp, value)) @@ -604,7 +604,7 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return ret; } - if (!strcmp(type, "rsa_mgf1_md")) { + if (strcmp(type, "rsa_mgf1_md") == 0) { const EVP_MD *md; if (!(md = EVP_get_digestbyname(value))) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); @@ -613,7 +613,7 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); } - if (!strcmp(type, "rsa_oaep_md")) { + if (strcmp(type, "rsa_oaep_md") == 0) { const EVP_MD *md; if (!(md = EVP_get_digestbyname(value))) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); @@ -621,7 +621,7 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, } return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); } - if (!strcmp(type, "rsa_oaep_label")) { + if (strcmp(type, "rsa_oaep_label") == 0) { unsigned char *lab; long lablen; int ret; diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index cdc1346..2029475 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -1002,7 +1002,7 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, * Check for inheritance. Not worth additional complexity to * optimize this (seldom-used) case. */ - if (!strcmp(s, "inherit")) { + if (strcmp(s, "inherit") == 0) { if (!v3_addr_add_inherit(addr, afi, safi)) { X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE); diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 7369af1..652c904 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -131,13 +131,13 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(values); i++) { cnf = sk_CONF_VALUE_value(values, i); - if (!strcmp(cnf->name, "keyid")) { + if (strcmp(cnf->name, "keyid") == 0) { keyid = 1; - if (cnf->value && !strcmp(cnf->value, "always")) + if (cnf->value && strcmp(cnf->value, "always") == 0) keyid = 2; - } else if (!strcmp(cnf->name, "issuer")) { + } else if (strcmp(cnf->name, "issuer") == 0) { issuer = 1; - if (cnf->value && !strcmp(cnf->value, "always")) + if (cnf->value && strcmp(cnf->value, "always") == 0) issuer = 2; } else { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION); diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index d5ceb44..c0c63a9 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -249,8 +249,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "issuer") && cnf->value && - !strcmp(cnf->value, "copy")) { + if (!name_cmp(cnf->name, "issuer") + && cnf->value && strcmp(cnf->value, "copy") == 0) { if (!copy_issuer(ctx, gens)) goto err; } else { @@ -318,12 +318,12 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "copy")) { + if (!name_cmp(cnf->name, "email") + && cnf->value && strcmp(cnf->value, "copy") == 0) { if (!copy_email(ctx, gens, 0)) goto err; - } else if (!name_cmp(cnf->name, "email") && cnf->value && - !strcmp(cnf->value, "move")) { + } else if (!name_cmp(cnf->name, "email") + && cnf->value && strcmp(cnf->value, "move") == 0) { if (!copy_email(ctx, gens, 1)) goto err; } else { diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index 26ca158..c5e5694 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -572,7 +572,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method, /* * Handle inheritance. */ - if (!strcmp(val->value, "inherit")) { + if (strcmp(val->value, "inherit") == 0) { if (v3_asid_add_inherit(asid, which)) continue; X509V3err(X509V3_F_V2I_ASIDENTIFIERS, diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c index dc00b9c..97bc079 100644 --- a/crypto/x509v3/v3_bcons.c +++ b/crypto/x509v3/v3_bcons.c @@ -113,10 +113,10 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (!strcmp(val->name, "CA")) { + if (strcmp(val->name, "CA") == 0) { if (!X509V3_get_value_bool(val, &bcons->ca)) goto err; - } else if (!strcmp(val->name, "pathlen")) { + } else if (strcmp(val->name, "pathlen") == 0) { if (!X509V3_get_value_int(val, &bcons->pathlen)) goto err; } else { diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index bf0d7bc..eb6d0f3 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -119,8 +119,8 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); for (bnam = method->usr_data; bnam->lname; bnam++) { - if (!strcmp(bnam->sname, val->name) || - !strcmp(bnam->lname, val->name)) { + if (strcmp(bnam->sname, val->name) == 0 + || strcmp(bnam->lname, val->name) == 0) { if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index bb1146e..672d3de 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -246,10 +246,10 @@ static int v3_check_generic(char **value) { int gen_type = 0; char *p = *value; - if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) { + if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) { p += 4; gen_type = 1; - } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) { + } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) { p += 5; gen_type = 2; } else diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 8147ea5..b7f8079 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -162,7 +162,7 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, goto err; } pstr = cnf->name; - if (!strcmp(pstr, "ia5org")) { + if (strcmp(pstr, "ia5org") == 0) { ia5org = 1; continue; } else if (*pstr == '@') { @@ -213,7 +213,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, goto merr; for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); - if (!strcmp(cnf->name, "policyIdentifier")) { + if (strcmp(cnf->name, "policyIdentifier") == 0) { ASN1_OBJECT *pobj; if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { X509V3err(X509V3_F_POLICY_SECTION, @@ -303,13 +303,13 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); - if (!strcmp(cnf->name, "explicitText")) { + if (strcmp(cnf->name, "explicitText") == 0) { if (!(not->exptext = ASN1_VISIBLESTRING_new())) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) goto merr; - } else if (!strcmp(cnf->name, "organization")) { + } else if (strcmp(cnf->name, "organization") == 0) { NOTICEREF *nref; if (!not->noticeref) { if (!(nref = NOTICEREF_new())) @@ -324,7 +324,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, if (!ASN1_STRING_set(nref->organization, cnf->value, strlen(cnf->value))) goto merr; - } else if (!strcmp(cnf->name, "noticeNumbers")) { + } else if (strcmp(cnf->name, "noticeNumbers") == 0) { NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; if (!not->noticeref) { diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 8ffcdd7..b72ae43 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -117,11 +117,12 @@ static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx, { STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; - if (!strncmp(cnf->name, "fullname", 9)) { + + if (strncmp(cnf->name, "fullname", 9) == 0) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) goto err; - } else if (!strcmp(cnf->name, "relativename")) { + } else if (strcmp(cnf->name, "relativename") == 0) { int ret; STACK_OF(CONF_VALUE) *dnsect; X509_NAME *nm; @@ -210,7 +211,7 @@ static int set_reasons(ASN1_BIT_STRING **preas, char *value) goto err; } for (pbn = reason_flags; pbn->lname; pbn++) { - if (!strcmp(pbn->sname, bnam)) { + if (strcmp(pbn->sname, bnam) == 0) { if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1)) goto err; break; @@ -265,10 +266,10 @@ static DIST_POINT *crldp_from_section(X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(cnf->name, "reasons")) { + if (strcmp(cnf->name, "reasons") == 0) { if (!set_reasons(&point->reasons, cnf->value)) goto err; - } else if (!strcmp(cnf->name, "CRLissuer")) { + } else if (strcmp(cnf->name, "CRLissuer") == 0) { point->CRLissuer = gnames_from_sectname(ctx, cnf->value); if (!point->CRLissuer) goto err; @@ -426,19 +427,19 @@ static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, continue; if (ret < 0) goto err; - if (!strcmp(name, "onlyuser")) { + if (strcmp(name, "onlyuser") == 0) { if (!X509V3_get_value_bool(cnf, &idp->onlyuser)) goto err; - } else if (!strcmp(name, "onlyCA")) { + } else if (strcmp(name, "onlyCA") == 0) { if (!X509V3_get_value_bool(cnf, &idp->onlyCA)) goto err; - } else if (!strcmp(name, "onlyAA")) { + } else if (strcmp(name, "onlyAA") == 0) { if (!X509V3_get_value_bool(cnf, &idp->onlyattr)) goto err; - } else if (!strcmp(name, "indirectCRL")) { + } else if (strcmp(name, "indirectCRL") == 0) { if (!X509V3_get_value_bool(cnf, &idp->indirectCRL)) goto err; - } else if (!strcmp(name, "onlysomereasons")) { + } else if (strcmp(name, "onlysomereasons") == 0) { if (!set_reasons(&idp->onlysomereasons, val)) goto err; } else { diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 1e6fae8..9d48fb9 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -118,15 +118,16 @@ static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, STACK_OF(GENERAL_SUBTREE) **ptree = NULL; NAME_CONSTRAINTS *ncons = NULL; GENERAL_SUBTREE *sub = NULL; + ncons = NAME_CONSTRAINTS_new(); if (!ncons) goto memerr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!strncmp(val->name, "permitted", 9) && val->name[9]) { + if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) { ptree = &ncons->permittedSubtrees; tval.name = val->name + 10; - } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) { + } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) { ptree = &ncons->excludedSubtrees; tval.name = val->name + 9; } else { @@ -406,7 +407,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base) if (!baseat && (*baseptr == '.')) { if (eml->length > base->length) { emlptr += eml->length - base->length; - if (!strcasecmp(baseptr, emlptr)) + if (strcasecmp(baseptr, emlptr) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; @@ -466,7 +467,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base) if (*baseptr == '.') { if (hostlen > base->length) { p = hostptr + hostlen - base->length; - if (!strncasecmp(p, baseptr, base->length)) + if (strncasecmp(p, baseptr, base->length) == 0) return X509_V_OK; } return X509_V_ERR_PERMITTED_VIOLATION; diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c index cfccb97..3349cef 100644 --- a/crypto/x509v3/v3_pcons.c +++ b/crypto/x509v3/v3_pcons.c @@ -114,10 +114,10 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, } for (i = 0; i < sk_CONF_VALUE_num(values); i++) { val = sk_CONF_VALUE_value(values, i); - if (!strcmp(val->name, "requireExplicitPolicy")) { + if (strcmp(val->name, "requireExplicitPolicy") == 0) { if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy)) goto err; - } else if (!strcmp(val->name, "inhibitPolicyMapping")) { + } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) { if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping)) goto err; } else { diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index ed634cb..beb8b2f 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -172,7 +172,7 @@ int X509_PURPOSE_get_by_sname(char *sname) X509_PURPOSE *xptmp; for (i = 0; i < X509_PURPOSE_get_count(); i++) { xptmp = X509_PURPOSE_get0(i); - if (!strcmp(xptmp->sname, sname)) + if (strcmp(xptmp->sname, sname) == 0) return i; } return -1; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index a5fda6f..81227e0 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -234,14 +234,21 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) char *btmp; if (!(btmp = value->value)) goto err; - if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true") - || !strcmp(btmp, "Y") || !strcmp(btmp, "y") - || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) { + if (strcmp(btmp, "TRUE") == 0 + || strcmp(btmp, "true") == 0 + || strcmp(btmp, "Y") == 0 + || strcmp(btmp, "y") == 0 + || strcmp(btmp, "YES") == 0 + || strcmp(btmp, "yes") == 0) { *asn1_bool = 0xff; return 1; - } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false") - || !strcmp(btmp, "N") || !strcmp(btmp, "n") - || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) { + } + if (strcmp(btmp, "FALSE") == 0 + || strcmp(btmp, "false") == 0 + || strcmp(btmp, "N") == 0 + || strcmp(btmp, "n") == 0 + || strcmp(btmp, "NO") == 0 + || strcmp(btmp, "no") == 0) { *asn1_bool = 0; return 1; } diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c index dc354ca..8507e04 100644 --- a/demos/bio/client-arg.c +++ b/demos/bio/client-arg.c @@ -38,7 +38,7 @@ int main(int argc, char **argv) if (rv > 0) continue; /* Otherwise application specific argument processing */ - if (!strcmp(*args, "-connect")) { + if (strcmp(*args, "-connect") == 0) { connect_str = args[1]; if (connect_str == NULL) { fprintf(stderr, "Missing -connect argument\n"); diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c index 150e7fc..b75088a 100644 --- a/demos/bio/client-conf.c +++ b/demos/bio/client-conf.c @@ -53,7 +53,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); goto end; } - if (!strcmp(cnf->name, "Connect")) { + if (strcmp(cnf->name, "Connect") == 0) { connect_str = cnf->value; } else { fprintf(stderr, "Unknown configuration option %s\n", cnf->name); diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c index 4f65227..b188f6a 100644 --- a/demos/bio/server-arg.c +++ b/demos/bio/server-arg.c @@ -52,7 +52,7 @@ int main(int argc, char *argv[]) if (rv > 0) continue; /* Otherwise application specific argument processing */ - if (!strcmp(*args, "-port")) { + if (strcmp(*args, "-port") == 0) { port = args[1]; if (port == NULL) { fprintf(stderr, "Missing -port argument\n"); diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c index 5355839..cc9fe8a 100644 --- a/demos/bio/server-conf.c +++ b/demos/bio/server-conf.c @@ -67,7 +67,7 @@ int main(int argc, char *argv[]) ERR_print_errors_fp(stderr); goto err; } - if (!strcmp(cnf->name, "Port")) { + if (strcmp(cnf->name, "Port") == 0) { port = cnf->value; } else { fprintf(stderr, "Unknown configuration option %s\n", cnf->name); diff --git a/engines/ccgost/gost_pmeth.c b/engines/ccgost/gost_pmeth.c index b37bcf5..af1d29e 100644 --- a/engines/ccgost/gost_pmeth.c +++ b/engines/ccgost/gost_pmeth.c @@ -130,7 +130,8 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { int param_nid = 0; - if (!strcmp(type, param_ctrl_string)) { + + if (strcmp(type, param_ctrl_string) == 0) { if (!value) { return 0; } @@ -192,7 +193,8 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { int param_nid = 0; - if (!strcmp(type, param_ctrl_string)) { + + if (strcmp(type, param_ctrl_string) == 0) { if (!value) { return 0; } @@ -497,7 +499,7 @@ static int pkey_gost_mac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value) { - if (!strcmp(type, key_ctrl_string)) { + if (strcmp(type, key_ctrl_string) == 0) { if (strlen(value) != 32) { GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR, GOST_R_INVALID_MAC_KEY_LENGTH); @@ -506,7 +508,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx, return pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, 32, (char *)value); } - if (!strcmp(type, hexkey_ctrl_string)) { + if (strcmp(type, hexkey_ctrl_string) == 0) { long keylen; int ret; unsigned char *keybuf = string_to_hex(value, &keylen); diff --git a/engines/ccgost/gostsum.c b/engines/ccgost/gostsum.c index 1021848..252bd2c 100644 --- a/engines/ccgost/gostsum.c +++ b/engines/ccgost/gostsum.c @@ -87,7 +87,7 @@ int main(int argc, char **argv) exit(2); } count++; - if (!strncmp(calcsum, inhash, 65)) { + if (strncmp(calcsum, inhash, 65) == 0) { if (verbose) { fprintf(stderr, "%s\tOK\n", filename); } diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 0d62de6..9932dde 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -139,7 +139,8 @@ static int find_profile_by_name(char *profile_name, p = srtp_known_profiles; while (p->name) { - if ((len == strlen(p->name)) && !strncmp(p->name, profile_name, len)) { + if ((len == strlen(p->name)) + && strncmp(p->name, profile_name, len) == 0) { *pptr = p; return 0; } @@ -157,7 +158,6 @@ static int ssl_ctx_make_profiles(const char *profiles_string, char *col; char *ptr = (char *)profiles_string; - SRTP_PROTECTION_PROFILE *p; if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index a81ab85..ed274e0 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1195,8 +1195,8 @@ static int ssl_cipher_process_rulestr(const char *rule_str, j = found = 0; cipher_id = 0; while (ca_list[j]) { - if (!strncmp(buf, ca_list[j]->name, buflen) && - (ca_list[j]->name[buflen] == '\0')) { + if (strncmp(buf, ca_list[j]->name, buflen) == 0 + && (ca_list[j]->name[buflen] == '\0')) { found = 1; break; } else @@ -1311,9 +1311,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str, */ if (rule == CIPHER_SPECIAL) { /* special command */ ok = 0; - if ((buflen == 8) && !strncmp(buf, "STRENGTH", 8)) + if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) ok = ssl_cipher_strength_sort(head_p, tail_p); - else if (buflen == 10 && !strncmp(buf, "SECLEVEL=", 9)) { + else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) { int level = buf[9] - '0'; if (level < 0 || level > 5) { SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, @@ -1356,14 +1356,14 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, const char **prule_str) { unsigned int suiteb_flags = 0, suiteb_comb2 = 0; - if (!strcmp(*prule_str, "SUITEB128")) + if (strcmp(*prule_str, "SUITEB128") == 0) suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - else if (!strcmp(*prule_str, "SUITEB128ONLY")) + else if (strcmp(*prule_str, "SUITEB128ONLY") == 0) suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY; - else if (!strcmp(*prule_str, "SUITEB128C2")) { + else if (strcmp(*prule_str, "SUITEB128C2") == 0) { suiteb_comb2 = 1; suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS; - } else if (!strcmp(*prule_str, "SUITEB192")) + } else if (strcmp(*prule_str, "SUITEB192") == 0) suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS; if (suiteb_flags) { diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index c920af5..881c351 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -251,13 +251,13 @@ static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value) onoff = 0; value++; } - if (!strcasecmp(value, "automatic")) { + if (strcasecmp(value, "automatic") == 0) { if (onoff == -1) onoff = 1; } else if (onoff != -1) return 0; } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { - if (!strcmp(value, "auto")) + if (strcmp(value, "auto") == 0) onoff = 1; } @@ -546,11 +546,11 @@ static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx, for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) { if (ssl_conf_cmd_allowed(cctx, t)) { if (cctx->flags & SSL_CONF_FLAG_CMDLINE) { - if (t->str_cmdline && !strcmp(t->str_cmdline, cmd)) + if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0) return t; } if (cctx->flags & SSL_CONF_FLAG_FILE) { - if (t->str_file && !strcasecmp(t->str_file, cmd)) + if (t->str_file && strcasecmp(t->str_file, cmd) == 0) return t; } } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9068195..f8ed091 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -3749,11 +3749,11 @@ static int sig_cb(const char *elem, int len, void *arg) if (!*p) return 0; - if (!strcmp(etmp, "RSA")) + if (strcmp(etmp, "RSA") == 0) sig_alg = EVP_PKEY_RSA; - else if (!strcmp(etmp, "DSA")) + else if (strcmp(etmp, "DSA") == 0) sig_alg = EVP_PKEY_DSA; - else if (!strcmp(etmp, "ECDSA")) + else if (strcmp(etmp, "ECDSA") == 0) sig_alg = EVP_PKEY_EC; else return 0; diff --git a/test/evp_test.c b/test/evp_test.c index 51fc6af..e682f43 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -231,8 +231,9 @@ static const struct evp_test_method *evp_test_list[] = { static const struct evp_test_method *evp_find_test(const char *name) { const struct evp_test_method **tt; + for (tt = evp_test_list; *tt; tt++) { - if (!strcmp(name, (*tt)->name)) + if (strcmp(name, (*tt)->name) == 0) return *tt; } return NULL; @@ -281,7 +282,7 @@ static int check_test_error(struct evp_test *t) t->start_line, t->expected_err); return 0; } - if (!strcmp(t->err, t->expected_err)) + if (strcmp(t->err, t->expected_err) == 0) return 1; fprintf(stderr, "Test line %d: expecting %s got %s\n", @@ -327,7 +328,7 @@ static int setup_test(struct evp_test *t, const struct evp_test_method *tmeth) static int find_key(EVP_PKEY **ppk, const char *name, struct key_list *lst) { for (; lst; lst = lst->next) { - if (!strcmp(lst->name, name)) { + if (strcmp(lst->name, name) == 0) { if (ppk) *ppk = lst->key; return 1; @@ -371,7 +372,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) fputs(buf, stdout); if (!parse_line(&keyword, &value, buf)) return 1; - if (!strcmp(keyword, "PrivateKey")) { + if (strcmp(keyword, "PrivateKey") == 0) { save_pos = ftell(t->in); pk = PEM_read_PrivateKey(t->in, NULL, 0, NULL); if (pk == NULL && !check_unsupported()) { @@ -382,7 +383,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) lst = &t->private; add_key = 1; } - if (!strcmp(keyword, "PublicKey")) { + if (strcmp(keyword, "PublicKey") == 0) { save_pos = ftell(t->in); pk = PEM_read_PUBKEY(t->in, NULL, 0, NULL); if (pk == NULL && !check_unsupported()) { @@ -411,7 +412,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) fseek(t->in, save_pos, SEEK_SET); while (fgets(tmpbuf, sizeof(tmpbuf), t->in)) { t->line++; - if (!strncmp(tmpbuf, "-----END", 8)) + if (strncmp(tmpbuf, "-----END", 8) == 0) return 1; } fprintf(stderr, "Can't find key end\n"); @@ -432,7 +433,7 @@ static int process_test(struct evp_test *t, char *buf, int verbose) return 1; } else if (t->skip) { return 1; - } else if (!strcmp(keyword, "Result")) { + } else if (strcmp(keyword, "Result") == 0) { if (t->expected_err) { fprintf(stderr, "Line %d: multiple result lines\n", t->line); return 0; @@ -579,11 +580,11 @@ static int digest_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct digest_data *mdata = t->data; - if (!strcmp(keyword, "Input")) + if (strcmp(keyword, "Input") == 0) return test_bin(value, &mdata->input, &mdata->input_len); - if (!strcmp(keyword, "Output")) + if (strcmp(keyword, "Output") == 0) return test_bin(value, &mdata->output, &mdata->output_len); - if (!strcmp(keyword, "Count")) { + if (strcmp(keyword, "Count") == 0) { long nrpt = atoi(value); if (nrpt <= 0) return 0; @@ -706,25 +707,25 @@ static int cipher_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct cipher_data *cdat = t->data; - if (!strcmp(keyword, "Key")) + if (strcmp(keyword, "Key") == 0) return test_bin(value, &cdat->key, &cdat->key_len); - if (!strcmp(keyword, "IV")) + if (strcmp(keyword, "IV") == 0) return test_bin(value, &cdat->iv, &cdat->iv_len); - if (!strcmp(keyword, "Plaintext")) + if (strcmp(keyword, "Plaintext") == 0) return test_bin(value, &cdat->plaintext, &cdat->plaintext_len); - if (!strcmp(keyword, "Ciphertext")) + if (strcmp(keyword, "Ciphertext") == 0) return test_bin(value, &cdat->ciphertext, &cdat->ciphertext_len); if (cdat->aead) { - if (!strcmp(keyword, "AAD")) + if (strcmp(keyword, "AAD") == 0) return test_bin(value, &cdat->aad, &cdat->aad_len); - if (!strcmp(keyword, "Tag")) + if (strcmp(keyword, "Tag") == 0) return test_bin(value, &cdat->tag, &cdat->tag_len); } - if (!strcmp(keyword, "Operation")) { - if (!strcmp(value, "ENCRYPT")) + if (strcmp(keyword, "Operation") == 0) { + if (strcmp(value, "ENCRYPT") == 0) cdat->enc = 1; - else if (!strcmp(value, "DECRYPT")) + else if (strcmp(value, "DECRYPT") == 0) cdat->enc = 0; else return 0; @@ -928,9 +929,9 @@ static int mac_test_init(struct evp_test *t, const char *alg) { int type; struct mac_data *mdat; - if (!strcmp(alg, "HMAC")) + if (strcmp(alg, "HMAC") == 0) type = EVP_PKEY_HMAC; - else if (!strcmp(alg, "CMAC")) + else if (strcmp(alg, "CMAC") == 0) type = EVP_PKEY_CMAC; else return 0; @@ -958,17 +959,17 @@ static int mac_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct mac_data *mdata = t->data; - if (!strcmp(keyword, "Key")) + if (strcmp(keyword, "Key") == 0) return test_bin(value, &mdata->key, &mdata->key_len); - if (!strcmp(keyword, "Algorithm")) { + if (strcmp(keyword, "Algorithm") == 0) { mdata->alg = BUF_strdup(value); if (!mdata->alg) return 0; return 1; } - if (!strcmp(keyword, "Input")) + if (strcmp(keyword, "Input") == 0) return test_bin(value, &mdata->input, &mdata->input_len); - if (!strcmp(keyword, "Output")) + if (strcmp(keyword, "Output") == 0) return test_bin(value, &mdata->output, &mdata->output_len); return 0; } @@ -1134,11 +1135,11 @@ static int pkey_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct pkey_data *kdata = t->data; - if (!strcmp(keyword, "Input")) + if (strcmp(keyword, "Input") == 0) return test_bin(value, &kdata->input, &kdata->input_len); - if (!strcmp(keyword, "Output")) + if (strcmp(keyword, "Output") == 0) return test_bin(value, &kdata->output, &kdata->output_len); - if (!strcmp(keyword, "Ctrl")) { + if (strcmp(keyword, "Ctrl") == 0) { char *p = strchr(value, ':'); if (p) *p++ = 0; diff --git a/test/ssltest.c b/test/ssltest.c index 35df0f7..39f1d80 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1059,7 +1059,7 @@ int main(int argc, char *argv[]) argv++; while (argc >= 1) { - if (!strcmp(*argv, "-F")) { + if (strcmp(*argv, "-F") == 0) { #ifdef OPENSSL_FIPS fips_mode = 1; #else From viktor at openssl.org Thu May 7 18:00:54 2015 From: viktor at openssl.org (Viktor Dukhovni) Date: Thu, 07 May 2015 18:00:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431021654.900495.22988.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8dfe1e4dd27c21a0ccebbb97d9b6a3612e8d54ef (commit) from feb96e914ad3e30dbb6bf27cfaeeae98298a6a8d (commit) - Log ----------------------------------------------------------------- commit 8dfe1e4dd27c21a0ccebbb97d9b6a3612e8d54ef Author: Viktor Dukhovni Date: Thu May 7 13:43:36 2015 -0400 Fix typo in valid_star Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index ed6099e..e73a7a9 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -807,7 +807,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, */ if (p[i] == '*') { int atstart = (state & LABEL_START); - int atend = (i == len - 1 || p[i + i] == '.'); + int atend = (i == len - 1 || p[i + 1] == '.'); /*- * At most one wildcard per pattern. * No wildcards in IDNA labels. From viktor at openssl.org Thu May 7 18:02:23 2015 From: viktor at openssl.org (Viktor Dukhovni) Date: Thu, 07 May 2015 18:02:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431021743.776816.23336.nullmailer@dev.openssl.org> The branch master has been updated via 9a3bf97315aa121441777bf1bc4bea3c5e00af29 (commit) from 86885c289580066792415218754bd935b449f170 (commit) - Log ----------------------------------------------------------------- commit 9a3bf97315aa121441777bf1bc4bea3c5e00af29 Author: Viktor Dukhovni Date: Thu May 7 13:43:36 2015 -0400 Fix typo in valid_star Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 81227e0..debd807 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -795,7 +795,7 @@ static const unsigned char *valid_star(const unsigned char *p, size_t len, */ if (p[i] == '*') { int atstart = (state & LABEL_START); - int atend = (i == len - 1 || p[i + i] == '.'); + int atend = (i == len - 1 || p[i + 1] == '.'); /*- * At most one wildcard per pattern. * No wildcards in IDNA labels. From steve at openssl.org Fri May 8 17:45:28 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 08 May 2015 17:45:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431107128.328412.23368.nullmailer@dev.openssl.org> The branch master has been updated via fae4772c24b89526f70c74fa14a85c5c16bced9a (commit) from 9a3bf97315aa121441777bf1bc4bea3c5e00af29 (commit) - Log ----------------------------------------------------------------- commit fae4772c24b89526f70c74fa14a85c5c16bced9a Author: Dr. Stephen Henson Date: Thu May 7 14:59:08 2015 +0100 Add SSL_use_certificate_chain_file function Add SSL_use_certiicate_chain file functions: this is works the same way as SSL_CTX_use_certificate_chain_file but for an SSL structure. Update SSL_CONF code to use the new function. Update docs. Update ordinals. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_CTX_use_certificate.pod | 5 +++-- include/openssl/ssl.h | 3 ++- ssl/ssl_conf.c | 2 +- ssl/ssl_err.c | 3 +-- ssl/ssl_rsa.c | 45 +++++++++++++++++++++++++++---------- util/ssleay.num | 1 + 6 files changed, 41 insertions(+), 18 deletions(-) diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod index 80321b8..6514d01 100644 --- a/doc/ssl/SSL_CTX_use_certificate.pod +++ b/doc/ssl/SSL_CTX_use_certificate.pod @@ -16,6 +16,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f int SSL_use_certificate_file(SSL *ssl, const char *file, int type); int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); + int SSL_use_certificate_chain_file(SSL *ssl, const char *file); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, @@ -70,8 +71,8 @@ SSL_CTX_use_certificate_chain_file() loads a certificate chain from B into B. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and -ending at the highest level (root) CA. -There is no corresponding function working on a single SSL object. +ending at the highest level (root) CA. SSL_use_certificate_chain_file() is +similar except it loads the cerificate chain into B. SSL_CTX_use_PrivateKey() adds B as private key to B. SSL_CTX_use_RSAPrivateKey() adds the private key B of type RSA diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index eb67cb0..43c6801 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1446,6 +1446,7 @@ __owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) __owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); /* PEM type */ __owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); +__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file); __owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); __owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, const char *file); @@ -2069,7 +2070,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_CTX_SET_TRUST 229 # define SSL_F_SSL_CTX_USE_CERTIFICATE 171 # define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 -# define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 +# define SSL_F_USE_CERTIFICATE_CHAIN_FILE 220 # define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 # define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 # define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 881c351..59516a5 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -344,7 +344,7 @@ static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value) c = cctx->ctx->cert; } if (cctx->ssl) { - rv = SSL_use_certificate_file(cctx->ssl, value, SSL_FILETYPE_PEM); + rv = SSL_use_certificate_chain_file(cctx->ssl, value); c = cctx->ssl->cert; } if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) { diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 5c40b49..3396a50 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -232,8 +232,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE), "SSL_CTX_use_certificate"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1), "SSL_CTX_use_certificate_ASN1"}, - {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE), - "SSL_CTX_use_certificate_chain_file"}, + {ERR_FUNC(SSL_F_USE_CERTIFICATE_CHAIN_FILE), "use_certificate_chain_file"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE), "SSL_CTX_use_certificate_file"}, {ERR_FUNC(SSL_F_SSL_CTX_USE_PRIVATEKEY), "SSL_CTX_use_PrivateKey"}, diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 305b185..31ce9bd 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -641,7 +641,7 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, * followed by a sequence of CA certificates that should be sent to the peer * in the Certificate message. */ -int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file) { BIO *in; int ret = 0; @@ -652,23 +652,26 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) in = BIO_new(BIO_s_file_internal()); if (in == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB); goto end; } if (BIO_read_filename(in, file) <= 0) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB); goto end; } x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata); if (x == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); + SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB); goto end; } - ret = SSL_CTX_use_certificate(ctx, x); + if (ctx) + ret = SSL_CTX_use_certificate(ctx, x); + else + ret = SSL_use_certificate(ssl, x); if (ERR_peek_error() != 0) ret = 0; /* Key/certificate mismatch doesn't imply @@ -682,7 +685,12 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) int r; unsigned long err; - if (!SSL_CTX_clear_chain_certs(ctx)) { + if (ctx) + r = SSL_CTX_clear_chain_certs(ctx); + else + r = SSL_clear_chain_certs(ssl); + + if (r == 0) { ret = 0; goto end; } @@ -691,17 +699,20 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) ctx->default_passwd_callback, ctx->default_passwd_callback_userdata)) != NULL) { - r = SSL_CTX_add0_chain_cert(ctx, ca); + if (ctx) + r = SSL_CTX_add0_chain_cert(ctx, ca); + else + r = SSL_add0_chain_cert(ssl, ca); + /* + * Note that we must not free ca if it was successfully added to + * the chain (while we must free the main certificate, since its + * reference count is increased by SSL_CTX_use_certificate). + */ if (!r) { X509_free(ca); ret = 0; goto end; } - /* - * Note that we must not free r if it was successfully added to - * the chain (while we must free the main certificate, since its - * reference count is increased by SSL_CTX_use_certificate). - */ } /* When the while loop ends, it's usually just EOF. */ err = ERR_peek_last_error(); @@ -717,6 +728,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) BIO_free(in); return (ret); } + +int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) +{ + return use_certificate_chain_file(ctx, NULL, file); +} + +int SSL_use_certificate_chain_file(SSL *ssl, const char *file) +{ + return use_certificate_chain_file(NULL, ssl, file); +} #endif #ifndef OPENSSL_NO_TLSEXT diff --git a/util/ssleay.num b/util/ssleay.num index f5f85ab..ee82ef2 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -395,3 +395,4 @@ SSL_SESSION_get_ticket_lifetime_hint 429 EXIST::FUNCTION: SSL_set_rbio 430 EXIST::FUNCTION: SSL_CIPHER_get_digest_nid 431 EXIST::FUNCTION: SSL_CIPHER_get_cipher_nid 432 EXIST::FUNCTION: +SSL_use_certificate_chain_file 433 EXIST::FUNCTION:STDIO From matt at openssl.org Mon May 11 10:55:40 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 10:55:40 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431341740.506315.6203.nullmailer@dev.openssl.org> The branch master has been updated via 14def5f5375594830597cc153e11c6017f6adddf (commit) from fae4772c24b89526f70c74fa14a85c5c16bced9a (commit) - Log ----------------------------------------------------------------- commit 14def5f5375594830597cc153e11c6017f6adddf Author: Matt Caswell Date: Sat May 9 13:51:25 2015 +0800 Check sk_SSL_CIPHER_new_null return value If sk_SSL_CIPHER_new_null() returns NULL then ssl_bytes_to_cipher_list() should also return NULL. Based on an original patch by mrpre . Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0a2c04e..8f74ef1 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1483,9 +1483,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } - if ((skp == NULL) || (*skp == NULL)) + if ((skp == NULL) || (*skp == NULL)) { sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else { + if(sk == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { sk = *skp; sk_SSL_CIPHER_zero(sk); } From matt at openssl.org Mon May 11 10:55:50 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 10:55:50 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431341750.995409.6906.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via edc2a76ade6ea8e22e4f092d33cd6171872a5f82 (commit) from 8dfe1e4dd27c21a0ccebbb97d9b6a3612e8d54ef (commit) - Log ----------------------------------------------------------------- commit edc2a76ade6ea8e22e4f092d33cd6171872a5f82 Author: Matt Caswell Date: Sat May 9 13:51:25 2015 +0800 Check sk_SSL_CIPHER_new_null return value If sk_SSL_CIPHER_new_null() returns NULL then ssl_bytes_to_cipher_list() should also return NULL. Based on an original patch by mrpre . Reviewed-by: Rich Salz (cherry picked from commit 14def5f5375594830597cc153e11c6017f6adddf) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 38426b4..b60fe1a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1510,9 +1510,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } - if ((skp == NULL) || (*skp == NULL)) + if ((skp == NULL) || (*skp == NULL)) { sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else { + if(sk == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { sk = *skp; sk_SSL_CIPHER_zero(sk); } From matt at openssl.org Mon May 11 10:56:01 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 10:56:01 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431341761.204947.7134.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 6865dea2d657f75625fdd03408bac4408c660f5e (commit) from 76d0c6d48e5a42dedb24691a67d733f6859aee4d (commit) - Log ----------------------------------------------------------------- commit 6865dea2d657f75625fdd03408bac4408c660f5e Author: Matt Caswell Date: Sat May 9 13:51:25 2015 +0800 Check sk_SSL_CIPHER_new_null return value If sk_SSL_CIPHER_new_null() returns NULL then ssl_bytes_to_cipher_list() should also return NULL. Based on an original patch by mrpre . Reviewed-by: Rich Salz (cherry picked from commit 14def5f5375594830597cc153e11c6017f6adddf) ----------------------------------------------------------------------- Summary of changes: ssl/ssl_lib.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index dead126..e11746a 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1440,9 +1440,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); return (NULL); } - if ((skp == NULL) || (*skp == NULL)) + if ((skp == NULL) || (*skp == NULL)) { sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - else { + if(sk == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { sk = *skp; sk_SSL_CIPHER_zero(sk); } From matt at openssl.org Mon May 11 11:07:34 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:07:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431342454.047671.8520.nullmailer@dev.openssl.org> The branch master has been updated via 8f744cceff5bce8cb00a6ddd739c1bbb85c142ea (commit) from 14def5f5375594830597cc153e11c6017f6adddf (commit) - Log ----------------------------------------------------------------- commit 8f744cceff5bce8cb00a6ddd739c1bbb85c142ea Author: Bjoern D. Rasmussen Date: Sun May 10 07:51:29 2015 +0200 Fix for memcpy() and strcmp() being undefined. clang says: "s_cb.c:958:9: error: implicitly declaring library function 'memcpy'" Reviewed-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/s_cb.c b/apps/s_cb.c index 442b335..4979edf 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -112,6 +112,7 @@ #include #include #include +#include /* for memcpy() and strcmp() */ #define USE_SOCKETS #include "apps.h" #undef USE_SOCKETS From matt at openssl.org Mon May 11 11:07:44 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:07:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431342464.052984.9211.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8a73e3a0e8ba5360c6e2e4296f0d1bb2ff201038 (commit) from edc2a76ade6ea8e22e4f092d33cd6171872a5f82 (commit) - Log ----------------------------------------------------------------- commit 8a73e3a0e8ba5360c6e2e4296f0d1bb2ff201038 Author: Bjoern D. Rasmussen Date: Sun May 10 07:51:29 2015 +0200 Fix for memcpy() and strcmp() being undefined. clang says: "s_cb.c:958:9: error: implicitly declaring library function 'memcpy'" Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit 8f744cceff5bce8cb00a6ddd739c1bbb85c142ea) Conflicts: apps/s_cb.c ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/s_cb.c b/apps/s_cb.c index ee57537..dd3aa74 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -111,6 +111,7 @@ #include #include +#include /* for memcpy() and strcmp() */ #define USE_SOCKETS #define NON_MAIN #include "apps.h" From matt at openssl.org Mon May 11 11:07:55 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:07:55 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431342475.225011.9448.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 9dff24e43a20e713f4a3fdcb35b8f1de02f0baae (commit) from 6865dea2d657f75625fdd03408bac4408c660f5e (commit) - Log ----------------------------------------------------------------- commit 9dff24e43a20e713f4a3fdcb35b8f1de02f0baae Author: Bjoern D. Rasmussen Date: Sun May 10 07:51:29 2015 +0200 Fix for memcpy() and strcmp() being undefined. clang says: "s_cb.c:958:9: error: implicitly declaring library function 'memcpy'" Reviewed-by: Rich Salz Reviewed-by: Richard Levitte (cherry picked from commit 8f744cceff5bce8cb00a6ddd739c1bbb85c142ea) Conflicts: apps/s_cb.c ----------------------------------------------------------------------- Summary of changes: apps/s_cb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/s_cb.c b/apps/s_cb.c index 9ab11cf..fabf9cf 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -111,6 +111,7 @@ #include #include +#include /* for memcpy() */ #define USE_SOCKETS #define NON_MAIN #include "apps.h" From matt at openssl.org Mon May 11 11:12:08 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:12:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431342728.464556.10190.nullmailer@dev.openssl.org> The branch master has been updated via 7786005d0d30816fd3cd3ee4bad11bf520b1327a (commit) from 8f744cceff5bce8cb00a6ddd739c1bbb85c142ea (commit) - Log ----------------------------------------------------------------- commit 7786005d0d30816fd3cd3ee4bad11bf520b1327a Author: Kurt Cancemi Date: Thu May 7 18:19:20 2015 -0400 Add missing terminating NULL to speed_options table. This would cause memory corruption in opt_init() because it relies on the terminating NULL. RT#3842 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/speed.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/speed.c b/apps/speed.c index 9ab1648..4b3da87 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -374,6 +374,7 @@ OPTIONS speed_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {NULL}, }; #define D_MD2 0 From mark at openssl.org Mon May 11 11:12:47 2015 From: mark at openssl.org (Mark J. Cox) Date: Mon, 11 May 2015 11:12:47 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1431342767.719176.10924.nullmailer@dev.openssl.org> The branch master has been updated via 769082532a0fa761872264b6a747974d9b394b08 (commit) from 03dcacf7b4020fdf14b769e0c178c751740cc93c (commit) - Log ----------------------------------------------------------------- commit 769082532a0fa761872264b6a747974d9b394b08 Author: Mark J. Cox Date: Mon May 11 12:12:31 2015 +0100 Add link to sec policy as it was hard to find ----------------------------------------------------------------------- Summary of changes: news/vulnerabilities.xsl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/news/vulnerabilities.xsl b/news/vulnerabilities.xsl index 717325b..375f3c6 100644 --- a/news/vulnerabilities.xsl +++ b/news/vulnerabilities.xsl @@ -37,6 +37,8 @@
~~Notification of security vulnerabilities~~
+
Please read the OpenSSL Security Policy.
+
To get notified when an OpenSSL update addresses a security vulnerability please subscribe to the openssl-announce mailing list
From matt at openssl.org Mon May 11 11:23:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:23:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431343389.020979.18899.nullmailer@dev.openssl.org> The branch master has been updated via 344c271eb339fc2982e9a3584a94e51112d84584 (commit) from 7786005d0d30816fd3cd3ee4bad11bf520b1327a (commit) - Log ----------------------------------------------------------------- commit 344c271eb339fc2982e9a3584a94e51112d84584 Author: Kurt Cancemi Date: Thu May 7 16:12:33 2015 -0400 Add missing NULL check in X509V3_parse_list() Matt's note: I added a call to X509V3err to Kurt's original patch. RT#3840 Signed-off-by: Matt Caswell Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index debd807..c6aab4b 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -286,6 +286,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } state = HDR_NAME; ntmp = NULL; /* Go through all characters */ From matt at openssl.org Mon May 11 11:23:20 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:23:20 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431343400.957131.19582.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 833518cf0e1e5224383a45cc68c8bb9c3a60865c (commit) from 8a73e3a0e8ba5360c6e2e4296f0d1bb2ff201038 (commit) - Log ----------------------------------------------------------------- commit 833518cf0e1e5224383a45cc68c8bb9c3a60865c Author: Kurt Cancemi Date: Thu May 7 16:12:33 2015 -0400 Add missing NULL check in X509V3_parse_list() Matt's note: I added a call to X509V3err to Kurt's original patch. RT#3840 Signed-off-by: Matt Caswell Reviewed-by: Rich Salz (cherry picked from commit 344c271eb339fc2982e9a3584a94e51112d84584) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index e73a7a9..bdd7b95 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -285,6 +285,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } state = HDR_NAME; ntmp = NULL; /* Go through all characters */ From matt at openssl.org Mon May 11 11:23:31 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 11 May 2015 11:23:31 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431343411.542380.19818.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1c70c783af31d42f2dc1fc81c4759e87f9ea8f31 (commit) from 9dff24e43a20e713f4a3fdcb35b8f1de02f0baae (commit) - Log ----------------------------------------------------------------- commit 1c70c783af31d42f2dc1fc81c4759e87f9ea8f31 Author: Kurt Cancemi Date: Thu May 7 16:12:33 2015 -0400 Add missing NULL check in X509V3_parse_list() Matt's note: I added a call to X509V3err to Kurt's original patch. RT#3840 Signed-off-by: Matt Caswell Reviewed-by: Rich Salz (cherry picked from commit 344c271eb339fc2982e9a3584a94e51112d84584) ----------------------------------------------------------------------- Summary of changes: crypto/x509v3/v3_utl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 65dd1e2..94aaebb 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -285,6 +285,10 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) int state; /* We are going to modify the line so copy it first */ linebuf = BUF_strdup(line); + if (linebuf == NULL) { + X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } state = HDR_NAME; ntmp = NULL; /* Go through all characters */ From rsalz at openssl.org Mon May 11 14:09:44 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 11 May 2015 14:09:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431353384.133107.6953.nullmailer@dev.openssl.org> The branch master has been updated via 75ebbd9aa411c5b8b19ded6ace2b34181566b56a (commit) from 344c271eb339fc2982e9a3584a94e51112d84584 (commit) - Log ----------------------------------------------------------------- commit 75ebbd9aa411c5b8b19ded6ace2b34181566b56a Author: Rich Salz Date: Wed May 6 13:43:59 2015 -0400 Use p==NULL not !p (in if statements, mainly) Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 5 +- apps/ca.c | 2 +- apps/cms.c | 22 +++--- apps/crl.c | 2 +- apps/crl2p7.c | 3 +- apps/pkcs12.c | 18 ++--- apps/pkcs8.c | 10 +-- apps/req.c | 2 +- apps/s_client.c | 3 +- apps/smime.c | 12 +-- apps/srp.c | 27 ++++--- apps/ts.c | 82 ++++++++++---------- apps/verify.c | 2 +- apps/x509.c | 4 +- crypto/asn1/a_mbstr.c | 2 +- crypto/asn1/a_time.c | 4 +- crypto/asn1/asn1_gen.c | 29 +++----- crypto/asn1/asn_mime.c | 29 +++++--- crypto/asn1/asn_moid.c | 3 +- crypto/asn1/asn_mstbl.c | 3 +- crypto/asn1/asn_pack.c | 8 +- crypto/asn1/p5_pbev2.c | 17 ++--- crypto/asn1/x_x509a.c | 25 ++++--- crypto/bio/bf_nbio.c | 2 +- crypto/bio/bss_conn.c | 2 +- crypto/bio/bss_dgram.c | 2 +- crypto/bio/bss_mem.c | 4 +- crypto/cms/cms_smime.c | 3 +- crypto/conf/conf_def.c | 2 +- crypto/conf/conf_lib.c | 8 +- crypto/dh/dh_ameth.c | 21 +++--- crypto/dsa/dsa_ameth.c | 28 +++---- crypto/ec/ec_ameth.c | 8 +- crypto/ec/ec_asn1.c | 2 +- crypto/ec/ec_curve.c | 12 +-- crypto/ec/ec_mult.c | 5 +- crypto/ec/ec_pmeth.c | 2 +- crypto/evp/evp_cnf.c | 3 +- crypto/evp/evp_pbe.c | 5 +- crypto/evp/evp_pkey.c | 4 +- crypto/evp/pmeth_lib.c | 2 +- crypto/objects/obj_dat.c | 10 +-- crypto/ocsp/ocsp_cl.c | 7 +- crypto/ocsp/ocsp_ext.c | 27 +++---- crypto/ocsp/ocsp_lib.c | 6 +- crypto/ocsp/ocsp_prn.c | 2 +- crypto/ocsp/ocsp_srv.c | 22 +++--- crypto/ocsp/ocsp_vfy.c | 3 +- crypto/pem/pem_pk8.c | 9 ++- crypto/pem/pvkfmt.c | 5 +- crypto/pkcs12/p12_add.c | 18 +++-- crypto/pkcs12/p12_attr.c | 3 +- crypto/pkcs12/p12_crt.c | 4 +- crypto/pkcs12/p12_decr.c | 6 +- crypto/pkcs12/p12_init.c | 5 +- crypto/pkcs12/p12_kiss.c | 8 +- crypto/pkcs12/p12_mutl.c | 11 +-- crypto/pkcs12/p12_npas.c | 14 ++-- crypto/pkcs12/p12_p8e.c | 4 +- crypto/pkcs12/p12_utl.c | 6 +- crypto/pkcs7/pk7_attr.c | 13 ++-- crypto/pkcs7/pk7_doit.c | 7 +- crypto/pkcs7/pk7_lib.c | 6 +- crypto/pkcs7/pk7_smime.c | 22 +++--- crypto/rsa/rsa_ameth.c | 6 +- crypto/rsa/rsa_pmeth.c | 4 +- crypto/srp/srp_lib.c | 13 ++-- crypto/srp/srp_vfy.c | 19 ++--- crypto/ts/ts_conf.c | 61 ++++++++------- crypto/ts/ts_rsp_sign.c | 107 +++++++++++++++------------ crypto/ts/ts_rsp_verify.c | 19 ++--- crypto/ts/ts_verify_ctx.c | 10 +-- crypto/txt_db/txt_db.c | 2 +- crypto/x509/x509_att.c | 4 +- crypto/x509/x509_trs.c | 7 +- crypto/x509/x509spki.c | 2 +- crypto/x509v3/pcy_tree.c | 2 +- crypto/x509v3/v3_akey.c | 6 +- crypto/x509v3/v3_alt.c | 38 ++++++---- crypto/x509v3/v3_bcons.c | 3 +- crypto/x509v3/v3_bitst.c | 2 +- crypto/x509v3/v3_conf.c | 25 ++++--- crypto/x509v3/v3_cpols.c | 32 ++++---- crypto/x509v3/v3_crld.c | 11 +-- crypto/x509v3/v3_extku.c | 4 +- crypto/x509v3/v3_ia5.c | 5 +- crypto/x509v3/v3_info.c | 7 +- crypto/x509v3/v3_lib.c | 15 ++-- crypto/x509v3/v3_pci.c | 2 +- crypto/x509v3/v3_pcons.c | 3 +- crypto/x509v3/v3_pmaps.c | 2 +- crypto/x509v3/v3_prn.c | 9 ++- crypto/x509v3/v3_purp.c | 5 +- crypto/x509v3/v3_skey.c | 6 +- crypto/x509v3/v3_sxnet.c | 28 ++++--- crypto/x509v3/v3_utl.c | 32 ++++---- crypto/x509v3/v3prin.c | 5 +- demos/engines/cluster_labs/hw_cluster_labs.c | 29 +++----- demos/engines/ibmca/hw_ibmca.c | 10 +-- demos/engines/zencod/hw_zencod.c | 70 +++++++----------- demos/pkcs12/pkread.c | 4 +- demos/pkcs12/pkwrite.c | 4 +- engines/ccgost/gost2001.c | 2 +- engines/ccgost/gost_ameth.c | 2 +- engines/e_4758cca.c | 25 +++---- engines/e_aep.c | 18 ++--- engines/e_atalla.c | 11 +-- engines/e_capi.c | 6 +- engines/e_chil.c | 29 +++----- engines/e_cswift.c | 14 ++-- engines/e_sureware.c | 6 +- engines/e_ubsec.c | 40 ++++------ ssl/d1_srtp.c | 2 +- ssl/kssl.c | 6 +- ssl/s3_clnt.c | 18 ++--- ssl/s3_srvr.c | 2 +- ssl/tls_srp.c | 23 +++--- test/ectest.c | 14 ++-- 118 files changed, 754 insertions(+), 724 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 1c182ba..ab6eb40 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -502,11 +502,12 @@ int add_oid_section(CONF *conf) STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *cnf; int i; - if (!(p = NCONF_get_string(conf, NULL, "oid_section"))) { + + if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) { ERR_clear_error(); return 1; } - if (!(sktmp = NCONF_get_section(conf, p))) { + if ((sktmp = NCONF_get_section(conf, p)) == NULL) { BIO_printf(bio_err, "problem loading oid section %s\n", p); return 0; } diff --git a/apps/ca.c b/apps/ca.c index d7a9aca..58f1243 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -1703,7 +1703,7 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, * Its best to dup the subject DN and then delete any email addresses * because this retains its structure. */ - if (!(dn_subject = X509_NAME_dup(subject))) { + if ((dn_subject = X509_NAME_dup(subject)) == NULL) { BIO_printf(bio_err, "Memory allocation failure\n"); goto end; } diff --git a/apps/cms.c b/apps/cms.c index 5eb5d2d..5293fbd 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -717,8 +717,8 @@ int cms_main(int argc, char **argv) if ((encerts = sk_X509_new_null()) == NULL) goto end; while (*argv) { - if (!(cert = load_cert(*argv, FORMAT_PEM, - NULL, e, "recipient certificate file"))) + if ((cert = load_cert(*argv, FORMAT_PEM, NULL, e, + "recipient certificate file")) == NULL) goto end; sk_X509_push(encerts, cert); cert = NULL; @@ -727,24 +727,24 @@ int cms_main(int argc, char **argv) } if (certfile) { - if (!(other = load_certs(certfile, FORMAT_PEM, NULL, - e, "certificate file"))) { + if ((other = load_certs(certfile, FORMAT_PEM, NULL, e, + "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } if (recipfile && (operation == SMIME_DECRYPT)) { - if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL, - e, "recipient certificate file"))) { + if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, e, + "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } if (operation == SMIME_SIGN_RECEIPT) { - if (!(signer = load_cert(signerfile, FORMAT_PEM, NULL, - e, "receipt signer certificate file"))) { + if ((signer = load_cert(signerfile, FORMAT_PEM, NULL, e, + "receipt signer certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } @@ -787,7 +787,7 @@ int cms_main(int argc, char **argv) } if (contfile) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) { + if ((indata = BIO_new_file(contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; } @@ -807,7 +807,7 @@ int cms_main(int argc, char **argv) if (rctfile) { char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r"; - if (!(rctin = BIO_new_file(rctfile, rctmode))) { + if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) { BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile); goto end; } @@ -834,7 +834,7 @@ int cms_main(int argc, char **argv) goto end; if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) { - if (!(store = setup_verify(CAfile, CApath))) + if ((store = setup_verify(CAfile, CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cms_cb); if (vpmtouched) diff --git a/apps/crl.c b/apps/crl.c index b8c592c..443889a 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -222,7 +222,7 @@ int crl_main(int argc, char **argv) goto end; if (do_ver) { - if (!(store = setup_verify(CAfile, CApath))) + if ((store = setup_verify(CAfile, CApath)) == NULL) goto end; lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()); if (lookup == NULL) diff --git a/apps/crl2p7.c b/apps/crl2p7.c index fb2b085..f05ad4a 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -135,7 +135,8 @@ int crl2pkcs7_main(int argc, char **argv) nocrl = 1; break; case OPT_CERTFILE: - if (!certflst && !(certflst = sk_OPENSSL_STRING_new_null())) + if ((certflst == NULL) + && (certflst = sk_OPENSSL_STRING_new_null()) == NULL) goto end; if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) { sk_OPENSSL_STRING_free(certflst); diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 67d33a2..367ba87 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -421,8 +421,8 @@ int pkcs12_main(int argc, char **argv) /* Add any more certificates asked for */ if (certfile) { STACK_OF(X509) *morecerts = NULL; - if (!(morecerts = load_certs(certfile, FORMAT_PEM, NULL, e, - "certificates from certfile"))) + if ((morecerts = load_certs(certfile, FORMAT_PEM, NULL, e, + "certificates from certfile")) == NULL) goto export_end; while (sk_X509_num(morecerts) > 0) sk_X509_push(certs, sk_X509_shift(morecerts)); @@ -434,7 +434,7 @@ int pkcs12_main(int argc, char **argv) int vret; STACK_OF(X509) *chain2; X509_STORE *store; - if (!(store = setup_verify(CAfile, CApath))) + if ((store = setup_verify(CAfile, CApath)) == NULL) goto export_end; vret = get_cert_chain(ucert, store, &chain2); @@ -511,7 +511,7 @@ int pkcs12_main(int argc, char **argv) } - if (!(p12 = d2i_PKCS12_bio(in, NULL))) { + if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) { ERR_print_errors(bio_err); goto end; } @@ -570,7 +570,7 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int ret = 0; PKCS7 *p7; - if (!(asafes = PKCS12_unpack_authsafes(p12))) + if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) return 0; for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); @@ -634,7 +634,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, return 1; print_attribs(out, bag->attrib, "Bag Attributes"); p8 = bag->value.keybag; - if (!(pkey = EVP_PKCS82PKEY(p8))) + if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) return 0; print_attribs(out, p8->attributes, "Key Attributes"); PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass); @@ -649,9 +649,9 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, if (options & NOKEYS) return 1; print_attribs(out, bag->attrib, "Bag Attributes"); - if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) return 0; - if (!(pkey = EVP_PKCS82PKEY(p8))) { + if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) { PKCS8_PRIV_KEY_INFO_free(p8); return 0; } @@ -674,7 +674,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass, print_attribs(out, bag->attrib, "Bag Attributes"); if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) + if ((x509 = PKCS12_certbag2x509(bag)) == NULL) return 0; dump_cert_text(out, x509); PEM_write_bio_X509(out, x509); diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 07ebf3b..55c4eea 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -211,7 +211,7 @@ int pkcs8_main(int argc, char **argv) pkey = load_key(infile, informat, 1, passin, e, "key"); if (!pkey) goto end; - if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) { + if ((p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)) == NULL) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); goto end; @@ -235,9 +235,9 @@ int pkcs8_main(int argc, char **argv) goto end; } app_RAND_load_file(NULL, 0); - if (!(p8 = PKCS8_encrypt(pbe_nid, cipher, - p8pass, strlen(p8pass), - NULL, 0, iter, p8inf))) { + if ((p8 = PKCS8_encrypt(pbe_nid, cipher, + p8pass, strlen(p8pass), + NULL, 0, iter, p8inf)) == NULL) { BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); goto end; @@ -296,7 +296,7 @@ int pkcs8_main(int argc, char **argv) goto end; } - if (!(pkey = EVP_PKCS82PKEY(p8inf))) { + if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) { BIO_printf(bio_err, "Error converting key\n"); ERR_print_errors(bio_err); goto end; diff --git a/apps/req.c b/apps/req.c index 225474b..8acdad3 100644 --- a/apps/req.c +++ b/apps/req.c @@ -962,7 +962,7 @@ static int build_subject(X509_REQ *req, char *subject, unsigned long chtype, { X509_NAME *n; - if (!(n = parse_name(subject, chtype, multirdn))) + if ((n = parse_name(subject, chtype, multirdn)) == NULL) return 0; if (!X509_REQ_set_subject_name(req, n)) { diff --git a/apps/s_client.c b/apps/s_client.c index a24d2f3..b257727 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -345,7 +345,8 @@ static int ssl_srp_verify_param_cb(SSL *s, void *arg) { SRP_ARG *srp_arg = (SRP_ARG *)arg; BIGNUM *N = NULL, *g = NULL; - if (!(N = SSL_get_srp_N(s)) || !(g = SSL_get_srp_g(s))) + + if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL)) return 0; if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) { BIO_printf(bio_err, "SRP parameters:\n"); diff --git a/apps/smime.c b/apps/smime.c index e544ca2..3f48278 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -463,16 +463,16 @@ int smime_main(int argc, char **argv) } if (certfile) { - if (!(other = load_certs(certfile, FORMAT_PEM, NULL, - e, "certificate file"))) { + if ((other = load_certs(certfile, FORMAT_PEM, NULL, + e, "certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } } if (recipfile && (operation == SMIME_DECRYPT)) { - if (!(recip = load_cert(recipfile, FORMAT_PEM, NULL, - e, "recipient certificate file"))) { + if ((recip = load_cert(recipfile, FORMAT_PEM, NULL, + e, "recipient certificate file")) == NULL) { ERR_print_errors(bio_err); goto end; } @@ -515,7 +515,7 @@ int smime_main(int argc, char **argv) } if (contfile) { BIO_free(indata); - if (!(indata = BIO_new_file(contfile, "rb"))) { + if ((indata = BIO_new_file(contfile, "rb")) == NULL) { BIO_printf(bio_err, "Can't read content file %s\n", contfile); goto end; } @@ -527,7 +527,7 @@ int smime_main(int argc, char **argv) goto end; if (operation == SMIME_VERIFY) { - if (!(store = setup_verify(CAfile, CApath))) + if ((store = setup_verify(CAfile, CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, smime_cb); if (vpmtouched) diff --git a/apps/srp.c b/apps/srp.c index 111f829..ec875cb 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -516,10 +516,13 @@ int srp_main(int argc, char **argv) row[DB_srptype] = BUF_strdup("v"); row[DB_srpgN] = BUF_strdup(gNid); - if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] - || !row[DB_srpverifier] || !row[DB_srpsalt] - || (userinfo && - (!(row [DB_srpinfo] = BUF_strdup (userinfo)))) + if ((row[DB_srpid] == NULL) + || (row[DB_srpgN] == NULL) + || (row[DB_srptype] == NULL) + || (row[DB_srpverifier] == NULL) + || (row[DB_srpsalt] == NULL) + || (userinfo + && ((row[DB_srpinfo] = BUF_strdup(userinfo)) == NULL)) || !update_index(db, row)) { OPENSSL_free(row[DB_srpid]); OPENSSL_free(row[DB_srpgN]); @@ -596,10 +599,14 @@ int srp_main(int argc, char **argv) row[DB_srptype][0] = 'v'; row[DB_srpgN] = BUF_strdup(gNid); - if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] - || !row[DB_srpverifier] || !row[DB_srpsalt] + if (row[DB_srpid] == NULL + || row[DB_srpgN] == NULL + || row[DB_srptype] == NULL + || row[DB_srpverifier] == NULL + || row[DB_srpsalt] == NULL || (userinfo - && (!(row[DB_srpinfo] = BUF_strdup(userinfo))))) + && ((row[DB_srpinfo] = BUF_strdup(userinfo)) + == NULL))) goto end; doupdatedb = 1; @@ -612,12 +619,10 @@ int srp_main(int argc, char **argv) user); errors++; } else { - char **xpp = - sk_OPENSSL_PSTRING_value(db->db->data, userindex); - BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); + char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex); + BIO_printf(bio_err, "user \"%s\" revoked. t\n", user); xpp[DB_srptype][0] = 'R'; - doupdatedb = 1; } } diff --git a/apps/ts.c b/apps/ts.c index 3cfdc79..5c42ff5 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -381,7 +381,7 @@ static ASN1_OBJECT *txt2obj(const char *oid) { ASN1_OBJECT *oid_obj = NULL; - if (!(oid_obj = OBJ_txt2obj(oid, 0))) + if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL) BIO_printf(bio_err, "cannot convert %s to OID\n", oid); return oid_obj; @@ -398,8 +398,8 @@ static CONF *load_config_file(const char *configfile) configfile = getenv("SSLEAY_CONF"); if (configfile && - (!(conf = NCONF_new(NULL)) || - NCONF_load(conf, configfile, &errorline) <= 0)) { + ((conf = NCONF_new(NULL)) == NULL + || NCONF_load(conf, configfile, &errorline) <= 0)) { if (errorline <= 0) BIO_printf(bio_err, "error loading the config file " "'%s'\n", configfile); @@ -449,7 +449,8 @@ static int query_command(const char *data, char *digest, const EVP_MD *md, query = d2i_TS_REQ_bio(in_bio, NULL); } else { /* Open the file if no explicit digest bytes were specified. */ - if (!digest && !(data_bio = bio_open_default(data, "rb"))) + if (digest == NULL + && (data_bio = bio_open_default(data, "rb")) == NULL) goto end; query = create_query(data_bio, digest, md, policy, no_nonce, cert); } @@ -496,11 +497,11 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, ASN1_INTEGER *nonce_asn1 = NULL; /* Setting default message digest. */ - if (!md && !(md = EVP_get_digestbyname("sha1"))) + if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL) goto err; /* Creating request object. */ - if (!(ts_req = TS_REQ_new())) + if ((ts_req = TS_REQ_new()) == NULL) goto err; /* Setting version. */ @@ -508,15 +509,15 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, goto err; /* Creating and adding MSG_IMPRINT object. */ - if (!(msg_imprint = TS_MSG_IMPRINT_new())) + if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL) goto err; /* Adding algorithm. */ - if (!(algo = X509_ALGOR_new())) + if ((algo = X509_ALGOR_new()) == NULL) goto err; - if (!(algo->algorithm = OBJ_nid2obj(EVP_MD_type(md)))) + if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL) goto err; - if (!(algo->parameter = ASN1_TYPE_new())) + if ((algo->parameter = ASN1_TYPE_new()) == NULL) goto err; algo->parameter->type = V_ASN1_NULL; if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo)) @@ -532,13 +533,13 @@ static TS_REQ *create_query(BIO *data_bio, char *digest, const EVP_MD *md, goto err; /* Setting policy if requested. */ - if (policy && !(policy_obj = txt2obj(policy))) + if (policy && (policy_obj = txt2obj(policy)) == NULL) goto err; if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj)) goto err; /* Setting nonce if requested. */ - if (!no_nonce && !(nonce_asn1 = create_nonce(NONCE_LENGTH))) + if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL) goto err; if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1)) goto err; @@ -615,8 +616,9 @@ static ASN1_INTEGER *create_nonce(int bits) goto err; /* Find the first non-zero byte and creating ASN1_INTEGER object. */ - for (i = 0; i < len && !buf[i]; ++i) ; - if (!(nonce = ASN1_INTEGER_new())) + for (i = 0; i < len && !buf[i]; ++i) + continue; + if ((nonce = ASN1_INTEGER_new()) == NULL) goto err; OPENSSL_free(nonce->data); /* Allocate at least one byte. */ @@ -725,17 +727,17 @@ static TS_RESP *read_PKCS7(BIO *in_bio) TS_STATUS_INFO *si = NULL; /* Read PKCS7 object and extract the signed time stamp info. */ - if (!(token = d2i_PKCS7_bio(in_bio, NULL))) + if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) goto end; - if (!(tst_info = PKCS7_to_TS_TST_INFO(token))) + if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL) goto end; /* Creating response object. */ - if (!(resp = TS_RESP_new())) + if ((resp = TS_RESP_new()) == NULL) goto end; /* Create granted status info. */ - if (!(si = TS_STATUS_INFO_new())) + if ((si = TS_STATUS_INFO_new()) == NULL) goto end; if (!(ASN1_INTEGER_set(si->status, TS_STATUS_GRANTED))) goto end; @@ -769,15 +771,15 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine, BIO *query_bio = NULL; TS_RESP_CTX *resp_ctx = NULL; - if (!(query_bio = BIO_new_file(queryfile, "rb"))) + if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL) goto end; /* Getting TSA configuration section. */ - if (!(section = TS_CONF_get_tsa_section(conf, section))) + if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL) goto end; /* Setting up response generation context. */ - if (!(resp_ctx = TS_RESP_CTX_new())) + if ((resp_ctx = TS_RESP_CTX_new()) == NULL) goto end; /* Setting serial number provider callback. */ @@ -834,7 +836,7 @@ static TS_RESP *create_response(CONF *conf, const char *section, char *engine, goto end; /* Creating the response. */ - if (!(response = TS_RESP_create_response(resp_ctx, query_bio))) + if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL) goto end; ret = 1; @@ -872,10 +874,10 @@ static ASN1_INTEGER *next_serial(const char *serialfile) ASN1_INTEGER *serial = NULL; BIGNUM *bn = NULL; - if (!(serial = ASN1_INTEGER_new())) + if ((serial = ASN1_INTEGER_new()) == NULL) goto err; - if (!(in = BIO_new_file(serialfile, "r"))) { + if ((in = BIO_new_file(serialfile, "r")) == NULL) { ERR_clear_error(); BIO_printf(bio_err, "Warning: could not open file %s for " "reading, using serial number: 1\n", serialfile); @@ -888,13 +890,13 @@ static ASN1_INTEGER *next_serial(const char *serialfile) serialfile); goto err; } - if (!(bn = ASN1_INTEGER_to_BN(serial, NULL))) + if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL) goto err; ASN1_INTEGER_free(serial); serial = NULL; if (!BN_add_word(bn, 1)) goto err; - if (!(serial = BN_to_ASN1_INTEGER(bn, NULL))) + if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL) goto err; } ret = 1; @@ -913,7 +915,7 @@ static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial) int ret = 0; BIO *out = NULL; - if (!(out = BIO_new_file(serialfile, "w"))) + if ((out = BIO_new_file(serialfile, "w")) == NULL) goto err; if (i2a_ASN1_INTEGER(out, serial) <= 0) goto err; @@ -943,18 +945,18 @@ static int verify_command(char *data, char *digest, char *queryfile, int ret = 0; /* Decode the token (PKCS7) or response (TS_RESP) files. */ - if (!(in_bio = BIO_new_file(in, "rb"))) + if ((in_bio = BIO_new_file(in, "rb")) == NULL) goto end; if (token_in) { - if (!(token = d2i_PKCS7_bio(in_bio, NULL))) + if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL) goto end; } else { - if (!(response = d2i_TS_RESP_bio(in_bio, NULL))) + if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL) goto end; } - if (!(verify_ctx = create_verify_ctx(data, digest, queryfile, - CApath, CAfile, untrusted))) + if ((verify_ctx = create_verify_ctx(data, digest, queryfile, + CApath, CAfile, untrusted)) == NULL) goto end; /* Checking the token or response against the request. */ @@ -991,17 +993,17 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, int ret = 0; if (data != NULL || digest != NULL) { - if (!(ctx = TS_VERIFY_CTX_new())) + if ((ctx = TS_VERIFY_CTX_new()) == NULL) goto err; ctx->flags = TS_VFY_VERSION | TS_VFY_SIGNER; if (data != NULL) { ctx->flags |= TS_VFY_DATA; - if (!(ctx->data = BIO_new_file(data, "rb"))) + if ((ctx->data = BIO_new_file(data, "rb")) == NULL) goto err; } else if (digest != NULL) { long imprint_len; ctx->flags |= TS_VFY_IMPRINT; - if (!(ctx->imprint = string_to_hex(digest, &imprint_len))) { + if ((ctx->imprint = string_to_hex(digest, &imprint_len)) == NULL) { BIO_printf(bio_err, "invalid digest string\n"); goto err; } @@ -1013,11 +1015,11 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, * The request has just to be read, decoded and converted to a verify * context object. */ - if (!(input = BIO_new_file(queryfile, "rb"))) + if ((input = BIO_new_file(queryfile, "rb")) == NULL) goto err; - if (!(request = d2i_TS_REQ_bio(input, NULL))) + if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL) goto err; - if (!(ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL))) + if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL) goto err; } else return NULL; @@ -1026,11 +1028,11 @@ static TS_VERIFY_CTX *create_verify_ctx(char *data, char *digest, ctx->flags |= TS_VFY_SIGNATURE; /* Initialising the X509_STORE object. */ - if (!(ctx->store = create_cert_store(CApath, CAfile))) + if ((ctx->store = create_cert_store(CApath, CAfile)) == NULL) goto err; /* Loading untrusted certificates. */ - if (untrusted && !(ctx->certs = TS_CONF_load_certs(untrusted))) + if (untrusted && (ctx->certs = TS_CONF_load_certs(untrusted)) == NULL) goto err; ret = 1; diff --git a/apps/verify.c b/apps/verify.c index f4e18f0..cb1be9a 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -177,7 +177,7 @@ int verify_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!(store = setup_verify(CAfile, CApath))) + if ((store = setup_verify(CAfile, CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cb); diff --git a/apps/x509.c b/apps/x509.c index 5938b43..f22eef1 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -1021,11 +1021,9 @@ static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest, } if (sno) bs = sno; - else if (!(bs = x509_load_serial(CAfile, serialfile, create))) + else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL) goto end; -/* if (!X509_STORE_add_cert(ctx,x)) goto end;*/ - /* * NOTE: this certificate can/should be self signed, unless it was a * certificate request in which case it is not. diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 2ff496b..ddb2798 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -235,7 +235,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, cpyfunc = cpy_utf8; break; } - if (!(p = OPENSSL_malloc(outlen + 1))) { + if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { if (free_out) ASN1_STRING_free(dest); ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 7ff3de3..6114c52 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -116,8 +116,8 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, if (!ASN1_TIME_check(t)) return NULL; - if (!out || !*out) { - if (!(ret = ASN1_GENERALIZEDTIME_new())) + if (out == NULL || *out == NULL) { + if ((ret = ASN1_GENERALIZEDTIME_new()) == NULL) return NULL; if (out) *out = ret; diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 84d85e6..3ff1db8 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -492,15 +492,12 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, if (derlen < 0) goto bad; - - if (!(ret = ASN1_TYPE_new())) + if ((ret = ASN1_TYPE_new()) == NULL) goto bad; - - if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) + if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL) goto bad; ret->type = utype; - ret->value.asn1_string->data = der; ret->value.asn1_string->length = derlen; @@ -631,15 +628,12 @@ static int asn1_str2tag(const char *tagstr, int len) static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) { ASN1_TYPE *atmp = NULL; - CONF_VALUE vtmp; - unsigned char *rdata; long rdlen; - int no_unused = 1; - if (!(atmp = ASN1_TYPE_new())) { + if ((atmp = ASN1_TYPE_new()) == NULL) { ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -676,7 +670,8 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); goto bad_form; } - if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { + if ((atmp->value.integer + = s2i_ASN1_INTEGER(NULL, (char *)str)) == NULL) { ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); goto bad_str; } @@ -687,7 +682,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); goto bad_form; } - if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { + if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); goto bad_str; } @@ -699,7 +694,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); goto bad_form; } - if (!(atmp->value.asn1_string = ASN1_STRING_new())) { + if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); goto bad_str; } @@ -724,7 +719,6 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_UNIVERSALSTRING: case V_ASN1_GENERALSTRING: case V_ASN1_NUMERICSTRING: - if (format == ASN1_GEN_FORMAT_ASCII) format = MBSTRING_ASC; else if (format == ASN1_GEN_FORMAT_UTF8) @@ -743,25 +737,20 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) break; case V_ASN1_BIT_STRING: - case V_ASN1_OCTET_STRING: - - if (!(atmp->value.asn1_string = ASN1_STRING_new())) { + if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); goto bad_form; } if (format == ASN1_GEN_FORMAT_HEX) { - - if (!(rdata = string_to_hex((char *)str, &rdlen))) { + if ((rdata = string_to_hex((char *)str, &rdlen)) == NULL) { ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); goto bad_str; } - atmp->value.asn1_string->data = rdata; atmp->value.asn1_string->length = rdlen; atmp->value.asn1_string->type = utype; - } else if (format == ASN1_GEN_FORMAT_ASCII) ASN1_STRING_set(atmp->value.asn1_string, str, -1); else if ((format == ASN1_GEN_FORMAT_BITLIST) diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 2fe6cf9..9ce4013 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -180,7 +180,8 @@ static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) { BIO *b64; ASN1_VALUE *val; - if (!(b64 = BIO_new(BIO_f_base64()))) { + + if ((b64 = BIO_new(BIO_f_base64())) == NULL) { ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE); return 0; } @@ -427,12 +428,13 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if (bcont) *bcont = NULL; - if (!(headers = mime_parse_hdr(bio))) { + if ((headers = mime_parse_hdr(bio)) == NULL) { ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR); return NULL; } - if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + if ((hdr = mime_hdr_find(headers, "content-type")) == NULL + || hdr->value == NULL) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); return NULL; @@ -459,7 +461,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) /* Parse the signature piece */ asnin = sk_BIO_value(parts, 1); - if (!(headers = mime_parse_hdr(asnin))) { + if ((headers = mime_parse_hdr(asnin)) == NULL) { ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; @@ -467,7 +469,8 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) /* Get content type */ - if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + if ((hdr = mime_hdr_find(headers, "content-type")) == NULL + || hdr->value == NULL) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); return NULL; @@ -483,7 +486,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) } sk_MIME_HEADER_pop_free(headers, mime_hdr_free); /* Read in ASN1 */ - if (!(val = b64_read_asn1(asnin, it))) { + if ((val = b64_read_asn1(asnin, it)) == NULL) { ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; @@ -510,7 +513,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if (!(val = b64_read_asn1(bio, it))) { + if ((val = b64_read_asn1(bio, it)) == NULL) { ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); return NULL; } @@ -573,11 +576,12 @@ int SMIME_text(BIO *in, BIO *out) STACK_OF(MIME_HEADER) *headers; MIME_HEADER *hdr; - if (!(headers = mime_parse_hdr(in))) { + if ((headers = mime_parse_hdr(in)) == NULL) { ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR); return 0; } - if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + if ((hdr = mime_hdr_find(headers, "content-type")) == NULL + || hdr->value == NULL) { ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return 0; @@ -822,8 +826,9 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) MIME_HEADER *mhdr = NULL; char *tmpname = NULL, *tmpval = NULL, *p; int c; + if (name) { - if (!(tmpname = BUF_strdup(name))) + if ((tmpname = BUF_strdup(name)) == NULL) return NULL; for (p = tmpname; *p; p++) { c = (unsigned char)*p; @@ -834,7 +839,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) } } if (value) { - if (!(tmpval = BUF_strdup(value))) + if ((tmpval = BUF_strdup(value)) == NULL) goto err; for (p = tmpval; *p; p++) { c = (unsigned char)*p; @@ -849,7 +854,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) goto err; mhdr->name = tmpname; mhdr->value = tmpval; - if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) + if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL) goto err; return mhdr; diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index da7e291..9459bb2 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -76,8 +76,9 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) const char *oid_section; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *oval; + oid_section = CONF_imodule_get_value(md); - if (!(sktmp = NCONF_get_section(cnf, oid_section))) { + if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); return 0; } diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index 9b50d14..a2e80b1 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -70,8 +70,9 @@ static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf) const char *stbl_section; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *mval; + stbl_section = CONF_imodule_get_value(md); - if (!(sktmp = NCONF_get_section(cnf, stbl_section))) { + if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) { ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); return 0; } diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c index e358a86..b80016b 100644 --- a/crypto/asn1/asn_pack.c +++ b/crypto/asn1/asn_pack.c @@ -67,8 +67,8 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) { ASN1_STRING *octmp; - if (!oct || !*oct) { - if (!(octmp = ASN1_STRING_new())) { + if (oct == NULL|| *oct== NULL) { + if ((octmp = ASN1_STRING_new()) == NULL) { ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); return NULL; } @@ -80,7 +80,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) OPENSSL_free(octmp->data); octmp->data = NULL; - if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { + if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) { ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); return NULL; } @@ -99,7 +99,7 @@ void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) void *ret; p = oct->data; - if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) + if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL) ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR); return ret; } diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index 4b9045e..c7a1240 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -106,14 +106,13 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, } obj = OBJ_nid2obj(alg_nid); - if (!(pbe2 = PBE2PARAM_new())) + if ((pbe2 = PBE2PARAM_new()) == NULL) goto merr; /* Setup the AlgorithmIdentifier for the encryption scheme */ scheme = pbe2->encryption; - scheme->algorithm = obj; - if (!(scheme->parameter = ASN1_TYPE_new())) + if ((scheme->parameter = ASN1_TYPE_new()) == NULL) goto merr; /* Create random IV */ @@ -163,7 +162,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, /* Now set up top level AlgorithmIdentifier */ - if (!(ret = X509_ALGOR_new())) + if ((ret = X509_ALGOR_new()) == NULL) goto merr; ret->algorithm = OBJ_nid2obj(NID_pbes2); @@ -205,17 +204,17 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, PBKDF2PARAM *kdf = NULL; ASN1_OCTET_STRING *osalt = NULL; - if (!(kdf = PBKDF2PARAM_new())) + if ((kdf = PBKDF2PARAM_new()) == NULL) goto merr; - if (!(osalt = ASN1_OCTET_STRING_new())) + if ((osalt = ASN1_OCTET_STRING_new()) == NULL) goto merr; kdf->salt->value.octet_string = osalt; kdf->salt->type = V_ASN1_OCTET_STRING; - if (!saltlen) + if (saltlen == 0) saltlen = PKCS5_SALT_LEN; - if (!(osalt->data = OPENSSL_malloc(saltlen))) + if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) goto merr; osalt->length = saltlen; @@ -234,7 +233,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, /* If have a key len set it up */ if (keylen > 0) { - if (!(kdf->keylength = ASN1_INTEGER_new())) + if ((kdf->keylength = ASN1_INTEGER_new()) == NULL) goto merr; if (!ASN1_INTEGER_set(kdf->keylength, keylen)) goto merr; diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index 775e46f..b0a6b4a 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -84,9 +84,9 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) static X509_CERT_AUX *aux_get(X509 *x) { - if (!x) + if (x == NULL) return NULL; - if (!x->aux && !(x->aux = X509_CERT_AUX_new())) + if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL) return NULL; return x->aux; } @@ -101,9 +101,9 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len) x->aux->alias = NULL; return 1; } - if (!(aux = aux_get(x))) + if ((aux = aux_get(x)) == NULL) return 0; - if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) + if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL) return 0; return ASN1_STRING_set(aux->alias, name, len); } @@ -118,9 +118,10 @@ int X509_keyid_set1(X509 *x, unsigned char *id, int len) x->aux->keyid = NULL; return 1; } - if (!(aux = aux_get(x))) + if ((aux = aux_get(x)) == NULL) return 0; - if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) + if (aux->keyid ==NULL + && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL) return 0; return ASN1_STRING_set(aux->keyid, id, len); } @@ -152,9 +153,10 @@ int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj) if (!objtmp) return 0; } - if (!(aux = aux_get(x))) + if ((aux = aux_get(x)) == NULL) goto err; - if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null())) + if (aux->trust == NULL + && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL) goto err; if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp)) return 1; @@ -167,11 +169,12 @@ int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj) { X509_CERT_AUX *aux; ASN1_OBJECT *objtmp; - if (!(objtmp = OBJ_dup(obj))) + if ((objtmp = OBJ_dup(obj)) == NULL) return 0; - if (!(aux = aux_get(x))) + if ((aux = aux_get(x)) == NULL) return 0; - if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null())) + if (aux->reject == NULL + && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL) return 0; return sk_ASN1_OBJECT_push(aux->reject, objtmp); } diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index 53829dd..dc98c4f 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -102,7 +102,7 @@ static int nbiof_new(BIO *bi) { NBIO_TEST *nt; - if (!(nt = OPENSSL_malloc(sizeof(*nt)))) + if ((nt = OPENSSL_malloc(sizeof(*nt))) == NULL) return (0); nt->lrn = -1; nt->lwn = -1; diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 60f58e2..9b2cee4 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -269,7 +269,7 @@ static int conn_state(BIO *b, BIO_CONNECT *c) } if (cb != NULL) { - if (!(ret = cb((BIO *)b, c->state, ret))) + if ((ret = cb((BIO *)b, c->state, ret)) == 0) goto end; } } diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 53d8136..268481c 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -1406,7 +1406,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl) if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b)) { char *tmp; data->saved_message.bio = b; - if (!(tmp = OPENSSL_malloc(inl))) { + if ((tmp = OPENSSL_malloc(inl)) == NULL) { BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index 56e0d2e..c55344d 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -97,12 +97,12 @@ BIO *BIO_new_mem_buf(void *buf, int len) BUF_MEM *b; size_t sz; - if (!buf) { + if (buf == NULL) { BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER); return NULL; } sz = (len < 0) ? strlen(buf) : (size_t)len; - if (!(ret = BIO_new(BIO_s_mem()))) + if ((ret = BIO_new(BIO_s_mem())) == NULL) return NULL; b = (BUF_MEM *)ret->ptr; b->data = buf; diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index d19ec6d..c161973 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -801,7 +801,8 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) { BIO *cmsbio; int ret = 0; - if (!(cmsbio = CMS_dataInit(cms, dcont))) { + + if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) { CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 8af2ab1..ee71f48 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -357,7 +357,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) p++; *p = '\0'; - if (!(v = OPENSSL_malloc(sizeof(*v)))) { + if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) { CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 29e77c7..838a645 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -118,7 +118,7 @@ LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp, { BIO *btmp; LHASH_OF(CONF_VALUE) *ltmp; - if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB); return NULL; } @@ -200,7 +200,7 @@ int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) BIO *btmp; int ret; - if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { + if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB); return 0; } @@ -270,7 +270,7 @@ int NCONF_load_fp(CONF *conf, FILE *fp, long *eline) { BIO *btmp; int ret; - if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) { + if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB); return 0; } @@ -354,7 +354,7 @@ int NCONF_dump_fp(const CONF *conf, FILE *out) { BIO *btmp; int ret; - if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) { + if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) { CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB); return 0; } diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index b45173e..065f8b9 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -119,18 +119,18 @@ static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) pm = pstr->data; pmlen = pstr->length; - if (!(dh = d2i_dhp(pkey, &pm, pmlen))) { + if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) { DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); goto err; } - if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { + if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR); goto err; } /* We have parameters now set public key */ - if (!(dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR); goto err; } @@ -218,17 +218,17 @@ static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) if (ptype != V_ASN1_SEQUENCE) goto decerr; - - if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen))) + if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) goto decerr; pstr = pval; pm = pstr->data; pmlen = pstr->length; - if (!(dh = d2i_dhp(pkey, &pm, pmlen))) + if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) goto decerr; + /* We have parameters now set private key */ - if (!(dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + if ((dh->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)) == NULL) { DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR); goto dherr; } @@ -310,7 +310,8 @@ static int dh_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DH *dh; - if (!(dh = d2i_dhp(pkey, pder, derlen))) { + + if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) { DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB); return 0; } @@ -679,13 +680,13 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx, if (!p || !plen) goto err; - if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, plen))) { + if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) { DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR); goto err; } /* We have parameters now set public key */ - if (!(dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR); goto err; } diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index e5009ec..bc8fcc4 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -88,13 +88,13 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) pm = pstr->data; pmlen = pstr->length; - if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) { + if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); goto err; } } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) { - if (!(dsa = DSA_new())) { + if ((dsa = DSA_new()) == NULL) { DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE); goto err; } @@ -103,12 +103,12 @@ static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) goto err; } - if (!(public_key = d2i_ASN1_INTEGER(NULL, &p, pklen))) { + if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR); goto err; } - if (!(dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL))) { + if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) { DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR); goto err; } @@ -201,7 +201,7 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) /* Check for broken DSA PKCS#8, UGH! */ if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { ASN1_TYPE *t1, *t2; - if (!(ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen))) + if ((ndsa = d2i_ASN1_SEQUENCE_ANY(NULL, &p, pklen)) == NULL) goto decerr; if (sk_ASN1_TYPE_num(ndsa) != 2) goto decerr; @@ -227,12 +227,12 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) privkey = t2->value.integer; } else { const unsigned char *q = p; - if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pklen))) + if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) goto decerr; if (privkey->type == V_ASN1_NEG_INTEGER) { p8->broken = PKCS8_NEG_PRIVKEY; ASN1_STRING_clear_free(privkey); - if (!(privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen))) + if ((privkey = d2i_ASN1_UINTEGER(NULL, &q, pklen)) == NULL) goto decerr; } if (ptype != V_ASN1_SEQUENCE) @@ -242,19 +242,19 @@ static int dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) pstr = pval; pm = pstr->data; pmlen = pstr->length; - if (!(dsa = d2i_DSAparams(NULL, &pm, pmlen))) + if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) goto decerr; /* We have parameters now set private key */ - if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { + if ((dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL)) == NULL) { DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR); goto dsaerr; } /* Calculate public key */ - if (!(dsa->pub_key = BN_new())) { + if ((dsa->pub_key = BN_new()) == NULL) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; } - if (!(ctx = BN_CTX_new())) { + if ((ctx = BN_CTX_new()) == NULL) { DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE); goto dsaerr; } @@ -477,7 +477,8 @@ static int dsa_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DSA *dsa; - if (!(dsa = d2i_DSAparams(NULL, pder, derlen))) { + + if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) { DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB); return 0; } @@ -512,7 +513,8 @@ static int old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { DSA *dsa; - if (!(dsa = d2i_DSAPrivateKey(NULL, pder, derlen))) { + + if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) { DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB); return 0; } diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 1cc4d40..268eff0 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -145,7 +145,7 @@ static EC_KEY *eckey_type2param(int ptype, void *pval) int pmlen; pm = pstr->data; pmlen = pstr->length; - if (!(eckey = d2i_ECParameters(NULL, &pm, pmlen))) { + if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) { ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR); goto ecerr; } @@ -510,7 +510,8 @@ static int eckey_param_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { EC_KEY *eckey; - if (!(eckey = d2i_ECParameters(NULL, pder, derlen))) { + + if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) { ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB); return 0; } @@ -545,7 +546,8 @@ static int old_ec_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { EC_KEY *ec; - if (!(ec = d2i_ECPrivateKey(NULL, pder, derlen))) { + + if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) { ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR); return 0; } diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c index 638f849..ebafc10 100644 --- a/crypto/ec/ec_asn1.c +++ b/crypto/ec/ec_asn1.c @@ -838,7 +838,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params) /* extract seed (optional) */ if (params->curve->seed != NULL) { OPENSSL_free(ret->seed); - if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) { + if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c index 8f9308d..f42fe3a 100644 --- a/crypto/ec/ec_curve.c +++ b/crypto/ec/ec_curve.c @@ -3049,9 +3049,9 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) params = (const unsigned char *)(data + 1); /* skip header */ params += seed_len; /* skip seed */ - if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) - || !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) - || !(b = BN_bin2bn(params + 2 * param_len, param_len, NULL))) { + if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL + || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL + || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } @@ -3085,8 +3085,8 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) goto err; } - if (!(x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) - || !(y = BN_bin2bn(params + 4 * param_len, param_len, NULL))) { + if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL + || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; } @@ -3094,7 +3094,7 @@ static EC_GROUP *ec_group_new_from_data(const ec_list_element curve) ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB); goto err; } - if (!(order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) + if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL || !BN_set_word(x, (BN_ULONG)data->cofactor)) { ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB); goto err; diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c index 9b75b9b..09f042e 100644 --- a/crypto/ec/ec_mult.c +++ b/crypto/ec/ec_mult.c @@ -465,7 +465,7 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, goto err; } - if (!(tmp = EC_POINT_new(group))) + if ((tmp = EC_POINT_new(group)) == NULL) goto err; /*- @@ -674,7 +674,8 @@ int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx) } } - if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) { + if ((tmp_point = EC_POINT_new(group)) == NULL + || (base = EC_POINT_new(group)) == NULL) { ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 37d3efb..42e3d3a 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -427,7 +427,7 @@ static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc); } else if (strcmp(type, "ecdh_kdf_md") == 0) { const EVP_MD *md; - if (!(md = EVP_get_digestbyname(value))) { + if ((md = EVP_get_digestbyname(value)) == NULL) { ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST); return 0; } diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 3073091..11ee56a 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -74,8 +74,9 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) const char *oid_section; STACK_OF(CONF_VALUE) *sktmp; CONF_VALUE *oval; + oid_section = CONF_imodule_get_value(md); - if (!(sktmp = NCONF_get_section(cnf, oid_section))) { + if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); return 0; } diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 0f32507..63b3ad1 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -227,9 +227,9 @@ int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, { EVP_PBE_CTL *pbe_tmp; - if (!pbe_algs) + if (pbe_algs == NULL) pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp); - if (!(pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp)))) { + if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL) { EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE); return 0; } @@ -247,6 +247,7 @@ int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, EVP_PBE_KEYGEN *keygen) { int cipher_nid, md_nid; + if (cipher) cipher_nid = EVP_CIPHER_nid(cipher); else diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index 7e64e26..e987c4c 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -75,7 +75,7 @@ EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8) if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8)) return NULL; - if (!(pkey = EVP_PKEY_new())) { + if ((pkey = EVP_PKEY_new()) == NULL) { EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE); return NULL; } @@ -115,7 +115,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) { PKCS8_PRIV_KEY_INFO *p8; - if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { + if ((p8 = PKCS8_PRIV_KEY_INFO_new()) == NULL) { EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 10d9746..fef0b8f 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -416,7 +416,7 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, } if (strcmp(name, "digest") == 0) { const EVP_MD *md; - if (!value || !(md = EVP_get_digestbyname(value))) { + if (value == NULL || (md = EVP_get_digestbyname(value)) == NULL) { EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_INVALID_DIGEST); return 0; } diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 82af4a4..991a1b7 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -255,16 +255,16 @@ int OBJ_add_object(const ASN1_OBJECT *obj) return (0); if ((o = OBJ_dup(obj)) == NULL) goto err; - if (!(ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao)))) + if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao))) == NULL) goto err2; if ((o->length != 0) && (obj->data != NULL)) - if (!(ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao)))) + if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao))) == NULL) goto err2; if (o->sn != NULL) - if (!(ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao)))) + if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao))) == NULL) goto err2; if (o->ln != NULL) - if (!(ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao)))) + if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao))) == NULL) goto err2; for (i = ADDED_DATA; i <= ADDED_NID; i++) { @@ -507,7 +507,7 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) if (!(c & 0x80)) break; if (!use_bn && (l > (ULONG_MAX >> 7L))) { - if (!bl && !(bl = BN_new())) + if (bl == NULL && (bl = BN_new()) == NULL) goto err; if (!BN_set_word(bl, l)) goto err; diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 0f3f13f..b6ec19a 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -89,7 +89,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) { OCSP_ONEREQ *one = NULL; - if (!(one = OCSP_ONEREQ_new())) + if ((one = OCSP_ONEREQ_new()) == NULL) goto err; OCSP_CERTID_free(one->reqCert); one->reqCert = cid; @@ -132,7 +132,8 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) return 0; if (!cert) return 1; - if (!sig->certs && !(sig->certs = sk_X509_new_null())) + if (sig->certs == NULL + && (sig->certs = sk_X509_new_null()) == NULL) return 0; if (!sk_X509_push(sig->certs, cert)) @@ -159,7 +160,7 @@ int OCSP_request_sign(OCSP_REQUEST *req, if (!OCSP_request_set1_name(req, X509_get_subject_name(signer))) goto err; - if (!(req->optionalSignature = OCSP_SIGNATURE_new())) + if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL) goto err; if (key) { if (!X509_check_private_key(signer, key)) { diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 8a35f75..63a8332 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -415,22 +415,22 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) X509_EXTENSION *x = NULL; OCSP_CRLID *cid = NULL; - if (!(cid = OCSP_CRLID_new())) + if ((cid = OCSP_CRLID_new()) == NULL) goto err; if (url) { - if (!(cid->crlUrl = ASN1_IA5STRING_new())) + if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL) goto err; if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err; } if (n) { - if (!(cid->crlNum = ASN1_INTEGER_new())) + if ((cid->crlNum = ASN1_INTEGER_new()) == NULL) goto err; if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; } if (tim) { - if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) + if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL) goto err; if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) goto err; @@ -449,7 +449,7 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids) ASN1_OBJECT *o = NULL; X509_EXTENSION *x = NULL; - if (!(sk = sk_ASN1_OBJECT_new_null())) + if ((sk = sk_ASN1_OBJECT_new_null()) == NULL) goto err; while (oids && *oids) { if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid))) @@ -468,7 +468,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim) X509_EXTENSION *x = NULL; ASN1_GENERALIZEDTIME *gt = NULL; - if (!(gt = ASN1_GENERALIZEDTIME_new())) + if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL) goto err; if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; @@ -490,20 +490,21 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls) OCSP_SERVICELOC *sloc = NULL; ACCESS_DESCRIPTION *ad = NULL; - if (!(sloc = OCSP_SERVICELOC_new())) + if ((sloc = OCSP_SERVICELOC_new()) == NULL) goto err; - if (!(sloc->issuer = X509_NAME_dup(issuer))) + if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL) goto err; - if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) + if (urls && *urls + && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL) goto err; while (urls && *urls) { - if (!(ad = ACCESS_DESCRIPTION_new())) + if ((ad = ACCESS_DESCRIPTION_new()) == NULL) goto err; - if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP))) + if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL) goto err; - if (!(ad->location = GENERAL_NAME_new())) + if ((ad->location = GENERAL_NAME_new()) == NULL) goto err; - if (!(ia5 = ASN1_IA5STRING_new())) + if ((ia5 = ASN1_IA5STRING_new()) == NULL) goto err; if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1)) goto err; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index 1f383f6..b0e7122 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -106,7 +106,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, OCSP_CERTID *cid = NULL; unsigned char md[EVP_MAX_MD_SIZE]; - if (!(cid = OCSP_CERTID_new())) + if ((cid = OCSP_CERTID_new()) == NULL) goto err; alg = cid->hashAlgorithm; @@ -115,7 +115,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); goto err; } - if (!(alg->algorithm = OBJ_nid2obj(nid))) + if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL) goto err; if ((alg->parameter = ASN1_TYPE_new()) == NULL) goto err; @@ -135,7 +135,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, if (serialNumber) { ASN1_INTEGER_free(cid->serialNumber); - if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) + if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL) goto err; } return cid; diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index 96c2023..b826292 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -214,7 +214,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) } i = ASN1_STRING_length(rb->response); - if (!(br = OCSP_response_get1_basic(o))) + if ((br = OCSP_response_get1_basic(o)) == NULL) goto err; rd = br->tbsResponseData; l = ASN1_INTEGER_get(rd->version); diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 1afa68c..3b71dd7 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -116,13 +116,13 @@ OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs) { OCSP_RESPONSE *rsp = NULL; - if (!(rsp = OCSP_RESPONSE_new())) + if ((rsp = OCSP_RESPONSE_new()) == NULL) goto err; if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err; if (!bs) return rsp; - if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) + if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL) goto err; rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic); if (!ASN1_item_pack @@ -145,11 +145,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTSTATUS *cs; OCSP_REVOKEDINFO *ri; - if (!rsp->tbsResponseData->responses && - !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null())) + if (rsp->tbsResponseData->responses == NULL + && (rsp->tbsResponseData->responses + = sk_OCSP_SINGLERESP_new_null()) == NULL) goto err; - if (!(single = OCSP_SINGLERESP_new())) + if ((single = OCSP_SINGLERESP_new()) == NULL) goto err; if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate)) @@ -160,7 +161,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID_free(single->certId); - if (!(single->certId = OCSP_CERTID_dup(cid))) + if ((single->certId = OCSP_CERTID_dup(cid)) == NULL) goto err; cs = single->certStatus; @@ -170,12 +171,12 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME); goto err; } - if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) + if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL) goto err; if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) goto err; if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { - if (!(ri->revocationReason = ASN1_ENUMERATED_new())) + if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL) goto err; if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason))) goto err; @@ -206,7 +207,8 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert) { - if (!resp->certs && !(resp->certs = sk_X509_new_null())) + if (resp->certs == NULL + && (resp->certs = sk_X509_new_null()) == NULL) return 0; if (!sk_X509_push(resp->certs, cert)) @@ -242,7 +244,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, if (flags & OCSP_RESPID_KEY) { unsigned char md[SHA_DIGEST_LENGTH]; X509_pubkey_digest(signer, EVP_sha1(), md, NULL); - if (!(rid->value.byKey = ASN1_OCTET_STRING_new())) + if ((rid->value.byKey = ASN1_OCTET_STRING_new()) == NULL) goto err; if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) goto err; diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 9bf1ff5..d2693c7 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -314,7 +314,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, X509_NAME *iname; int mdlen; unsigned char md[EVP_MAX_MD_SIZE]; - if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) { + if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)) + == NULL) { OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); return -1; diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 529d077..52b40fe 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -116,7 +116,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, PKCS8_PRIV_KEY_INFO *p8inf; char buf[PEM_BUFSIZE]; int ret; - if (!(p8inf = EVP_PKEY2PKCS8(x))) { + + if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) { PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY); return 0; } @@ -224,7 +225,8 @@ static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, { BIO *bp; int ret; - if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { + + if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB); return (0); } @@ -238,7 +240,8 @@ EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, { BIO *bp; EVP_PKEY *ret; - if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) { + + if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) { PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB); return NULL; } diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index d2a5952..0900ef6 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -316,13 +316,12 @@ static EVP_PKEY *b2i_dss(const unsigned char **in, unsigned int length, if (!read_lebn(&p, 20, &dsa->priv_key)) goto memerr; /* Calculate public key */ - if (!(dsa->pub_key = BN_new())) + if ((dsa->pub_key = BN_new()) == NULL) goto memerr; - if (!(ctx = BN_CTX_new())) + if ((ctx = BN_CTX_new()) == NULL) goto memerr; if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) - goto memerr; BN_CTX_free(ctx); } diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 51ea42a..301fed6 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -68,7 +68,8 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, { PKCS12_BAGS *bag; PKCS12_SAFEBAG *safebag; - if (!(bag = PKCS12_BAGS_new())) { + + if ((bag = PKCS12_BAGS_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); return NULL; } @@ -77,7 +78,7 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); return NULL; } - if (!(safebag = PKCS12_SAFEBAG_new())) { + if ((safebag = PKCS12_SAFEBAG_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); return NULL; } @@ -91,7 +92,8 @@ PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) { PKCS12_SAFEBAG *bag; - if (!(bag = PKCS12_SAFEBAG_new())) { + + if ((bag = PKCS12_SAFEBAG_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE); return NULL; } @@ -111,7 +113,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, const EVP_CIPHER *pbe_ciph; /* Set up the safe bag */ - if (!(bag = PKCS12_SAFEBAG_new())) { + if ((bag = PKCS12_SAFEBAG_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); return NULL; } @@ -137,12 +139,13 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) { PKCS7 *p7; - if (!(p7 = PKCS7_new())) { + + if ((p7 = PKCS7_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); return NULL; } p7->type = OBJ_nid2obj(NID_pkcs7_data); - if (!(p7->d.data = ASN1_OCTET_STRING_new())) { + if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); return NULL; } @@ -174,7 +177,8 @@ PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, PKCS7 *p7; X509_ALGOR *pbe; const EVP_CIPHER *pbe_ciph; - if (!(p7 = PKCS7_new())) { + + if ((p7 = PKCS7_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index 70695b7..365a1cd 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -129,7 +129,8 @@ ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag) { ASN1_TYPE *atype; - if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) + + if ((atype = PKCS12_get_attr(bag, NID_friendlyName)) == NULL) return NULL; if (atype->type != V_ASN1_BMPSTRING) return NULL; diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index fcc77cd..cc25410 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -189,7 +189,7 @@ PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert) int keyidlen = -1; /* Add user certificate */ - if (!(bag = PKCS12_x5092certbag(cert))) + if ((bag = PKCS12_x5092certbag(cert)) == NULL) goto err; /* @@ -226,7 +226,7 @@ PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS8_PRIV_KEY_INFO *p8 = NULL; /* Make a PKCS#8 structure */ - if (!(p8 = EVP_PKEY2PKCS8(key))) + if ((p8 = EVP_PKEY2PKCS8(key)) == NULL) goto err; if (key_usage && !PKCS8_add_keyusage(p8, key_usage)) goto err; diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 19efd96..5154e54 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -88,7 +88,8 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, return NULL; } - if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { + if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx))) + == NULL) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -174,7 +175,8 @@ ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, ASN1_OCTET_STRING *oct = NULL; unsigned char *in = NULL; int inlen; - if (!(oct = ASN1_OCTET_STRING_new())) { + + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 22fa10e..29f9831 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -66,7 +66,8 @@ PKCS12 *PKCS12_init(int mode) { PKCS12 *pkcs12; - if (!(pkcs12 = PKCS12_new())) { + + if ((pkcs12 = PKCS12_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); return NULL; } @@ -74,7 +75,7 @@ PKCS12 *PKCS12_init(int mode) pkcs12->authsafes->type = OBJ_nid2obj(mode); switch (mode) { case NID_pkcs7_data: - if (!(pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new())) { + if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index cd18427..a2dbc42 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -179,7 +179,7 @@ static int parse_pk12(PKCS12 *p12, const char *pass, int passlen, int i, bagnid; PKCS7 *p7; - if (!(asafes = PKCS12_unpack_authsafes(p12))) + if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) return 0; for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); @@ -236,14 +236,14 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, case NID_keyBag: if (!pkey || *pkey) return 1; - if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) + if ((*pkey = EVP_PKCS82PKEY(bag->value.keybag)) == NULL) return 0; break; case NID_pkcs8ShroudedKeyBag: if (!pkey || *pkey) return 1; - if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) + if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL) return 0; *pkey = EVP_PKCS82PKEY(p8); PKCS8_PRIV_KEY_INFO_free(p8); @@ -254,7 +254,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, case NID_certBag: if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return 1; - if (!(x509 = PKCS12_certbag2x509(bag))) + if ((x509 = PKCS12_certbag2x509(bag)) == NULL) return 0; if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) { X509_free(x509); diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index 252aca0..b193da1 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -84,7 +84,8 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, iter = 1; else iter = ASN1_INTEGER_get(p12->mac->iter); - if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) { + if ((md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm)) + == NULL) { PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM); return 0; } @@ -157,10 +158,10 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, const EVP_MD *md_type) { - if (!(p12->mac = PKCS12_MAC_DATA_new())) + if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL) return PKCS12_ERROR; if (iter > 1) { - if (!(p12->mac->iter = ASN1_INTEGER_new())) { + if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } @@ -172,7 +173,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, if (!saltlen) saltlen = PKCS12_SALT_LEN; p12->mac->salt->length = saltlen; - if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) { + if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } @@ -182,7 +183,7 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen, } else memcpy(p12->mac->salt->data, salt, saltlen); p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); - if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { + if ((p12->mac->dinfo->algor->parameter = ASN1_TYPE_new()) == NULL) { PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/pkcs12/p12_npas.c b/crypto/pkcs12/p12_npas.c index f756033..c402428 100644 --- a/crypto/pkcs12/p12_npas.c +++ b/crypto/pkcs12/p12_npas.c @@ -113,9 +113,9 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) unsigned char mac[EVP_MAX_MD_SIZE]; unsigned int maclen; - if (!(asafes = PKCS12_unpack_authsafes(p12))) + if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL) return 0; - if (!(newsafes = sk_PKCS7_new_null())) + if ((newsafes = sk_PKCS7_new_null()) == NULL) return 0; for (i = 0; i < sk_PKCS7_num(asafes); i++) { p7 = sk_PKCS7_value(asafes, i); @@ -158,14 +158,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) /* Repack safe: save old safe in case of error */ p12_data_tmp = p12->authsafes->d.data; - if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) + if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) goto saferr; if (!PKCS12_pack_authsafes(p12, newsafes)) goto saferr; if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; - if (!(macnew = ASN1_OCTET_STRING_new())) + if ((macnew = ASN1_OCTET_STRING_new()) == NULL) goto saferr; if (!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr; @@ -206,12 +206,12 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; - if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) + if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL) return 0; if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen)) return 0; - if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, - p8_iter, p8))) + if ((p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, + p8_iter, p8)) == NULL) return 0; X509_SIG_free(bag->value.shkeybag); bag->value.shkeybag = p8new; diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 0275742..9375cbf 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -66,10 +66,10 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8inf) { - X509_SIG *p8 = NULL; + X509_SIG *p8; X509_ALGOR *pbe; - if (!(p8 = X509_SIG_new())) { + if ((p8 = X509_SIG_new()) == NULL) { PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index 4546815..c55a4f1 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -68,10 +68,11 @@ unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, { int ulen, i; unsigned char *unitmp; + if (asclen == -1) asclen = strlen(asc); ulen = asclen * 2 + 2; - if (!(unitmp = OPENSSL_malloc(ulen))) + if ((unitmp = OPENSSL_malloc(ulen)) == NULL) return NULL; for (i = 0; i < ulen - 2; i += 2) { unitmp[i] = 0; @@ -91,12 +92,13 @@ char *OPENSSL_uni2asc(unsigned char *uni, int unilen) { int asclen, i; char *asctmp; + asclen = unilen / 2; /* If no terminating zero allow for one */ if (!unilen || uni[unilen - 1]) asclen++; uni++; - if (!(asctmp = OPENSSL_malloc(asclen))) + if ((asctmp = OPENSSL_malloc(asclen)) == NULL) return NULL; for (i = 0; i < unilen; i += 2) asctmp[i >> 1] = uni[i]; diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c index 88922ef..ef2386b 100644 --- a/crypto/pkcs7/pk7_attr.c +++ b/crypto/pkcs7/pk7_attr.c @@ -71,7 +71,8 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) { ASN1_STRING *seq; - if (!(seq = ASN1_STRING_new())) { + + if ((seq = ASN1_STRING_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE); return 0; } @@ -87,7 +88,7 @@ STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) const unsigned char *p; cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); - if (!cap || (cap->type != V_ASN1_SEQUENCE)) + if (cap == NULL || (cap->type != V_ASN1_SEQUENCE)) return NULL; p = cap->value.sequence->data; return (STACK_OF(X509_ALGOR) *) @@ -100,7 +101,7 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) { X509_ALGOR *alg; - if (!(alg = X509_ALGOR_new())) { + if ((alg = X509_ALGOR_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); return 0; } @@ -108,11 +109,11 @@ int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) alg->algorithm = OBJ_nid2obj(nid); if (arg > 0) { ASN1_INTEGER *nbit; - if (!(alg->parameter = ASN1_TYPE_new())) { + if ((alg->parameter = ASN1_TYPE_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); return 0; } - if (!(nbit = ASN1_INTEGER_new())) { + if ((nbit = ASN1_INTEGER_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE); return 0; } @@ -139,7 +140,7 @@ int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid) int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) { - if (!t && !(t = X509_gmtime_adj(NULL, 0))) { + if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) { PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, ERR_R_MALLOC_FAILURE); return 0; diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index e5ad95f..bdbde21 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -1104,7 +1104,7 @@ static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) { ASN1_TYPE *astype; - if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) + if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) return NULL; return astype->value.octet_string; } @@ -1165,11 +1165,10 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, X509_ATTRIBUTE *attr = NULL; if (*sk == NULL) { - *sk = sk_X509_ATTRIBUTE_new_null(); - if (*sk == NULL) + if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) return 0; new_attrib: - if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value))) + if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) return 0; if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { X509_ATTRIBUTE_free(attr); diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index e14d8c6..30cc98f 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -265,8 +265,8 @@ int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) } } if (!j) { /* we need to add another algorithm */ - if (!(alg = X509_ALGOR_new()) - || !(alg->parameter = ASN1_TYPE_new())) { + if ((alg = X509_ALGOR_new()) == NULL + || (alg->parameter = ASN1_TYPE_new()) == NULL) { X509_ALGOR_free(alg); PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE); return (0); @@ -426,7 +426,7 @@ PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md) { if (PKCS7_type_is_digest(p7)) { - if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) { + if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index 33bdda2..edc5969 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -72,7 +72,7 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, PKCS7 *p7; int i; - if (!(p7 = PKCS7_new())) { + if ((p7 = PKCS7_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE); return NULL; } @@ -113,7 +113,7 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags) { BIO *p7bio; int ret = 0; - if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE); return 0; } @@ -164,7 +164,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, return NULL; } - if (!(si = PKCS7_add_signature(p7, signcert, pkey, md))) { + if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) { PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); return NULL; @@ -180,7 +180,7 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, goto err; /* Add SMIMECapabilities */ if (!(flags & PKCS7_NOSMIMECAP)) { - if (!(smcap = sk_X509_ALGOR_new_null())) { + if ((smcap = sk_X509_ALGOR_new_null()) == NULL) { PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE); goto err; } @@ -353,11 +353,11 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, } else tmpin = indata; - if (!(p7bio = PKCS7_dataInit(p7, tmpin))) + if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL) goto err; if (flags & PKCS7_TEXT) { - if (!(tmpout = BIO_new(BIO_s_mem()))) { + if ((tmpout = BIO_new(BIO_s_mem())) == NULL) { PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE); goto err; } @@ -439,7 +439,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, return 0; } - if (!(signers = sk_X509_new_null())) { + if ((signers = sk_X509_new_null()) == NULL) { PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE); return NULL; } @@ -481,7 +481,7 @@ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, BIO *p7bio = NULL; int i; X509 *x509; - if (!(p7 = PKCS7_new())) { + if ((p7 = PKCS7_new()) == NULL) { PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE); return NULL; } @@ -537,7 +537,7 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) return 0; } - if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) { + if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR); return 0; } @@ -545,12 +545,12 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags) if (flags & PKCS7_TEXT) { BIO *tmpbuf, *bread; /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */ - if (!(tmpbuf = BIO_new(BIO_f_buffer()))) { + if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); BIO_free_all(tmpmem); return 0; } - if (!(bread = BIO_push(tmpbuf, tmpmem))) { + if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) { PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE); BIO_free_all(tmpbuf); BIO_free_all(tmpmem); diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index e9ccd7e..509f203 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -93,9 +93,10 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) const unsigned char *p; int pklen; RSA *rsa = NULL; + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) return 0; - if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { + if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); return 0; } @@ -115,7 +116,8 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { RSA *rsa; - if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { + + if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); return 0; } diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index ced7232..76d5c69 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -606,7 +606,7 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, if (strcmp(type, "rsa_mgf1_md") == 0) { const EVP_MD *md; - if (!(md = EVP_get_digestbyname(value))) { + if ((md = EVP_get_digestbyname(value)) == NULL) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); return 0; } @@ -615,7 +615,7 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, if (strcmp(type, "rsa_oaep_md") == 0) { const EVP_MD *md; - if (!(md = EVP_get_digestbyname(value))) { + if ((md = EVP_get_digestbyname(value)) == NULL) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); return 0; } diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 7a47acd..1b26319 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -127,7 +127,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N) EVP_DigestFinal_ex(&ctxt, cu, NULL); EVP_MD_CTX_cleanup(&ctxt); - if (!(u = BN_bin2bn(cu, sizeof(cu), NULL))) + if ((u = BN_bin2bn(cu, sizeof(cu), NULL)) == NULL) return NULL; if (!BN_is_zero(u)) return u; @@ -178,10 +178,10 @@ BIGNUM *SRP_Calc_B(BIGNUM *b, BIGNUM *N, BIGNUM *g, BIGNUM *v) /* B = g**b + k*v */ - if (!BN_mod_exp(gb, g, b, N, bn_ctx) || - !(k = srp_Calc_k(N, g)) || - !BN_mod_mul(kv, v, k, N, bn_ctx) || - !BN_mod_add(B, gb, kv, N, bn_ctx)) { + if (!BN_mod_exp(gb, g, b, N, bn_ctx) + || (k = srp_Calc_k(N, g)) == NULL + || !BN_mod_mul(kv, v, k, N, bn_ctx) + || !BN_mod_add(B, gb, kv, N, bn_ctx)) { BN_free(B); B = NULL; } @@ -257,13 +257,12 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, if (!BN_mod_exp(tmp, g, x, N, bn_ctx)) goto err; - if (!(k = srp_Calc_k(N, g))) + if ((k = srp_Calc_k(N, g)) == NULL) goto err; if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx)) goto err; if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx)) goto err; - if (!BN_mod_mul(tmp3, u, x, N, bn_ctx)) goto err; if (!BN_mod_add(tmp2, a, tmp3, N, bn_ctx)) diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 075c9ed..79db92a 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -253,8 +253,8 @@ SRP_VBASE *SRP_VBASE_new(char *seed_key) if (vb == NULL) return NULL; - if (!(vb->users_pwd = sk_SRP_user_pwd_new_null()) || - !(vb->gN_cache = sk_SRP_gN_cache_new_null())) { + if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL + || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) { OPENSSL_free(vb); return NULL; } @@ -394,10 +394,11 @@ int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file) if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL) goto err; - if (!(gN->id = BUF_strdup(pp[DB_srpid])) - || !(gN->N = - SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) - || !(gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) + if ((gN->id = BUF_strdup(pp[DB_srpid])) == NULL + || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier])) + == NULL + || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt])) + == NULL || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0) goto err; @@ -533,10 +534,10 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, goto err; if (N) { - if (!(len = t_fromb64(tmp, N))) + if ((len = t_fromb64(tmp, N)) == 0) goto err; N_bn = BN_bin2bn(tmp, len, NULL); - if (!(len = t_fromb64(tmp, g))) + if ((len = t_fromb64(tmp, g)) == 0) goto err; g_bn = BN_bin2bn(tmp, len, NULL); defgNid = "*"; @@ -555,7 +556,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt, s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL); } else { - if (!(len = t_fromb64(tmp2, *salt))) + if ((len = t_fromb64(tmp2, *salt)) == 0) goto err; s = BN_bin2bn(tmp2, len, NULL); } diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 2b85660..121b60b 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -114,11 +114,11 @@ STACK_OF(X509) *TS_CONF_load_certs(const char *file) STACK_OF(X509_INFO) *allcerts = NULL; int i; - if (!(certs = BIO_new_file(file, "r"))) + if ((certs = BIO_new_file(file, "r")) == NULL) goto end; - - if (!(othercerts = sk_X509_new_null())) + if ((othercerts = sk_X509_new_null()) == NULL) goto end; + allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL); for (i = 0; i < sk_X509_INFO_num(allcerts); i++) { X509_INFO *xi = sk_X509_INFO_value(allcerts, i); @@ -140,7 +140,7 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass) BIO *key = NULL; EVP_PKEY *pkey = NULL; - if (!(key = BIO_new_file(file, "r"))) + if ((key = BIO_new_file(file, "r")) == NULL) goto end; pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass); end: @@ -195,7 +195,7 @@ int TS_CONF_set_crypto_device(CONF *conf, const char *section, { int ret = 0; - if (!device) + if (device == NULL) device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE); if (device && !TS_CONF_set_default_engine(device)) { @@ -216,8 +216,9 @@ int TS_CONF_set_default_engine(const char *name) if (strcmp(name, "builtin") == 0) return 1; - if (!(e = ENGINE_by_id(name))) + if ((e = ENGINE_by_id(name)) == NULL) goto err; + /* Enable the use of the NCipher HSM for forked children. */ if (strcmp(name, "chil") == 0) ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0); @@ -241,13 +242,15 @@ int TS_CONF_set_signer_cert(CONF *conf, const char *section, { int ret = 0; X509 *cert_obj = NULL; - if (!cert) + + if (cert == NULL) { cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT); - if (!cert) { - TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); - goto err; + if (cert == NULL) { + TS_CONF_lookup_fail(section, ENV_SIGNER_CERT); + goto err; + } } - if (!(cert_obj = TS_CONF_load_cert(cert))) + if ((cert_obj = TS_CONF_load_cert(cert)) == NULL) goto err; if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj)) goto err; @@ -263,12 +266,13 @@ int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, { int ret = 0; STACK_OF(X509) *certs_obj = NULL; - if (!certs) - certs = NCONF_get_string(conf, section, ENV_CERTS); - /* Certificate chain is optional. */ - if (!certs) - goto end; - if (!(certs_obj = TS_CONF_load_certs(certs))) + + if (certs == NULL) { + /* Certificate chain is optional. */ + if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL) + goto end; + } + if ((certs_obj = TS_CONF_load_certs(certs)) == NULL) goto err; if (!TS_RESP_CTX_set_certs(ctx, certs_obj)) goto err; @@ -291,7 +295,7 @@ int TS_CONF_set_signer_key(CONF *conf, const char *section, TS_CONF_lookup_fail(section, ENV_SIGNER_KEY); goto err; } - if (!(key_obj = TS_CONF_load_key(key, pass))) + if ((key_obj = TS_CONF_load_key(key, pass)) == NULL) goto err; if (!TS_RESP_CTX_set_signer_key(ctx, key_obj)) goto err; @@ -313,7 +317,7 @@ int TS_CONF_set_def_policy(CONF *conf, const char *section, TS_CONF_lookup_fail(section, ENV_DEFAULT_POLICY); goto err; } - if (!(policy_obj = OBJ_txt2obj(policy, 0))) { + if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) { TS_CONF_invalid(section, ENV_DEFAULT_POLICY); goto err; } @@ -331,10 +335,10 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) int ret = 0; int i; STACK_OF(CONF_VALUE) *list = NULL; - char *policies = NCONF_get_string(conf, section, - ENV_OTHER_POLICIES); + char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES); + /* If no other policy is specified, that's fine. */ - if (policies && !(list = X509V3_parse_list(policies))) { + if (policies && (list = X509V3_parse_list(policies)) == NULL) { TS_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } @@ -342,7 +346,8 @@ int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx) CONF_VALUE *val = sk_CONF_VALUE_value(list, i); const char *extval = val->value ? val->value : val->name; ASN1_OBJECT *objtmp; - if (!(objtmp = OBJ_txt2obj(extval, 0))) { + + if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { TS_CONF_invalid(section, ENV_OTHER_POLICIES); goto err; } @@ -363,11 +368,12 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) int i; STACK_OF(CONF_VALUE) *list = NULL; char *digests = NCONF_get_string(conf, section, ENV_DIGESTS); - if (!digests) { + + if (digests == NULL) { TS_CONF_lookup_fail(section, ENV_DIGESTS); goto err; } - if (!(list = X509V3_parse_list(digests))) { + if ((list = X509V3_parse_list(digests)) == NULL) { TS_CONF_invalid(section, ENV_DIGESTS); goto err; } @@ -379,7 +385,8 @@ int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx) CONF_VALUE *val = sk_CONF_VALUE_value(list, i); const char *extval = val->value ? val->value : val->name; const EVP_MD *md; - if (!(md = EVP_get_digestbyname(extval))) { + + if ((md = EVP_get_digestbyname(extval)) == NULL) { TS_CONF_invalid(section, ENV_DIGESTS); goto err; } @@ -401,7 +408,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) STACK_OF(CONF_VALUE) *list = NULL; char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY); - if (accuracy && !(list = X509V3_parse_list(accuracy))) { + if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) { TS_CONF_invalid(section, ENV_ACCURACY); goto err; } diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 077d03d..b16cf91 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -169,7 +169,7 @@ TS_RESP_CTX *TS_RESP_CTX_new() { TS_RESP_CTX *ctx; - if (!(ctx = OPENSSL_malloc(sizeof(*ctx)))) { + if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) { TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); return NULL; } @@ -225,7 +225,7 @@ int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key) int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) { ASN1_OBJECT_free(ctx->default_policy); - if (!(ctx->default_policy = OBJ_dup(def_policy))) + if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL) goto err; return 1; err: @@ -240,7 +240,7 @@ int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) ctx->certs = NULL; if (!certs) return 1; - if (!(ctx->certs = X509_chain_up_ref(certs))) { + if ((ctx->certs = X509_chain_up_ref(certs)) == NULL) { TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); return 0; } @@ -253,9 +253,10 @@ int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) ASN1_OBJECT *copy = NULL; /* Create new policy stack if necessary. */ - if (!ctx->policies && !(ctx->policies = sk_ASN1_OBJECT_new_null())) + if (ctx->policies == NULL + && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL) goto err; - if (!(copy = OBJ_dup(policy))) + if ((copy = OBJ_dup(policy)) == NULL) goto err; if (!sk_ASN1_OBJECT_push(ctx->policies, copy)) goto err; @@ -270,7 +271,8 @@ int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) { /* Create new md stack if necessary. */ - if (!ctx->mds && !(ctx->mds = sk_EVP_MD_new_null())) + if (ctx->mds == NULL + && (ctx->mds = sk_EVP_MD_new_null()) == NULL) goto err; /* Add the shared md, no copy needed. */ if (!sk_EVP_MD_push(ctx->mds, (EVP_MD *)md)) @@ -295,14 +297,17 @@ int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, { TS_RESP_CTX_accuracy_free(ctx); - if (secs && (!(ctx->seconds = ASN1_INTEGER_new()) - || !ASN1_INTEGER_set(ctx->seconds, secs))) + if (secs + && ((ctx->seconds = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ctx->seconds, secs))) goto err; - if (millis && (!(ctx->millis = ASN1_INTEGER_new()) - || !ASN1_INTEGER_set(ctx->millis, millis))) + if (millis + && ((ctx->millis = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ctx->millis, millis))) goto err; - if (micros && (!(ctx->micros = ASN1_INTEGER_new()) - || !ASN1_INTEGER_set(ctx->micros, micros))) + if (micros + && ((ctx->micros = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(ctx->micros, micros))) goto err; return 1; @@ -343,15 +348,16 @@ int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, ASN1_UTF8STRING *utf8_text = NULL; int ret = 0; - if (!(si = TS_STATUS_INFO_new())) + if ((si = TS_STATUS_INFO_new()) == NULL) goto err; if (!ASN1_INTEGER_set(si->status, status)) goto err; if (text) { - if (!(utf8_text = ASN1_UTF8STRING_new()) + if ((utf8_text = ASN1_UTF8STRING_new()) == NULL || !ASN1_STRING_set(utf8_text, text, strlen(text))) goto err; - if (!si->text && !(si->text = sk_ASN1_UTF8STRING_new_null())) + if (si->text == NULL + && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL) goto err; if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text)) goto err; @@ -384,7 +390,8 @@ int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) { TS_STATUS_INFO *si = TS_RESP_get_status_info(ctx->response); - if (!si->failure_info && !(si->failure_info = ASN1_BIT_STRING_new())) + if (si->failure_info == NULL + && (si->failure_info = ASN1_BIT_STRING_new()) == NULL) goto err; if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1)) goto err; @@ -423,13 +430,13 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) TS_RESP_CTX_init(ctx); /* Creating the response object. */ - if (!(ctx->response = TS_RESP_new())) { + if ((ctx->response = TS_RESP_new()) == NULL) { TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); goto end; } /* Parsing DER request. */ - if (!(ctx->request = d2i_TS_REQ_bio(req_bio, NULL))) { + if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Bad request format or " "system error."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT); @@ -445,11 +452,11 @@ TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) goto end; /* Checking acceptable policies. */ - if (!(policy = TS_RESP_get_policy(ctx))) + if ((policy = TS_RESP_get_policy(ctx)) == NULL) goto end; /* Creating the TS_TST_INFO object. */ - if (!(ctx->tst_info = TS_RESP_create_tst_info(ctx, policy))) + if ((ctx->tst_info = TS_RESP_create_tst_info(ctx, policy)) == NULL) goto end; /* Processing extensions. */ @@ -602,7 +609,7 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, const ASN1_INTEGER *nonce; GENERAL_NAME *tsa_name = NULL; - if (!(tst_info = TS_TST_INFO_new())) + if ((tst_info = TS_TST_INFO_new()) == NULL) goto end; if (!TS_TST_INFO_set_version(tst_info, 1)) goto end; @@ -610,19 +617,19 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, goto end; if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint)) goto end; - if (!(serial = (*ctx->serial_cb) (ctx, ctx->serial_cb_data)) + if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL || !TS_TST_INFO_set_serial(tst_info, serial)) goto end; - if (!(*ctx->time_cb) (ctx, ctx->time_cb_data, &sec, &usec) - || !(asn1_time = TS_RESP_set_genTime_with_precision(NULL, - sec, usec, - ctx->clock_precision_digits)) + if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec) + || (asn1_time = + TS_RESP_set_genTime_with_precision(NULL, sec, usec, + ctx->clock_precision_digits)) == NULL || !TS_TST_INFO_set_time(tst_info, asn1_time)) goto end; /* Setting accuracy if needed. */ if ((ctx->seconds || ctx->millis || ctx->micros) - && !(accuracy = TS_ACCURACY_new())) + && (accuracy = TS_ACCURACY_new()) == NULL) goto end; if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds)) @@ -646,7 +653,7 @@ static TS_TST_INFO *TS_RESP_create_tst_info(TS_RESP_CTX *ctx, /* Setting TSA name to subject of signer certificate. */ if (ctx->flags & TS_TSA_NAME) { - if (!(tsa_name = GENERAL_NAME_new())) + if ((tsa_name = GENERAL_NAME_new()) == NULL) goto end; tsa_name->type = GEN_DIRNAME; tsa_name->d.dirn = @@ -715,7 +722,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) } /* Create a new PKCS7 signed object. */ - if (!(p7 = PKCS7_new())) { + if ((p7 = PKCS7_new()) == NULL) { TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -738,8 +745,8 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) } /* Add a new signer info. */ - if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, - ctx->signer_key, EVP_sha1()))) { + if ((si = PKCS7_add_signature(p7, ctx->signer_cert, + ctx->signer_key, EVP_sha1())) == NULL) { TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); goto err; } @@ -757,7 +764,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) * certificate id and optionally the certificate chain. */ certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL; - if (!(sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs))) + if ((sc = ESS_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL) goto err; /* Add SigningCertificate signed attribute to the signer info. */ @@ -771,7 +778,7 @@ static int TS_RESP_sign(TS_RESP_CTX *ctx) goto err; /* Add the DER encoded tst_info to the PKCS7 structure. */ - if (!(p7bio = PKCS7_dataInit(p7, NULL))) { + if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) { TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); goto err; } @@ -813,19 +820,20 @@ static ESS_SIGNING_CERT *ESS_SIGNING_CERT_new_init(X509 *signcert, int i; /* Creating the ESS_CERT_ID stack. */ - if (!(sc = ESS_SIGNING_CERT_new())) + if ((sc = ESS_SIGNING_CERT_new()) == NULL) goto err; - if (!sc->cert_ids && !(sc->cert_ids = sk_ESS_CERT_ID_new_null())) + if (sc->cert_ids == NULL + && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL) goto err; /* Adding the signing certificate id. */ - if (!(cid = ESS_CERT_ID_new_init(signcert, 0)) + if ((cid = ESS_CERT_ID_new_init(signcert, 0)) == NULL || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) goto err; /* Adding the certificate chain ids. */ for (i = 0; i < sk_X509_num(certs); ++i) { X509 *cert = sk_X509_value(certs, i); - if (!(cid = ESS_CERT_ID_new_init(cert, 1)) + if ((cid = ESS_CERT_ID_new_init(cert, 1)) == NULL || !sk_ESS_CERT_ID_push(sc->cert_ids, cid)) goto err; } @@ -845,7 +853,7 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) /* Recompute SHA1 hash of certificate if necessary (side effect). */ X509_check_purpose(cert, -1, 0); - if (!(cid = ESS_CERT_ID_new())) + if ((cid = ESS_CERT_ID_new()) == NULL) goto err; if (!ASN1_OCTET_STRING_set(cid->hash, cert->sha1_hash, sizeof(cert->sha1_hash))) @@ -854,14 +862,14 @@ static ESS_CERT_ID *ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) /* Setting the issuer/serial if requested. */ if (issuer_needed) { /* Creating issuer/serial structure. */ - if (!cid->issuer_serial - && !(cid->issuer_serial = ESS_ISSUER_SERIAL_new())) + if (cid->issuer_serial == NULL + && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL) goto err; /* Creating general name from the certificate issuer. */ - if (!(name = GENERAL_NAME_new())) + if ((name = GENERAL_NAME_new()) == NULL) goto err; name->type = GEN_DIRNAME; - if (!(name->d.dirn = X509_NAME_dup(cert->cert_info->issuer))) + if ((name->d.dirn = X509_NAME_dup(cert->cert_info->issuer)) == NULL) goto err; if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name)) goto err; @@ -887,12 +895,12 @@ static int TS_TST_INFO_content_new(PKCS7 *p7) ASN1_OCTET_STRING *octet_string = NULL; /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */ - if (!(ret = PKCS7_new())) + if ((ret = PKCS7_new()) == NULL) goto err; - if (!(ret->d.other = ASN1_TYPE_new())) + if ((ret->d.other = ASN1_TYPE_new()) == NULL) goto err; ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); - if (!(octet_string = ASN1_OCTET_STRING_new())) + if ((octet_string = ASN1_OCTET_STRING_new()) == NULL) goto err; ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string); octet_string = NULL; @@ -915,13 +923,13 @@ static int ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) int len; len = i2d_ESS_SIGNING_CERT(sc, NULL); - if (!(pp = OPENSSL_malloc(len))) { + if ((pp = OPENSSL_malloc(len)) == NULL) { TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); goto err; } p = pp; i2d_ESS_SIGNING_CERT(sc, &p); - if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { + if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) { TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); goto err; } @@ -950,7 +958,7 @@ static ASN1_GENERALIZEDTIME if (precision > TS_MAX_CLOCK_PRECISION_DIGITS) goto err; - if (!(tm = gmtime(&time_sec))) + if ((tm = gmtime(&time_sec)) == NULL) goto err; /* @@ -1001,7 +1009,8 @@ static ASN1_GENERALIZEDTIME *p++ = '\0'; /* Now call OpenSSL to check and set our genTime value */ - if (!asn1_time && !(asn1_time = ASN1_GENERALIZEDTIME_new())) + if (asn1_time == NULL + && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL) goto err; if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) { ASN1_GENERALIZEDTIME_free(asn1_time); diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 8381d41..939c65f 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -511,7 +511,7 @@ static int TS_check_status_info(TS_RESP *response) /* Set the embedded_status_text to the returned description. */ if (sk_ASN1_UTF8STRING_num(info->text) > 0 - && !(embedded_status_text = TS_get_status_text(info->text))) + && (embedded_status_text = TS_get_status_text(info->text)) == NULL) return 0; /* Filling in failure_text with the failure information. */ @@ -558,7 +558,7 @@ static char *TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) length += 1; /* separator character */ } /* Allocate memory (closing '\0' included). */ - if (!(result = OPENSSL_malloc(length))) { + if ((result = OPENSSL_malloc(length)) == NULL) { TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); return NULL; } @@ -604,11 +604,11 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, *imprint = NULL; /* Return the MD algorithm of the response. */ - if (!(*md_alg = X509_ALGOR_dup(md_alg_resp))) + if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL) goto err; /* Getting the MD object. */ - if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { + if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) { TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); goto err; } @@ -618,7 +618,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, if (length < 0) goto err; *imprint_len = length; - if (!(*imprint = OPENSSL_malloc(*imprint_len))) { + if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) { TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); goto err; } @@ -708,15 +708,16 @@ static int TS_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer) /* Check all the alternative names. */ gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); - while (gen_names != NULL - && !(found = TS_find_name(gen_names, tsa_name) >= 0)) { + while (gen_names != NULL) { + found = TS_find_name(gen_names, tsa_name) >= 0; + if (found) + break; /* * Get the next subject alternative name, although there should be no * more than one. */ GENERAL_NAMES_free(gen_names); - gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, - NULL, &idx); + gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx); } GENERAL_NAMES_free(gen_names); diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 75bf2df..3c15e66 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -121,7 +121,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) OPENSSL_assert(req != NULL); if (ret) TS_VERIFY_CTX_cleanup(ret); - else if (!(ret = TS_VERIFY_CTX_new())) + else if ((ret = TS_VERIFY_CTX_new()) == NULL) return NULL; /* Setting flags. */ @@ -129,7 +129,7 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) /* Setting policy. */ if ((policy = TS_REQ_get_policy_id(req)) != NULL) { - if (!(ret->policy = OBJ_dup(policy))) + if ((ret->policy = OBJ_dup(policy)) == NULL) goto err; } else ret->flags &= ~TS_VFY_POLICY; @@ -137,17 +137,17 @@ TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx) /* Setting md_alg, imprint and imprint_len. */ imprint = TS_REQ_get_msg_imprint(req); md_alg = TS_MSG_IMPRINT_get_algo(imprint); - if (!(ret->md_alg = X509_ALGOR_dup(md_alg))) + if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL) goto err; msg = TS_MSG_IMPRINT_get_msg(imprint); ret->imprint_len = ASN1_STRING_length(msg); - if (!(ret->imprint = OPENSSL_malloc(ret->imprint_len))) + if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL) goto err; memcpy(ret->imprint, ASN1_STRING_data(msg), ret->imprint_len); /* Setting nonce. */ if ((nonce = TS_REQ_get_nonce(req)) != NULL) { - if (!(ret->nonce = ASN1_INTEGER_dup(nonce))) + if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL) goto err; } else ret->flags &= ~TS_VFY_NONCE; diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 54c85d2..5134855 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -123,7 +123,7 @@ TXT_DB *TXT_DB_read(BIO *in, int num) continue; else { buf->data[offset - 1] = '\0'; /* blat the '\n' */ - if (!(p = OPENSSL_malloc(add + offset))) + if ((p = OPENSSL_malloc(add + offset)) == NULL) goto err; offset = 0; } diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index df49b0b..67f6b8f 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -309,7 +309,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, } atype = stmp->type; } else if (len != -1) { - if (!(stmp = ASN1_STRING_type_new(attrtype))) + if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL) goto err; if (!ASN1_STRING_set(stmp, data, len)) goto err; @@ -322,7 +322,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, */ if (attrtype == 0) return 1; - if (!(ttmp = ASN1_TYPE_new())) + if ((ttmp = ASN1_TYPE_new()) == NULL) goto err; if ((len == -1) && !(attrtype & MBSTRING_FLAG)) { if (!ASN1_TYPE_set1(ttmp, attrtype, data)) diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 4207f42..7a16542 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -188,7 +188,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), idx = X509_TRUST_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if (!(trtmp = OPENSSL_malloc(sizeof(*trtmp)))) { + if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) { X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -200,7 +200,7 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), if (trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); /* dup supplied name */ - if (!(trtmp->name = BUF_strdup(name))) { + if ((trtmp->name = BUF_strdup(name)) == NULL) { X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -216,7 +216,8 @@ int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int), /* If its a new entry manage the dynamic table */ if (idx == -1) { - if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) { + if (trtable == NULL + && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) { X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index fb46d4e..482741a 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -85,7 +85,7 @@ NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len) NETSCAPE_SPKI *spki; if (len <= 0) len = strlen(str); - if (!(spki_der = OPENSSL_malloc(len + 1))) { + if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) { X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 6b0167b..7b54e5c 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -532,7 +532,7 @@ static int tree_calculate_authority_set(X509_POLICY_TREE *tree, * If no anyPolicy node on this this level it can't appear on lower * levels so end search. */ - if (!(anyptr = curr->anyPolicy)) + if ((anyptr = curr->anyPolicy) == NULL) break; curr++; for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) { diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 652c904..61bc7b3 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -177,12 +177,12 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, } } - if (!(akeyid = AUTHORITY_KEYID_new())) + if ((akeyid = AUTHORITY_KEYID_new()) == NULL) goto err; if (isname) { - if (!(gens = sk_GENERAL_NAME_new_null()) - || !(gen = GENERAL_NAME_new()) + if ((gens = sk_GENERAL_NAME_new_null()) == NULL + || (gen = GENERAL_NAME_new()) == NULL || !sk_GENERAL_NAME_push(gens, gen)) { X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index c0c63a9..20f9490 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -243,7 +243,8 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if (!(gens = sk_GENERAL_NAME_new_null())) { + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE); return NULL; } @@ -255,7 +256,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, goto err; } else { GENERAL_NAME *gen; - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -274,6 +275,7 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) GENERAL_NAME *gen; X509_EXTENSION *ext; int i; + if (ctx && (ctx->flags == CTX_TEST)) return 1; if (!ctx || !ctx->issuer_cert) { @@ -283,8 +285,8 @@ static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); if (i < 0) return 1; - if (!(ext = X509_get_ext(ctx->issuer_cert, i)) || - !(ialt = X509V3_EXT_d2i(ext))) { + if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL + || (ialt = X509V3_EXT_d2i(ext)) == NULL) { X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR); goto err; } @@ -312,7 +314,8 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if (!(gens = sk_GENERAL_NAME_new_null())) { + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE); return NULL; } @@ -328,7 +331,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, goto err; } else { GENERAL_NAME *gen; - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -373,7 +376,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) X509_NAME_ENTRY_free(ne); i--; } - if (!email || !(gen = GENERAL_NAME_new())) { + if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) { X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE); goto err; } @@ -403,13 +406,14 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, GENERAL_NAMES *gens = NULL; CONF_VALUE *cnf; int i; - if (!(gens = sk_GENERAL_NAME_new_null())) { + + if ((gens = sk_GENERAL_NAME_new_null()) == NULL) { X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; sk_GENERAL_NAME_push(gens, gen); } @@ -458,7 +462,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, case GEN_RID: { ASN1_OBJECT *obj; - if (!(obj = OBJ_txt2obj(value, 0))) { + if ((obj = OBJ_txt2obj(value, 0)) == NULL) { X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); ERR_add_error_data(2, "value=", value); goto err; @@ -498,7 +502,7 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, } if (is_string) { - if (!(gen->d.ia5 = ASN1_IA5STRING_new()) || + if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); @@ -560,16 +564,17 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; int objlen; - if (!(p = strchr(value, ';'))) + + if ((p = strchr(value, ';')) == NULL) return 0; - if (!(gen->d.otherName = OTHERNAME_new())) + if ((gen->d.otherName = OTHERNAME_new()) == NULL) return 0; /* * Free this up because we will overwrite it. no need to free type_id * because it is static */ ASN1_TYPE_free(gen->d.otherName->value); - if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) + if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) return 0; objlen = p - value; objtmp = OPENSSL_malloc(objlen + 1); @@ -588,8 +593,9 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { int ret = 0; STACK_OF(CONF_VALUE) *sk = NULL; - X509_NAME *nm = NULL; - if (!(nm = X509_NAME_new())) + X509_NAME *nm; + + if ((nm = X509_NAME_new()) == NULL) goto err; sk = X509V3_get_section(ctx, value); if (!sk) { diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c index 97bc079..3b89efb 100644 --- a/crypto/x509v3/v3_bcons.c +++ b/crypto/x509v3/v3_bcons.c @@ -107,7 +107,8 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons = NULL; CONF_VALUE *val; int i; - if (!(bcons = BASIC_CONSTRAINTS_new())) { + + if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) { X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index eb6d0f3..9072b42 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -112,7 +112,7 @@ ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, ASN1_BIT_STRING *bs; int i; BIT_STRING_BITNAME *bnam; - if (!(bs = ASN1_BIT_STRING_new())) { + if ((bs = ASN1_BIT_STRING_new()) == NULL) { X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 672d3de..51f39f5 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -121,11 +121,12 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, X509_EXTENSION *ext; STACK_OF(CONF_VALUE) *nval; void *ext_struc; + if (ext_nid == NID_undef) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME); return NULL; } - if (!(method = X509V3_EXT_get_nid(ext_nid))) { + if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -148,14 +149,14 @@ static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, if (!ext_struc) return NULL; } else if (method->s2i) { - if (!(ext_struc = method->s2i(method, ctx, value))) + if ((ext_struc = method->s2i(method, ctx, value)) == NULL) return NULL; } else if (method->r2i) { if (!ctx->db || !ctx->db_meth) { X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE); return NULL; } - if (!(ext_struc = method->r2i(method, ctx, value))) + if ((ext_struc = method->r2i(method, ctx, value)) == NULL) return NULL; } else { X509V3err(X509V3_F_DO_EXT_NCONF, @@ -189,13 +190,14 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, goto merr; } else { unsigned char *p; + ext_len = method->i2d(ext_struc, NULL); - if (!(ext_der = OPENSSL_malloc(ext_len))) + if ((ext_der = OPENSSL_malloc(ext_len)) == NULL) goto merr; p = ext_der; method->i2d(ext_struc, &p); } - if (!(ext_oct = ASN1_OCTET_STRING_new())) + if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL) goto merr; ext_oct->data = ext_der; ext_der = NULL; @@ -221,7 +223,8 @@ static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method, X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) { const X509V3_EXT_METHOD *method; - if (!(method = X509V3_EXT_get_nid(ext_nid))) { + + if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) { X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION); return NULL; } @@ -271,7 +274,8 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, ASN1_OBJECT *obj = NULL; ASN1_OCTET_STRING *oct = NULL; X509_EXTENSION *extension = NULL; - if (!(obj = OBJ_txt2obj(ext, 0))) { + + if ((obj = OBJ_txt2obj(ext, 0)) == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, X509V3_R_EXTENSION_NAME_ERROR); ERR_add_error_data(2, "name=", ext); @@ -290,7 +294,7 @@ static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, goto err; } - if (!(oct = ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE); goto err; } @@ -346,11 +350,12 @@ int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(CONF_VALUE) *nval; CONF_VALUE *val; int i; - if (!(nval = NCONF_get_section(conf, section))) + + if ((nval = NCONF_get_section(conf, section)) == NULL) return 0; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { val = sk_CONF_VALUE_value(nval, i); - if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) + if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL) return 0; if (ctx->flags == X509V3_CTX_REPLACE) delete_ext(*sk, ext); diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index b7f8079..cac91b9 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -176,10 +176,10 @@ static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, } pol = policy_section(ctx, polsect, ia5org); X509V3_section_free(ctx, polsect); - if (!pol) + if (pol == NULL) goto err; } else { - if (!(pobj = OBJ_txt2obj(cnf->name, 0))) { + if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) { X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -209,13 +209,14 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, CONF_VALUE *cnf; POLICYINFO *pol; POLICYQUALINFO *qual; - if (!(pol = POLICYINFO_new())) + + if ((pol = POLICYINFO_new()) == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) { cnf = sk_CONF_VALUE_value(polstrs, i); if (strcmp(cnf->name, "policyIdentifier") == 0) { ASN1_OBJECT *pobj; - if (!(pobj = OBJ_txt2obj(cnf->value, 0))) { + if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) { X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(cnf); @@ -224,17 +225,17 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, pol->policyid = pobj; } else if (!name_cmp(cnf->name, "CPS")) { - if (!pol->qualifiers) + if (pol->qualifiers == NULL) pol->qualifiers = sk_POLICYQUALINFO_new_null(); - if (!(qual = POLICYQUALINFO_new())) + if ((qual = POLICYQUALINFO_new()) == NULL) goto merr; if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) goto merr; - if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_cps))) { + if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) { X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if (!(qual->d.cpsuri = ASN1_IA5STRING_new())) + if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL) goto merr; if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value, strlen(cnf->value))) @@ -292,19 +293,20 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; - if (!(qual = POLICYQUALINFO_new())) + + if ((qual = POLICYQUALINFO_new()) == NULL) goto merr; - if (!(qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice))) { + if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) { X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR); goto err; } - if (!(not = USERNOTICE_new())) + if ((not = USERNOTICE_new()) == NULL) goto merr; qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); if (strcmp(cnf->name, "explicitText") == 0) { - if (!(not->exptext = ASN1_VISIBLESTRING_new())) + if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) goto merr; if (!ASN1_STRING_set(not->exptext, cnf->value, strlen(cnf->value))) @@ -312,7 +314,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, } else if (strcmp(cnf->name, "organization") == 0) { NOTICEREF *nref; if (!not->noticeref) { - if (!(nref = NOTICEREF_new())) + if ((nref = NOTICEREF_new()) == NULL) goto merr; not->noticeref = nref; } else @@ -328,7 +330,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, NOTICEREF *nref; STACK_OF(CONF_VALUE) *nos; if (!not->noticeref) { - if (!(nref = NOTICEREF_new())) + if ((nref = NOTICEREF_new()) == NULL) goto merr; not->noticeref = nref; } else @@ -376,7 +378,7 @@ static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos) for (i = 0; i < sk_CONF_VALUE_num(nos); i++) { cnf = sk_CONF_VALUE_value(nos, i); - if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { + if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) { X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER); goto err; } diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index b72ae43..67d019a 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -291,7 +291,8 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, GENERAL_NAME *gen = NULL; CONF_VALUE *cnf; int i; - if (!(crld = sk_DIST_POINT_new_null())) + + if ((crld = sk_DIST_POINT_new_null()) == NULL) goto merr; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { DIST_POINT *point; @@ -310,20 +311,20 @@ static void *v2i_crld(const X509V3_EXT_METHOD *method, goto merr; } } else { - if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) + if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL) goto err; - if (!(gens = GENERAL_NAMES_new())) + if ((gens = GENERAL_NAMES_new()) == NULL) goto merr; if (!sk_GENERAL_NAME_push(gens, gen)) goto merr; gen = NULL; - if (!(point = DIST_POINT_new())) + if ((point = DIST_POINT_new()) == NULL) goto merr; if (!sk_DIST_POINT_push(crld, point)) { DIST_POINT_free(point); goto merr; } - if (!(point->distpoint = DIST_POINT_NAME_new())) + if ((point->distpoint = DIST_POINT_NAME_new()) == NULL) goto merr; point->distpoint->name.fullname = gens; point->distpoint->type = 0; diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c index 6092c2e..70d3554 100644 --- a/crypto/x509v3/v3_extku.c +++ b/crypto/x509v3/v3_extku.c @@ -125,7 +125,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, CONF_VALUE *val; int i; - if (!(extku = sk_ASN1_OBJECT_new_null())) { + if ((extku = sk_ASN1_OBJECT_new_null()) == NULL) { X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -136,7 +136,7 @@ static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method, extval = val->value; else extval = val->name; - if (!(objtmp = OBJ_txt2obj(extval, 0))) { + if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) { sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, X509V3_R_INVALID_OBJECT_IDENTIFIER); diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c index 42a0d86..7cae1b6 100644 --- a/crypto/x509v3/v3_ia5.c +++ b/crypto/x509v3/v3_ia5.c @@ -77,9 +77,10 @@ const X509V3_EXT_METHOD v3_ns_ia5_list[] = { char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5) { char *tmp; + if (!ia5 || !ia5->length) return NULL; - if (!(tmp = OPENSSL_malloc(ia5->length + 1))) { + if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) { X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE); return NULL; } @@ -97,7 +98,7 @@ ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if (!(ia5 = ASN1_IA5STRING_new())) + if ((ia5 = ASN1_IA5STRING_new()) == NULL) goto err; if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str, strlen(str))) { diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index a377c92..872d5c7 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -153,13 +153,14 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ACCESS_DESCRIPTION *acc; int i, objlen; char *objtmp, *ptmp; - if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { + + if ((ainfo = sk_ACCESS_DESCRIPTION_new_null()) == NULL) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); return NULL; } for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!(acc = ACCESS_DESCRIPTION_new()) + if ((acc = ACCESS_DESCRIPTION_new()) == NULL || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); @@ -176,7 +177,7 @@ static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD ctmp.value = cnf->value; if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0)) goto err; - if (!(objtmp = OPENSSL_malloc(objlen + 1))) { + if ((objtmp = OPENSSL_malloc(objlen + 1)) == NULL) { X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE); goto err; diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index c091b04..4bec817 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -73,7 +73,8 @@ static void ext_list_free(X509V3_EXT_METHOD *ext); int X509V3_EXT_add(X509V3_EXT_METHOD *ext) { - if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { + if (ext_list == NULL + && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) { X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -135,12 +136,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) const X509V3_EXT_METHOD *ext; X509V3_EXT_METHOD *tmpext; - if (!(ext = X509V3_EXT_get_nid(nid_from))) { - X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, - X509V3_R_EXTENSION_NOT_FOUND); + if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) { + X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND); return 0; } - if (!(tmpext = OPENSSL_malloc(sizeof(*tmpext)))) { + if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) { X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE); return 0; } @@ -181,7 +181,7 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) ASN1_STRING *extvalue; int extlen; - if (!(method = X509V3_EXT_get(ext))) + if ((method = X509V3_EXT_get(ext)) == NULL) return NULL; extvalue = X509_EXTENSION_get_data(ext); p = ASN1_STRING_data(extvalue); @@ -326,7 +326,8 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, return 1; } - if (!*x && !(*x = sk_X509_EXTENSION_new_null())) + if (*x == NULL + && (*x = sk_X509_EXTENSION_new_null()) == NULL) return -1; if (!sk_X509_EXTENSION_push(*x, ext)) return -1; diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index 2568ea8..c795db7 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -86,7 +86,7 @@ static int process_pci_value(CONF_VALUE *val, X509V3_conf_err(val); return 0; } - if (!(*language = OBJ_txt2obj(val->value, 0))) { + if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) { X509V3err(X509V3_F_PROCESS_PCI_VALUE, X509V3_R_INVALID_OBJECT_IDENTIFIER); X509V3_conf_err(val); diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c index 3349cef..a1b27d6 100644 --- a/crypto/x509v3/v3_pcons.c +++ b/crypto/x509v3/v3_pcons.c @@ -108,7 +108,8 @@ static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method, POLICY_CONSTRAINTS *pcons = NULL; CONF_VALUE *val; int i; - if (!(pcons = POLICY_CONSTRAINTS_new())) { + + if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) { X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index a168343..14253aa 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -119,7 +119,7 @@ static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method, CONF_VALUE *val; int i; - if (!(pmaps = sk_POLICY_MAPPING_new_null())) { + if ((pmaps = sk_POLICY_MAPPING_new_null()) == NULL) { X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 633daca..2d51674 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -131,7 +131,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, p = ASN1_STRING_data(extoct); extlen = ASN1_STRING_length(extoct); - if (!(method = X509V3_EXT_get(ext))) + if ((method = X509V3_EXT_get(ext)) == NULL) return unknown_ext_print(out, p, extlen, flag, indent, 0); if (method->it) ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it)); @@ -142,7 +142,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, return unknown_ext_print(out, p, extlen, flag, indent, 1); if (method->i2s) { - if (!(value = method->i2s(method, ext_str))) { + if ((value = method->i2s(method, ext_str)) == NULL) { ok = 0; goto err; } @@ -162,7 +162,7 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, } #endif } else if (method->i2v) { - if (!(nval = method->i2v(method, ext_str, NULL))) { + if ((nval = method->i2v(method, ext_str, NULL)) == NULL) { ok = 0; goto err; } @@ -249,7 +249,8 @@ int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) { BIO *bio_tmp; int ret; - if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) + + if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) return 0; ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); BIO_free(bio_tmp); diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index beb8b2f..dc72795 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -209,7 +209,7 @@ int X509_PURPOSE_add(int id, int trust, int flags, idx = X509_PURPOSE_get_by_id(id); /* Need a new entry */ if (idx == -1) { - if (!(ptmp = OPENSSL_malloc(sizeof(*ptmp)))) { + if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } @@ -241,7 +241,8 @@ int X509_PURPOSE_add(int id, int trust, int flags, /* If its a new entry manage the dynamic table */ if (idx == -1) { - if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) { + if (xptable == NULL + && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) { X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE); return 0; } diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 705d86c..977844b 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -83,12 +83,12 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct; long length; - if (!(oct = ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); return NULL; } - if (!(oct->data = string_to_hex(str, &length))) { + if ((oct->data = string_to_hex(str, &length)) == NULL) { ASN1_OCTET_STRING_free(oct); return NULL; } @@ -110,7 +110,7 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, if (strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); - if (!(oct = ASN1_OCTET_STRING_new())) { + if ((oct = ASN1_OCTET_STRING_new()) == NULL) { X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index ecd1ec6..fff3b00 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -152,8 +152,9 @@ static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) { - ASN1_INTEGER *izone = NULL; - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + ASN1_INTEGER *izone; + + if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } @@ -165,8 +166,10 @@ int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen) int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen) { - ASN1_INTEGER *izone = NULL; - if (!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + ASN1_INTEGER *izone; + + if ((izone = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE); ASN1_INTEGER_free(izone); return 0; @@ -196,8 +199,8 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG); return 0; } - if (!*psx) { - if (!(sx = SXNET_new())) + if (*psx == NULL) { + if ((sx = SXNET_new()) == NULL) goto err; if (!ASN1_INTEGER_set(sx->version, 0)) goto err; @@ -209,7 +212,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, return 0; } - if (!(id = SXNETID_new())) + if ((id = SXNETID_new()) == NULL) goto err; if (userlen == -1) userlen = strlen(user); @@ -231,9 +234,10 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) { - ASN1_INTEGER *izone = NULL; + ASN1_INTEGER *izone; ASN1_OCTET_STRING *oct; - if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) { + + if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) { X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE); return NULL; } @@ -244,9 +248,11 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) { - ASN1_INTEGER *izone = NULL; + ASN1_INTEGER *izone; ASN1_OCTET_STRING *oct; - if (!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { + + if ((izone = ASN1_INTEGER_new()) == NULL + || !ASN1_INTEGER_set(izone, lzone)) { X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE); ASN1_INTEGER_free(izone); return NULL; diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index c6aab4b..d50c2fa 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -84,13 +84,14 @@ int X509V3_add_value(const char *name, const char *value, { CONF_VALUE *vtmp = NULL; char *tname = NULL, *tvalue = NULL; - if (name && !(tname = BUF_strdup(name))) + + if (name && (tname = BUF_strdup(name)) == NULL) goto err; - if (value && !(tvalue = BUF_strdup(value))) + if (value && (tvalue = BUF_strdup(value)) == NULL) goto err; - if (!(vtmp = OPENSSL_malloc(sizeof(*vtmp)))) + if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) goto err; - if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) + if (*extlist == NULL && (*extlist = sk_CONF_VALUE_new_null()) == NULL) goto err; vtmp->section = NULL; vtmp->name = tname; @@ -144,10 +145,11 @@ char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; + if (!a) return NULL; - if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp))) + if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL + || (strtmp = BN_bn2dec(bntmp)) == NULL) X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; @@ -157,10 +159,11 @@ char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a) { BIGNUM *bntmp = NULL; char *strtmp = NULL; + if (!a) return NULL; - if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) || - !(strtmp = BN_bn2dec(bntmp))) + if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL + || (strtmp = BN_bn2dec(bntmp)) == NULL) X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); BN_free(bntmp); return strtmp; @@ -220,9 +223,10 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, { char *strtmp; int ret; + if (!aint) return 1; - if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) + if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL) return 0; ret = X509V3_add_value(name, strtmp, extlist); OPENSSL_free(strtmp); @@ -232,7 +236,8 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) { char *btmp; - if (!(btmp = value->value)) + + if ((btmp = value->value) == NULL) goto err; if (strcmp(btmp, "TRUE") == 0 || strcmp(btmp, "true") == 0 @@ -262,7 +267,8 @@ int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool) int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) { ASN1_INTEGER *itmp; - if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) { + + if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) { X509V3_conf_err(value); return 0; } @@ -401,7 +407,7 @@ char *hex_to_string(const unsigned char *buffer, long len) const static char hexdig[] = "0123456789ABCDEF"; if (!buffer || !len) return NULL; - if (!(tmp = OPENSSL_malloc(len * 3 + 1))) { + if ((tmp = OPENSSL_malloc(len * 3 + 1)) == NULL) { X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE); return NULL; } @@ -431,7 +437,7 @@ unsigned char *string_to_hex(const char *str, long *len) X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT); return NULL; } - if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) + if ((hexbuf = OPENSSL_malloc(strlen(str) >> 1)) == NULL) goto err; for (p = (unsigned char *)str, q = hexbuf; *p;) { ch = *p++; diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c index cbc3570..36ca040 100644 --- a/crypto/x509v3/v3prin.c +++ b/crypto/x509v3/v3prin.c @@ -69,17 +69,18 @@ int main(int argc, char **argv) FILE *inf; int i, count; X509_EXTENSION *ext; + X509V3_add_standard_extensions(); ERR_load_crypto_strings(); if (!argv[1]) { fprintf(stderr, "Usage v3prin cert.pem\n"); exit(1); } - if (!(inf = fopen(argv[1], "r"))) { + if ((inf = fopen(argv[1], "r")) == NULL) { fprintf(stderr, "Can't open %s\n", argv[1]); exit(1); } - if (!(cert = PEM_read_X509(inf, NULL, NULL))) { + if ((cert = PEM_read_X509(inf, NULL, NULL)) == NULL) { fprintf(stderr, "Can't read certificate %s\n", argv[1]); ERR_print_errors_fp(stderr); exit(1); diff --git a/demos/engines/cluster_labs/hw_cluster_labs.c b/demos/engines/cluster_labs/hw_cluster_labs.c index 918689c..e1f251c 100644 --- a/demos/engines/cluster_labs/hw_cluster_labs.c +++ b/demos/engines/cluster_labs/hw_cluster_labs.c @@ -319,23 +319,18 @@ int cluster_labs_init(ENGINE *e) goto err; } /* bind functions */ - if (! - (p1 = - (cl_engine_init *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F1)) -|| !(p2 = (cl_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F2)) -|| !(p3 = (cl_mod_exp_crt *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F3)) -|| !(p4 = (cl_rsa_mod_exp *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F4)) -|| !(p5 = - (cl_rsa_priv_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F5)) -|| !(p6 = - (cl_rsa_priv_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F6)) -|| !(p7 = (cl_rsa_pub_enc *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F7)) -|| !(p8 = (cl_rsa_pub_dec *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F8)) -|| !(p20 = - (cl_rand_bytes *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F20)) -|| !(p30 = (cl_dsa_sign *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F30)) -|| !(p31 = - (cl_dsa_verify *) DSO_bind_func(cluster_labs_dso, CLUSTER_LABS_F31))) { +#define BINDIT(t, name) (t *)DSO_bind_func(cluster_labs_dso, name) + if ((p1 = (cl_engine_init, CLUSTER_LABS_F1)) == NULL + || (p2 = BINDIT(cl_mod_exp, CLUSTER_LABS_F2)) == NULL + || (p3 = BINDIT(cl_mod_exp_crt, CLUSTER_LABS_F3)) == NULL + || (p4 = BINDIT(cl_rsa_mod_exp, CLUSTER_LABS_F4)) == NULL + || (p5 = BINDIT(cl_rsa_priv_enc, CLUSTER_LABS_F5)) == NULL + || (p6 = BINDIT(cl_rsa_priv_dec, CLUSTER_LABS_F6)) == NULL + || (p7 = BINDIT(cl_rsa_pub_enc, CLUSTER_LABS_F7)) == NULL + || (p8 = BINDIT(cl_rsa_pub_dec, CLUSTER_LABS_F8)) == NULL + || (p20 = BINDIT(cl_rand_bytes, CLUSTER_LABS_F20)) == NULL + || (p30 = BINDIT(cl_dsa_sign, CLUSTER_LABS_F30)) == NULL + || (p31 = BINDIT(cl_dsa_verify, CLUSTER_LABS_F31)) == NULL) { CLerr(CL_F_CLUSTER_LABS_INIT, CL_R_DSO_FAILURE); goto err; } diff --git a/demos/engines/ibmca/hw_ibmca.c b/demos/engines/ibmca/hw_ibmca.c index 5017d64..29f8547 100644 --- a/demos/engines/ibmca/hw_ibmca.c +++ b/demos/engines/ibmca/hw_ibmca.c @@ -388,11 +388,11 @@ static int ibmca_init(ENGINE *e) goto err; } - if (!(p1 = DSO_bind_func(ibmca_dso, IBMCA_F1)) || - !(p2 = DSO_bind_func(ibmca_dso, IBMCA_F2)) || - !(p3 = DSO_bind_func(ibmca_dso, IBMCA_F3)) || - !(p4 = DSO_bind_func(ibmca_dso, IBMCA_F4)) || - !(p5 = DSO_bind_func(ibmca_dso, IBMCA_F5))) { + if ((p1 = DSO_bind_func(ibmca_dso, IBMCA_F1)) == NULL + || (p2 = DSO_bind_func(ibmca_dso, IBMCA_F2)) == NULL + || (p3 = DSO_bind_func(ibmca_dso, IBMCA_F3)) == NULL + || (p4 = DSO_bind_func(ibmca_dso, IBMCA_F4)) == NULL + || (p5 = DSO_bind_func(ibmca_dso, IBMCA_F5)) == NULL) { IBMCAerr(IBMCA_F_IBMCA_INIT, IBMCA_R_DSO_FAILURE); goto err; } diff --git a/demos/engines/zencod/hw_zencod.c b/demos/engines/zencod/hw_zencod.c index 773674f..f13cf37 100644 --- a/demos/engines/zencod/hw_zencod.c +++ b/demos/engines/zencod/hw_zencod.c @@ -538,46 +538,28 @@ static int zencod_init(ENGINE *e) /* * Trying to load Function from the Library */ - if (! - (ptr_1 = - (t_zencod_bytes2bits *) DSO_bind_func(zencod_dso, ZENCOD_Fct_1)) -|| !(ptr_2 = (t_zencod_bits2bytes *) DSO_bind_func(zencod_dso, ZENCOD_Fct_2)) -|| !(ptr_3 = (t_zencod_new_number *) DSO_bind_func(zencod_dso, ZENCOD_Fct_3)) -|| !(ptr_4 = (t_zencod_init_number *) DSO_bind_func(zencod_dso, ZENCOD_Fct_4)) -|| !(ptr_exp_1 = - (t_zencod_rsa_mod_exp *) DSO_bind_func(zencod_dso, ZENCOD_Fct_exp_1)) -|| !(ptr_exp_2 = - (t_zencod_rsa_mod_exp_crt *) DSO_bind_func(zencod_dso, ZENCOD_Fct_exp_2)) -|| !(ptr_dsa_1 = - (t_zencod_dsa_do_sign *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dsa_1)) -|| !(ptr_dsa_2 = - (t_zencod_dsa_do_verify *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dsa_2)) -|| !(ptr_dh_1 = - (t_zencod_dh_generate_key *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dh_1)) -|| !(ptr_dh_2 = - (t_zencod_dh_compute_key *) DSO_bind_func(zencod_dso, ZENCOD_Fct_dh_2)) -|| !(ptr_rand_1 = - (t_zencod_rand_bytes *) DSO_bind_func(zencod_dso, ZENCOD_Fct_rand_1)) -|| !(ptr_math_1 = - (t_zencod_math_mod_exp *) DSO_bind_func(zencod_dso, ZENCOD_Fct_math_1)) -|| !(ptr_0 = (t_zencod_test *) DSO_bind_func(zencod_dso, ZENCOD_Fct_0)) -|| !(ptr_md5_1 = - (t_zencod_md5_init *) DSO_bind_func(zencod_dso, ZENCOD_Fct_md5_1)) -|| !(ptr_md5_2 = - (t_zencod_md5_update *) DSO_bind_func(zencod_dso, ZENCOD_Fct_md5_2)) -|| !(ptr_md5_3 = - (t_zencod_md5_do_final *) DSO_bind_func(zencod_dso, ZENCOD_Fct_md5_3)) -|| !(ptr_sha1_1 = - (t_zencod_sha1_init *) DSO_bind_func(zencod_dso, ZENCOD_Fct_sha1_1)) -|| !(ptr_sha1_2 = - (t_zencod_sha1_update *) DSO_bind_func(zencod_dso, ZENCOD_Fct_sha1_2)) -|| !(ptr_sha1_3 = - (t_zencod_sha1_do_final *) DSO_bind_func(zencod_dso, ZENCOD_Fct_sha1_3)) -|| !(ptr_xdes_1 = - (t_zencod_xdes_cipher *) DSO_bind_func(zencod_dso, ZENCOD_Fct_xdes_1)) -|| !(ptr_rc4_1 = - (t_zencod_rc4_cipher *) DSO_bind_func(zencod_dso, ZENCOD_Fct_rc4_1))) { - +#define BINDIT(t, name) (t*)DSO_bindfunc(zencod_dso, name) + if ((ptr_1 = BINDIT(t_zencod_bytes2bits ZENCOD_Fct_1)) == NULL + || (ptr_2 = BINDIT(t_zencod_bits2bytes ZENCOD_Fct_2)) == NULL + || (ptr_3 = BINDIT(t_zencod_new_number ZENCOD_Fct_3)) == NULL + || (ptr_4 = BINDIT(t_zencod_init_number ZENCOD_Fct_4)) == NULL + || (ptr_exp_1 = BINDIT(t_zencod_rsa_mod_exp, ZENCOD_Fct_exp_1)) == NULL + || (ptr_exp_2 = BINDIT(t_zencod_rsa_mod_exp_crt, ZENCOD_Fct_exp_2)) == NULL + || (ptr_dsa_1 = BINDIT(t_zencod_dsa_do_sign, ZENCOD_Fct_dsa_1)) == NULL + || (ptr_dsa_2 = BINDIT(t_zencod_dsa_do_verify, ZENCOD_Fct_dsa_2)) == NULL + || (ptr_dh_1 = BINDIT(t_zencod_dh_generate_key, ZENCOD_Fct_dh_1)) == NULL + || (ptr_dh_2 = BINDIT(t_zencod_dh_compute_key, ZENCOD_Fct_dh_2)) == NULL + || (ptr_rand_1 = BINDIT(t_zencod_rand_bytes, ZENCOD_Fct_rand_1)) == NULL + || (ptr_math_1 = BINDIT(t_zencod_math_mod_exp, ZENCOD_Fct_math_1)) == NULL + || (ptr_0 = BINDIT(t_zencod_test, ZENCOD_Fct_0)) == NULL + || (ptr_md5_1 = BINDIT(t_zencod_md5_init, ZENCOD_Fct_md5_1)) == NULL + || (ptr_md5_2 = BINDIT(t_zencod_md5_update, ZENCOD_Fct_md5_2)) == NULL + || (ptr_md5_3 = BINDIT(t_zencod_md5_do_final, ZENCOD_Fct_md5_3)) == NULL + || (ptr_sha1_1 = BINDIT(t_zencod_sha1_init, ZENCOD_Fct_sha1_1)) == NULL + || (ptr_sha1_2 = BINDIT(t_zencod_sha1_update, ZENCOD_Fct_sha1_2)) == NULL + || (ptr_sha1_3 = BINDIT(t_zencod_sha1_do_final, ZENCOD_Fct_sha1_3)) == NULL + || (ptr_xdes_1 = BINDIT(t_zencod_xdes_cipher, ZENCOD_Fct_xdes_1)) == NULL + || (ptr_rc4_1 = BINDIT(t_zencod_rc4_cipher, ZENCOD_Fct_rc4_1)) == NULL) { ZENCODerr(ZENCOD_F_ZENCOD_INIT, ZENCOD_R_DSO_FAILURE); goto err; } @@ -906,7 +888,7 @@ static DSA_SIG *DSA_zencod_do_sign(const unsigned char *dgst, int dlen, return meth->dsa_do_sign(dgst, dlen, dsa); } - if (!(bn_s = BN_new()) || !(bn_r = BN_new())) { + if ((bn_s = BN_new()) == NULL || (bn_r = BN_new()) == NULL) { ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_BAD_KEY_COMPONENTS); goto FAILED; } @@ -935,7 +917,7 @@ static DSA_SIG *DSA_zencod_do_sign(const unsigned char *dgst, int dlen, goto FAILED; } - if (!(sig = DSA_SIG_new())) { + if ((sig = DSA_SIG_new()) == NULL) { ENGINEerr(ZENCOD_F_ZENCOD_DSA_DO_SIGN, ZENCOD_R_REQUEST_FAILED); goto FAILED; } @@ -1032,7 +1014,7 @@ static int DH_zencod_generate_key(DH *dh) bn_prv = dh->priv_key; generate_x = 0; } else { - if (!(bn_prv = BN_new())) { + if ((bn_prv = BN_new()) == NULL) { ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL); goto FAILED; } @@ -1042,7 +1024,7 @@ static int DH_zencod_generate_key(DH *dh) /* Public key */ if (dh->pub_key) bn_pub = dh->pub_key; - else if (!(bn_pub = BN_new())) { + else if ((bn_pub = BN_new()) == NULL) { ENGINEerr(ZENCOD_F_ZENCOD_DH_GENERATE, ZENCOD_R_BN_EXPAND_FAIL); goto FAILED; } diff --git a/demos/pkcs12/pkread.c b/demos/pkcs12/pkread.c index f4a3df4..1086dbc 100644 --- a/demos/pkcs12/pkread.c +++ b/demos/pkcs12/pkread.c @@ -22,7 +22,7 @@ int main(int argc, char **argv) } OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); - if (!(fp = fopen(argv[1], "rb"))) { + if ((fp = fopen(argv[1], "rb")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(1); } @@ -39,7 +39,7 @@ int main(int argc, char **argv) exit(1); } PKCS12_free(p12); - if (!(fp = fopen(argv[3], "w"))) { + if ((fp = fopen(argv[3], "w")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(1); } diff --git a/demos/pkcs12/pkwrite.c b/demos/pkcs12/pkwrite.c index fed773e..34e82dd 100644 --- a/demos/pkcs12/pkwrite.c +++ b/demos/pkcs12/pkwrite.c @@ -20,7 +20,7 @@ int main(int argc, char **argv) } SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); - if (!(fp = fopen(argv[1], "r"))) { + if ((fp = fopen(argv[1], "r")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); exit(1); } @@ -34,7 +34,7 @@ int main(int argc, char **argv) ERR_print_errors_fp(stderr); exit(1); } - if (!(fp = fopen(argv[4], "wb"))) { + if ((fp = fopen(argv[4], "wb")) == NULL) { fprintf(stderr, "Error opening file %s\n", argv[1]); ERR_print_errors_fp(stderr); exit(1); diff --git a/engines/ccgost/gost2001.c b/engines/ccgost/gost2001.c index 8b56a30..6d41f31 100644 --- a/engines/ccgost/gost2001.c +++ b/engines/ccgost/gost2001.c @@ -393,7 +393,7 @@ int gost2001_compute_public(EC_KEY *ec) goto err; } BN_CTX_start(ctx); - if (!(priv_key = EC_KEY_get0_private_key(ec))) { + if ((priv_key = EC_KEY_get0_private_key(ec)) == NULL) { GOSTerr(GOST_F_GOST2001_COMPUTE_PUBLIC, ERR_R_EC_LIB); goto err; } diff --git a/engines/ccgost/gost_ameth.c b/engines/ccgost/gost_ameth.c index b6c47f0..5ca3a6e 100644 --- a/engines/ccgost/gost_ameth.c +++ b/engines/ccgost/gost_ameth.c @@ -200,7 +200,7 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) if (!ec) { return NULL; } - if (!(priv = EC_KEY_get0_private_key(ec))) + if ((priv = EC_KEY_get0_private_key(ec)) == NULL) return NULL; return (BIGNUM *)priv; } diff --git a/engines/e_4758cca.c b/engines/e_4758cca.c index e592cfb..396f2c2 100644 --- a/engines/e_4758cca.c +++ b/engines/e_4758cca.c @@ -290,28 +290,21 @@ static int ibm_4758_cca_init(ENGINE *e) CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); goto err; } +#define BINDIT(t, name) (t)DSO_bind_func(dso, name) # ifndef OPENSSL_NO_RSA - if (!(keyRecordRead = (F_KEYRECORDREAD) - DSO_bind_func(dso, n_keyRecordRead)) || - !(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) - DSO_bind_func(dso, n_randomNumberGenerate)) || - !(digitalSignatureGenerate = (F_DIGITALSIGNATUREGENERATE) - DSO_bind_func(dso, n_digitalSignatureGenerate)) || - !(digitalSignatureVerify = (F_DIGITALSIGNATUREVERIFY) - DSO_bind_func(dso, n_digitalSignatureVerify)) || - !(publicKeyExtract = (F_PUBLICKEYEXTRACT) - DSO_bind_func(dso, n_publicKeyExtract)) || - !(pkaEncrypt = (F_PKAENCRYPT) - DSO_bind_func(dso, n_pkaEncrypt)) || !(pkaDecrypt = (F_PKADECRYPT) - DSO_bind_func(dso, - n_pkaDecrypt))) + if ((keyRecordRead = BINDIT(F_KEYRECORDREAD, n_keyRecordRead)) == NULL + || (randomNumberGenerate = BINDIT(F_RANDOMNUMBERGENERATE, n_randomNumberGenerate)) == NULL + || (digitalSignatureGenerate = BINDIT(F_DIGITALSIGNATUREGENERATE, n_digitalSignatureGenerate)) == NULL + || (digitalSignatureVerify = BINDIT(F_DIGITALSIGNATUREVERIFY, n_digitalSignatureVerify)) == NULL + || (publicKeyExtract = BINDIT(F_PUBLICKEYEXTRACT, n_publicKeyExtract)) == NULL + || (pkaEncrypt = BINDIT(F_PKAENCRYPT, n_pkaEncrypt)) == NULL + || (pkaDecrypt = BINDIT(F_PKADECRYPT, n_pkaDecrypt)) == NULL) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); goto err; } # else - if (!(randomNumberGenerate = (F_RANDOMNUMBERGENERATE) - DSO_bind_func(dso, n_randomNumberGenerate))) { + if ((randomNumberGenerate = BINDIT(F_RANDOMNUMBERGENERATE, n_randomNumberGenerate)) == NULL) { CCA4758err(CCA4758_F_IBM_4758_CCA_INIT, CCA4758_R_DSO_FAILURE); goto err; } diff --git a/engines/e_aep.c b/engines/e_aep.c index 8a47f7d..abcdb15 100644 --- a/engines/e_aep.c +++ b/engines/e_aep.c @@ -462,22 +462,22 @@ static int aep_init(ENGINE *e) /* Attempt to load libaep.so. */ aep_dso = DSO_load(NULL, get_AEP_LIBNAME(), NULL, 0); - if (aep_dso == NULL) { AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED); goto err; } - if (!(p1 = (t_AEP_ModExp *) DSO_bind_func(aep_dso, AEP_F1)) || - !(p2 = (t_AEP_ModExpCrt *) DSO_bind_func(aep_dso, AEP_F2)) || +#define BINDIT(t, name) (t *)DSO_bind_func(aep_dso, name) + if ((p1 = BINDIT(t_AEP_ModExp, AEP_F1)) == NULL + || (p2 = BINDIT(t_AEP_ModExpCrt, AEP_F2)) == NULL # ifdef AEPRAND - !(p3 = (t_AEP_GenRandom *) DSO_bind_func(aep_dso, AEP_F3)) || + || (p3 = BINDIT(t_AEP_GenRandom, AEP_F3)) == NULL # endif - !(p4 = (t_AEP_Finalize *) DSO_bind_func(aep_dso, AEP_F4)) || - !(p5 = (t_AEP_Initialize *) DSO_bind_func(aep_dso, AEP_F5)) || - !(p6 = (t_AEP_OpenConnection *) DSO_bind_func(aep_dso, AEP_F6)) || - !(p7 = (t_AEP_SetBNCallBacks *) DSO_bind_func(aep_dso, AEP_F7)) || - !(p8 = (t_AEP_CloseConnection *) DSO_bind_func(aep_dso, AEP_F8))) { + || (p4 = BINDIT(t_AEP_Finalize, AEP_F4)) == NULL + || (p5 = BINDIT(t_AEP_Initialize, AEP_F5)) == NULL + || (p6 = BINDIT(t_AEP_OpenConnection, AEP_F6)) == NULL + || (p7 = BINDIT(t_AEP_SetBNCallBacks, AEP_F7)) == NULL + || (p8 = BINDIT(t_AEP_CloseConnection, AEP_F8)) == NULL) { AEPHKerr(AEPHK_F_AEP_INIT, AEPHK_R_NOT_LOADED); goto err; } diff --git a/engines/e_atalla.c b/engines/e_atalla.c index 4bde213..211f29f 100644 --- a/engines/e_atalla.c +++ b/engines/e_atalla.c @@ -382,13 +382,10 @@ static int atalla_init(ENGINE *e) ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED); goto err; } - if (! - (p1 = - (tfnASI_GetHardwareConfig *) DSO_bind_func(atalla_dso, ATALLA_F1)) -|| !(p2 = (tfnASI_RSAPrivateKeyOpFn *) DSO_bind_func(atalla_dso, ATALLA_F2)) -|| !(p3 = - (tfnASI_GetPerformanceStatistics *) DSO_bind_func(atalla_dso, - ATALLA_F3))) { +#define BINDIT(t, name) (t *)DSO_bind_func(atalla_dso, name) + if ((p1 = BINDIT(tfnASI_GetHardwareConfig, ATALLA_F1)) == NULL + || (p2 = BINDIT(tfnASI_RSAPrivateKeyOpFn, ATALLA_F2)) == NULL + || (p3 = BINDIT(tfnASI_GetPerformanceStatistics, ATALLA_F3)) == NULL) { ATALLAerr(ATALLA_F_ATALLA_INIT, ATALLA_R_NOT_LOADED); goto err; } diff --git a/engines/e_capi.c b/engines/e_capi.c index 33881cd..450f89e 100644 --- a/engines/e_capi.c +++ b/engines/e_capi.c @@ -690,7 +690,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) RSA_set_ex_data(rkey, rsa_capi_idx, key); - if (!(ret = EVP_PKEY_new())) + if ((ret = EVP_PKEY_new()) == NULL) goto memerr; EVP_PKEY_assign_RSA(ret, rkey); @@ -735,7 +735,7 @@ static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY * key) DSA_set_ex_data(dkey, dsa_capi_idx, key); - if (!(ret = EVP_PKEY_new())) + if ((ret = EVP_PKEY_new()) == NULL) goto memerr; EVP_PKEY_assign_DSA(ret, dkey); @@ -920,7 +920,7 @@ int capi_rsa_priv_dec(int flen, const unsigned char *from, } /* Create temp reverse order version of input */ - if (!(tmpbuf = OPENSSL_malloc(flen))) { + if ((tmpbuf = OPENSSL_malloc(flen)) == NULL) { CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE); return -1; } diff --git a/engines/e_chil.c b/engines/e_chil.c index 4a173fc..0764c01 100644 --- a/engines/e_chil.c +++ b/engines/e_chil.c @@ -555,26 +555,19 @@ static int hwcrhk_init(ENGINE *e) HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); goto err; } - if (!(p1 = (HWCryptoHook_Init_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Init)) || - !(p2 = (HWCryptoHook_Finish_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_Finish)) || - !(p3 = (HWCryptoHook_ModExp_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExp)) || + +#define BINDIT(t, name) (t *)DSO_bind_func(hwcrhk_dso, name) + if ((p1 = BINDIT(HWCryptoHook_Init_t, n_hwcrhk_Init)) == NULL + || (p2 = BINDIT(HWCryptoHook_Finish_t, n_hwcrhk_Finish)) == NULL + || (p3 = BINDIT(HWCryptoHook_ModExp_t, n_hwcrhk_ModExp)) == NULL # ifndef OPENSSL_NO_RSA - !(p4 = (HWCryptoHook_RSA_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSA)) || - !(p5 = (HWCryptoHook_RSALoadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSALoadKey)) || - !(p6 = (HWCryptoHook_RSAGetPublicKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAGetPublicKey)) || - !(p7 = (HWCryptoHook_RSAUnloadKey_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RSAUnloadKey)) || + || (p4 = BINDIT(HWCryptoHook_RSA_t, n_hwcrhk_RSA)) == NULL + || (p5 = BINDIT(HWCryptoHook_RSALoadKey_t, n_hwcrhk_RSALoadKey)) == NULL + || (p6 = BINDIT(HWCryptoHook_RSAGetPublicKey_t, n_hwcrhk_RSAGetPublicKey)) == NULL + || (p7 = BINDIT(HWCryptoHook_RSAUnloadKey_t, n_hwcrhk_RSAUnloadKey)) == NULL # endif - !(p8 = (HWCryptoHook_RandomBytes_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_RandomBytes)) || - !(p9 = (HWCryptoHook_ModExpCRT_t *) - DSO_bind_func(hwcrhk_dso, n_hwcrhk_ModExpCRT))) { + || (p8 = BINDIT(HWCryptoHook_RandomBytes_t, n_hwcrhk_RandomBytes)) == NULL + || (p9 = BINDIT(HWCryptoHook_ModExpCRT_t, n_hwcrhk_ModExpCRT)) == NULL) { HWCRHKerr(HWCRHK_F_HWCRHK_INIT, HWCRHK_R_DSO_FAILURE); goto err; } diff --git a/engines/e_cswift.c b/engines/e_cswift.c index 5dcee7c..5553794 100644 --- a/engines/e_cswift.c +++ b/engines/e_cswift.c @@ -404,14 +404,12 @@ static int cswift_init(ENGINE *e) CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED); goto err; } - if (!(p1 = (t_swAcquireAccContext *) - DSO_bind_func(cswift_dso, CSWIFT_F1)) || - !(p2 = (t_swAttachKeyParam *) - DSO_bind_func(cswift_dso, CSWIFT_F2)) || - !(p3 = (t_swSimpleRequest *) - DSO_bind_func(cswift_dso, CSWIFT_F3)) || - !(p4 = (t_swReleaseAccContext *) - DSO_bind_func(cswift_dso, CSWIFT_F4))) { + +#define BINDIT(t, name) (t *)DSO_bind_func(cswift_dso, name) + if ((p1 = BINDIT(t_swAcquireAccContext, CSWIFT_F1)) == NULL + || (p2 = BINDIT(t_swAttachKeyParam, CSWIFT_F2)) == NULL + || (p3 = BINDIT(t_swSimpleRequest *) DSO_bind_func(cswift_dso, CSWIFT_F3)) == NULL + || (p4 = BINDIT(t_swReleaseAccContext *) DSO_bind_func(cswift_dso, CSWIFT_F4)) == NULL) { CSWIFTerr(CSWIFT_F_CSWIFT_INIT, CSWIFT_R_NOT_LOADED); goto err; } diff --git a/engines/e_sureware.c b/engines/e_sureware.c index 7d8c147..fb5e55c 100644 --- a/engines/e_sureware.c +++ b/engines/e_sureware.c @@ -889,7 +889,7 @@ static int surewarehk_rsa_priv_dec(int flen, const unsigned char *from, ENGINE_R_NOT_INITIALISED); } /* extract ref to private key */ - else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) { + else if ((hptr = RSA_get_ex_data(rsa, rsaHndidx)) == NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_PRIV_DEC, SUREWARE_R_MISSING_KEY_COMPONENTS); goto err; @@ -964,7 +964,7 @@ static int surewarehk_rsa_sign(int flen, const unsigned char *from, SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, ENGINE_R_NOT_INITIALISED); } /* extract ref to private key */ - else if (!(hptr = RSA_get_ex_data(rsa, rsaHndidx))) { + else if ((hptr = RSA_get_ex_data(rsa, rsaHndidx)) == NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_RSA_SIGN, SUREWARE_R_MISSING_KEY_COMPONENTS); } else { @@ -1002,7 +1002,7 @@ static DSA_SIG *surewarehk_dsa_do_sign(const unsigned char *from, int flen, goto err; } /* extract ref to private key */ - else if (!(hptr = DSA_get_ex_data(dsa, dsaHndidx))) { + else if ((hptr = DSA_get_ex_data(dsa, dsaHndidx)) == NULL) { SUREWAREerr(SUREWARE_F_SUREWAREHK_DSA_DO_SIGN, SUREWARE_R_MISSING_KEY_COMPONENTS); goto err; diff --git a/engines/e_ubsec.c b/engines/e_ubsec.c index a44b0b2..34be930 100644 --- a/engines/e_ubsec.c +++ b/engines/e_ubsec.c @@ -414,38 +414,26 @@ static int ubsec_init(ENGINE *e) goto err; } - if (!(p1 = (t_UBSEC_ubsec_bytes_to_bits *) - DSO_bind_func(ubsec_dso, UBSEC_F1)) - || !(p2 = (t_UBSEC_ubsec_bits_to_bytes *) - DSO_bind_func(ubsec_dso, UBSEC_F2)) - || !(p3 = (t_UBSEC_ubsec_open *) - DSO_bind_func(ubsec_dso, UBSEC_F3)) - || !(p4 = (t_UBSEC_ubsec_close *) - DSO_bind_func(ubsec_dso, UBSEC_F4)) +#define BINDIT(t, name) (t *)DSO_bind_func(ubsec_dso, name) + if ((p1 = BINDIT(t_UBSEC_ubsec_bytes_to_bits, UBSEC_F1)) == NULL + || (p2 = BINDIT(t_UBSEC_ubsec_bits_to_bytes, UBSEC_F2)) == NULL + || (p3 = BINDIT(t_UBSEC_ubsec_open, UBSEC_F3)) == NULL + || (p4 = BINDIT(t_UBSEC_ubsec_close, UBSEC_F4)) == NULL # ifndef OPENSSL_NO_DH - || !(p5 = (t_UBSEC_diffie_hellman_generate_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F5)) - || !(p6 = (t_UBSEC_diffie_hellman_agree_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F6)) + || (p5 = BINDIT(t_UBSEC_diffie_hellman_generate_ioctl, UBSEC_F5)) == NULL + || (p6 = BINDIT(t_UBSEC_diffie_hellman_agree_ioctl, UBSEC_F6)) == NULL # endif /* #ifndef OPENSSL_NO_RSA */ - || !(p7 = (t_UBSEC_rsa_mod_exp_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F7)) - || !(p8 = (t_UBSEC_rsa_mod_exp_crt_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F8)) + || (p7 = BINDIT(t_UBSEC_rsa_mod_exp_ioctl, UBSEC_F7)) == NULL + || (p8 = BINDIT(t_UBSEC_rsa_mod_exp_crt_ioctl, UBSEC_F8)) == NULL /* #endif */ # ifndef OPENSSL_NO_DSA - || !(p9 = (t_UBSEC_dsa_sign_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F9)) - || !(p10 = (t_UBSEC_dsa_verify_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F10)) + || (p9 = BINDIT(t_UBSEC_dsa_sign_ioctl, UBSEC_F9)) == NULL + || (p10 = BINDIT(t_UBSEC_dsa_verify_ioctl, UBSEC_F10)) == NULL # endif - || !(p11 = (t_UBSEC_math_accelerate_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F11)) - || !(p12 = (t_UBSEC_rng_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F12)) - || !(p13 = (t_UBSEC_max_key_len_ioctl *) - DSO_bind_func(ubsec_dso, UBSEC_F13))) { + || (p11 = BINDIT(t_UBSEC_math_accelerate_ioctl, UBSEC_F11)) == NULL + || (p12 = BINDIT(t_UBSEC_rng_ioctl, UBSEC_F12)) == NULL + || (p13 = BINDIT(t_UBSEC_max_key_len_ioctl, UBSEC_F13)) == NULL) { UBSECerr(UBSEC_F_UBSEC_INIT, UBSEC_R_DSO_FAILURE); goto err; } diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 9932dde..19cf6ff 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -160,7 +160,7 @@ static int ssl_ctx_make_profiles(const char *profiles_string, char *ptr = (char *)profiles_string; SRTP_PROTECTION_PROFILE *p; - if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) { + if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) { SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES); return 1; diff --git a/ssl/kssl.c b/ssl/kssl.c index d781042..15973ed 100644 --- a/ssl/kssl.c +++ b/ssl/kssl.c @@ -873,7 +873,8 @@ static size_t *populate_cksumlens(void) # endif /* KRB5_MIT_OLD11 */ # ifdef KRB5CHECKAUTH - if (!cklens && !(cklens = (size_t *)calloc(sizeof(int), n + 1))) + if (cklens == NULL + && (cklens = (size_t *)calloc(sizeof(int), n + 1)) == NULL) return NULL; for (i = 0; i < n; i++) { @@ -911,7 +912,8 @@ unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) conlen = (etype) ? 8 : 0; - if (!cksumlens && !(cksumlens = populate_cksumlens())) + if (cksumlens NULL + && (cksumlens = populate_cksumlens()) == NULL) return NULL; for (i = 0; (cklen = cksumlens[i]) != 0; i++) { test_auth = a + conlen + cklen; diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 86b7994..85a3ef6 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1506,7 +1506,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(s->srp_ctx.N = BN_bin2bn(p, i, NULL))) { + if ((s->srp_ctx.N = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1526,7 +1526,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(s->srp_ctx.g = BN_bin2bn(p, i, NULL))) { + if ((s->srp_ctx.g = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1547,7 +1547,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(s->srp_ctx.s = BN_bin2bn(p, i, NULL))) { + if ((s->srp_ctx.s = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1567,7 +1567,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(s->srp_ctx.B = BN_bin2bn(p, i, NULL))) { + if ((s->srp_ctx.B = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1623,7 +1623,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(rsa->n = BN_bin2bn(p, i, rsa->n))) { + if ((rsa->n = BN_bin2bn(p, i, rsa->n)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1643,7 +1643,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(rsa->e = BN_bin2bn(p, i, rsa->e))) { + if ((rsa->e = BN_bin2bn(p, i, rsa->e)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1685,7 +1685,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(dh->p = BN_bin2bn(p, i, NULL))) { + if ((dh->p = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1705,7 +1705,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(dh->g = BN_bin2bn(p, i, NULL))) { + if ((dh->g = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } @@ -1725,7 +1725,7 @@ int ssl3_get_key_exchange(SSL *s) } param_len += i; - if (!(dh->pub_key = BN_bin2bn(p, i, NULL))) { + if ((dh->pub_key = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ec94882..2f3158b 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2828,7 +2828,7 @@ int ssl3_get_client_key_exchange(SSL *s) SSL_R_BAD_SRP_A_LENGTH); goto f_err; } - if (!(s->srp_ctx.A = BN_bin2bn(p, i, NULL))) { + if ((s->srp_ctx.A = BN_bin2bn(p, i, NULL)) == NULL) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_BN_LIB); goto err; } diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 5445f3c..7d4fd1d 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -340,21 +340,18 @@ int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key) if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N)) goto err; - if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))) + if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL) goto err; - if (! - (K = - SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, - s->srp_ctx.N))) + if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b, + s->srp_ctx.N)) == NULL) goto err; tmp_len = BN_num_bytes(K); if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) goto err; BN_bn2bin(K, tmp); - ret = - s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, - tmp_len); + ret = s->method->ssl3_enc->generate_master_secret(s, master_key, tmp, + tmp_len); err: OPENSSL_clear_free(tmp, tmp_len); BN_clear_free(K); @@ -375,7 +372,7 @@ int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key) */ if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0) goto err; - if (!(u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))) + if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL) goto err; if (s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) goto err; @@ -384,12 +381,10 @@ int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key) s->srp_ctx.SRP_give_srp_client_pwd_callback(s, s->srp_ctx.SRP_cb_arg))) goto err; - if (!(x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd))) + if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL) goto err; - if (! - (K = - SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, - s->srp_ctx.a, u))) + if ((K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B, s->srp_ctx.g, x, + s->srp_ctx.a, u)) == NULL) goto err; tmp_len = BN_num_bytes(K); diff --git a/test/ectest.c b/test/ectest.c index f04812e..977b8d9 100644 --- a/test/ectest.c +++ b/test/ectest.c @@ -466,7 +466,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_160 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_160, group)) ABORT; @@ -515,7 +515,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_192 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_192, group)) ABORT; @@ -570,7 +570,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_224 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_224, group)) ABORT; @@ -630,7 +630,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_256 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_256, group)) ABORT; @@ -685,7 +685,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_384 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_384, group)) ABORT; @@ -746,7 +746,7 @@ static void prime_field_tests(void) group_order_tests(group); - if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) + if ((P_521 = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; if (!EC_GROUP_copy(P_521, group)) ABORT; @@ -916,7 +916,7 @@ static void prime_field_tests(void) if (EC_GROUP_get_degree(group) != _degree) ABORT; \ fprintf(stdout, " ok\n"); \ group_order_tests(group); \ - if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \ + if ((_variable = EC_GROUP_new(EC_GROUP_method_of(group))) == NULL) ABORT; \ if (!EC_GROUP_copy(_variable, group)) ABORT; \ # ifndef OPENSSL_NO_EC2M From steve at openssl.org Tue May 12 03:24:58 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 12 May 2015 03:24:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431401098.312279.25838.nullmailer@dev.openssl.org> The branch master has been updated via 253617806da0aeb0cea1fedf6136460fb4993eae (commit) from 75ebbd9aa411c5b8b19ded6ace2b34181566b56a (commit) - Log ----------------------------------------------------------------- commit 253617806da0aeb0cea1fedf6136460fb4993eae Author: Dr. Stephen Henson Date: Tue May 12 02:05:17 2015 +0100 Additional X509_ALGOR documentation Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/crypto/d2i_X509_ALGOR.pod | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/doc/crypto/d2i_X509_ALGOR.pod b/doc/crypto/d2i_X509_ALGOR.pod index 272a138..09849b5 100644 --- a/doc/crypto/d2i_X509_ALGOR.pod +++ b/doc/crypto/d2i_X509_ALGOR.pod @@ -2,7 +2,7 @@ =head1 NAME -d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions. +d2i_X509_ALGOR, i2d_X509_ALGOR, X509_ALGOR_dup, X509_ALGOR_set0, X509_ALGOR_get0, X509_ALGOR_set_md, X509_ALGOR_cmp - AlgorithmIdentifier functions. =head1 SYNOPSIS @@ -10,15 +10,40 @@ d2i_X509_ALGOR, i2d_X509_ALGOR - AlgorithmIdentifier functions. X509_ALGOR *d2i_X509_ALGOR(X509_ALGOR **a, unsigned char **pp, long length); int i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **pp); + X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *alg); + int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval); + void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval, + X509_ALGOR *alg); + void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); + int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b); =head1 DESCRIPTION -These functions decode and encode an B structure which is -equivalent to the B structure. +The functions d2i_X509() and i2d_X509() decode and encode an B +structure which is equivalent to the B structure. -Otherwise these behave in a similar way to d2i_X509() and i2d_X509() +Otherwise they behave in a similar way to d2i_X509() and i2d_X509() described in the L manual page. +X509_ALGOR_dup() returns a copy of B. + +X509_ALGOR_set0() sets the algorithm OID of B to B and the +associated parameter type to B with value B. If B is +B the parameter is omitted, otherwise B and B have +the same meaning as the B and B parameters to ASN1_TYPE_set(). +All the supplied parameters are used internally so must B be freed after +this call. + +X509_ALGOR_get0() is the inverse of X509_ALGOR_set0(): it returns the +algorithm OID in B<*paobj> and the associated parameter in B<*pptype> +and B<*ppval> from the B B. + +X509_ALGOR_set_md() sets the B B to appropriate +values for the message digest B. + +X509_ALGOR_cmp() compares B and B and returns 0 if they have identical +encodings and non-zero otherwise. + =head1 SEE ALSO L From rsalz at openssl.org Tue May 12 14:25:06 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 12 May 2015 14:25:06 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431440706.731840.5744.nullmailer@dev.openssl.org> The branch master has been updated via 9a555706a3fb8f6622e1049ab510a12f4e1bc6a2 (commit) from 253617806da0aeb0cea1fedf6136460fb4993eae (commit) - Log ----------------------------------------------------------------- commit 9a555706a3fb8f6622e1049ab510a12f4e1bc6a2 Author: Rich Salz Date: Fri May 8 12:05:36 2015 -0400 Make COMP_CTX and COMP_METHOD opaque Since COMP_METHOD is now defined in comp_lcl.h, it is no longer possible to create new TLS compression methods without using the OpenSSL source. Only ZLIB is supported by default. Also, since the types are opaque, #ifdef guards to use "char *" instead of the real type aren't necessary. The changes are actually minor. Adding missing copyright to some files makes the diff misleadingly big. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/comp/Makefile | 4 +- crypto/comp/c_zlib.c | 57 +++++++++++++++++++- apps/timeouts.h => crypto/comp/comp_lcl.h | 33 +++++++----- crypto/comp/comp_lib.c | 81 ++++++++++++++++++++++++++-- include/openssl/comp.h | 88 +++++++++++++++++++++---------- include/openssl/ossl_typ.h | 5 +- include/openssl/ssl.h | 15 +----- ssl/ssl_ciph.c | 46 ++++++++-------- ssl/ssl_lib.c | 29 ++++------ ssl/ssl_locl.h | 19 +------ ssl/ssl_txt.c | 5 +- test/ssltest.c | 5 +- util/libeay.num | 4 ++ util/ssleay.num | 20 +++---- 14 files changed, 273 insertions(+), 138 deletions(-) copy apps/timeouts.h => crypto/comp/comp_lcl.h (76%) diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index 1a180f4..7884f99 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -68,7 +68,7 @@ c_zlib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c +c_zlib.o: ../../include/openssl/symhacks.h c_zlib.c comp_lcl.h comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h comp_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -82,4 +82,4 @@ comp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h comp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h comp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -comp_lib.o: ../../include/openssl/symhacks.h comp_lib.c +comp_lib.o: ../../include/openssl/symhacks.h comp_lcl.h comp_lib.c diff --git a/crypto/comp/c_zlib.c b/crypto/comp/c_zlib.c index 2d5b54f..83773a1 100644 --- a/crypto/comp/c_zlib.c +++ b/crypto/comp/c_zlib.c @@ -1,9 +1,64 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + #include #include #include #include #include #include +#include "comp_lcl.h" COMP_METHOD *COMP_zlib(void); @@ -14,8 +69,6 @@ static COMP_METHOD zlib_method_nozlib = { NULL, NULL, NULL, - NULL, - NULL, }; #ifndef ZLIB diff --git a/apps/timeouts.h b/crypto/comp/comp_lcl.h similarity index 76% copy from apps/timeouts.h copy to crypto/comp/comp_lcl.h index f423010..f1ec8d5 100644 --- a/apps/timeouts.h +++ b/crypto/comp/comp_lcl.h @@ -1,10 +1,5 @@ -/* apps/timeouts.h */ -/* - * DTLS implementation written by Nagendra Modadugu - * (nagendra at cs.stanford.edu) for the OpenSSL project 2005. - */ /* ==================================================================== - * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. + * Copyright (c) 2017 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -54,14 +49,26 @@ * This product includes cryptographic software written by Eric Young * (eay at cryptsoft.com). This product includes software written by Tim * Hudson (tjh at cryptsoft.com). - * */ -#ifndef INCLUDED_TIMEOUTS_H -# define INCLUDED_TIMEOUTS_H -/* numbers in us */ -# define DGRAM_RCV_TIMEOUT 250000 -# define DGRAM_SND_TIMEOUT 250000 +struct comp_method_st { + int type; /* NID for compression library */ + const char *name; /* A text string to identify the library */ + int (*init) (COMP_CTX *ctx); + void (*finish) (COMP_CTX *ctx); + int (*compress) (COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); + int (*expand) (COMP_CTX *ctx, + unsigned char *out, unsigned int olen, + unsigned char *in, unsigned int ilen); +}; -#endif /* ! INCLUDED_TIMEOUTS_H */ +struct comp_ctx_st { + struct comp_method_st *meth; + unsigned long compress_in; + unsigned long compress_out; + unsigned long expand_in; + unsigned long expand_out; +}; diff --git a/crypto/comp/comp_lib.c b/crypto/comp/comp_lib.c index 42d9936..aa82376 100644 --- a/crypto/comp/comp_lib.c +++ b/crypto/comp/comp_lib.c @@ -1,17 +1,70 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + #include #include #include #include #include +#include "comp_lcl.h" COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) { COMP_CTX *ret; - if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) { - /* ZZZZZZZZZZZZZZZZ */ + if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) return (NULL); - } memset(ret, 0, sizeof(*ret)); ret->meth = meth; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { @@ -21,6 +74,21 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) return (ret); } +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx) +{ + return ctx->meth; +} + +int COMP_get_type(const COMP_METHOD *meth) +{ + return meth->type; +} + +const char *COMP_get_name(const COMP_METHOD *meth) +{ + return meth->name; +} + void COMP_CTX_free(COMP_CTX *ctx) { if (ctx == NULL) @@ -37,7 +105,6 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, { int ret; if (ctx->meth->compress == NULL) { - /* ZZZZZZZZZZZZZZZZZ */ return (-1); } ret = ctx->meth->compress(ctx, out, olen, in, ilen); @@ -54,7 +121,6 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, int ret; if (ctx->meth->expand == NULL) { - /* ZZZZZZZZZZZZZZZZZ */ return (-1); } ret = ctx->meth->expand(ctx, out, olen, in, ilen); @@ -64,3 +130,8 @@ int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, } return (ret); } + +int COMP_CTX_get_type(const COMP_CTX* comp) +{ + return comp->meth ? comp->meth->type : NID_undef; +} diff --git a/include/openssl/comp.h b/include/openssl/comp.h index 6799b0f..c7d903f 100644 --- a/include/openssl/comp.h +++ b/include/openssl/comp.h @@ -1,3 +1,57 @@ +/* ==================================================================== + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + #ifndef HEADER_COMP_H # define HEADER_COMP_H @@ -8,41 +62,19 @@ extern "C" { #endif -typedef struct comp_ctx_st COMP_CTX; - -typedef struct comp_method_st { - int type; /* NID for compression library */ - const char *name; /* A text string to identify the library */ - int (*init) (COMP_CTX *ctx); - void (*finish) (COMP_CTX *ctx); - int (*compress) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - int (*expand) (COMP_CTX *ctx, - unsigned char *out, unsigned int olen, - unsigned char *in, unsigned int ilen); - /* - * The following two do NOTHING, but are kept for backward compatibility - */ - long (*ctrl) (void); - long (*callback_ctrl) (void); -} COMP_METHOD; - -struct comp_ctx_st { - COMP_METHOD *meth; - unsigned long compress_in; - unsigned long compress_out; - unsigned long expand_in; - unsigned long expand_out; - CRYPTO_EX_DATA ex_data; -}; COMP_CTX *COMP_CTX_new(COMP_METHOD *meth); +const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx); +int COMP_CTX_get_type(const COMP_CTX* comp); +int COMP_get_type(const COMP_METHOD *meth); +const char *COMP_get_name(const COMP_METHOD *meth); void COMP_CTX_free(COMP_CTX *ctx); + int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, unsigned char *in, int ilen); + COMP_METHOD *COMP_zlib(void); void COMP_zlib_cleanup(void); diff --git a/include/openssl/ossl_typ.h b/include/openssl/ossl_typ.h index b32ce66..e4e3270 100644 --- a/include/openssl/ossl_typ.h +++ b/include/openssl/ossl_typ.h @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. + * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -176,6 +176,9 @@ typedef struct engine_st ENGINE; typedef struct ssl_st SSL; typedef struct ssl_ctx_st SSL_CTX; +typedef struct comp_ctx_st COMP_CTX; +typedef struct comp_method_st COMP_METHOD; + typedef struct X509_POLICY_NODE_st X509_POLICY_NODE; typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL; typedef struct X509_POLICY_TREE_st X509_POLICY_TREE; diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 43c6801..e8c2e6c 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -145,9 +145,7 @@ # include -# ifndef OPENSSL_NO_COMP -# include -# endif +# include # include # ifdef OPENSSL_USE_DEPRECATED # include @@ -703,9 +701,6 @@ __owur int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key); typedef int (*GEN_SESSION_CB) (const SSL *ssl, unsigned char *id, unsigned int *id_len); -typedef struct ssl_comp_st SSL_COMP; - - # define SSL_SESS_CACHE_OFF 0x0000 # define SSL_SESS_CACHE_CLIENT 0x0001 # define SSL_SESS_CACHE_SERVER 0x0002 @@ -1774,7 +1769,6 @@ void SSL_set_tmp_ecdh_callback(SSL *ssl, int keylength)); # endif -# ifndef OPENSSL_NO_COMP __owur const COMP_METHOD *SSL_get_current_compression(SSL *s); __owur const COMP_METHOD *SSL_get_current_expansion(SSL *s); __owur const char *SSL_COMP_get_name(const COMP_METHOD *comp); @@ -1783,13 +1777,6 @@ __owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths); void SSL_COMP_free_compression_methods(void); __owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); -# else -__owur const void *SSL_get_current_compression(SSL *s); -__owur const void *SSL_get_current_expansion(SSL *s); -__owur const char *SSL_COMP_get_name(const void *comp); -void *SSL_COMP_get_compression_methods(void); -__owur int SSL_COMP_add_compression_method(int id, void *cm); -# endif const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ed274e0..ddedf5c 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -495,22 +495,20 @@ static void load_builtin_compressions(void) if (ssl_comp_methods == NULL) { SSL_COMP *comp = NULL; + COMP_METHOD *method = COMP_zlib(); MemCheck_off(); ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp); - if (ssl_comp_methods != NULL) { + if (COMP_get_type(method) != NID_undef + && ssl_comp_methods != NULL) { comp = OPENSSL_malloc(sizeof(*comp)); if (comp != NULL) { - comp->method = COMP_zlib(); - if (comp->method && comp->method->type == NID_undef) - OPENSSL_free(comp); - else { - comp->id = SSL_COMP_ZLIB_IDX; - comp->name = comp->method->name; - sk_SSL_COMP_push(ssl_comp_methods, comp); - } + comp->method = method; + comp->id = SSL_COMP_ZLIB_IDX; + comp->name = COMP_get_name(method); + sk_SSL_COMP_push(ssl_comp_methods, comp); + sk_SSL_COMP_sort(ssl_comp_methods); } - sk_SSL_COMP_sort(ssl_comp_methods); } MemCheck_on(); } @@ -1870,20 +1868,23 @@ SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) } #ifdef OPENSSL_NO_COMP -void *SSL_COMP_get_compression_methods(void) +STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { return NULL; } - -int SSL_COMP_add_compression_method(int id, void *cm) +STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) + *meths) { - return 1; + return meths; } - -const char *SSL_COMP_get_name(const void *comp) +void SSL_COMP_free_compression_methods(void) { - return NULL; } +int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) +{ + return 1; +} + #else STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) { @@ -1915,7 +1916,7 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) { SSL_COMP *comp; - if (cm == NULL || cm->type == NID_undef) + if (cm == NULL || COMP_get_type(cm) == NID_undef) return 1; /*- @@ -1960,14 +1961,17 @@ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) return (0); } } +#endif const char *SSL_COMP_get_name(const COMP_METHOD *comp) { - if (comp) - return comp->name; +#ifndef OPENSSL_NO_COMP + return comp ? COMP_get_name(comp) : NULL; +#else return NULL; -} #endif +} + /* For a cipher return the index corresponding to the certificate type */ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 8f74ef1..441c6fa 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2882,32 +2882,23 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s) return (NULL); } -#ifdef OPENSSL_NO_COMP -const void *SSL_get_current_compression(SSL *s) -{ - return NULL; -} - -const void *SSL_get_current_expansion(SSL *s) -{ - return NULL; -} -#else - const COMP_METHOD *SSL_get_current_compression(SSL *s) { - if (s->compress != NULL) - return (s->compress->meth); - return (NULL); +#ifndef OPENSSL_NO_COMP + return s->compress ? COMP_CTX_get_method(s->compress) : NULL; +#else + return NULL; +#endif } const COMP_METHOD *SSL_get_current_expansion(SSL *s) { - if (s->expand != NULL) - return (s->expand->meth); - return (NULL); -} +#ifndef OPENSSL_NO_COMP + return s->expand ? COMP_CTX_get_method(s->expand) : NULL; +#else + return NULL; #endif +} int ssl_init_wbio_buffer(SSL *s, int push) { diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 9ae1a07..64feb84 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -705,15 +705,12 @@ typedef struct srp_ctx_st { # endif +typedef struct ssl_comp_st SSL_COMP; struct ssl_comp_st { int id; const char *name; -# ifndef OPENSSL_NO_COMP COMP_METHOD *method; -# else - char *method; -# endif }; DECLARE_STACK_OF(SSL_COMP) @@ -1045,18 +1042,10 @@ struct ssl_st { int mac_flags; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ EVP_MD_CTX *read_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP + COMP_CTX *compress; /* compression */ COMP_CTX *expand; /* uncompress */ -# else - char *expand; -# endif EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP - COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif /* session info */ /* client cert? */ /* This is used to hold the server certificate used */ @@ -1357,11 +1346,7 @@ typedef struct ssl3_state_st { struct dtls1_retransmit_state { EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ EVP_MD_CTX *write_hash; /* used for mac generation */ -# ifndef OPENSSL_NO_COMP COMP_CTX *compress; /* compression */ -# else - char *compress; -# endif SSL_SESSION *session; unsigned short epoch; }; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 9277d2c..918e75e 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -221,9 +221,8 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) 0) goto err; } else { - if (BIO_printf - (bp, "\n Compression: %d (%s)", comp->id, - comp->method->name) <= 0) + if (BIO_printf(bp, "\n Compression: %d (%s)", comp->id, + comp->name) <= 0) goto err; } } diff --git a/test/ssltest.c b/test/ssltest.c index 39f1d80..e531b32 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -995,7 +995,7 @@ int main(int argc, char *argv[]) int print_time = 0; clock_t s_time = 0, c_time = 0; #ifndef OPENSSL_NO_COMP - int comp = 0; + int n, comp = 0; COMP_METHOD *cm = NULL; STACK_OF(SSL_COMP) *ssl_comp_methods = NULL; #endif @@ -1004,7 +1004,6 @@ int main(int argc, char *argv[]) int fips_mode = 0; #endif int no_protocol = 0; - int n; SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL; STACK_OF(OPENSSL_STRING) *conf_args = NULL; @@ -1373,7 +1372,7 @@ int main(int argc, char *argv[]) if (comp == COMP_ZLIB) cm = COMP_zlib(); if (cm != NULL) { - if (cm->type != NID_undef) { + if (COMP_get_type(cm) != NID_undef) { if (SSL_COMP_add_compression_method(comp, cm) != 0) { fprintf(stderr, "Failed to add compression method\n"); ERR_print_errors_fp(stderr); diff --git a/util/libeay.num b/util/libeay.num index d1b0303..b3dcd5d 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4557,3 +4557,7 @@ ASN1_TYPE_pack_sequence 4915 EXIST::FUNCTION: ASN1_TYPE_unpack_sequence 4916 EXIST::FUNCTION: CRYPTO_clean_free 4917 NOEXIST::FUNCTION: CRYPTO_clear_free 4918 EXIST::FUNCTION: +COMP_CTX_get_method 4919 EXIST::FUNCTION: +COMP_CTX_get_type 4920 EXIST::FUNCTION: +COMP_get_name 4921 EXIST::FUNCTION: +COMP_get_type 4922 EXIST::FUNCTION: diff --git a/util/ssleay.num b/util/ssleay.num index ee82ef2..ab89e91 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -164,7 +164,7 @@ SSL_CTX_get_cert_store 180 EXIST::FUNCTION: SSL_CTX_set_cert_store 181 EXIST::FUNCTION: SSL_want 182 EXIST::FUNCTION: SSL_library_init 183 EXIST::FUNCTION: -SSL_COMP_add_compression_method 184 EXIST::FUNCTION:COMP +SSL_COMP_add_compression_method 184 EXIST::FUNCTION: SSL_add_file_cert_subjects_to_stack 185 EXIST:!VMS:FUNCTION:STDIO SSL_add_file_cert_subjs_to_stk 185 EXIST:VMS:FUNCTION:STDIO SSL_set_tmp_rsa_callback 186 EXIST::FUNCTION:RSA @@ -219,13 +219,13 @@ SSL_set_msg_callback 267 EXIST::FUNCTION: DTLSv1_client_method 268 EXIST::FUNCTION: SSL_CTX_set_tmp_ecdh_callback 269 EXIST::FUNCTION:EC SSL_set_tmp_ecdh_callback 270 EXIST::FUNCTION:EC -SSL_COMP_get_name 271 EXIST::FUNCTION:COMP -SSL_get_current_compression 272 EXIST::FUNCTION:COMP +SSL_COMP_get_name 271 EXIST::FUNCTION: +SSL_get_current_compression 272 EXIST::FUNCTION: DTLSv1_method 273 EXIST::FUNCTION: -SSL_get_current_expansion 274 EXIST::FUNCTION:COMP +SSL_get_current_expansion 274 EXIST::FUNCTION: DTLSv1_server_method 275 EXIST::FUNCTION: -SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION:COMP -SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION:COMP +SSL_COMP_get_compression_methods 276 EXIST:!VMS:FUNCTION: +SSL_COMP_get_compress_methods 276 EXIST:VMS:FUNCTION: SSL_SESSION_get_id 277 EXIST::FUNCTION: SSL_CTX_sess_set_new_cb 278 EXIST::FUNCTION: SSL_CTX_sess_get_get_cb 279 EXIST::FUNCTION: @@ -333,8 +333,8 @@ SSL_CTX_set_srv_supp_data 371 NOEXIST::FUNCTION: SSL_CONF_cmd_argv 372 EXIST::FUNCTION: DTLSv1_2_server_method 373 EXIST::FUNCTION: SSL_COMP_set0_compress_methods 374 NOEXIST::FUNCTION: -SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION:COMP -SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION:COMP +SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION: +SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION: SSL_CTX_set_cert_cb 375 EXIST::FUNCTION: SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT SSL_is_server 377 EXIST::FUNCTION: @@ -367,8 +367,8 @@ DTLSv1_2_method 404 EXIST::FUNCTION: DTLS_server_method 405 EXIST::FUNCTION: SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT SSL_COMP_free_compress_methods 407 NOEXIST::FUNCTION: -SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION:COMP -SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION:COMP +SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION: +SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION: SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT SSL_CTX_get_security_callback 410 EXIST::FUNCTION: SSL_SESSION_print_keylog 411 EXIST::FUNCTION: From stevem at openssl.org Tue May 12 14:58:52 2015 From: stevem at openssl.org (Steve Marquess) Date: Tue, 12 May 2015 14:58:52 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1431442732.044591.9618.nullmailer@dev.openssl.org> The branch master has been updated via 24b6f7ec36449f7b39bb04df4626b292664654bc (commit) from 769082532a0fa761872264b6a747974d9b394b08 (commit) - Log ----------------------------------------------------------------- commit 24b6f7ec36449f7b39bb04df4626b292664654bc Author: Steve Marquess Date: Tue May 12 10:58:34 2015 -0400 Add CLAs ----------------------------------------------------------------------- Summary of changes: licenses/openssl_ccla.pdf | Bin 0 -> 37962 bytes licenses/openssl_icla.pdf | Bin 0 -> 37290 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 licenses/openssl_ccla.pdf create mode 100644 licenses/openssl_icla.pdf diff --git a/licenses/openssl_ccla.pdf b/licenses/openssl_ccla.pdf new file mode 100644 index 0000000..031ed4c Binary files /dev/null and b/licenses/openssl_ccla.pdf differ diff --git a/licenses/openssl_icla.pdf b/licenses/openssl_icla.pdf new file mode 100644 index 0000000..798b231 Binary files /dev/null and b/licenses/openssl_icla.pdf differ From steve at openssl.org Tue May 12 19:52:32 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 12 May 2015 19:52:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431460352.741562.21153.nullmailer@dev.openssl.org> The branch master has been updated via 6b43bbf09c6f31f2b6c66a5e8ef3b668036fbfeb (commit) from 9a555706a3fb8f6622e1049ab510a12f4e1bc6a2 (commit) - Log ----------------------------------------------------------------- commit 6b43bbf09c6f31f2b6c66a5e8ef3b668036fbfeb Author: Dr. Stephen Henson Date: Tue May 12 19:49:06 2015 +0100 Fix cipherlist order. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_lib.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index a962b5c..7e9faf4 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1839,21 +1839,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 256, 256, }, -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL - { - 1, - "SCSV", - SSL3_CK_SCSV, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0, - 0}, -#endif #ifndef OPENSSL_NO_CAMELLIA /* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */ @@ -2051,6 +2036,23 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { }, #endif +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + /* Cipher FF */ + { + 1, + "SCSV", + SSL3_CK_SCSV, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0, + 0}, +#endif + #ifndef OPENSSL_NO_EC /* Cipher C001 */ { From matt at openssl.org Wed May 13 08:26:08 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 08:26:08 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431505568.121049.3188.nullmailer@dev.openssl.org> The branch master has been updated via 56d88027f026afd97ddf4e501f98437ca9819bfb (commit) from 6b43bbf09c6f31f2b6c66a5e8ef3b668036fbfeb (commit) - Log ----------------------------------------------------------------- commit 56d88027f026afd97ddf4e501f98437ca9819bfb Author: Gunnar Kudrjavets Date: Tue May 12 15:44:45 2015 -0700 Fix the heap corruption in libeay32!OBJ_add_object. Original 'sizeof(ADDED_OBJ)' was replaced with 'sizeof(*ao)'. However, they return different sizes. Therefore as the result heap gets corrupted and at some point later debug version of malloc() detects the corruption. On x86 we can observe that as follows: sizeof(*ao) == 4 sizeof(*ao[0]) == sizeof(ADDED_OBJ) == 8 Issue reproduces with either enabling CRT debug heap or Application Verifier's full-page heap. Basic debugging data from the moment the corruption is first detected: 0:000:x86> | . 0 id: 283c create name: openssl.exe 0:000:x86> kcn # 00 MSVCR120D!_heap_alloc_dbg_impl 01 MSVCR120D!_nh_malloc_dbg_impl 02 MSVCR120D!_nh_malloc_dbg 03 MSVCR120D!malloc 04 LIBEAY32!default_malloc_ex 05 LIBEAY32!CRYPTO_malloc 06 LIBEAY32!lh_insert 07 LIBEAY32!OBJ_add_object 08 LIBEAY32!OBJ_create 09 openssl!add_oid_section 0a openssl!req_main 0b openssl!do_cmd 0c openssl!main 0d openssl!__tmainCRTStartup 0e openssl!mainCRTStartup 0f KERNEL32!BaseThreadInitThunk 10 ntdll_77d60000!__RtlUserThreadStart 11 ntdll_77d60000!_RtlUserThreadStart Signed-off-by: Matt Caswell Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 991a1b7..3df7ff2 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -255,16 +255,16 @@ int OBJ_add_object(const ASN1_OBJECT *obj) return (0); if ((o = OBJ_dup(obj)) == NULL) goto err; - if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao))) == NULL) + if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) goto err2; if ((o->length != 0) && (obj->data != NULL)) - if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao))) == NULL) + if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) goto err2; if (o->sn != NULL) - if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao))) == NULL) + if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) goto err2; if (o->ln != NULL) - if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao))) == NULL) + if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL) goto err2; for (i = ADDED_DATA; i <= ADDED_NID; i++) { From matt at openssl.org Wed May 13 10:29:56 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 10:29:56 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431512996.423268.18466.nullmailer@dev.openssl.org> The branch master has been updated via a0bd6493369d960abef11c2346b9bbb308b4285a (commit) from 56d88027f026afd97ddf4e501f98437ca9819bfb (commit) - Log ----------------------------------------------------------------- commit a0bd6493369d960abef11c2346b9bbb308b4285a Author: Matt Caswell Date: Wed May 6 21:31:16 2015 +0100 Don't allow a CCS when expecting a CertificateVerify Currently we set change_cipher_spec_ok to 1 before calling ssl3_get_cert_verify(). This is because this message is optional and if it is not sent then the next thing we would expect to get is the CCS. However, although it is optional, we do actually know whether we should be receiving one in advance. If we have received a client cert then we should expect a CertificateVerify message. By the time we get to this point we will already have bombed out if we didn't get a Certificate when we should have done, so it is safe just to check whether |peer| is NULL or not. If it is we won't get a CertificateVerify, otherwise we will. Therefore we should change the logic so that we only attempt to get the CertificateVerify if we are expecting one, and not allow a CCS in this scenario. Whilst this is good practice for TLS it is even more important for DTLS. In DTLS messages can be lost. Therefore we may be in a situation where a CertificateVerify message does not arrive even though one was sent. In that case the next message the server will receive will be the CCS. This could also happen if messages get re-ordered in-flight. In DTLS if |change_cipher_spec_ok| is not set and a CCS is received it is ignored. However if |change_cipher_spec_ok| *is* set then a CCS arrival will immediately move the server into the next epoch. Any messages arriving for the previous epoch will be ignored. This means that, in this scenario, the handshake can never complete. The client will attempt to retransmit missing messages, but the server will ignore them because they are the wrong epoch. The server meanwhile will still be waiting for the CertificateVerify which is never going to arrive. RT#2958 Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 18 ++++----------- ssl/s3_srvr.c | 74 +++++++++++++++++++---------------------------------------- 2 files changed, 28 insertions(+), 64 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index cc4874f..94bd435 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -683,15 +683,6 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -708,11 +699,10 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in d1_pkt.c, and remains set until * the client's Finished message is read. diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 2f3158b..80d04c9 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -682,15 +682,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -710,11 +701,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: /* - * Enable CCS for resumed handshakes with NPN. - * In a full handshake with NPN, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS for NPN. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until * the client's Finished message is read. @@ -733,10 +723,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes without NPN. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make + * Enable CCS for handshakes without NPN. In NPN the CCS flag has + * already been set. Receiving a CCS clears the flag, so make * sure not to re-enable it to ban duplicates. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until @@ -2960,39 +2948,31 @@ int ssl3_get_cert_verify(SSL *s) EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); + /* + * We should only process a CertificateVerify message if we have received + * a Certificate from the client. If so then |s->session->peer| will be non + * NULL. In some instances a CertificateVerify message is not required even + * if the peer has sent a Certificate (e.g. such as in the case of static + * DH). In that case the ClientKeyExchange processing will skip the + * CertificateVerify state so we should not arrive here. + */ + if (s->session->peer == NULL) { + ret = 1; + goto end; + } + n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, - -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); + SSL3_MT_CERTIFICATE_VERIFY, + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } else { - peer = NULL; - pkey = NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - s->s3->tmp.reuse_message = 1; - if (peer != NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret = 1; - goto end; - } - - if (peer == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_NO_CLIENT_CERT_RECEIVED); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } + peer = s->session->peer; + pkey = X509_get_pubkey(peer); + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, @@ -3001,12 +2981,6 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } - if (s->s3->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_CCS_RECEIVED_EARLY); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - /* we now have a signature that we need to verify */ p = (unsigned char *)s->init_msg; /* Check for broken implementations of GOST ciphersuites */ From matt at openssl.org Wed May 13 10:30:07 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 10:30:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431513007.767065.19146.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 464774d75f91ab84772de71743e3c8c0db9a96a6 (commit) from 833518cf0e1e5224383a45cc68c8bb9c3a60865c (commit) - Log ----------------------------------------------------------------- commit 464774d75f91ab84772de71743e3c8c0db9a96a6 Author: Matt Caswell Date: Wed May 6 21:31:16 2015 +0100 Don't allow a CCS when expecting a CertificateVerify Currently we set change_cipher_spec_ok to 1 before calling ssl3_get_cert_verify(). This is because this message is optional and if it is not sent then the next thing we would expect to get is the CCS. However, although it is optional, we do actually know whether we should be receiving one in advance. If we have received a client cert then we should expect a CertificateVerify message. By the time we get to this point we will already have bombed out if we didn't get a Certificate when we should have done, so it is safe just to check whether |peer| is NULL or not. If it is we won't get a CertificateVerify, otherwise we will. Therefore we should change the logic so that we only attempt to get the CertificateVerify if we are expecting one, and not allow a CCS in this scenario. Whilst this is good practice for TLS it is even more important for DTLS. In DTLS messages can be lost. Therefore we may be in a situation where a CertificateVerify message does not arrive even though one was sent. In that case the next message the server will receive will be the CCS. This could also happen if messages get re-ordered in-flight. In DTLS if |change_cipher_spec_ok| is not set and a CCS is received it is ignored. However if |change_cipher_spec_ok| *is* set then a CCS arrival will immediately move the server into the next epoch. Any messages arriving for the previous epoch will be ignored. This means that, in this scenario, the handshake can never complete. The client will attempt to retransmit missing messages, but the server will ignore them because they are the wrong epoch. The server meanwhile will still be waiting for the CertificateVerify which is never going to arrive. RT#2958 Reviewed-by: Emilia K?sper (cherry picked from commit a0bd6493369d960abef11c2346b9bbb308b4285a) ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 18 ++++----------- ssl/s3_srvr.c | 74 +++++++++++++++++++---------------------------------------- 2 files changed, 28 insertions(+), 64 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 10726d6..655333a 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -695,15 +695,6 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -720,11 +711,10 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in d1_pkt.c, and remains set until * the client's Finished message is read. diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 2e0f989..f0a16c4 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -684,15 +684,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -712,11 +703,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: /* - * Enable CCS for resumed handshakes with NPN. - * In a full handshake with NPN, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS for NPN. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until * the client's Finished message is read. @@ -735,10 +725,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes without NPN. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make + * Enable CCS for handshakes without NPN. In NPN the CCS flag has + * already been set. Receiving a CCS clears the flag, so make * sure not to re-enable it to ban duplicates. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until @@ -2951,39 +2939,31 @@ int ssl3_get_cert_verify(SSL *s) EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); + /* + * We should only process a CertificateVerify message if we have received + * a Certificate from the client. If so then |s->session->peer| will be non + * NULL. In some instances a CertificateVerify message is not required even + * if the peer has sent a Certificate (e.g. such as in the case of static + * DH). In that case the ClientKeyExchange processing will skip the + * CertificateVerify state so we should not arrive here. + */ + if (s->session->peer == NULL) { + ret = 1; + goto end; + } + n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, - -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); + SSL3_MT_CERTIFICATE_VERIFY, + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } else { - peer = NULL; - pkey = NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - s->s3->tmp.reuse_message = 1; - if (peer != NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret = 1; - goto end; - } - - if (peer == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_NO_CLIENT_CERT_RECEIVED); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } + peer = s->session->peer; + pkey = X509_get_pubkey(peer); + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, @@ -2992,12 +2972,6 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } - if (s->s3->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_CCS_RECEIVED_EARLY); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - /* we now have a signature that we need to verify */ p = (unsigned char *)s->init_msg; /* Check for broken implementations of GOST ciphersuites */ From matt at openssl.org Wed May 13 10:30:22 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 10:30:22 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431513022.341046.19394.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 5c122908ab42399df020981d0238e59d4ec38098 (commit) from 1c70c783af31d42f2dc1fc81c4759e87f9ea8f31 (commit) - Log ----------------------------------------------------------------- commit 5c122908ab42399df020981d0238e59d4ec38098 Author: Matt Caswell Date: Wed May 6 21:31:16 2015 +0100 Don't allow a CCS when expecting a CertificateVerify Currently we set change_cipher_spec_ok to 1 before calling ssl3_get_cert_verify(). This is because this message is optional and if it is not sent then the next thing we would expect to get is the CCS. However, although it is optional, we do actually know whether we should be receiving one in advance. If we have received a client cert then we should expect a CertificateVerify message. By the time we get to this point we will already have bombed out if we didn't get a Certificate when we should have done, so it is safe just to check whether |peer| is NULL or not. If it is we won't get a CertificateVerify, otherwise we will. Therefore we should change the logic so that we only attempt to get the CertificateVerify if we are expecting one, and not allow a CCS in this scenario. Whilst this is good practice for TLS it is even more important for DTLS. In DTLS messages can be lost. Therefore we may be in a situation where a CertificateVerify message does not arrive even though one was sent. In that case the next message the server will receive will be the CCS. This could also happen if messages get re-ordered in-flight. In DTLS if |change_cipher_spec_ok| is not set and a CCS is received it is ignored. However if |change_cipher_spec_ok| *is* set then a CCS arrival will immediately move the server into the next epoch. Any messages arriving for the previous epoch will be ignored. This means that, in this scenario, the handshake can never complete. The client will attempt to retransmit missing messages, but the server will ignore them because they are the wrong epoch. The server meanwhile will still be waiting for the CertificateVerify which is never going to arrive. RT#2958 Reviewed-by: Emilia K?sper (cherry picked from commit a0bd6493369d960abef11c2346b9bbb308b4285a) ----------------------------------------------------------------------- Summary of changes: ssl/d1_srvr.c | 18 ++++----------- ssl/s3_srvr.c | 74 +++++++++++++++++++---------------------------------------- 2 files changed, 28 insertions(+), 64 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index d63e229..41c7dc5 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -669,15 +669,6 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->d1->change_cipher_spec_ok = 1; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -694,11 +685,10 @@ int dtls1_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, so change_cipher_spec_ok was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in d1_pkt.c, and remains set until * the client's Finished message is read. diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 65d7a35..cb6ef0a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -692,15 +692,6 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: - /* - * This *should* be the first time we enable CCS, but be - * extra careful about surrounding code changes. We need - * to set this here because we don't know if we're - * expecting a CertificateVerify or not. - */ - if (!s->s3->change_cipher_spec) - s->s3->flags |= SSL3_FLAGS_CCS_OK; - /* we should decide if we expected this one */ ret = ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -720,11 +711,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: /* - * Enable CCS for resumed handshakes with NPN. - * In a full handshake with NPN, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make - * sure not to re-enable it to ban duplicates. + * Enable CCS for NPN. Receiving a CCS clears the flag, so make + * sure not to re-enable it to ban duplicates. This *should* be the + * first time we have received one - but we check anyway to be + * cautious. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until * the client's Finished message is read. @@ -743,10 +733,8 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: /* - * Enable CCS for resumed handshakes without NPN. - * In a full handshake, we end up here through - * SSL3_ST_SR_CERT_VRFY_B, where SSL3_FLAGS_CCS_OK was - * already set. Receiving a CCS clears the flag, so make + * Enable CCS for handshakes without NPN. In NPN the CCS flag has + * already been set. Receiving a CCS clears the flag, so make * sure not to re-enable it to ban duplicates. * s->s3->change_cipher_spec is set when a CCS is * processed in s3_pkt.c, and remains set until @@ -2963,39 +2951,31 @@ int ssl3_get_cert_verify(SSL *s) EVP_MD_CTX mctx; EVP_MD_CTX_init(&mctx); + /* + * We should only process a CertificateVerify message if we have received + * a Certificate from the client. If so then |s->session->peer| will be non + * NULL. In some instances a CertificateVerify message is not required even + * if the peer has sent a Certificate (e.g. such as in the case of static + * DH). In that case the ClientKeyExchange processing will skip the + * CertificateVerify state so we should not arrive here. + */ + if (s->session->peer == NULL) { + ret = 1; + goto end; + } + n = s->method->ssl_get_message(s, SSL3_ST_SR_CERT_VRFY_A, SSL3_ST_SR_CERT_VRFY_B, - -1, SSL3_RT_MAX_PLAIN_LENGTH, &ok); + SSL3_MT_CERTIFICATE_VERIFY, + SSL3_RT_MAX_PLAIN_LENGTH, &ok); if (!ok) return ((int)n); - if (s->session->peer != NULL) { - peer = s->session->peer; - pkey = X509_get_pubkey(peer); - type = X509_certificate_type(peer, pkey); - } else { - peer = NULL; - pkey = NULL; - } - - if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) { - s->s3->tmp.reuse_message = 1; - if (peer != NULL) { - al = SSL_AD_UNEXPECTED_MESSAGE; - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_MISSING_VERIFY_MESSAGE); - goto f_err; - } - ret = 1; - goto end; - } - - if (peer == NULL) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_NO_CLIENT_CERT_RECEIVED); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } + peer = s->session->peer; + pkey = X509_get_pubkey(peer); + type = X509_certificate_type(peer, pkey); if (!(type & EVP_PKT_SIGN)) { SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, @@ -3004,12 +2984,6 @@ int ssl3_get_cert_verify(SSL *s) goto f_err; } - if (s->s3->change_cipher_spec) { - SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, SSL_R_CCS_RECEIVED_EARLY); - al = SSL_AD_UNEXPECTED_MESSAGE; - goto f_err; - } - /* we now have a signature that we need to verify */ p = (unsigned char *)s->init_msg; /* Check for broken implementations of GOST ciphersuites */ From matt at openssl.org Wed May 13 14:10:49 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 14:10:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431526249.212878.13914.nullmailer@dev.openssl.org> The branch master has been updated via c3d734701cd57575856bf9b542446811518dd28c (commit) via e36827f6d10ed64abb1b374b6f11b79225d04205 (commit) via 60b3d36df3625fad66b53ccc32dc31818cf3048e (commit) via 55a9a16f1c02837058173c41fa26f36ec3acd22e (commit) via 5561419a6033f8ccad9399d5386d6941c0aa44ae (commit) from a0bd6493369d960abef11c2346b9bbb308b4285a (commit) - Log ----------------------------------------------------------------- commit c3d734701cd57575856bf9b542446811518dd28c Author: Matt Caswell Date: Tue May 12 13:12:16 2015 +0100 Add CHANGES entry for Kerberos removal Reviewed-by: Rich Salz commit e36827f6d10ed64abb1b374b6f11b79225d04205 Author: Matt Caswell Date: Tue May 12 12:14:13 2015 +0100 Remove remaining Kerberos references Following on from the removal of libcrypto and libssl support for Kerberos this commit removes all remaining references to Kerberos. Reviewed-by: Rich Salz commit 60b3d36df3625fad66b53ccc32dc31818cf3048e Author: Matt Caswell Date: Tue May 12 11:49:21 2015 +0100 Remove Kerberos support from libcrypto Remove libcrypto support for Kerberos following on from the previous commit which removed it from libssl. Reviewed-by: Rich Salz commit 55a9a16f1c02837058173c41fa26f36ec3acd22e Author: Matt Caswell Date: Tue May 12 10:27:53 2015 +0100 Remove Kerberos support from libssl Remove RFC2712 Kerberos support from libssl. This code and the associated standard is no longer considered fit-for-purpose. Reviewed-by: Rich Salz commit 5561419a6033f8ccad9399d5386d6941c0aa44ae Author: Matt Caswell Date: Tue May 12 10:35:51 2015 +0100 Remove Kerberos support from apps Remove Kerberos related options from the apps to prepare for the subsequent commits which will remove libcrypto and libssl support for Kerberos. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 6 +- Configure | 103 +- INSTALL.VMS | 2 +- Makefile.org | 14 +- apps/Makefile | 339 ++++--- apps/s_client.c | 22 +- apps/s_server.c | 54 +- config | 21 - crypto/crypto-lib.com | 3 +- crypto/evp/e_des3.c | 28 - crypto/install-crypto.com | 3 +- crypto/krb5/Makefile | 68 -- crypto/krb5/krb5_asn.c | 162 ---- doc/standards.txt | 3 - include/openssl/krb5_asn.h | 240 ----- include/openssl/kssl.h | 197 ---- include/openssl/safestack.h | 234 +---- include/openssl/ssl.h | 46 +- include/openssl/ssl3.h | 35 - include/openssl/store.h | 3 +- makevms.com | 9 +- ssl/Makefile | 1253 ++++++++++++------------ ssl/d1_clnt.c | 3 - ssl/d1_srvr.c | 12 +- ssl/install-ssl.com | 2 +- ssl/kssl.c | 2252 ------------------------------------------- ssl/kssl_lcl.h | 88 -- ssl/record/ssl3_record.c | 33 - ssl/s3_clnt.c | 212 +--- ssl/s3_lib.c | 241 ----- ssl/s3_srvr.c | 218 +---- ssl/ssl-lib.com | 2 +- ssl/ssl_asn1.c | 22 - ssl/ssl_ciph.c | 39 +- ssl/ssl_err.c | 11 - ssl/ssl_lib.c | 17 - ssl/ssl_locl.h | 13 - ssl/ssl_sess.c | 14 - ssl/ssl_txt.c | 12 - ssl/t1_enc.c | 67 +- ssl/t1_lib.c | 6 - ssl/t1_trce.c | 4 - test/Makefile | 45 +- test/ssltest.c | 15 - util/clean-depend.pl | 2 - util/domd | 4 - util/indent.pro | 33 - util/libeay.num | 132 +-- util/mk1mf.pl | 25 - util/mkdef.pl | 8 +- util/mkfiles.pl | 1 - util/ssleay.num | 34 +- 52 files changed, 963 insertions(+), 5449 deletions(-) delete mode 100644 crypto/krb5/Makefile delete mode 100644 crypto/krb5/krb5_asn.c delete mode 100644 include/openssl/krb5_asn.h delete mode 100644 include/openssl/kssl.h delete mode 100644 ssl/kssl.c delete mode 100644 ssl/kssl_lcl.h diff --git a/CHANGES b/CHANGES index de00a8a..337b9b1 100644 --- a/CHANGES +++ b/CHANGES @@ -3,11 +3,15 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This + code and the associated standard is no longer considered fit-for-purpose. + [Matt Caswell] *) Added HTTP GET support to the ocsp command. [Rich Salz] - *) RAND_pseudo_bytes has been deprecated. Users should use RAND bytes instead. + *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead. + [Matt Caswell] *) Added support for TLS extended master secret from draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an diff --git a/Configure b/Configure index b9e0f50..f0a8acc 100755 --- a/Configure +++ b/Configure @@ -14,7 +14,7 @@ use File::Spec::Functions; # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n"; # Options: # @@ -30,18 +30,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # default). This needn't be set in advance, you can # just as well use "make INSTALL_PREFIX=/whatever install". # -# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected -# to live in the subdirectory lib/ and the header files in -# include/. A value is required. -# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is -# required. -# (Default: KRB5_DIR/lib) -# --with-krb5-include Declare where the Kerberos 5 header files live. A -# value is required. -# (Default: KRB5_DIR/include) -# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently -# supported values are "MIT" and "Heimdal". A value is required. -# # --test-sanity Make a number of sanity checks on the data in this file. # This is a debugging tool for OpenSSL developers. # @@ -59,7 +47,6 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta # no-asm do not use assembler # no-dso do not compile in any native shared-library methods. This # will ensure that all methods just return NULL. -# no-krb5 do not compile in any KRB5 library or code. # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. @@ -782,7 +769,6 @@ my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default -my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default my $no_asm=0; my $no_dso=0; @@ -856,7 +842,6 @@ my $openssl_thread_defines; my $openssl_sys_defines=""; my $openssl_other_defines; my $libs; -my $libkrb5=""; my $target; my $options; my $make_depend=0; @@ -1005,10 +990,6 @@ PROCESS_ARGS: { $install_prefix=$1; } - elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/) - { - $withargs{"krb5-".$1}=$2; - } elsif (/^--with-zlib-lib=(.*)$/) { $withargs{"zlib-lib"}=$1; @@ -1076,11 +1057,6 @@ if ($processor eq "386") $disabled{"sse2"} = "forced"; } -if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "") - { - $disabled{"krb5"} = "krb5-flavor not specified"; - } - if (!defined($disabled{"zlib-dynamic"})) { # "zlib-dynamic" was specifically enabled, so enable "zlib" @@ -1223,19 +1199,14 @@ foreach (sort (keys %disabled)) $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n"; print " OPENSSL_NO_$ALGO"; - if (/^krb5$/) - { $no_krb5 = 1; } - else - { - push @skip, $algo; - # fix-up crypto/directory name(s) - $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; - $skip[$#skip]="ripemd" if $algo eq "rmd160"; + push @skip, $algo; + # fix-up crypto/directory name(s) + $skip[$#skip]="whrlpool" if $algo eq "whirlpool"; + $skip[$#skip]="ripemd" if $algo eq "rmd160"; - print " (skip dir)"; + print " (skip dir)"; - $depflags .= " -DOPENSSL_NO_$ALGO"; - } + $depflags .= " -DOPENSSL_NO_$ALGO"; } } @@ -1354,62 +1325,6 @@ my $no_user_cflags=0; if ($flags ne "") { $cflags="$flags$cflags"; } else { $no_user_cflags=1; } -# Kerberos settings. The flavor must be provided from outside, either through -# the script "config" or manually. -if (!$no_krb5) - { - my ($lresolv, $lpath, $lext); - if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/) - { - die "Sorry, Heimdal is currently not supported\n"; - } - ##### HACK to force use of Heimdal. - ##### WARNING: Since we don't really have adequate support for Heimdal, - ##### using this will break the build. You'll have to make - ##### changes to the source, and if you do, please send - ##### patches to openssl-dev at openssl.org - if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/) - { - warn "Heimdal isn't really supported. Your build WILL break\n"; - warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n"; - $withargs{"krb5-dir"} = "/usr/heimdal" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi -lkrb5 -lcom_err" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_HEIMDAL $cflags"; - } - if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/) - { - $withargs{"krb5-dir"} = "/usr/kerberos" - if $withargs{"krb5-dir"} eq ""; - $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}. - "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto" - if $withargs{"krb5-lib"} eq "" && !$IsMK1MF; - $cflags="-DKRB5_MIT $cflags"; - $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//; - if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/) - { - $cflags="-DKRB5_MIT_OLD11 $cflags"; - } - } - LRESOLV: - foreach $lpath ("/lib", "/usr/lib") - { - foreach $lext ("a", "so") - { - $lresolv = "$lpath/libresolv.$lext"; - last LRESOLV if (-r "$lresolv"); - $lresolv = ""; - } - } - $withargs{"krb5-lib"} .= " -lresolv" - if ("$lresolv" ne ""); - $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include" - if $withargs{"krb5-include"} eq "" && - $withargs{"krb5-dir"} ne ""; - } - # The DSO code currently always implements all functions so that no # applications will have to worry about that from a compilation point # of view. However, the "method"s may return zero unless that platform @@ -1827,8 +1742,6 @@ while () s/^PROCESSOR=.*/PROCESSOR= $processor/; s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; - s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; - s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; @@ -1887,8 +1800,6 @@ print "PROCESSOR =$processor\n"; print "RANLIB =$ranlib\n"; print "ARFLAGS =$arflags\n"; print "PERL =$perl\n"; -print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n" - if $withargs{"krb5-include"} ne ""; my $des_ptr=0; my $des_risc1=0; diff --git a/INSTALL.VMS b/INSTALL.VMS index 132b2e7..084b279 100644 --- a/INSTALL.VMS +++ b/INSTALL.VMS @@ -134,7 +134,7 @@ Currently, the logical names supported are: disabling it is supported. Supported algorithms to do this with are: AES, BF, CAMELLIA, CAST, CMS, COMP, DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE, - ERR, GOST, HEARTBEATS, HMAC, IDEA, KRB5, MD2, MD4, + ERR, GOST, HEARTBEATS, HMAC, IDEA, MD2, MD4, MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP, SEED, SOCK, SRP, SRTP, TLSEXT, WHIRLPOOL. So, for example, having the logical name OPENSSL_NO_RSA with diff --git a/Makefile.org b/Makefile.org index 8146eed..69baf48 100644 --- a/Makefile.org +++ b/Makefile.org @@ -106,10 +106,6 @@ MODES_ASM_OBJ= ENGINES_ASM_OBJ= PERLASM_SCHEME= -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= - # Zlib stuff ZLIB_INCLUDE= LIBZLIB= @@ -146,7 +142,7 @@ SDIRS= \ des aes rc2 rc4 rc5 idea bf cast camellia seed modes \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ - evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ + evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui \ cms pqueue ts jpake srp store cmac # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... @@ -223,7 +219,6 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \ DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \ MAKEDEPPROG='$(MAKEDEPPROG)' \ SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \ - KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \ ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \ EXE_EXT='$(EXE_EXT)' SHARED_LIBS='$(SHARED_LIBS)' \ SHLIB_EXT='$(SHLIB_EXT)' SHLIB_TARGET='$(SHLIB_TARGET)' \ @@ -344,9 +339,6 @@ build-shared: do_$(SHLIB_TARGET) link-shared do_$(SHLIB_TARGET): @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \ - if [ "$$i" = "ssl" -a -n "$(LIBKRB5)" ]; then \ - libs="$(LIBKRB5) $$libs"; \ - fi; \ $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ @@ -367,7 +359,7 @@ libcrypto.pc: Makefile echo 'Requires: '; \ echo 'Libs: -L$${libdir} -lcrypto'; \ echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc + echo 'Cflags: -I$${includedir}' ) > libcrypto.pc libssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ @@ -381,7 +373,7 @@ libssl.pc: Makefile echo 'Requires.private: libcrypto'; \ echo 'Libs: -L$${libdir} -lssl'; \ echo 'Libs.private: $(EX_LIBS)'; \ - echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc + echo 'Cflags: -I$${includedir}' ) > libssl.pc openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ diff --git a/apps/Makefile b/apps/Makefile index 6253687..9952b3d 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -5,14 +5,11 @@ DIR= apps TOP= .. CC= cc -INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) +INCLUDES= -I$(TOP) -I../include CFLAG= -g -static -Wswitch MAKEFILE= Makefile PERL= perl RM= rm -f -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= PEX_LIBS= EX_LIBS= @@ -149,7 +146,7 @@ $(EXE): progs.h $(EXE_OBJ) $(DLIBCRYPTO) $(DLIBSSL) shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ - LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO)" ; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$(EXE) OBJECTS="$(EXE_OBJ)" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ @@ -186,21 +183,20 @@ apps.o: ../include/openssl/e_os2.h ../include/openssl/ec.h apps.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h apps.o: ../include/openssl/engine.h ../include/openssl/err.h apps.o: ../include/openssl/evp.h ../include/openssl/hmac.h -apps.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -apps.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -apps.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h -apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h -apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -apps.o: ../include/openssl/sha.h ../include/openssl/srtp.h -apps.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -apps.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -apps.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -apps.o: ../include/openssl/ui.h ../include/openssl/x509.h -apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h -apps.o: progs.h +apps.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +apps.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +apps.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h +apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h +apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h +apps.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +apps.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +apps.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h +apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +apps.o: ../include/openssl/x509v3.h apps.c apps.h progs.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -240,20 +236,19 @@ ciphers.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ciphers.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ciphers.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h -ciphers.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ciphers.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ciphers.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ciphers.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ciphers.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -ciphers.o: ciphers.c progs.h +ciphers.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ciphers.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ciphers.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +ciphers.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c progs.h cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -425,20 +420,19 @@ engine.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h engine.o: ../include/openssl/ec.h ../include/openssl/ecdh.h engine.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h engine.o: ../include/openssl/err.h ../include/openssl/evp.h -engine.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -engine.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -engine.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -engine.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -engine.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -engine.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -engine.o: ../include/openssl/safestack.h ../include/openssl/sha.h -engine.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -engine.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -engine.o: engine.c progs.h +engine.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +engine.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +engine.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +engine.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h +engine.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +engine.o: ../include/openssl/sha.h ../include/openssl/srtp.h +engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +engine.o: ../include/openssl/x509v3.h apps.h engine.c progs.h errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -446,20 +440,19 @@ errstr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h errstr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h errstr.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h errstr.o: ../include/openssl/err.h ../include/openssl/evp.h -errstr.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -errstr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -errstr.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -errstr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -errstr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -errstr.o: errstr.c progs.h +errstr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +errstr.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +errstr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +errstr.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +errstr.o: ../include/openssl/sha.h ../include/openssl/srtp.h +errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +errstr.o: ../include/openssl/x509v3.h apps.h errstr.c progs.h gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -534,19 +527,19 @@ ocsp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ocsp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ocsp.o: ../include/openssl/engine.h ../include/openssl/err.h ocsp.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ocsp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ocsp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ocsp.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -ocsp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ocsp.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ocsp.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ocsp.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ocsp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ocsp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c progs.h +ocsp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ocsp.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +ocsp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ocsp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c +ocsp.o: progs.h openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -554,20 +547,20 @@ openssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h openssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h openssl.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h openssl.o: ../include/openssl/err.h ../include/openssl/evp.h -openssl.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -openssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -openssl.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -openssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -openssl.o: ../include/openssl/rand.h ../include/openssl/safestack.h -openssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h -openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +openssl.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +openssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h +openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +openssl.o: openssl.c progs.h s_apps.h opt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h opt.o: ../include/openssl/buffer.h ../include/openssl/conf.h opt.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -782,20 +775,20 @@ s_cb.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_cb.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_cb.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h -s_cb.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_cb.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_cb.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_cb.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_cb.o: ../include/openssl/rand.h ../include/openssl/safestack.h -s_cb.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_cb.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_cb.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_cb.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_cb.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_cb.o: progs.h s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -804,21 +797,20 @@ s_client.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s_client.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s_client.o: ../include/openssl/engine.h ../include/openssl/err.h s_client.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_client.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_client.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_client.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h -s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_client.o: ../include/openssl/srp.h ../include/openssl/srtp.h -s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_client.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_client.c -s_client.o: timeouts.h +s_client.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_client.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_client.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h +s_client.o: ../include/openssl/sha.h ../include/openssl/srp.h +s_client.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_client.o: progs.h s_apps.h s_client.c timeouts.h s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -827,22 +819,21 @@ s_server.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_server.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_server.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_server.o: ../include/openssl/err.h ../include/openssl/evp.h -s_server.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_server.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_server.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_server.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_server.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_server.o: ../include/openssl/srp.h ../include/openssl/srtp.h -s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_server.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_server.c -s_server.o: timeouts.h +s_server.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_server.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_server.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h +s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s_server.o: ../include/openssl/sha.h ../include/openssl/srp.h +s_server.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_server.o: progs.h s_apps.h s_server.c timeouts.h s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -850,19 +841,19 @@ s_socket.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_socket.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_socket.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_socket.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s_socket.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s_socket.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h -s_socket.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -s_socket.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_socket.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s_socket.o: ../include/openssl/objects.h ../include/openssl/ocsp.h +s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s_socket.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_socket.o: progs.h s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -870,20 +861,19 @@ s_time.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s_time.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s_time.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s_time.o: ../include/openssl/err.h ../include/openssl/evp.h -s_time.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s_time.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s_time.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s_time.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s_time.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_time.o: progs.h s_apps.h s_time.c +s_time.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s_time.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +s_time.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s_time.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +s_time.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_time.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -891,20 +881,19 @@ sess_id.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h sess_id.o: ../include/openssl/ec.h ../include/openssl/ecdh.h sess_id.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h -sess_id.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -sess_id.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -sess_id.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -sess_id.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h -sess_id.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -sess_id.o: progs.h sess_id.c +sess_id.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +sess_id.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +sess_id.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h +sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +sess_id.o: ../include/openssl/sha.h ../include/openssl/srtp.h +sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +sess_id.o: ../include/openssl/x509v3.h apps.h progs.h sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/apps/s_client.c b/apps/s_client.c index b257727..8d78dc7 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -474,7 +474,7 @@ typedef enum OPTION_choice { OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1, OPT_DTLS1_2, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS, OPT_CERT_CHAIN, OPT_CAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, - OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_KRB5SVC, + OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN, OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_JPAKE, OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_SMTPHOST, @@ -551,9 +551,6 @@ OPTIONS s_client_options[] = { {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, # endif #endif -#ifndef OPENSSL_NO_KRB5 - {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"}, -#endif #ifndef OPENSSL_NO_SRP {"srpuser", OPT_SRPUSER, 's', "SRP authentification for 'user'"}, {"srppass", OPT_SRPPASS, 's', "Password for 'user'"}, @@ -666,10 +663,6 @@ int s_client_main(int argc, char **argv) long socket_mtu = 0, randamt = 0; unsigned short port = PORT; OPTION_CHOICE o; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; - const char *krb5svc = NULL; -#endif #ifndef OPENSSL_NO_ENGINE ENGINE *ssl_client_engine = NULL; #endif @@ -829,11 +822,6 @@ int s_client_main(int argc, char **argv) case OPT_NOCMDS: cmdletters = 0; break; - case OPT_KRB5SVC: -#ifndef OPENSSL_NO_KRB5 - krb5svc = opt_arg(); -#endif - break; case OPT_ENGINE: e = setup_engine(opt_arg(), 1); break; @@ -1333,14 +1321,6 @@ int s_client_main(int argc, char **argv) } } #endif -#ifndef OPENSSL_NO_KRB5 - if (con && (kctx = kssl_ctx_new()) != NULL) { - SSL_set0_kssl_ctx(con, kctx); - kssl_ctx_setstring(kctx, KSSL_SERVER, host); - if (krb5svc) - kssl_ctx_setstring(kctx, KSSL_SERVICE, krb5svc); - } -#endif /* OPENSSL_NO_KRB5 */ re_start: #ifdef NO_SYS_UN_H diff --git a/apps/s_server.c b/apps/s_server.c index ba281e0..c54caa6 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -228,8 +228,7 @@ static int s_server_verify = SSL_VERIFY_NONE; static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; -static const char *krb5svc = NULL; -static const char *krb5tab = NULL; + #ifndef OPENSSL_NO_TLSEXT static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; #endif @@ -833,8 +832,7 @@ typedef enum OPTION_choice { OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_S_ENUM, OPT_V_ENUM, - OPT_X_ENUM, - OPT_KRB5SVC, OPT_KRBTAB + OPT_X_ENUM } OPTION_CHOICE; OPTIONS s_server_options[] = { @@ -892,8 +890,6 @@ OPTIONS s_server_options[] = { {"jpake", OPT_JPAKE, 's', "JPAKE secret to use"}, # endif #endif - {"krb5svc", OPT_KRB5SVC, 's', "Kerberos service name"}, - {"keytab", OPT_KRBTAB, '<', "Kerberos keytab file"}, #ifndef OPENSSL_NO_SRP {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"}, {"srpuserseed", OPT_SRPUSERSEED, 's', @@ -1410,12 +1406,6 @@ int s_server_main(int argc, char *argv[]) case OPT_JPAKE: goto opthelp; #endif - case OPT_KRB5SVC: - krb5svc = opt_arg(); - break; - case OPT_KRBTAB: - krb5tab = opt_arg(); - break; case OPT_SRTP_PROFILES: srtp_profiles = opt_arg(); break; @@ -1988,9 +1978,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) unsigned long l; SSL *con = NULL; BIO *sbio; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; -#endif struct timeval timeout; #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; @@ -2022,15 +2009,6 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); } #endif -#ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) { - SSL_set0_kssl_ctx(con, kctx); - kssl_ctx_setstring(kctx, KSSL_SERVICE, - krb5svc ? krb5svc : KRB5SVC); - if (krb5tab) - kssl_ctx_setstring(kctx, KSSL_KEYTAB, krb5tab); - } -#endif /* OPENSSL_NO_KRB5 */ if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { @@ -2400,9 +2378,6 @@ static int init_ssl_connection(SSL *con) X509 *peer; long verify_error; char buf[BUFSIZ]; -#ifndef OPENSSL_NO_KRB5 - char *client_princ; -#endif #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; @@ -2503,13 +2478,6 @@ static int init_ssl_connection(SSL *con) if (SSL_ctrl(con, SSL_CTRL_GET_FLAGS, 0, NULL) & TLS1_FLAGS_TLS_PADDING_BUG) BIO_printf(bio_s_out, "Peer has incorrect TLSv1 block padding\n"); -#ifndef OPENSSL_NO_KRB5 - client_princ = kssl_ctx_get0_client_princ(SSL_get0_kssl_ctx(con)); - if (client_princ != NULL) { - BIO_printf(bio_s_out, "Kerberos peer principal is %s\n", - client_princ); - } -#endif /* OPENSSL_NO_KRB5 */ BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n", SSL_get_secure_renegotiation_support(con) ? "" : " NOT"); if (keymatexportlabel != NULL) { @@ -2558,9 +2526,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) SSL *con; const SSL_CIPHER *c; BIO *io, *ssl_bio, *sbio; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; -#endif #ifdef RENEG int total_bytes = 0; #endif @@ -2594,12 +2559,6 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } #endif -#ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) { - kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); - } -#endif /* OPENSSL_NO_KRB5 */ if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) goto err; @@ -2927,9 +2886,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) int ret = 1; SSL *con; BIO *io, *ssl_bio, *sbio; -#ifndef OPENSSL_NO_KRB5 - KSSL_CTX *kctx; -#endif buf = app_malloc(bufsize, "server rev buffer"); io = BIO_new(BIO_f_buffer()); @@ -2949,12 +2905,6 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_tlsext_debug_arg(con, bio_s_out); } #endif -#ifndef OPENSSL_NO_KRB5 - if ((kctx = kssl_ctx_new()) != NULL) { - kssl_ctx_setstring(kctx, KSSL_SERVICE, KRB5SVC); - kssl_ctx_setstring(kctx, KSSL_KEYTAB, KRB5KEYTAB); - } -#endif /* OPENSSL_NO_KRB5 */ if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { ERR_print_errors(bio_err); diff --git a/config b/config index 94534cb..1683f07 100755 --- a/config +++ b/config @@ -873,27 +873,6 @@ do fi done -# Discover Kerberos 5 (since it's still a prototype, we don't -# do any guesses yet, that's why this section is commented away. -#if [ -d /usr/kerberos ]; then -# krb5_dir=/usr/kerberos -# if [ $ -f $krb5_dir/lib/libgssapi_krb5.a -o -f $krb5_dir/lib/libgssapi_krb5.so* $\ -# -a $ -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* $\ -# -a $ -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* $\ -# -a $ -f $krb5_dir/lib/libk5crypto.a -o -f $krb5_dir/lib/libk5crypto.so* $\ -# -a $ -f $krb5_dir/include/krb5.h $ ]; then -# options="$options --with-krb5-flavor=MIT" -# fi -#elif [ -d /usr/heimdal ]; then -# krb5_dir=/usr/heimdal -# if [ $ -f $krb5_dir/lib/libgssapi.a -o -f $krb5_dir/lib/libgssapi.so* $\ -# -a $ -f $krb5_dir/lib/libkrb5.a -o -f $krb5_dir/lib/libkrb5.so* $\ -# -a $ -f $krb5_dir/lib/libcom_err.a -o -f $krb5_dir/lib/libcom_err.so* $\ -# -a $ -f $krb5_dir/include/krb5.h $ ]; then -# options="$options --with-krb5-flavor=Heimdal" -# fi -#fi - if [ -z "$OUT" ]; then OUT="$CC" fi diff --git a/crypto/crypto-lib.com b/crypto/crypto-lib.com index 02f8741..5a2694d 100644 --- a/crypto/crypto-lib.com +++ b/crypto/crypto-lib.com @@ -127,7 +127,7 @@ $ ENCRYPT_TYPES = "Basic,"+ - "DES,AES,RC2,RC4,RC5,IDEA,BF,CAST,CAMELLIA,SEED,MODES,"+ - "BN,EC,RSA,DSA,ECDSA,DH,ECDH,DSO,ENGINE,"+ - "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ - - "EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ - + "EVP,ASN1,PEM,X509,X509V3,CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,"+ - "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC" $ ENDIF $! @@ -343,7 +343,6 @@ $ LIB_COMP = "comp_lib,comp_err,"+ - $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ - "ocsp_srv,ocsp_prn,ocsp_vfy,ocsp_err,v3_ocsp" $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util" -$ LIB_KRB5 = "krb5_asn" $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ - "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ - "cms_pwri,cms_kari" diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index c720242..3340308 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -146,17 +146,6 @@ static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, { DES_EDE_KEY *dat = data(ctx); -# ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "des_ede_cbc_cipher(ctx=%p, buflen=%d)\n", ctx, - ctx->buf_len); - fprintf(stderr, "\t iv= "); - for (i = 0; i < 8; i++) - fprintf(stderr, "%02X", ctx->iv[i]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ if (dat->stream.cbc) { (*dat->stream.cbc) (in, out, inl, &dat->ks, ctx->iv); return 1; @@ -298,23 +287,6 @@ static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, DES_cblock *deskey = (DES_cblock *)key; DES_EDE_KEY *dat = data(ctx); -# ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "des_ede3_init_key(ctx=%p)\n", ctx); - fprintf(stderr, "\tKEY= "); - for (i = 0; i < 24; i++) - fprintf(stderr, "%02X", key[i]); - fprintf(stderr, "\n"); - if (iv) { - fprintf(stderr, "\t IV= "); - for (i = 0; i < 8; i++) - fprintf(stderr, "%02X", iv[i]); - fprintf(stderr, "\n"); - } - } -# endif /* KSSL_DEBUG */ - dat->stream.cbc = NULL; # if defined(SPARC_DES_CAPABLE) if (SPARC_DES_CAPABLE) { diff --git a/crypto/install-crypto.com b/crypto/install-crypto.com index 7734f94..5b011f6 100755 --- a/crypto/install-crypto.com +++ b/crypto/install-crypto.com @@ -80,7 +80,7 @@ $ sdirs := , - bn, ec, rsa, dsa, ecdsa, dh, ecdh, dso, engine, - buffer, bio, stack, lhash, rand, err, - evp, asn1, pem, x509, x509v3, conf, txt_db, pkcs7, pkcs12, comp, ocsp, - - ui, krb5, - + ui, - cms, pqueue, ts, jpake, srp, store, cmac $! $ exheader_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h @@ -132,7 +132,6 @@ $ exheader_pkcs12 := pkcs12.h $ exheader_comp := comp.h $ exheader_ocsp := ocsp.h $ exheader_ui := ui.h -$ exheader_krb5 := krb5_asn.h $ exheader_cms := cms.h $ exheader_pqueue := pqueue.h $ exheader_ts := ts.h diff --git a/crypto/krb5/Makefile b/crypto/krb5/Makefile deleted file mode 100644 index 3d923c4..0000000 --- a/crypto/krb5/Makefile +++ /dev/null @@ -1,68 +0,0 @@ -# -# OpenSSL/krb5/Makefile -# - -DIR= krb5 -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -MAKEFILE= Makefile -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile README - -LIB=$(TOP)/libcrypto.a -LIBSRC= krb5_asn.c - -LIBOBJ= krb5_asn.o - -SRC= $(LIBSRC) - -HEADER= - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -depend: - @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -krb5_asn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -krb5_asn.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -krb5_asn.o: ../../include/openssl/e_os2.h ../../include/openssl/krb5_asn.h -krb5_asn.o: ../../include/openssl/opensslconf.h -krb5_asn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -krb5_asn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -krb5_asn.o: ../../include/openssl/symhacks.h krb5_asn.c diff --git a/crypto/krb5/krb5_asn.c b/crypto/krb5/krb5_asn.c deleted file mode 100644 index d9851e9..0000000 --- a/crypto/krb5/krb5_asn.c +++ /dev/null @@ -1,162 +0,0 @@ -/* krb5_asn.c */ -/* - * Written by Vern Staats for the OpenSSL project, ** - * using ocsp/{*.h,*asn*.c} as a starting point - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ -#include -#include -#include - - -ASN1_SEQUENCE(KRB5_ENCDATA) = { - ASN1_EXP(KRB5_ENCDATA, etype, ASN1_INTEGER, 0), - ASN1_EXP_OPT(KRB5_ENCDATA, kvno, ASN1_INTEGER, 1), - ASN1_EXP(KRB5_ENCDATA, cipher, ASN1_OCTET_STRING,2) -} ASN1_SEQUENCE_END(KRB5_ENCDATA) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA) - - -ASN1_SEQUENCE(KRB5_PRINCNAME) = { - ASN1_EXP(KRB5_PRINCNAME, nametype, ASN1_INTEGER, 0), - ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1) -} ASN1_SEQUENCE_END(KRB5_PRINCNAME) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME) - -/* [APPLICATION 1] = 0x61 */ -ASN1_SEQUENCE(KRB5_TKTBODY) = { - ASN1_EXP(KRB5_TKTBODY, tktvno, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_TKTBODY, realm, ASN1_GENERALSTRING, 1), - ASN1_EXP(KRB5_TKTBODY, sname, KRB5_PRINCNAME, 2), - ASN1_EXP(KRB5_TKTBODY, encdata, KRB5_ENCDATA, 3) -} ASN1_SEQUENCE_END(KRB5_TKTBODY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY) - - -ASN1_ITEM_TEMPLATE(KRB5_TICKET) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1, - KRB5_TICKET, KRB5_TKTBODY) -ASN1_ITEM_TEMPLATE_END(KRB5_TICKET) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET) - -/* [APPLICATION 14] = 0x6e */ -ASN1_SEQUENCE(KRB5_APREQBODY) = { - ASN1_EXP(KRB5_APREQBODY, pvno, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_APREQBODY, msgtype, ASN1_INTEGER, 1), - ASN1_EXP(KRB5_APREQBODY, apoptions, ASN1_BIT_STRING, 2), - ASN1_EXP(KRB5_APREQBODY, ticket, KRB5_TICKET, 3), - ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA, 4), -} ASN1_SEQUENCE_END(KRB5_APREQBODY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY) - -ASN1_ITEM_TEMPLATE(KRB5_APREQ) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14, - KRB5_APREQ, KRB5_APREQBODY) -ASN1_ITEM_TEMPLATE_END(KRB5_APREQ) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ) - -/* Authenticator stuff */ - -ASN1_SEQUENCE(KRB5_CHECKSUM) = { - ASN1_EXP(KRB5_CHECKSUM, ctype, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_CHECKSUM, checksum, ASN1_OCTET_STRING,1) -} ASN1_SEQUENCE_END(KRB5_CHECKSUM) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM) - - -ASN1_SEQUENCE(KRB5_ENCKEY) = { - ASN1_EXP(KRB5_ENCKEY, ktype, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_ENCKEY, keyvalue, ASN1_OCTET_STRING,1) -} ASN1_SEQUENCE_END(KRB5_ENCKEY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY) - -/* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */ -ASN1_SEQUENCE(KRB5_AUTHDATA) = { - ASN1_EXP(KRB5_AUTHDATA, adtype, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_AUTHDATA, addata, ASN1_OCTET_STRING,1) -} ASN1_SEQUENCE_END(KRB5_AUTHDATA) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA) - -/* [APPLICATION 2] = 0x62 */ -ASN1_SEQUENCE(KRB5_AUTHENTBODY) = { - ASN1_EXP(KRB5_AUTHENTBODY, avno, ASN1_INTEGER, 0), - ASN1_EXP(KRB5_AUTHENTBODY, crealm, ASN1_GENERALSTRING, 1), - ASN1_EXP(KRB5_AUTHENTBODY, cname, KRB5_PRINCNAME, 2), - ASN1_EXP_OPT(KRB5_AUTHENTBODY, cksum, KRB5_CHECKSUM, 3), - ASN1_EXP(KRB5_AUTHENTBODY, cusec, ASN1_INTEGER, 4), - ASN1_EXP(KRB5_AUTHENTBODY, ctime, ASN1_GENERALIZEDTIME, 5), - ASN1_EXP_OPT(KRB5_AUTHENTBODY, subkey, KRB5_ENCKEY, 6), - ASN1_EXP_OPT(KRB5_AUTHENTBODY, seqnum, ASN1_INTEGER, 7), - ASN1_EXP_SEQUENCE_OF_OPT - (KRB5_AUTHENTBODY, authorization, KRB5_AUTHDATA, 8), -} ASN1_SEQUENCE_END(KRB5_AUTHENTBODY) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) - -ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = - ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2, - KRB5_AUTHENT, KRB5_AUTHENTBODY) -ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT) - -IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT) diff --git a/doc/standards.txt b/doc/standards.txt index 691fafe..d28b167 100644 --- a/doc/standards.txt +++ b/doc/standards.txt @@ -34,9 +34,6 @@ PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. 2560 X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP -2712 Addition of Kerberos Cipher Suites to Transport Layer Security - (TLS) - 2898 PKCS #5: Password-Based Cryptography Specification Version 2.0 2986 PKCS #10: Certification Request Syntax Specification Version 1.7 diff --git a/include/openssl/krb5_asn.h b/include/openssl/krb5_asn.h deleted file mode 100644 index 9cf5a26..0000000 --- a/include/openssl/krb5_asn.h +++ /dev/null @@ -1,240 +0,0 @@ -/* krb5_asn.h */ -/* - * Written by Vern Staats for the OpenSSL project, ** - * using ocsp/{*.h,*asn*.c} as a starting point - */ - -/* ==================================================================== - * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#ifndef HEADER_KRB5_ASN_H -# define HEADER_KRB5_ASN_H - -/* - * #include - */ -# include - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * ASN.1 from Kerberos RFC 1510 - */ - -/*- EncryptedData ::= SEQUENCE { - * etype[0] INTEGER, -- EncryptionType - * kvno[1] INTEGER OPTIONAL, - * cipher[2] OCTET STRING -- ciphertext - * } - */ -typedef struct krb5_encdata_st { - ASN1_INTEGER *etype; - ASN1_INTEGER *kvno; - ASN1_OCTET_STRING *cipher; -} KRB5_ENCDATA; - -DECLARE_STACK_OF(KRB5_ENCDATA) - -/*- PrincipalName ::= SEQUENCE { - * name-type[0] INTEGER, - * name-string[1] SEQUENCE OF GeneralString - * } - */ -typedef struct krb5_princname_st { - ASN1_INTEGER *nametype; - STACK_OF(ASN1_GENERALSTRING) *namestring; -} KRB5_PRINCNAME; - -DECLARE_STACK_OF(KRB5_PRINCNAME) - -/*- Ticket ::= [APPLICATION 1] SEQUENCE { - * tkt-vno[0] INTEGER, - * realm[1] Realm, - * sname[2] PrincipalName, - * enc-part[3] EncryptedData - * } - */ -typedef struct krb5_tktbody_st { - ASN1_INTEGER *tktvno; - ASN1_GENERALSTRING *realm; - KRB5_PRINCNAME *sname; - KRB5_ENCDATA *encdata; -} KRB5_TKTBODY; - -typedef STACK_OF(KRB5_TKTBODY) KRB5_TICKET; -DECLARE_STACK_OF(KRB5_TKTBODY) - -/*- AP-REQ ::= [APPLICATION 14] SEQUENCE { - * pvno[0] INTEGER, - * msg-type[1] INTEGER, - * ap-options[2] APOptions, - * ticket[3] Ticket, - * authenticator[4] EncryptedData - * } - * - * APOptions ::= BIT STRING { - * reserved(0), use-session-key(1), mutual-required(2) } - */ -typedef struct krb5_ap_req_st { - ASN1_INTEGER *pvno; - ASN1_INTEGER *msgtype; - ASN1_BIT_STRING *apoptions; - KRB5_TICKET *ticket; - KRB5_ENCDATA *authenticator; -} KRB5_APREQBODY; - -typedef STACK_OF(KRB5_APREQBODY) KRB5_APREQ; -DECLARE_STACK_OF(KRB5_APREQBODY) - -/* Authenticator Stuff */ - -/*- Checksum ::= SEQUENCE { - * cksumtype[0] INTEGER, - * checksum[1] OCTET STRING - * } - */ -typedef struct krb5_checksum_st { - ASN1_INTEGER *ctype; - ASN1_OCTET_STRING *checksum; -} KRB5_CHECKSUM; - -DECLARE_STACK_OF(KRB5_CHECKSUM) - -/*- EncryptionKey ::= SEQUENCE { - * keytype[0] INTEGER, - * keyvalue[1] OCTET STRING - * } - */ -typedef struct krb5_encryptionkey_st { - ASN1_INTEGER *ktype; - ASN1_OCTET_STRING *keyvalue; -} KRB5_ENCKEY; - -DECLARE_STACK_OF(KRB5_ENCKEY) - -/*- AuthorizationData ::= SEQUENCE OF SEQUENCE { - * ad-type[0] INTEGER, - * ad-data[1] OCTET STRING - * } - */ -typedef struct krb5_authorization_st { - ASN1_INTEGER *adtype; - ASN1_OCTET_STRING *addata; -} KRB5_AUTHDATA; - -DECLARE_STACK_OF(KRB5_AUTHDATA) - -/*- -- Unencrypted authenticator - * Authenticator ::= [APPLICATION 2] SEQUENCE { - * authenticator-vno[0] INTEGER, - * crealm[1] Realm, - * cname[2] PrincipalName, - * cksum[3] Checksum OPTIONAL, - * cusec[4] INTEGER, - * ctime[5] KerberosTime, - * subkey[6] EncryptionKey OPTIONAL, - * seq-number[7] INTEGER OPTIONAL, - * authorization-data[8] AuthorizationData OPTIONAL - * } - */ -typedef struct krb5_authenticator_st { - ASN1_INTEGER *avno; - ASN1_GENERALSTRING *crealm; - KRB5_PRINCNAME *cname; - KRB5_CHECKSUM *cksum; - ASN1_INTEGER *cusec; - ASN1_GENERALIZEDTIME *ctime; - KRB5_ENCKEY *subkey; - ASN1_INTEGER *seqnum; - KRB5_AUTHDATA *authorization; -} KRB5_AUTHENTBODY; - -typedef STACK_OF(KRB5_AUTHENTBODY) KRB5_AUTHENT; -DECLARE_STACK_OF(KRB5_AUTHENTBODY) - -/*- DECLARE_ASN1_FUNCTIONS(type) = DECLARE_ASN1_FUNCTIONS_name(type, type) = - * type *name##_new(void); - * void name##_free(type *a); - * DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) = - * DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) = - * type *d2i_##name(type **a, const unsigned char **in, long len); - * int i2d_##name(type *a, unsigned char **out); - * DECLARE_ASN1_ITEM(itname) = OPENSSL_EXTERN const ASN1_ITEM itname##_it - */ - -DECLARE_ASN1_FUNCTIONS(KRB5_ENCDATA) -DECLARE_ASN1_FUNCTIONS(KRB5_PRINCNAME) -DECLARE_ASN1_FUNCTIONS(KRB5_TKTBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_APREQBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_TICKET) -DECLARE_ASN1_FUNCTIONS(KRB5_APREQ) - -DECLARE_ASN1_FUNCTIONS(KRB5_CHECKSUM) -DECLARE_ASN1_FUNCTIONS(KRB5_ENCKEY) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHDATA) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENTBODY) -DECLARE_ASN1_FUNCTIONS(KRB5_AUTHENT) - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/openssl/kssl.h b/include/openssl/kssl.h deleted file mode 100644 index 9a57672..0000000 --- a/include/openssl/kssl.h +++ /dev/null @@ -1,197 +0,0 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ -/* - * Written by Vern Staats for the OpenSSL project - * 2000. project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -/* - ** 19990701 VRS Started. - */ - -#ifndef KSSL_H -# define KSSL_H - -# include - -# ifndef OPENSSL_NO_KRB5 - -# include -# include -# include -# ifdef OPENSSL_SYS_WIN32 -/* - * These can sometimes get redefined indirectly by krb5 header files after - * they get undefed in ossl_typ.h - */ -# undef X509_NAME -# undef X509_EXTENSIONS -# undef OCSP_REQUEST -# undef OCSP_RESPONSE -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * Depending on which KRB5 implementation used, some types from - * the other may be missing. Resolve that here and now - */ -# ifdef KRB5_HEIMDAL -typedef unsigned char krb5_octet; -# define FAR -# else - -# ifndef FAR -# define FAR -# endif - -# endif - -/*- - * Uncomment this to debug kssl problems or - * to trace usage of the Kerberos session key - * - * #define KSSL_DEBUG - */ - -# ifndef KRB5SVC -# define KRB5SVC "host" -# endif - -# ifndef KRB5KEYTAB -# define KRB5KEYTAB "/etc/krb5.keytab" -# endif - -# ifndef KRB5SENDAUTH -# define KRB5SENDAUTH 1 -# endif - -# ifndef KRB5CHECKAUTH -# define KRB5CHECKAUTH 1 -# endif - -# ifndef KSSL_CLOCKSKEW -# define KSSL_CLOCKSKEW 300; -# endif - -# define KSSL_ERR_MAX 255 -typedef struct kssl_err_st { - int reason; - char text[KSSL_ERR_MAX + 1]; -} KSSL_ERR; - -/*- Context for passing - * (1) Kerberos session key to SSL, and - * (2) Config data between application and SSL lib - */ -typedef struct kssl_ctx_st { - /* used by: disposition: */ - char *service_name; /* C,S default ok (kssl) */ - char *service_host; /* C input, REQUIRED */ - char *client_princ; /* S output from krb5 ticket */ - char *keytab_file; /* S NULL (/etc/krb5.keytab) */ - char *cred_cache; /* C NULL (default) */ - krb5_enctype enctype; - int length; - krb5_octet FAR *key; -} KSSL_CTX; - -# define KSSL_CLIENT 1 -# define KSSL_SERVER 2 -# define KSSL_SERVICE 3 -# define KSSL_KEYTAB 4 - -# define KSSL_CTX_OK 0 -# define KSSL_CTX_ERR 1 -# define KSSL_NOMEM 2 - -/* Public (for use by applications that use OpenSSL with Kerberos 5 support */ -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text); -KSSL_CTX *kssl_ctx_new(void); -KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx); -void kssl_ctx_show(KSSL_CTX *kssl_ctx); -krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, - int nentities); -krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp, - krb5_data *authenp, KSSL_ERR *kssl_err); -krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata, - krb5_ticket_times *ttimes, KSSL_ERR *kssl_err); -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session); -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text); -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data); -krb5_error_code kssl_build_principal_2(krb5_context context, - krb5_principal *princ, int rlen, - const char *realm, int slen, - const char *svc, int hlen, - const char *host); -krb5_error_code kssl_validate_times(krb5_timestamp atime, - krb5_ticket_times *ttimes); -krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp, - krb5_timestamp *atimep, - KSSL_ERR *kssl_err); -unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn); - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx); -KSSL_CTX *SSL_get0_kssl_ctx(SSL *s); -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx); - -#ifdef __cplusplus -} -#endif -# endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_H */ diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index ae06a12..9e10c10 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -1010,190 +1010,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_IPAddressOrRange_sort(st) SKM_sk_sort(IPAddressOrRange, (st)) # define sk_IPAddressOrRange_is_sorted(st) SKM_sk_is_sorted(IPAddressOrRange, (st)) -# define sk_KRB5_APREQBODY_new(cmp) SKM_sk_new(KRB5_APREQBODY, (cmp)) -# define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) -# define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) -# define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) -# define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_APREQBODY, (st), (val)) -# define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) -# define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) -# define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) -# define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) -# define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) -# define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) -# define sk_KRB5_APREQBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_APREQBODY, (st), (copy_func), (free_func)) -# define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) -# define sk_KRB5_APREQBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_APREQBODY, (st)) - -# define sk_KRB5_AUTHDATA_new(cmp) SKM_sk_new(KRB5_AUTHDATA, (cmp)) -# define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) -# define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) -# define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) -# define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHDATA, (st), (val)) -# define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) -# define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) -# define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) -# define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) -# define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) -# define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) -# define sk_KRB5_AUTHDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHDATA, (st), (copy_func), (free_func)) -# define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) -# define sk_KRB5_AUTHDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHDATA, (st)) - -# define sk_KRB5_AUTHENTBODY_new(cmp) SKM_sk_new(KRB5_AUTHENTBODY, (cmp)) -# define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) -# define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) -# define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) -# define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_AUTHENTBODY, (st), (val)) -# define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) -# define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) -# define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) -# define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) -# define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) -# define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) -# define sk_KRB5_AUTHENTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_AUTHENTBODY, (st), (copy_func), (free_func)) -# define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) -# define sk_KRB5_AUTHENTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_AUTHENTBODY, (st)) - -# define sk_KRB5_CHECKSUM_new(cmp) SKM_sk_new(KRB5_CHECKSUM, (cmp)) -# define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) -# define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) -# define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) -# define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_find_ex(st, val) SKM_sk_find_ex(KRB5_CHECKSUM, (st), (val)) -# define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) -# define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) -# define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) -# define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) -# define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) -# define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) -# define sk_KRB5_CHECKSUM_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_CHECKSUM, (st), (copy_func), (free_func)) -# define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) -# define sk_KRB5_CHECKSUM_is_sorted(st) SKM_sk_is_sorted(KRB5_CHECKSUM, (st)) - -# define sk_KRB5_ENCDATA_new(cmp) SKM_sk_new(KRB5_ENCDATA, (cmp)) -# define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) -# define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) -# define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) -# define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCDATA, (st), (val)) -# define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) -# define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) -# define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) -# define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) -# define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) -# define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) -# define sk_KRB5_ENCDATA_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCDATA, (st), (copy_func), (free_func)) -# define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) -# define sk_KRB5_ENCDATA_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCDATA, (st)) - -# define sk_KRB5_ENCKEY_new(cmp) SKM_sk_new(KRB5_ENCKEY, (cmp)) -# define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) -# define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) -# define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) -# define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_find_ex(st, val) SKM_sk_find_ex(KRB5_ENCKEY, (st), (val)) -# define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) -# define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) -# define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) -# define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) -# define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) -# define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) -# define sk_KRB5_ENCKEY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_ENCKEY, (st), (copy_func), (free_func)) -# define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) -# define sk_KRB5_ENCKEY_is_sorted(st) SKM_sk_is_sorted(KRB5_ENCKEY, (st)) - -# define sk_KRB5_PRINCNAME_new(cmp) SKM_sk_new(KRB5_PRINCNAME, (cmp)) -# define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) -# define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) -# define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) -# define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_find_ex(st, val) SKM_sk_find_ex(KRB5_PRINCNAME, (st), (val)) -# define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) -# define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) -# define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) -# define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) -# define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) -# define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) -# define sk_KRB5_PRINCNAME_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_PRINCNAME, (st), (copy_func), (free_func)) -# define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) -# define sk_KRB5_PRINCNAME_is_sorted(st) SKM_sk_is_sorted(KRB5_PRINCNAME, (st)) - -# define sk_KRB5_TKTBODY_new(cmp) SKM_sk_new(KRB5_TKTBODY, (cmp)) -# define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) -# define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) -# define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) -# define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_find_ex(st, val) SKM_sk_find_ex(KRB5_TKTBODY, (st), (val)) -# define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) -# define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) -# define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) -# define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) -# define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) -# define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) -# define sk_KRB5_TKTBODY_deep_copy(st, copy_func, free_func) SKM_sk_deep_copy(KRB5_TKTBODY, (st), (copy_func), (free_func)) -# define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) -# define sk_KRB5_TKTBODY_is_sorted(st) SKM_sk_is_sorted(KRB5_TKTBODY, (st)) - # define sk_MEM_OBJECT_DATA_new(cmp) SKM_sk_new(MEM_OBJECT_DATA, (cmp)) # define sk_MEM_OBJECT_DATA_new_null() SKM_sk_new_null(MEM_OBJECT_DATA) # define sk_MEM_OBJECT_DATA_free(st) SKM_sk_free(MEM_OBJECT_DATA, (st)) @@ -2252,6 +2068,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_void_sort(st) SKM_sk_sort(void, (st)) # define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) +# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) +# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) +# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + # define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) # define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) # define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) @@ -2302,31 +2143,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) # define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) -# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) -# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) -# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) -# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) -# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) -# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ - ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) -# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) - # define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) # define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) # define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index e8c2e6c..27e44cc 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -156,7 +156,6 @@ # include # include -# include # include # include @@ -171,35 +170,6 @@ extern "C" { */ # define SSL_SESSION_ASN1_VERSION 0x0001 -/* text strings for the ciphers */ - -/* - * VRS Additional Kerberos5 entries - */ -# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -# define SSL_TXT_KRB5_RC4_128_SHA SSL3_TXT_KRB5_RC4_128_SHA -# define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA -# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -# define SSL_TXT_KRB5_RC4_128_MD5 SSL3_TXT_KRB5_RC4_128_MD5 -# define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5 - -# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -# define SSL_TXT_KRB5_RC2_40_CBC_SHA SSL3_TXT_KRB5_RC2_40_CBC_SHA -# define SSL_TXT_KRB5_RC4_40_SHA SSL3_TXT_KRB5_RC4_40_SHA -# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -# define SSL_TXT_KRB5_RC2_40_CBC_MD5 SSL3_TXT_KRB5_RC2_40_CBC_MD5 -# define SSL_TXT_KRB5_RC4_40_MD5 SSL3_TXT_KRB5_RC4_40_MD5 - -# define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA -# define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 -# define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA -# define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 -# define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA -# define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 -# define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 - # define SSL_MAX_SSL_SESSION_ID_LENGTH 32 # define SSL_MAX_SID_CTX_LENGTH 32 @@ -207,6 +177,8 @@ extern "C" { # define SSL_MAX_KEY_ARG_LENGTH 8 # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* text strings for the ciphers */ + /* These are used to specify which ciphers to use and not to use */ # define SSL_TXT_EXP40 "EXPORT40" @@ -226,7 +198,6 @@ extern "C" { # define SSL_TXT_kDH "kDH" # define SSL_TXT_kEDH "kEDH"/* alias for kDHE */ # define SSL_TXT_kDHE "kDHE" -# define SSL_TXT_kKRB5 "kKRB5" # define SSL_TXT_kECDHr "kECDHr" # define SSL_TXT_kECDHe "kECDHe" # define SSL_TXT_kECDH "kECDH" @@ -240,7 +211,6 @@ extern "C" { # define SSL_TXT_aDSS "aDSS" # define SSL_TXT_aDH "aDH" # define SSL_TXT_aECDH "aECDH" -# define SSL_TXT_aKRB5 "aKRB5" # define SSL_TXT_aECDSA "aECDSA" # define SSL_TXT_aPSK "aPSK" # define SSL_TXT_aGOST94 "aGOST94" @@ -259,7 +229,6 @@ extern "C" { # define SSL_TXT_ECDHE "ECDHE"/* same as "kECDHE:-AECDH" */ # define SSL_TXT_AECDH "AECDH" # define SSL_TXT_ECDSA "ECDSA" -# define SSL_TXT_KRB5 "KRB5" # define SSL_TXT_PSK "PSK" # define SSL_TXT_SRP "SRP" @@ -2238,17 +2207,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_INVALID_STATUS_RESPONSE 328 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 # define SSL_R_INVALID_TRUST 279 -# define SSL_R_KRB5 285 -# define SSL_R_KRB5_C_CC_PRINC 286 -# define SSL_R_KRB5_C_GET_CRED 287 -# define SSL_R_KRB5_C_INIT 288 -# define SSL_R_KRB5_C_MK_REQ 289 -# define SSL_R_KRB5_S_BAD_TICKET 290 -# define SSL_R_KRB5_S_INIT 291 -# define SSL_R_KRB5_S_RD_REQ 292 -# define SSL_R_KRB5_S_TKT_EXPIRED 293 -# define SSL_R_KRB5_S_TKT_NYV 294 -# define SSL_R_KRB5_S_TKT_SKEW 295 # define SSL_R_LENGTH_MISMATCH 159 # define SSL_R_LENGTH_TOO_SHORT 160 # define SSL_R_LIBRARY_BUG 274 diff --git a/include/openssl/ssl3.h b/include/openssl/ssl3.h index 7d16d70..66bc8c6 100644 --- a/include/openssl/ssl3.h +++ b/include/openssl/ssl3.h @@ -177,25 +177,6 @@ extern "C" { # define SSL3_CK_ADH_DES_64_CBC_SHA 0x0300001A # define SSL3_CK_ADH_DES_192_CBC_SHA 0x0300001B -/* - * VRS Additional Kerberos5 entries - */ -# define SSL3_CK_KRB5_DES_64_CBC_SHA 0x0300001E -# define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x0300001F -# define SSL3_CK_KRB5_RC4_128_SHA 0x03000020 -# define SSL3_CK_KRB5_IDEA_128_CBC_SHA 0x03000021 -# define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000022 -# define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000023 -# define SSL3_CK_KRB5_RC4_128_MD5 0x03000024 -# define SSL3_CK_KRB5_IDEA_128_CBC_MD5 0x03000025 - -# define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000026 -# define SSL3_CK_KRB5_RC2_40_CBC_SHA 0x03000027 -# define SSL3_CK_KRB5_RC4_40_SHA 0x03000028 -# define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000029 -# define SSL3_CK_KRB5_RC2_40_CBC_MD5 0x0300002A -# define SSL3_CK_KRB5_RC4_40_MD5 0x0300002B - # define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" # define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" # define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" @@ -239,22 +220,6 @@ extern "C" { # define SSL3_TXT_ADH_DES_64_CBC_SHA "ADH-DES-CBC-SHA" # define SSL3_TXT_ADH_DES_192_CBC_SHA "ADH-DES-CBC3-SHA" -# define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" -# define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" -# define SSL3_TXT_KRB5_RC4_128_SHA "KRB5-RC4-SHA" -# define SSL3_TXT_KRB5_IDEA_128_CBC_SHA "KRB5-IDEA-CBC-SHA" -# define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" -# define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" -# define SSL3_TXT_KRB5_RC4_128_MD5 "KRB5-RC4-MD5" -# define SSL3_TXT_KRB5_IDEA_128_CBC_MD5 "KRB5-IDEA-CBC-MD5" - -# define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" -# define SSL3_TXT_KRB5_RC2_40_CBC_SHA "EXP-KRB5-RC2-CBC-SHA" -# define SSL3_TXT_KRB5_RC4_40_SHA "EXP-KRB5-RC4-SHA" -# define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" -# define SSL3_TXT_KRB5_RC2_40_CBC_MD5 "EXP-KRB5-RC2-CBC-MD5" -# define SSL3_TXT_KRB5_RC4_40_MD5 "EXP-KRB5-RC4-MD5" - # define SSL3_SSL_SESSION_ID_LENGTH 32 # define SSL3_MAX_SSL_SESSION_ID_LENGTH 32 diff --git a/include/openssl/store.h b/include/openssl/store.h index cd07b26..b732eef 100644 --- a/include/openssl/store.h +++ b/include/openssl/store.h @@ -180,8 +180,7 @@ typedef enum STORE_params { STORE_PARAM_KEY_PARAMETERS = 0x03, /* ??? */ STORE_PARAM_KEY_NO_PARAMETERS = 0x04, /* N/A */ STORE_PARAM_AUTH_PASSPHRASE = 0x05, /* char * */ - STORE_PARAM_AUTH_KRB5_TICKET = 0x06, /* void * */ - STORE_PARAM_TYPE_NUM = 0x06 /* The amount of known parameter types */ + STORE_PARAM_TYPE_NUM = 0x05 /* The amount of known parameter types */ } STORE_PARAM_TYPES; /* * Parameter value sizes. -1 means unknown, anything else is the required diff --git a/makevms.com b/makevms.com index fc7c0a4..37efdc8 100755 --- a/makevms.com +++ b/makevms.com @@ -249,7 +249,7 @@ $ SDIRS := - des,aes,rc2,rc4,rc5,idea,bf,cast,camellia,seed,modes,- bn,ec,rsa,dsa,ecdsa,dh,ecdh,dso,engine,- buffer,bio,stack,lhash,rand,err,- - evp,asn1,pem,x509,x509v3,conf,txt_db,pkcs7,pkcs12,comp,ocsp,ui,krb5,- + evp,asn1,pem,x509,x509v3,conf,txt_db,pkcs7,pkcs12,comp,ocsp,ui,- cms,pqueue,ts,jpake,srp,store,cmac $ $! One of the best way to figure out what the list should be is to do @@ -281,7 +281,6 @@ $ CONFIG_LOGICALS := AES,- HMAC,- IDEA,- JPAKE,- - KRB5,- MD2,- MD4,- MD5,- @@ -339,7 +338,6 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- DH/GOST;- TLSEXT/SRP,HEARTBEAT;- /STATIC_ENGINE;- - /KRB5;- /DEPRECATED;- /EC_NISTP_64_GCC_128;- /GMP;- @@ -774,7 +772,7 @@ $ HEADER_SDIRS := , - BN, EC, RSA, DSA, ECDSA, DH, ECDH, DSO, ENGINE, - BUFFER, BIO, STACK, LHASH, RAND, ERR, - EVP, ASN1, PEM, X509, X509V3, CONF, TXT_DB, PKCS7, PKCS12, - - COMP, OCSP, UI, KRB5, - + COMP, OCSP, UI, - CMS, PQUEUE, TS, JPAKE, SRP, STORE, CMAC $! $ EXHEADER_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h @@ -826,7 +824,6 @@ $ EXHEADER_PKCS12 := pkcs12.h $ EXHEADER_COMP := comp.h $ EXHEADER_OCSP := ocsp.h $ EXHEADER_UI := ui.h -$ EXHEADER_KRB5 := krb5_asn.h $ EXHEADER_CMS := cms.h $ EXHEADER_PQUEUE := pqueue.h $ EXHEADER_TS := ts.h @@ -850,7 +847,7 @@ $! $! Copy All The ".H" Files From The [.SSL] Directory. $! $! (keep these in the same order as ssl/Makefile) -$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h +$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, srtp.h $ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl] $! $! Purge the [.include.openssl] header files. diff --git a/ssl/Makefile b/ssl/Makefile index 86f5077..18b17d2 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -5,12 +5,10 @@ DIR= ssl TOP= .. CC= cc -INCLUDES= -I../crypto -I$(TOP) -I../include $(KRB5_INCLUDES) +INCLUDES= -I../crypto -I$(TOP) -I../include CFLAG=-g MAKEFILE= Makefile AR= ar r -# KRB5 stuff -KRB5_INCLUDES= CFLAGS= $(INCLUDES) $(CFLAG) @@ -28,7 +26,7 @@ LIBSRC= \ ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \ ssl_ciph.c ssl_stat.c ssl_rsa.c \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ - bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ + bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c LIBOBJ= \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \ @@ -40,12 +38,12 @@ LIBOBJ= \ ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \ ssl_ciph.o ssl_stat.o ssl_rsa.o \ ssl_asn1.o ssl_txt.o ssl_algs.o ssl_conf.o \ - bio_ssl.o ssl_err.o kssl.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ + bio_ssl.o ssl_err.o t1_reneg.o tls_srp.o t1_trce.o ssl_utst.o \ record/ssl3_buffer.o record/ssl3_record.o record/dtls1_bitmap.o SRC= $(LIBSRC) -HEADER= ssl_locl.h kssl_lcl.h record/record_locl.h record/record.h +HEADER= ssl_locl.h record/record_locl.h record/record.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -100,19 +98,18 @@ bio_ssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h bio_ssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h bio_ssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h bio_ssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h -bio_ssl.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -bio_ssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -bio_ssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -bio_ssl.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -bio_ssl.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h -bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c -bio_ssl.o: record/record.h ssl_locl.h +bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h +bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +bio_ssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h +bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h +bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c record/record.h ssl_locl.h d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -120,19 +117,19 @@ d1_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h -d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_both.o: ../include/openssl/x509_vfy.h d1_both.c record/record.h ssl_locl.h +d1_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h +d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h +d1_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c +d1_both.o: record/record.h ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -141,20 +138,19 @@ d1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -d1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c -d1_clnt.o: kssl_lcl.h record/record.h ssl_locl.h +d1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h +d1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c record/record.h ssl_locl.h d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -162,19 +158,18 @@ d1_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c -d1_lib.o: record/record.h ssl_locl.h +d1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c record/record.h ssl_locl.h d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -182,19 +177,18 @@ d1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c -d1_meth.o: record/record.h ssl_locl.h +d1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c record/record.h ssl_locl.h d1_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -202,19 +196,18 @@ d1_msg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_msg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_msg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_msg.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_msg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_msg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_msg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_msg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_msg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_msg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_msg.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_msg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_msg.c -d1_msg.o: record/record.h ssl_locl.h +d1_msg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_msg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_msg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_msg.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_msg.o: ../include/openssl/x509_vfy.h d1_msg.c record/record.h ssl_locl.h d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -222,19 +215,18 @@ d1_srtp.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srtp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srtp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_srtp.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_srtp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_srtp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -d1_srtp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -d1_srtp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -d1_srtp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -d1_srtp.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -d1_srtp.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_srtp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c -d1_srtp.o: record/record.h ssl_locl.h +d1_srtp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +d1_srtp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +d1_srtp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +d1_srtp.o: ../include/openssl/pem.h ../include/openssl/pem2.h +d1_srtp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +d1_srtp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_srtp.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_srtp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_srtp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_srtp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_srtp.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_srtp.o: ../include/openssl/x509_vfy.h d1_srtp.c record/record.h ssl_locl.h d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -243,20 +235,19 @@ d1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h d1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h d1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h d1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -d1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -d1_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -d1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -d1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -d1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c -d1_srvr.o: record/record.h ssl_locl.h +d1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +d1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +d1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +d1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +d1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +d1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h +d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c record/record.h ssl_locl.h dtls1_bitmap.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dtls1_bitmap.o: ../include/openssl/buffer.h ../include/openssl/comp.h dtls1_bitmap.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -264,41 +255,20 @@ dtls1_bitmap.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h dtls1_bitmap.o: ../include/openssl/ec.h ../include/openssl/ecdh.h dtls1_bitmap.o: ../include/openssl/ecdsa.h ../include/openssl/err.h dtls1_bitmap.o: ../include/openssl/evp.h ../include/openssl/hmac.h -dtls1_bitmap.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -dtls1_bitmap.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -dtls1_bitmap.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -dtls1_bitmap.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -dtls1_bitmap.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -dtls1_bitmap.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -dtls1_bitmap.o: ../include/openssl/safestack.h ../include/openssl/sha.h -dtls1_bitmap.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -dtls1_bitmap.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -dtls1_bitmap.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -dtls1_bitmap.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -dtls1_bitmap.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -dtls1_bitmap.o: dtls1_bitmap.c record/../record/record.h record/../ssl_locl.h +dtls1_bitmap.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +dtls1_bitmap.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +dtls1_bitmap.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +dtls1_bitmap.o: ../include/openssl/pem.h ../include/openssl/pem2.h +dtls1_bitmap.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +dtls1_bitmap.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +dtls1_bitmap.o: ../include/openssl/sha.h ../include/openssl/srtp.h +dtls1_bitmap.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +dtls1_bitmap.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +dtls1_bitmap.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +dtls1_bitmap.o: ../include/openssl/tls1.h ../include/openssl/x509.h +dtls1_bitmap.o: ../include/openssl/x509_vfy.h dtls1_bitmap.c +dtls1_bitmap.o: record/../record/record.h record/../ssl_locl.h dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h -kssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h -kssl.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -kssl.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -kssl.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -kssl.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -kssl.o: ../include/openssl/evp.h ../include/openssl/hmac.h -kssl.o: ../include/openssl/krb5_asn.h ../include/openssl/kssl.h -kssl.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -kssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h -kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -kssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -kssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h -kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -kssl.o: ../include/openssl/x509_vfy.h kssl.c kssl_lcl.h record/record.h -kssl.o: ssl_locl.h rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h rec_layer_d1.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -306,20 +276,19 @@ rec_layer_d1.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h rec_layer_d1.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rec_layer_d1.o: ../include/openssl/ecdsa.h ../include/openssl/err.h rec_layer_d1.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_d1.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -rec_layer_d1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rec_layer_d1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rec_layer_d1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rec_layer_d1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rec_layer_d1.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -rec_layer_d1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rec_layer_d1.o: ../include/openssl/sha.h ../include/openssl/srtp.h -rec_layer_d1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -rec_layer_d1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -rec_layer_d1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rec_layer_d1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -rec_layer_d1.o: ../include/openssl/x509_vfy.h rec_layer_d1.c -rec_layer_d1.o: record/../record/record.h record/../ssl_locl.h +rec_layer_d1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rec_layer_d1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rec_layer_d1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rec_layer_d1.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rec_layer_d1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +rec_layer_d1.o: ../include/openssl/rand.h ../include/openssl/rsa.h +rec_layer_d1.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rec_layer_d1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +rec_layer_d1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +rec_layer_d1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +rec_layer_d1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +rec_layer_d1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rec_layer_d1.o: rec_layer_d1.c record/../record/record.h record/../ssl_locl.h rec_layer_d1.o: record/rec_layer_d1.c record/record_locl.h rec_layer_s23.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_s23.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -328,19 +297,19 @@ rec_layer_s23.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h rec_layer_s23.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rec_layer_s23.o: ../include/openssl/ecdsa.h ../include/openssl/err.h rec_layer_s23.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_s23.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -rec_layer_s23.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rec_layer_s23.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rec_layer_s23.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rec_layer_s23.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rec_layer_s23.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -rec_layer_s23.o: ../include/openssl/safestack.h ../include/openssl/sha.h -rec_layer_s23.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -rec_layer_s23.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -rec_layer_s23.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -rec_layer_s23.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -rec_layer_s23.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rec_layer_s23.o: rec_layer_s23.c record/../record/record.h record/../ssl_locl.h +rec_layer_s23.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rec_layer_s23.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rec_layer_s23.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rec_layer_s23.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rec_layer_s23.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +rec_layer_s23.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +rec_layer_s23.o: ../include/openssl/sha.h ../include/openssl/srtp.h +rec_layer_s23.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +rec_layer_s23.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +rec_layer_s23.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rec_layer_s23.o: ../include/openssl/tls1.h ../include/openssl/x509.h +rec_layer_s23.o: ../include/openssl/x509_vfy.h rec_layer_s23.c +rec_layer_s23.o: record/../record/record.h record/../ssl_locl.h rec_layer_s23.o: record/rec_layer_s23.c rec_layer_s3.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_s3.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -349,20 +318,19 @@ rec_layer_s3.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h rec_layer_s3.o: ../include/openssl/ec.h ../include/openssl/ecdh.h rec_layer_s3.o: ../include/openssl/ecdsa.h ../include/openssl/err.h rec_layer_s3.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_s3.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -rec_layer_s3.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -rec_layer_s3.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -rec_layer_s3.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -rec_layer_s3.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -rec_layer_s3.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -rec_layer_s3.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rec_layer_s3.o: ../include/openssl/sha.h ../include/openssl/srtp.h -rec_layer_s3.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -rec_layer_s3.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -rec_layer_s3.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rec_layer_s3.o: ../include/openssl/tls1.h ../include/openssl/x509.h -rec_layer_s3.o: ../include/openssl/x509_vfy.h rec_layer_s3.c -rec_layer_s3.o: record/../record/record.h record/../ssl_locl.h +rec_layer_s3.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +rec_layer_s3.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +rec_layer_s3.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +rec_layer_s3.o: ../include/openssl/pem.h ../include/openssl/pem2.h +rec_layer_s3.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +rec_layer_s3.o: ../include/openssl/rand.h ../include/openssl/rsa.h +rec_layer_s3.o: ../include/openssl/safestack.h ../include/openssl/sha.h +rec_layer_s3.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +rec_layer_s3.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +rec_layer_s3.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +rec_layer_s3.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +rec_layer_s3.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +rec_layer_s3.o: rec_layer_s3.c record/../record/record.h record/../ssl_locl.h rec_layer_s3.o: record/rec_layer_s3.c record/record_locl.h s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -371,19 +339,19 @@ s23_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_clnt.o: ../include/openssl/x509_vfy.h record/record.h s23_clnt.c ssl_locl.h +s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s23_clnt.o: record/record.h s23_clnt.c ssl_locl.h s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -391,19 +359,18 @@ s23_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s23_lib.o: record/record.h s23_lib.c ssl_locl.h +s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_lib.o: ../include/openssl/x509_vfy.h record/record.h s23_lib.c ssl_locl.h s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -411,19 +378,18 @@ s23_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s23_meth.o: record/record.h s23_meth.c ssl_locl.h +s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s23_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s23_meth.o: ../include/openssl/x509_vfy.h record/record.h s23_meth.c ssl_locl.h s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -431,19 +397,19 @@ s23_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s23_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s23_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s23_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_srvr.o: ../include/openssl/x509_vfy.h record/record.h s23_srvr.c ssl_locl.h +s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s23_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s23_srvr.o: record/record.h s23_srvr.c ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -451,19 +417,19 @@ s3_both.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_both.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_both.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_both.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_both.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_both.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_both.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_both.o: ../include/openssl/x509_vfy.h record/record.h s3_both.c ssl_locl.h +s3_both.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_both.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_both.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_both.o: record/record.h s3_both.c ssl_locl.h s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -471,20 +437,19 @@ s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_cbc.o: ../include/openssl/x509_vfy.h record/record.h s3_cbc.c ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -493,21 +458,20 @@ s3_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h s3_clnt.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h record/record.h s3_clnt.c -s3_clnt.o: ssl_locl.h +s3_clnt.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s3_clnt.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_clnt.o: record/record.h s3_clnt.c ssl_locl.h s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -515,19 +479,19 @@ s3_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_enc.o: ../include/openssl/x509_vfy.h record/record.h s3_enc.c ssl_locl.h +s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_enc.o: record/record.h s3_enc.c ssl_locl.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -535,20 +499,19 @@ s3_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md5.h -s3_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h -s3_lib.o: record/record.h s3_lib.c ssl_locl.h +s3_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +s3_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h +s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_lib.o: ../include/openssl/x509_vfy.h record/record.h s3_lib.c ssl_locl.h s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -556,19 +519,18 @@ s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_meth.o: record/record.h s3_meth.c ssl_locl.h +s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_meth.o: ../include/openssl/x509_vfy.h record/record.h s3_meth.c ssl_locl.h s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -576,19 +538,18 @@ s3_msg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h s3_msg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h s3_msg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h s3_msg.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_msg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s3_msg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s3_msg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s3_msg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s3_msg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s3_msg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s3_msg.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_msg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_msg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_msg.o: record/record.h s3_msg.c ssl_locl.h +s3_msg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +s3_msg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +s3_msg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +s3_msg.o: ../include/openssl/pem.h ../include/openssl/pem2.h +s3_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +s3_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_msg.o: ../include/openssl/x509_vfy.h record/record.h s3_msg.c ssl_locl.h s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -597,8 +558,7 @@ s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/krb5_asn.h -s3_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h +s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h @@ -610,7 +570,7 @@ s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_srvr.o: record/record.h s3_srvr.c ssl_locl.h ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -619,20 +579,20 @@ ssl3_buffer.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl3_buffer.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl3_buffer.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl3_buffer.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl3_buffer.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl3_buffer.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl3_buffer.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl3_buffer.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl3_buffer.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl3_buffer.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl3_buffer.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl3_buffer.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl3_buffer.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl3_buffer.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl3_buffer.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl3_buffer.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl3_buffer.o: record/../record/record.h record/../ssl_locl.h -ssl3_buffer.o: record/record_locl.h record/ssl3_buffer.c ssl3_buffer.c +ssl3_buffer.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl3_buffer.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl3_buffer.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl3_buffer.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl3_buffer.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl3_buffer.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl3_buffer.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl3_buffer.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl3_buffer.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl3_buffer.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../record/record.h +ssl3_buffer.o: record/../ssl_locl.h record/record_locl.h record/ssl3_buffer.c +ssl3_buffer.o: ssl3_buffer.c ssl3_record.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_record.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl3_record.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -640,19 +600,18 @@ ssl3_record.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl3_record.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl3_record.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl3_record.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl3_record.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl3_record.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl3_record.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl3_record.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl3_record.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl3_record.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssl3_record.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl3_record.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl3_record.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl3_record.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl3_record.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl3_record.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl3_record.o: ../include/openssl/x509_vfy.h +ssl3_record.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl3_record.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl3_record.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl3_record.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl3_record.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl3_record.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssl3_record.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl3_record.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl3_record.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl3_record.o: record/../../crypto/constant_time_locl.h ssl3_record.o: record/../record/record.h record/../ssl_locl.h ssl3_record.o: record/record_locl.h record/ssl3_record.c ssl3_record.c @@ -663,19 +622,18 @@ ssl_algs.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_algs.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_algs.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_algs.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_algs.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_algs.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_algs.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_algs.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_algs.o: record/record.h ssl_algs.c ssl_locl.h +ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_algs.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_algs.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_algs.o: ../include/openssl/x509_vfy.h record/record.h ssl_algs.c ssl_locl.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -683,19 +641,19 @@ ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h ssl_asn1.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_asn1.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_asn1.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_asn1.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_asn1.o: ../include/openssl/x509_vfy.h record/record.h ssl_asn1.c ssl_locl.h +ssl_asn1.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_asn1.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_asn1.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_asn1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_asn1.o: record/record.h ssl_asn1.c ssl_locl.h ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -705,19 +663,19 @@ ssl_cert.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_cert.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_cert.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_cert.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_cert.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_cert.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_cert.o: ../include/openssl/x509v3.h record/record.h ssl_cert.c ssl_locl.h +ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_cert.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +ssl_cert.o: record/record.h ssl_cert.c ssl_locl.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -725,19 +683,19 @@ ssl_ciph.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_ciph.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_ciph.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ssl_ciph.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_ciph.o: ../include/openssl/x509_vfy.h record/record.h ssl_ciph.c ssl_locl.h +ssl_ciph.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_ciph.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_ciph.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_ciph.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_ciph.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_ciph.o: record/record.h ssl_ciph.c ssl_locl.h ssl_conf.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_conf.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_conf.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -746,55 +704,52 @@ ssl_conf.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_conf.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_conf.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_conf.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_conf.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_conf.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_conf.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_conf.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_conf.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_conf.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_conf.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_conf.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_conf.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_conf.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_conf.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_conf.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_conf.o: record/record.h ssl_conf.c ssl_locl.h +ssl_conf.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_conf.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_conf.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_conf.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_conf.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_conf.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_conf.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_conf.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_conf.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_conf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_conf.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_conf.o: ../include/openssl/x509_vfy.h record/record.h ssl_conf.c ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_err.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_err.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_err.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_err.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ssl_err.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c +ssl_err.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_err.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssl_err2.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssl_err2.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -ssl_err2.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c +ssl_err2.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_err2.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_err2.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_err2.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -803,21 +758,20 @@ ssl_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_lib.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssl_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h -ssl_lib.o: record/record.h ssl_lib.c ssl_locl.h +ssl_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssl_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_lib.o: ../include/openssl/x509v3.h record/record.h ssl_lib.c ssl_locl.h ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -825,19 +779,18 @@ ssl_rsa.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_rsa.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_rsa.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_rsa.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_rsa.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_rsa.o: record/record.h ssl_locl.h ssl_rsa.c +ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_rsa.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_rsa.c ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -845,20 +798,19 @@ ssl_sess.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_sess.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_sess.o: ../include/openssl/ecdsa.h ../include/openssl/engine.h ssl_sess.o: ../include/openssl/err.h ../include/openssl/evp.h -ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h -ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h -ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_sess.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_sess.o: record/record.h ssl_locl.h ssl_sess.c +ssl_sess.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +ssl_sess.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +ssl_sess.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +ssl_sess.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +ssl_sess.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_sess.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_sess.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_sess.c ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -866,19 +818,18 @@ ssl_stat.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_stat.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_stat.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_stat.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_stat.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_stat.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_stat.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_stat.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_stat.o: record/record.h ssl_locl.h ssl_stat.c +ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_stat.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_stat.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_stat.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_stat.c ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -886,19 +837,18 @@ ssl_txt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_txt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_txt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_txt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_txt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_txt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_txt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_txt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_txt.o: record/record.h ssl_locl.h ssl_txt.c +ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_txt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_txt.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_txt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_txt.c ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_utst.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_utst.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -906,19 +856,18 @@ ssl_utst.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h ssl_utst.o: ../include/openssl/ec.h ../include/openssl/ecdh.h ssl_utst.o: ../include/openssl/ecdsa.h ../include/openssl/err.h ssl_utst.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssl_utst.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssl_utst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssl_utst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssl_utst.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssl_utst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssl_utst.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -ssl_utst.o: ../include/openssl/safestack.h ../include/openssl/sha.h -ssl_utst.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_utst.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_utst.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_utst.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_utst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_utst.o: record/record.h ssl_locl.h ssl_utst.c +ssl_utst.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssl_utst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssl_utst.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssl_utst.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssl_utst.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssl_utst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +ssl_utst.o: ../include/openssl/sha.h ../include/openssl/srtp.h +ssl_utst.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssl_utst.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_utst.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_utst.c t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -926,19 +875,19 @@ t1_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_clnt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_clnt.c +t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_clnt.o: record/record.h ssl_locl.h t1_clnt.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -946,20 +895,19 @@ t1_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_enc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -t1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h -t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_enc.o: record/record.h ssl_locl.h t1_enc.c +t1_enc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +t1_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +t1_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +t1_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +t1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_enc.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_enc.c t1_ext.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_ext.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_ext.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -967,19 +915,18 @@ t1_ext.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_ext.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_ext.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_ext.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_ext.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_ext.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_ext.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_ext.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_ext.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_ext.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_ext.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_ext.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_ext.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_ext.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_ext.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_ext.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_ext.o: record/record.h ssl_locl.h t1_ext.c +t1_ext.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_ext.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_ext.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_ext.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_ext.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_ext.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_ext.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_ext.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_ext.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_ext.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_ext.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_ext.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_ext.c t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -988,21 +935,20 @@ t1_lib.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/ec.h t1_lib.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h t1_lib.o: ../include/openssl/err.h ../include/openssl/evp.h -t1_lib.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -t1_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h -t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -t1_lib.o: record/record.h ssl_locl.h t1_lib.c +t1_lib.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +t1_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +t1_lib.o: ../include/openssl/ocsp.h ../include/openssl/opensslconf.h +t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_lib.o: ../include/openssl/x509v3.h record/record.h ssl_locl.h t1_lib.c t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1010,19 +956,18 @@ t1_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_meth.o: record/record.h ssl_locl.h t1_meth.c +t1_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_meth.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_meth.c t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1030,19 +975,18 @@ t1_reneg.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_reneg.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_reneg.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_reneg.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_reneg.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_reneg.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_reneg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_reneg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_reneg.o: record/record.h ssl_locl.h t1_reneg.c +t1_reneg.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_reneg.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_reneg.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_reneg.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_reneg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_reneg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_reneg.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_reneg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_reneg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_reneg.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_reneg.c t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1050,19 +994,19 @@ t1_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_srvr.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_srvr.c +t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h +t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h +t1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_srvr.o: record/record.h ssl_locl.h t1_srvr.c t1_trce.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_trce.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_trce.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1070,19 +1014,18 @@ t1_trce.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h t1_trce.o: ../include/openssl/ec.h ../include/openssl/ecdh.h t1_trce.o: ../include/openssl/ecdsa.h ../include/openssl/err.h t1_trce.o: ../include/openssl/evp.h ../include/openssl/hmac.h -t1_trce.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -t1_trce.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -t1_trce.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -t1_trce.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -t1_trce.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -t1_trce.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -t1_trce.o: ../include/openssl/safestack.h ../include/openssl/sha.h -t1_trce.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_trce.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_trce.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_trce.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_trce.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_trce.o: record/record.h ssl_locl.h t1_trce.c +t1_trce.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +t1_trce.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +t1_trce.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +t1_trce.o: ../include/openssl/pem.h ../include/openssl/pem2.h +t1_trce.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +t1_trce.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +t1_trce.o: ../include/openssl/sha.h ../include/openssl/srtp.h +t1_trce.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +t1_trce.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +t1_trce.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_trce.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_trce.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_trce.c tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -1090,17 +1033,17 @@ tls_srp.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h tls_srp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h tls_srp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h tls_srp.o: ../include/openssl/err.h ../include/openssl/evp.h -tls_srp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h -tls_srp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -tls_srp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -tls_srp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -tls_srp.o: ../include/openssl/pem.h ../include/openssl/pem2.h -tls_srp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -tls_srp.o: ../include/openssl/rand.h ../include/openssl/rsa.h -tls_srp.o: ../include/openssl/safestack.h ../include/openssl/sha.h -tls_srp.o: ../include/openssl/srp.h ../include/openssl/srtp.h -tls_srp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -tls_srp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h -tls_srp.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h tls_srp.c +tls_srp.o: ../include/openssl/hmac.h ../include/openssl/lhash.h +tls_srp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +tls_srp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +tls_srp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +tls_srp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +tls_srp.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +tls_srp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +tls_srp.o: ../include/openssl/sha.h ../include/openssl/srp.h +tls_srp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +tls_srp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +tls_srp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +tls_srp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +tls_srp.o: record/record.h ssl_locl.h tls_srp.c diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index 142438a..ed67f9d 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -115,9 +115,6 @@ #include #include "ssl_locl.h" -#ifndef OPENSSL_NO_KRB5 -# include "kssl_lcl.h" -#endif #include #include #include diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index 94bd435..ac2a006 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -526,16 +526,12 @@ int dtls1_accept(SSL *s) * RFC 2246): */ ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* - * ... except when the application insists on - * verification (against the specs, but s3_clnt.c accepts - * this for SSL 3) - */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* - * never request cert in Kerberos ciphersuites + * ... except when the application insists on + * verification (against the specs, but s3_clnt.c accepts + * this for SSL 3) */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) + !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) /* * With normal PSK Certificates and Certificate Requests * are omitted diff --git a/ssl/install-ssl.com b/ssl/install-ssl.com index ce26b68..55e1a6a 100755 --- a/ssl/install-ssl.com +++ b/ssl/install-ssl.com @@ -70,7 +70,7 @@ $ if f$parse("wrk_sslinclude:") .eqs. "" then - $ if f$parse("wrk_sslxlib:") .eqs. "" then - create /directory /log wrk_sslxlib: $! -$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h +$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, srtp.h $ libs := ssl_libssl $! $ xexe_dir := [-.'archd'.exe.ssl] diff --git a/ssl/kssl.c b/ssl/kssl.c deleted file mode 100644 index 15973ed..0000000 --- a/ssl/kssl.c +++ /dev/null @@ -1,2252 +0,0 @@ -/* ssl/kssl.c -*- mode: C; c-file-style: "eay" -*- */ -/* - * Written by Vern Staats for the OpenSSL project - * 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -/*- - * ssl/kssl.c -- Routines to support (& debug) Kerberos5 auth for openssl - * - * 19990701 VRS Started. - * 200011?? Jeffrey Altman, Richard Levitte - * Generalized for Heimdal, Newer MIT, & Win32. - * Integrated into main OpenSSL 0.9.7 snapshots. - * 20010413 Simon Wilkinson, VRS - * Real RFC2712 KerberosWrapper replaces AP_REQ. - */ - -#include - -#include - -#define KRB5_PRIVATE 1 - -#include -#include -#include -#include -#include "kssl_lcl.h" -#include "ssl_locl.h" - -#ifndef OPENSSL_NO_KRB5 - -# ifndef ENOMEM -# define ENOMEM KRB5KRB_ERR_GENERIC -# endif - -/* - * When OpenSSL is built on Windows, we do not want to require that - * the Kerberos DLLs be available in order for the OpenSSL DLLs to - * work. Therefore, all Kerberos routines are loaded at run time - * and we do not link to a .LIB file. - */ - -# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) -/* - * The purpose of the following pre-processor statements is to provide - * compatibility with different releases of MIT Kerberos for Windows. - * All versions up to 1.2 used macros. But macros do not allow for - * a binary compatible interface for DLLs. Therefore, all macros are - * being replaced by function calls. The following code will allow - * an OpenSSL DLL built on Windows to work whether or not the macro - * or function form of the routines are utilized. - */ -# ifdef krb5_cc_get_principal -# define NO_DEF_KRB5_CCACHE -# undef krb5_cc_get_principal -# endif -# define krb5_cc_get_principal kssl_krb5_cc_get_principal - -# define krb5_free_data_contents kssl_krb5_free_data_contents -# define krb5_free_context kssl_krb5_free_context -# define krb5_auth_con_free kssl_krb5_auth_con_free -# define krb5_free_principal kssl_krb5_free_principal -# define krb5_mk_req_extended kssl_krb5_mk_req_extended -# define krb5_get_credentials kssl_krb5_get_credentials -# define krb5_cc_default kssl_krb5_cc_default -# define krb5_sname_to_principal kssl_krb5_sname_to_principal -# define krb5_init_context kssl_krb5_init_context -# define krb5_free_ticket kssl_krb5_free_ticket -# define krb5_rd_req kssl_krb5_rd_req -# define krb5_kt_default kssl_krb5_kt_default -# define krb5_kt_resolve kssl_krb5_kt_resolve -/* macros in mit 1.2.2 and earlier; functions in mit 1.2.3 and greater */ -# ifndef krb5_kt_close -# define krb5_kt_close kssl_krb5_kt_close -# endif /* krb5_kt_close */ -# ifndef krb5_kt_get_entry -# define krb5_kt_get_entry kssl_krb5_kt_get_entry -# endif /* krb5_kt_get_entry */ -# define krb5_auth_con_init kssl_krb5_auth_con_init - -# define krb5_principal_compare kssl_krb5_principal_compare -# define krb5_decrypt_tkt_part kssl_krb5_decrypt_tkt_part -# define krb5_timeofday kssl_krb5_timeofday -# define krb5_rc_default kssl_krb5_rc_default - -# ifdef krb5_rc_initialize -# undef krb5_rc_initialize -# endif -# define krb5_rc_initialize kssl_krb5_rc_initialize - -# ifdef krb5_rc_get_lifespan -# undef krb5_rc_get_lifespan -# endif -# define krb5_rc_get_lifespan kssl_krb5_rc_get_lifespan - -# ifdef krb5_rc_destroy -# undef krb5_rc_destroy -# endif -# define krb5_rc_destroy kssl_krb5_rc_destroy - -# define valid_cksumtype kssl_valid_cksumtype -# define krb5_checksum_size kssl_krb5_checksum_size -# define krb5_kt_free_entry kssl_krb5_kt_free_entry -# define krb5_auth_con_setrcache kssl_krb5_auth_con_setrcache -# define krb5_auth_con_getrcache kssl_krb5_auth_con_getrcache -# define krb5_get_server_rcache kssl_krb5_get_server_rcache - -/* Prototypes for built in stubs */ -void kssl_krb5_free_data_contents(krb5_context, krb5_data *); -void kssl_krb5_free_principal(krb5_context, krb5_principal); -krb5_error_code kssl_krb5_kt_resolve(krb5_context, - krb5_const char *, krb5_keytab *); -krb5_error_code kssl_krb5_kt_default(krb5_context, krb5_keytab *); -krb5_error_code kssl_krb5_free_ticket(krb5_context, krb5_ticket *); -krb5_error_code kssl_krb5_rd_req(krb5_context, krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, krb5_keytab, - krb5_flags *, krb5_ticket **); - -krb5_boolean kssl_krb5_principal_compare(krb5_context, krb5_const_principal, - krb5_const_principal); -krb5_error_code kssl_krb5_mk_req_extended(krb5_context, - krb5_auth_context *, - krb5_const krb5_flags, - krb5_data *, - krb5_creds *, krb5_data *); -krb5_error_code kssl_krb5_init_context(krb5_context *); -void kssl_krb5_free_context(krb5_context); -krb5_error_code kssl_krb5_cc_default(krb5_context, krb5_ccache *); -krb5_error_code kssl_krb5_sname_to_principal(krb5_context, - krb5_const char *, - krb5_const char *, - krb5_int32, krb5_principal *); -krb5_error_code kssl_krb5_get_credentials(krb5_context, - krb5_const krb5_flags, - krb5_ccache, - krb5_creds *, krb5_creds * *); -krb5_error_code kssl_krb5_auth_con_init(krb5_context, krb5_auth_context *); -krb5_error_code kssl_krb5_cc_get_principal(krb5_context context, - krb5_ccache cache, - krb5_principal *principal); -krb5_error_code kssl_krb5_auth_con_free(krb5_context, krb5_auth_context); -size_t kssl_krb5_checksum_size(krb5_context context, krb5_cksumtype ctype); -krb5_boolean kssl_valid_cksumtype(krb5_cksumtype ctype); -krb5_error_code krb5_kt_free_entry(krb5_context, krb5_keytab_entry FAR *); -krb5_error_code kssl_krb5_auth_con_setrcache(krb5_context, - krb5_auth_context, krb5_rcache); -krb5_error_code kssl_krb5_get_server_rcache(krb5_context, - krb5_const krb5_data *, - krb5_rcache *); -krb5_error_code kssl_krb5_auth_con_getrcache(krb5_context, - krb5_auth_context, - krb5_rcache *); - -/* Function pointers (almost all Kerberos functions are _stdcall) */ -static void (_stdcall *p_krb5_free_data_contents) (krb5_context, krb5_data *) - = NULL; -static void (_stdcall *p_krb5_free_principal) (krb5_context, krb5_principal) - = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_resolve) - (krb5_context, krb5_const char *, krb5_keytab *) = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_default) (krb5_context, - krb5_keytab *) = NULL; -static krb5_error_code(_stdcall *p_krb5_free_ticket) (krb5_context, - krb5_ticket *) = NULL; -static krb5_error_code(_stdcall *p_krb5_rd_req) (krb5_context, - krb5_auth_context *, - krb5_const krb5_data *, - krb5_const_principal, - krb5_keytab, krb5_flags *, - krb5_ticket **) = NULL; -static krb5_error_code(_stdcall *p_krb5_mk_req_extended) - (krb5_context, krb5_auth_context *, - krb5_const krb5_flags, krb5_data *, krb5_creds *, krb5_data *) = NULL; -static krb5_error_code(_stdcall *p_krb5_init_context) (krb5_context *) = NULL; -static void (_stdcall *p_krb5_free_context) (krb5_context) = NULL; -static krb5_error_code(_stdcall *p_krb5_cc_default) (krb5_context, - krb5_ccache *) = NULL; -static krb5_error_code(_stdcall *p_krb5_sname_to_principal) - (krb5_context, krb5_const char *, krb5_const char *, - krb5_int32, krb5_principal *) = NULL; -static krb5_error_code(_stdcall *p_krb5_get_credentials) - (krb5_context, krb5_const krb5_flags, krb5_ccache, - krb5_creds *, krb5_creds **) = NULL; -static krb5_error_code(_stdcall *p_krb5_auth_con_init) - (krb5_context, krb5_auth_context *) = NULL; -static krb5_error_code(_stdcall *p_krb5_cc_get_principal) - (krb5_context context, krb5_ccache cache, krb5_principal *principal) = NULL; -static krb5_error_code(_stdcall *p_krb5_auth_con_free) - (krb5_context, krb5_auth_context) = NULL; -static krb5_error_code(_stdcall *p_krb5_decrypt_tkt_part) - (krb5_context, krb5_const krb5_keyblock *, krb5_ticket *) = NULL; -static krb5_error_code(_stdcall *p_krb5_timeofday) - (krb5_context context, krb5_int32 *timeret) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_default) - (krb5_context context, krb5_rcache *rc) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_initialize) - (krb5_context context, krb5_rcache rc, krb5_deltat lifespan) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_get_lifespan) - (krb5_context context, krb5_rcache rc, krb5_deltat *lifespan) = NULL; -static krb5_error_code(_stdcall *p_krb5_rc_destroy) - (krb5_context context, krb5_rcache rc) = NULL; -static krb5_boolean(_stdcall *p_krb5_principal_compare) - (krb5_context, krb5_const_principal, krb5_const_principal) = NULL; -static size_t (_stdcall *p_krb5_checksum_size) (krb5_context context, - krb5_cksumtype ctype) = NULL; -static krb5_boolean(_stdcall *p_valid_cksumtype) (krb5_cksumtype ctype) = - NULL; -static krb5_error_code(_stdcall *p_krb5_kt_free_entry) - (krb5_context, krb5_keytab_entry *) = NULL; -static krb5_error_code(_stdcall *p_krb5_auth_con_setrcache) (krb5_context, - krb5_auth_context, - krb5_rcache) = - NULL; -static krb5_error_code(_stdcall *p_krb5_get_server_rcache) (krb5_context, - krb5_const - krb5_data *, - krb5_rcache *) = - NULL; -static krb5_error_code(*p_krb5_auth_con_getrcache) (krb5_context, - krb5_auth_context, - krb5_rcache *) = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_close) (krb5_context context, - krb5_keytab keytab) = NULL; -static krb5_error_code(_stdcall *p_krb5_kt_get_entry) (krb5_context context, - krb5_keytab keytab, - krb5_const_principal - principal, - krb5_kvno vno, - krb5_enctype enctype, - krb5_keytab_entry - *entry) = NULL; -static int krb5_loaded = 0; /* only attempt to initialize func ptrs once */ - -/* Function to Load the Kerberos 5 DLL and initialize function pointers */ -void load_krb5_dll(void) -{ - HANDLE hKRB5_32; - - krb5_loaded++; - hKRB5_32 = LoadLibrary(TEXT("KRB5_32")); - if (!hKRB5_32) - return; - - (FARPROC) p_krb5_free_data_contents = - GetProcAddress(hKRB5_32, "krb5_free_data_contents"); - (FARPROC) p_krb5_free_context = - GetProcAddress(hKRB5_32, "krb5_free_context"); - (FARPROC) p_krb5_auth_con_free = - GetProcAddress(hKRB5_32, "krb5_auth_con_free"); - (FARPROC) p_krb5_free_principal = - GetProcAddress(hKRB5_32, "krb5_free_principal"); - (FARPROC) p_krb5_mk_req_extended = - GetProcAddress(hKRB5_32, "krb5_mk_req_extended"); - (FARPROC) p_krb5_get_credentials = - GetProcAddress(hKRB5_32, "krb5_get_credentials"); - (FARPROC) p_krb5_cc_get_principal = - GetProcAddress(hKRB5_32, "krb5_cc_get_principal"); - (FARPROC) p_krb5_cc_default = GetProcAddress(hKRB5_32, "krb5_cc_default"); - (FARPROC) p_krb5_sname_to_principal = - GetProcAddress(hKRB5_32, "krb5_sname_to_principal"); - (FARPROC) p_krb5_init_context = - GetProcAddress(hKRB5_32, "krb5_init_context"); - (FARPROC) p_krb5_free_ticket = - GetProcAddress(hKRB5_32, "krb5_free_ticket"); - (FARPROC) p_krb5_rd_req = GetProcAddress(hKRB5_32, "krb5_rd_req"); - (FARPROC) p_krb5_principal_compare = - GetProcAddress(hKRB5_32, "krb5_principal_compare"); - (FARPROC) p_krb5_decrypt_tkt_part = - GetProcAddress(hKRB5_32, "krb5_decrypt_tkt_part"); - (FARPROC) p_krb5_timeofday = GetProcAddress(hKRB5_32, "krb5_timeofday"); - (FARPROC) p_krb5_rc_default = GetProcAddress(hKRB5_32, "krb5_rc_default"); - (FARPROC) p_krb5_rc_initialize = - GetProcAddress(hKRB5_32, "krb5_rc_initialize"); - (FARPROC) p_krb5_rc_get_lifespan = - GetProcAddress(hKRB5_32, "krb5_rc_get_lifespan"); - (FARPROC) p_krb5_rc_destroy = GetProcAddress(hKRB5_32, "krb5_rc_destroy"); - (FARPROC) p_krb5_kt_default = GetProcAddress(hKRB5_32, "krb5_kt_default"); - (FARPROC) p_krb5_kt_resolve = GetProcAddress(hKRB5_32, "krb5_kt_resolve"); - (FARPROC) p_krb5_auth_con_init = - GetProcAddress(hKRB5_32, "krb5_auth_con_init"); - (FARPROC) p_valid_cksumtype = GetProcAddress(hKRB5_32, "valid_cksumtype"); - (FARPROC) p_krb5_checksum_size = - GetProcAddress(hKRB5_32, "krb5_checksum_size"); - (FARPROC) p_krb5_kt_free_entry = - GetProcAddress(hKRB5_32, "krb5_kt_free_entry"); - (FARPROC) p_krb5_auth_con_setrcache = - GetProcAddress(hKRB5_32, "krb5_auth_con_setrcache"); - (FARPROC) p_krb5_get_server_rcache = - GetProcAddress(hKRB5_32, "krb5_get_server_rcache"); - (FARPROC) p_krb5_auth_con_getrcache = - GetProcAddress(hKRB5_32, "krb5_auth_con_getrcache"); - (FARPROC) p_krb5_kt_close = GetProcAddress(hKRB5_32, "krb5_kt_close"); - (FARPROC) p_krb5_kt_get_entry = - GetProcAddress(hKRB5_32, "krb5_kt_get_entry"); -} - -/* Stubs for each function to be dynamicly loaded */ -void kssl_krb5_free_data_contents(krb5_context CO, krb5_data *data) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_data_contents) - p_krb5_free_data_contents(CO, data); -} - -krb5_error_code -kssl_krb5_mk_req_extended(krb5_context CO, - krb5_auth_context *pACO, - krb5_const krb5_flags F, - krb5_data *pD1, krb5_creds *pC, krb5_data *pD2) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_mk_req_extended) - return (p_krb5_mk_req_extended(CO, pACO, F, pD1, pC, pD2)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_auth_con_init(krb5_context CO, krb5_auth_context *pACO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_auth_con_init) - return (p_krb5_auth_con_init(CO, pACO)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_auth_con_free(krb5_context CO, krb5_auth_context ACO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_auth_con_free) - return (p_krb5_auth_con_free(CO, ACO)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_get_credentials(krb5_context CO, - krb5_const krb5_flags F, - krb5_ccache CC, krb5_creds *pCR, krb5_creds **ppCR) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_get_credentials) - return (p_krb5_get_credentials(CO, F, CC, pCR, ppCR)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_sname_to_principal(krb5_context CO, - krb5_const char *pC1, - krb5_const char *pC2, - krb5_int32 I, krb5_principal *pPR) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_sname_to_principal) - return (p_krb5_sname_to_principal(CO, pC1, pC2, I, pPR)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_cc_default(krb5_context CO, krb5_ccache *pCC) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_cc_default) - return (p_krb5_cc_default(CO, pCC)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_init_context(krb5_context *pCO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_init_context) - return (p_krb5_init_context(pCO)); - else - return KRB5KRB_ERR_GENERIC; -} - -void kssl_krb5_free_context(krb5_context CO) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_context) - p_krb5_free_context(CO); -} - -void kssl_krb5_free_principal(krb5_context c, krb5_principal p) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_principal) - p_krb5_free_principal(c, p); -} - -krb5_error_code -kssl_krb5_kt_resolve(krb5_context con, krb5_const char *sz, krb5_keytab *kt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_kt_resolve) - return (p_krb5_kt_resolve(con, sz, kt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_kt_default(krb5_context con, krb5_keytab *kt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_kt_default) - return (p_krb5_kt_default(con, kt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_free_ticket(krb5_context con, krb5_ticket *kt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_free_ticket) - return (p_krb5_free_ticket(con, kt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_rd_req(krb5_context con, krb5_auth_context *pacon, - krb5_const krb5_data *data, - krb5_const_principal princ, krb5_keytab keytab, - krb5_flags *flags, krb5_ticket **pptkt) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rd_req) - return (p_krb5_rd_req(con, pacon, data, princ, keytab, flags, pptkt)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_boolean -krb5_principal_compare(krb5_context con, krb5_const_principal princ1, - krb5_const_principal princ2) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_principal_compare) - return (p_krb5_principal_compare(con, princ1, princ2)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -krb5_decrypt_tkt_part(krb5_context con, krb5_const krb5_keyblock *keys, - krb5_ticket *ticket) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_decrypt_tkt_part) - return (p_krb5_decrypt_tkt_part(con, keys, ticket)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_timeofday(krb5_context con, krb5_int32 *timeret) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_timeofday) - return (p_krb5_timeofday(con, timeret)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_rc_default(krb5_context con, krb5_rcache *rc) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_default) - return (p_krb5_rc_default(con, rc)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -krb5_rc_initialize(krb5_context con, krb5_rcache rc, krb5_deltat lifespan) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_initialize) - return (p_krb5_rc_initialize(con, rc, lifespan)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -krb5_rc_get_lifespan(krb5_context con, krb5_rcache rc, krb5_deltat *lifespanp) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_get_lifespan) - return (p_krb5_rc_get_lifespan(con, rc, lifespanp)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_rc_destroy(krb5_context con, krb5_rcache rc) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_rc_destroy) - return (p_krb5_rc_destroy(con, rc)); - else - return KRB5KRB_ERR_GENERIC; -} - -size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_checksum_size) - return (p_krb5_checksum_size(context, ctype)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_boolean valid_cksumtype(krb5_cksumtype ctype) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_valid_cksumtype) - return (p_valid_cksumtype(ctype)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code krb5_kt_free_entry(krb5_context con, krb5_keytab_entry *entry) -{ - if (!krb5_loaded) - load_krb5_dll(); - - if (p_krb5_kt_free_entry) - return (p_krb5_kt_free_entry(con, entry)); - else - return KRB5KRB_ERR_GENERIC; -} - -/* Structure definitions */ -# ifndef NO_DEF_KRB5_CCACHE -# ifndef krb5_x -# define krb5_x(ptr,args) ((ptr)?((*(ptr)) args):(abort(),1)) -# define krb5_xc(ptr,args) ((ptr)?((*(ptr)) args):(abort(),(char*)0)) -# endif - -typedef krb5_pointer krb5_cc_cursor; /* cursor for sequential lookup */ - -typedef struct _krb5_ccache { - krb5_magic magic; - struct _krb5_cc_ops FAR *ops; - krb5_pointer data; -} *krb5_ccache; - -typedef struct _krb5_cc_ops { - krb5_magic magic; - char *prefix; - char *(KRB5_CALLCONV *get_name) - (krb5_context, krb5_ccache); - krb5_error_code(KRB5_CALLCONV *resolve) - (krb5_context, krb5_ccache *, const char *); - krb5_error_code(KRB5_CALLCONV *gen_new) - (krb5_context, krb5_ccache *); - krb5_error_code(KRB5_CALLCONV *init) - (krb5_context, krb5_ccache, krb5_principal); - krb5_error_code(KRB5_CALLCONV *destroy) - (krb5_context, krb5_ccache); - krb5_error_code(KRB5_CALLCONV *close) - (krb5_context, krb5_ccache); - krb5_error_code(KRB5_CALLCONV *store) - (krb5_context, krb5_ccache, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *retrieve) - (krb5_context, krb5_ccache, krb5_flags, krb5_creds *, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *get_princ) - (krb5_context, krb5_ccache, krb5_principal *); - krb5_error_code(KRB5_CALLCONV *get_first) - (krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code(KRB5_CALLCONV *get_next) - (krb5_context, krb5_ccache, krb5_cc_cursor *, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *end_get) - (krb5_context, krb5_ccache, krb5_cc_cursor *); - krb5_error_code(KRB5_CALLCONV *remove_cred) - (krb5_context, krb5_ccache, krb5_flags, krb5_creds *); - krb5_error_code(KRB5_CALLCONV *set_flags) - (krb5_context, krb5_ccache, krb5_flags); -} krb5_cc_ops; -# endif /* NO_DEF_KRB5_CCACHE */ - -krb5_error_code - kssl_krb5_cc_get_principal - (krb5_context context, krb5_ccache cache, krb5_principal *principal) { - if (p_krb5_cc_get_principal) - return (p_krb5_cc_get_principal(context, cache, principal)); - else - return (krb5_x((cache)->ops->get_princ, (context, cache, principal))); -} - -krb5_error_code -kssl_krb5_auth_con_setrcache(krb5_context con, krb5_auth_context acon, - krb5_rcache rcache) -{ - if (p_krb5_auth_con_setrcache) - return (p_krb5_auth_con_setrcache(con, acon, rcache)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_get_server_rcache(krb5_context con, krb5_const krb5_data *data, - krb5_rcache *rcache) -{ - if (p_krb5_get_server_rcache) - return (p_krb5_get_server_rcache(con, data, rcache)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_auth_con_getrcache(krb5_context con, krb5_auth_context acon, - krb5_rcache *prcache) -{ - if (p_krb5_auth_con_getrcache) - return (p_krb5_auth_con_getrcache(con, acon, prcache)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code kssl_krb5_kt_close(krb5_context context, krb5_keytab keytab) -{ - if (p_krb5_kt_close) - return (p_krb5_kt_close(context, keytab)); - else - return KRB5KRB_ERR_GENERIC; -} - -krb5_error_code -kssl_krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, - krb5_const_principal principal, krb5_kvno vno, - krb5_enctype enctype, krb5_keytab_entry *entry) -{ - if (p_krb5_kt_get_entry) - return (p_krb5_kt_get_entry - (context, keytab, principal, vno, enctype, entry)); - else - return KRB5KRB_ERR_GENERIC; -} -# endif /* OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32 */ - -/* - * memory allocation functions for non-temporary storage (e.g. stuff that - * gets saved into the kssl context) - */ -static void *kssl_calloc(size_t nmemb, size_t size) -{ - void *p; - - p = OPENSSL_malloc(nmemb * size); - if (p) { - memset(p, 0, nmemb * size); - } - return p; -} - -# define kssl_malloc(size) OPENSSL_malloc((size)) -# define kssl_realloc(ptr, size) OPENSSL_realloc(ptr, size) -# define kssl_free(ptr) OPENSSL_free((ptr)) - -char -*kstring(char *string) -{ - static char *null = "[NULL]"; - - return ((string == NULL) ? null : string); -} - -/* - * Given KRB5 enctype (basically DES or 3DES), return closest match openssl - * EVP_ encryption algorithm. Return NULL for unknown or problematic - * (krb5_dk_encrypt) enctypes. Assume ENCTYPE_*_RAW (krb5_raw_encrypt) are - * OK. - */ -const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype) -{ - switch (enctype) { - case ENCTYPE_DES_HMAC_SHA1: /* EVP_des_cbc(); */ - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD4: - case ENCTYPE_DES_CBC_MD5: - case ENCTYPE_DES_CBC_RAW: - return EVP_des_cbc(); - break; - case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - return EVP_des_ede3_cbc(); - break; - default: - return NULL; - break; - } -} - -/* - * Return true:1 if p "looks like" the start of the real authenticator - * described in kssl_skip_confound() below. The ASN.1 pattern is "62 xx 30 - * yy" (APPLICATION-2, SEQUENCE), where xx-yy =~ 2, and xx and yy are - * possibly multi-byte length fields. - */ -static int kssl_test_confound(unsigned char *p) -{ - int len = 2; - int xx = 0, yy = 0; - - if (*p++ != 0x62) - return 0; - if (*p > 0x82) - return 0; - switch (*p) { - case 0x82: - p++; - xx = (*p++ << 8); - xx += *p++; - break; - case 0x81: - p++; - xx = *p++; - break; - case 0x80: - return 0; - default: - xx = *p++; - break; - } - if (*p++ != 0x30) - return 0; - if (*p > 0x82) - return 0; - switch (*p) { - case 0x82: - p++; - len += 2; - yy = (*p++ << 8); - yy += *p++; - break; - case 0x81: - p++; - len++; - yy = *p++; - break; - case 0x80: - return 0; - default: - yy = *p++; - break; - } - - return (xx - len == yy) ? 1 : 0; -} - -/* - * Allocate, fill, and return cksumlens array of checksum lengths. This - * array holds just the unique elements from the krb5_cksumarray[]. array[n] - * == 0 signals end of data. The krb5_cksumarray[] was an internal variable - * that has since been replaced by a more general method for storing the - * data. It should not be used. Instead we use real API calls and make a - * guess for what the highest assigned CKSUMTYPE_ constant is. As of 1.2.2 - * it is 0x000c (CKSUMTYPE_HMAC_SHA1_DES3). So we will use 0x0010. - */ -static size_t *populate_cksumlens(void) -{ - int i, j, n; - static size_t *cklens = NULL; - -# ifdef KRB5_MIT_OLD11 - n = krb5_max_cksum; -# else - n = 0x0010; -# endif /* KRB5_MIT_OLD11 */ - -# ifdef KRB5CHECKAUTH - if (cklens == NULL - && (cklens = (size_t *)calloc(sizeof(int), n + 1)) == NULL) - return NULL; - - for (i = 0; i < n; i++) { - if (!valid_cksumtype(i)) - continue; /* array has holes */ - for (j = 0; j < n; j++) { - if (cklens[j] == 0) { - cklens[j] = krb5_checksum_size(NULL, i); - break; /* krb5 elem was new: add */ - } - if (cklens[j] == krb5_checksum_size(NULL, i)) { - break; /* ignore duplicate elements */ - } - } - } -# endif /* KRB5CHECKAUTH */ - - return cklens; -} - -/*- - * Return pointer to start of real authenticator within authenticator, or - * return NULL on error. - * Decrypted authenticator looks like this: - * [0 or 8 byte confounder] [4-24 byte checksum] [real authent'r] - * This hackery wouldn't be necessary if MIT KRB5 1.0.6 had the - * krb5_auth_con_getcksumtype() function advertised in its krb5.h. - */ -unsigned char *kssl_skip_confound(krb5_enctype etype, unsigned char *a) -{ - int i, conlen; - size_t cklen; - static size_t *cksumlens = NULL; - unsigned char *test_auth; - - conlen = (etype) ? 8 : 0; - - if (cksumlens NULL - && (cksumlens = populate_cksumlens()) == NULL) - return NULL; - for (i = 0; (cklen = cksumlens[i]) != 0; i++) { - test_auth = a + conlen + cklen; - if (kssl_test_confound(test_auth)) - return test_auth; - } - - return NULL; -} - -/* - * Set kssl_err error info when reason text is a simple string kssl_err = - * struct { int reason; char text[KSSL_ERR_MAX+1]; } - */ -void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text) -{ - if (kssl_err == NULL) - return; - - kssl_err->reason = reason; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, "%s", text); - return; -} - -/* - * Display contents of krb5_data struct, for debugging - */ -void print_krb5_data(char *label, krb5_data *kdata) -{ - int i; - - fprintf(stderr, "%s[%d] ", label, kdata->length); - for (i = 0; i < (int)kdata->length; i++) { - if (0 && isprint((int)kdata->data[i])) - fprintf(stderr, "%c ", kdata->data[i]); - else - fprintf(stderr, "%02x ", (unsigned char)kdata->data[i]); - } - fprintf(stderr, "\n"); -} - -/* - * Display contents of krb5_authdata struct, for debugging - */ -void print_krb5_authdata(char *label, krb5_authdata **adata) -{ - if (adata == NULL) { - fprintf(stderr, "%s, authdata==0\n", label); - return; - } - fprintf(stderr, "%s [%p]\n", label, (void *)adata); -} - -/* - * Display contents of krb5_keyblock struct, for debugging - */ -void print_krb5_keyblock(char *label, krb5_keyblock *keyblk) -{ - int i; - - if (keyblk == NULL) { - fprintf(stderr, "%s, keyblk==0\n", label); - return; - } -# ifdef KRB5_HEIMDAL - fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->keytype, - keyblk->keyvalue->length); - for (i = 0; i < (int)keyblk->keyvalue->length; i++) { - fprintf(stderr, "%02x", - (unsigned char *)(keyblk->keyvalue->contents)[i]); - } - fprintf(stderr, "\n"); -# else - fprintf(stderr, "%s\n\t[et%d:%d]: ", label, keyblk->enctype, - keyblk->length); - for (i = 0; i < (int)keyblk->length; i++) { - fprintf(stderr, "%02x", keyblk->contents[i]); - } - fprintf(stderr, "\n"); -# endif -} - -/* - * Display contents of krb5_principal_data struct, for debugging - * (krb5_principal is typedef'd == krb5_principal_data *) - */ -static void print_krb5_princ(char *label, krb5_principal_data *princ) -{ - int i, ui, uj; - - fprintf(stderr, "%s principal Realm: ", label); - if (princ == NULL) - return; - for (ui = 0; ui < (int)princ->realm.length; ui++) - putchar(princ->realm.data[ui]); - fprintf(stderr, " (nametype %d) has %d strings:\n", princ->type, - princ->length); - for (i = 0; i < (int)princ->length; i++) { - fprintf(stderr, "\t%d [%d]: ", i, princ->data[i].length); - for (uj = 0; uj < (int)princ->data[i].length; uj++) { - putchar(princ->data[i].data[uj]); - } - fprintf(stderr, "\n"); - } - return; -} - -/*- Given krb5 service (typically "kssl") and hostname in kssl_ctx, - * Return encrypted Kerberos ticket for service @ hostname. - * If authenp is non-NULL, also return encrypted authenticator, - * whose data should be freed by caller. - * (Originally was: Create Kerberos AP_REQ message for SSL Client.) - * - * 19990628 VRS Started; Returns Kerberos AP_REQ message. - * 20010409 VRS Modified for RFC2712; Returns enc tkt. - * 20010606 VRS May also return optional authenticator. - */ -krb5_error_code kssl_cget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, - /* - * OUT - */ krb5_data **enc_ticketp, - /* - * UPDATE - */ krb5_data *authenp, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_context krb5context = NULL; - krb5_auth_context krb5auth_context = NULL; - krb5_ccache krb5ccdef = NULL; - krb5_creds krb5creds, *krb5credsp = NULL; - krb5_data krb5_app_req; - - kssl_err_set(kssl_err, 0, ""); - memset(&krb5creds, 0, sizeof(krb5creds)); - - if (!kssl_ctx) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); - goto err; - } else if (!kssl_ctx->service_host) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "kssl_ctx service_host undefined.\n"); - goto err; - } - - if ((krb5rc = krb5_init_context(&krb5context)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_init_context() fails: %d\n", krb5rc); - kssl_err->reason = SSL_R_KRB5_C_INIT; - goto err; - } - - if ((krb5rc = krb5_sname_to_principal(krb5context, - kssl_ctx->service_host, - (kssl_ctx->service_name) ? - kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, - &krb5creds.server)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_sname_to_principal() fails for %s/%s\n", - kssl_ctx->service_host, - (kssl_ctx-> - service_name) ? kssl_ctx->service_name : KRB5SVC); - kssl_err->reason = SSL_R_KRB5_C_INIT; - goto err; - } - - if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_default fails.\n"); - goto err; - } - - if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_CC_PRINC, - "krb5_cc_get_principal() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, - &krb5creds, &krb5credsp)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_GET_CRED, - "krb5_get_credentials() fails.\n"); - goto err; - } - - *enc_ticketp = &krb5credsp->ticket; -# ifdef KRB5_HEIMDAL - kssl_ctx->enctype = krb5credsp->session.keytype; -# else - kssl_ctx->enctype = krb5credsp->keyblock.enctype; -# endif - - krb5rc = KRB5KRB_ERR_GENERIC; - /* caller should free data of krb5_app_req */ - /* - * 20010406 VRS deleted for real KerberosWrapper 20010605 VRS reinstated - * to offer Authenticator to KerberosWrapper - */ - krb5_app_req.length = 0; - if (authenp) { - krb5_data krb5in_data; - const unsigned char *p; - long arlen; - KRB5_APREQBODY *ap_req; - - authenp->length = 0; - krb5in_data.data = NULL; - krb5in_data.length = 0; - if ((krb5rc = krb5_mk_req_extended(krb5context, - &krb5auth_context, 0, &krb5in_data, - krb5credsp, &krb5_app_req)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_MK_REQ, - "krb5_mk_req_extended() fails.\n"); - goto err; - } - - arlen = krb5_app_req.length; - p = (unsigned char *)krb5_app_req.data; - ap_req = (KRB5_APREQBODY *)d2i_KRB5_APREQ(NULL, &p, arlen); - if (ap_req) { - authenp->length = i2d_KRB5_ENCDATA(ap_req->authenticator, NULL); - if (authenp->length && (authenp->data = malloc(authenp->length))) { - unsigned char *adp = (unsigned char *)authenp->data; - authenp->length = - i2d_KRB5_ENCDATA(ap_req->authenticator, &adp); - } - } - - if (ap_req) - KRB5_APREQ_free((KRB5_APREQ *) ap_req); - if (krb5_app_req.length) - kssl_krb5_free_data_contents(krb5context, &krb5_app_req); - } -# ifdef KRB5_HEIMDAL - if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->session)) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, - "kssl_ctx_setkey() fails.\n"); - } -# else - if (kssl_ctx_setkey(kssl_ctx, &krb5credsp->keyblock)) { - kssl_err_set(kssl_err, SSL_R_KRB5_C_INIT, - "kssl_ctx_setkey() fails.\n"); - } -# endif - else - krb5rc = 0; - - err: -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - if (krb5creds.client) - krb5_free_principal(krb5context, krb5creds.client); - if (krb5creds.server) - krb5_free_principal(krb5context, krb5creds.server); - if (krb5auth_context) - krb5_auth_con_free(krb5context, krb5auth_context); - if (krb5context) - krb5_free_context(krb5context); - return (krb5rc); -} - -/*- - * Given d2i_-decoded asn1ticket, allocate and return a new krb5_ticket. - * Return Kerberos error code and kssl_err struct on error. - * Allocates krb5_ticket and krb5_principal; caller should free these. - * - * 20010410 VRS Implemented krb5_decode_ticket() as - * old_krb5_decode_ticket(). Missing from MIT1.0.6. - * 20010615 VRS Re-cast as openssl/asn1 d2i_*() functions. - * Re-used some of the old krb5_decode_ticket() - * code here. This tkt should alloc/free just - * like the real thing. - */ -static krb5_error_code kssl_TKT2tkt( /* IN */ krb5_context krb5context, - /* - * IN - */ KRB5_TKTBODY *asn1ticket, - /* - * OUT - */ krb5_ticket **krb5ticket, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_ticket *new5ticket = NULL; - ASN1_GENERALSTRING *gstr_svc, *gstr_host; - - *krb5ticket = NULL; - - if (asn1ticket == NULL || asn1ticket->realm == NULL || - asn1ticket->sname == NULL || - sk_ASN1_GENERALSTRING_num(asn1ticket->sname->namestring) < 2) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Null field in asn1ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return KRB5KRB_ERR_GENERIC; - } - - if ((new5ticket = (krb5_ticket *)calloc(1, sizeof(krb5_ticket))) == NULL) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Unable to allocate new krb5_ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return ENOMEM; /* or KRB5KRB_ERR_GENERIC; */ - } - - gstr_svc = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 0); - gstr_host = sk_ASN1_GENERALSTRING_value(asn1ticket->sname->namestring, 1); - - if ((krb5rc = kssl_build_principal_2(krb5context, - &new5ticket->server, - asn1ticket->realm->length, - (char *)asn1ticket->realm->data, - gstr_svc->length, - (char *)gstr_svc->data, - gstr_host->length, - (char *)gstr_host->data)) != 0) { - free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error building ticket server principal.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return krb5rc; /* or KRB5KRB_ERR_GENERIC; */ - } - - krb5_princ_type(krb5context, new5ticket->server) = - asn1ticket->sname->nametype->data[0]; - new5ticket->enc_part.enctype = asn1ticket->encdata->etype->data[0]; - new5ticket->enc_part.kvno = asn1ticket->encdata->kvno->data[0]; - new5ticket->enc_part.ciphertext.length = - asn1ticket->encdata->cipher->length; - if ((new5ticket->enc_part.ciphertext.data = - calloc(1, asn1ticket->encdata->cipher->length)) == NULL) { - free(new5ticket); - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error allocating cipher in krb5ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - return KRB5KRB_ERR_GENERIC; - } else { - memcpy(new5ticket->enc_part.ciphertext.data, - asn1ticket->encdata->cipher->data, - asn1ticket->encdata->cipher->length); - } - - *krb5ticket = new5ticket; - return 0; -} - -/*- - * Given krb5 service name in KSSL_CTX *kssl_ctx (typically "kssl"), - * and krb5 AP_REQ message & message length, - * Return Kerberos session key and client principle - * to SSL Server in KSSL_CTX *kssl_ctx. - * - * 19990702 VRS Started. - */ -krb5_error_code kssl_sget_tkt( /* UPDATE */ KSSL_CTX *kssl_ctx, - /* - * IN - */ krb5_data *indata, - /* - * OUT - */ krb5_ticket_times *ttimes, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - static krb5_context krb5context = NULL; - static krb5_auth_context krb5auth_context = NULL; - krb5_ticket *krb5ticket = NULL; - KRB5_TKTBODY *asn1ticket = NULL; - const unsigned char *p; - krb5_keytab krb5keytab = NULL; - krb5_keytab_entry kt_entry; - krb5_principal krb5server; - krb5_rcache rcache = NULL; - - kssl_err_set(kssl_err, 0, ""); - - if (!kssl_ctx) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, "No kssl_ctx defined.\n"); - goto err; - } -# ifdef KSSL_DEBUG - fprintf(stderr, "in kssl_sget_tkt(%s)\n", - kstring(kssl_ctx->service_name)); -# endif /* KSSL_DEBUG */ - - if (!krb5context && (krb5rc = krb5_init_context(&krb5context))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_init_context() fails.\n"); - goto err; - } - if (krb5auth_context && - (krb5rc = krb5_auth_con_free(krb5context, krb5auth_context))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_free() fails.\n"); - goto err; - } else - krb5auth_context = NULL; - if (!krb5auth_context && - (krb5rc = krb5_auth_con_init(krb5context, &krb5auth_context))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_init() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_auth_con_getrcache(krb5context, krb5auth_context, - &rcache))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_getrcache() fails.\n"); - goto err; - } - - if ((krb5rc = krb5_sname_to_principal(krb5context, NULL, - (kssl_ctx->service_name) ? - kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, - &krb5server)) != 0) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_sname_to_principal() fails.\n"); - goto err; - } - - if (rcache == NULL) { - if ((krb5rc = krb5_get_server_rcache(krb5context, - krb5_princ_component(krb5context, - krb5server, - 0), - &rcache))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_get_server_rcache() fails.\n"); - goto err; - } - } - - if ((krb5rc = - krb5_auth_con_setrcache(krb5context, krb5auth_context, rcache))) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_auth_con_setrcache() fails.\n"); - goto err; - } - - /* - * kssl_ctx->keytab_file == NULL ==> use Kerberos default - */ - if (kssl_ctx->keytab_file) { - krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, - &krb5keytab); - if (krb5rc) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_kt_resolve() fails.\n"); - goto err; - } - } else { - krb5rc = krb5_kt_default(krb5context, &krb5keytab); - if (krb5rc) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "krb5_kt_default() fails.\n"); - goto err; - } - } - - /*- Actual Kerberos5 krb5_recvauth() has initial conversation here - * o check KRB5_SENDAUTH_BADAUTHVERS - * unless KRB5_RECVAUTH_SKIP_VERSION - * o check KRB5_SENDAUTH_BADAPPLVERS - * o send "0" msg if all OK - */ - - /*- - * 20010411 was using AP_REQ instead of true KerberosWrapper - * - * if ((krb5rc = krb5_rd_req(krb5context, &krb5auth_context, - * &krb5in_data, krb5server, krb5keytab, - * &ap_option, &krb5ticket)) != 0) { Error } - */ - - p = (unsigned char *)indata->data; - if ((asn1ticket = (KRB5_TKTBODY *)d2i_KRB5_TICKET(NULL, &p, - (long)indata->length)) - == NULL) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "d2i_KRB5_TICKET() ASN.1 decode failure.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - - /* - * Was: krb5rc = krb5_decode_ticket(krb5in_data,&krb5ticket)) != 0) - */ - if ((krb5rc = kssl_TKT2tkt(krb5context, asn1ticket, &krb5ticket, - kssl_err)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "Error converting ASN.1 ticket to krb5_ticket.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - - if (!krb5_principal_compare(krb5context, krb5server, krb5ticket->server)) { - krb5rc = KRB5_PRINC_NOMATCH; - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "server principal != ticket principal\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - if ((krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, - krb5ticket->server, - krb5ticket->enc_part.kvno, - krb5ticket->enc_part.enctype, - &kt_entry)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_kt_get_entry() fails with %x.\n", krb5rc); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } - if ((krb5rc = krb5_decrypt_tkt_part(krb5context, &kt_entry.key, - krb5ticket)) != 0) { - BIO_snprintf(kssl_err->text, KSSL_ERR_MAX, - "krb5_decrypt_tkt_part() failed.\n"); - kssl_err->reason = SSL_R_KRB5_S_RD_REQ; - goto err; - } else { - krb5_kt_free_entry(krb5context, &kt_entry); -# ifdef KSSL_DEBUG - { - int i; - krb5_address **paddr = krb5ticket->enc_part2->caddrs; - fprintf(stderr, "Decrypted ticket fields:\n"); - fprintf(stderr, "\tflags: %X, transit-type: %X", - krb5ticket->enc_part2->flags, - krb5ticket->enc_part2->transited.tr_type); - print_krb5_data("\ttransit-data: ", - &(krb5ticket->enc_part2->transited.tr_contents)); - fprintf(stderr, "\tcaddrs: %p, authdata: %p\n", - krb5ticket->enc_part2->caddrs, - krb5ticket->enc_part2->authorization_data); - if (paddr) { - fprintf(stderr, "\tcaddrs:\n"); - for (i = 0; paddr[i] != NULL; i++) { - krb5_data d; - d.length = paddr[i]->length; - d.data = paddr[i]->contents; - print_krb5_data("\t\tIP: ", &d); - } - } - fprintf(stderr, "\tstart/auth/end times: %d / %d / %d\n", - krb5ticket->enc_part2->times.starttime, - krb5ticket->enc_part2->times.authtime, - krb5ticket->enc_part2->times.endtime); - } -# endif /* KSSL_DEBUG */ - } - - krb5rc = KRB5_NO_TKT_SUPPLIED; - if (!krb5ticket || !krb5ticket->enc_part2 || - !krb5ticket->enc_part2->client || - !krb5ticket->enc_part2->client->data || - !krb5ticket->enc_part2->session) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "bad ticket from krb5_rd_req.\n"); - } else if (kssl_ctx_setprinc(kssl_ctx, KSSL_CLIENT, - &krb5ticket->enc_part2->client->realm, - krb5ticket->enc_part2->client->data, - krb5ticket->enc_part2->client->length)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "kssl_ctx_setprinc() fails.\n"); - } else if (kssl_ctx_setkey(kssl_ctx, krb5ticket->enc_part2->session)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "kssl_ctx_setkey() fails.\n"); - } else if (krb5ticket->enc_part2->flags & TKT_FLG_INVALID) { - krb5rc = KRB5KRB_AP_ERR_TKT_INVALID; - kssl_err_set(kssl_err, SSL_R_KRB5_S_BAD_TICKET, - "invalid ticket from krb5_rd_req.\n"); - } else - krb5rc = 0; - - kssl_ctx->enctype = krb5ticket->enc_part.enctype; - ttimes->authtime = krb5ticket->enc_part2->times.authtime; - ttimes->starttime = krb5ticket->enc_part2->times.starttime; - ttimes->endtime = krb5ticket->enc_part2->times.endtime; - ttimes->renew_till = krb5ticket->enc_part2->times.renew_till; - - err: -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - if (asn1ticket) - KRB5_TICKET_free((KRB5_TICKET *) asn1ticket); - if (krb5keytab) - krb5_kt_close(krb5context, krb5keytab); - if (krb5ticket) - krb5_free_ticket(krb5context, krb5ticket); - if (krb5server) - krb5_free_principal(krb5context, krb5server); - return (krb5rc); -} - -/* - * Allocate & return a new kssl_ctx struct. - */ -KSSL_CTX *kssl_ctx_new(void) -{ - return ((KSSL_CTX *)kssl_calloc(1, sizeof(KSSL_CTX))); -} - -/* - * Frees a kssl_ctx struct and any allocated memory it holds. Returns NULL. - */ -KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx) -{ - if (kssl_ctx == NULL) - return kssl_ctx; - - if (kssl_ctx->key) - OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); - if (kssl_ctx->key) - kssl_free(kssl_ctx->key); - if (kssl_ctx->client_princ) - kssl_free(kssl_ctx->client_princ); - if (kssl_ctx->service_host) - kssl_free(kssl_ctx->service_host); - if (kssl_ctx->service_name) - kssl_free(kssl_ctx->service_name); - if (kssl_ctx->keytab_file) - kssl_free(kssl_ctx->keytab_file); - - kssl_free(kssl_ctx); - return (KSSL_CTX *)NULL; -} - -/* - * Given an array of (krb5_data *) entity (and optional realm), set the plain - * (char *) client_princ or service_host member of the kssl_ctx struct. - */ -krb5_error_code -kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which, - krb5_data *realm, krb5_data *entity, int nentities) -{ - char **princ; - int length; - int i; - - if (kssl_ctx == NULL || entity == NULL) - return KSSL_CTX_ERR; - - switch (which) { - case KSSL_CLIENT: - princ = &kssl_ctx->client_princ; - break; - case KSSL_SERVER: - princ = &kssl_ctx->service_host; - break; - default: - return KSSL_CTX_ERR; - break; - } - if (*princ) - kssl_free(*princ); - - /* Add up all the entity->lengths */ - length = 0; - for (i = 0; i < nentities; i++) { - length += entity[i].length; - } - /* Add in space for the '/' character(s) (if any) */ - length += nentities - 1; - /* Space for the ('@'+realm+NULL | NULL) */ - length += ((realm) ? realm->length + 2 : 1); - - if ((*princ = kssl_calloc(1, length)) == NULL) - return KSSL_CTX_ERR; - else { - for (i = 0; i < nentities; i++) { - strncat(*princ, entity[i].data, entity[i].length); - if (i < nentities - 1) { - strcat(*princ, "/"); - } - } - if (realm) { - strcat(*princ, "@"); - (void)strncat(*princ, realm->data, realm->length); - } - } - - return KSSL_CTX_OK; -} - -/*- Set one of the plain (char *) string members of the kssl_ctx struct. - * Default values should be: - * which == KSSL_SERVICE => "khost" (KRB5SVC) - * which == KSSL_KEYTAB => "/etc/krb5.keytab" (KRB5KEYTAB) - */ -krb5_error_code kssl_ctx_setstring(KSSL_CTX *kssl_ctx, int which, char *text) -{ - char **string; - - if (!kssl_ctx) - return KSSL_CTX_ERR; - - switch (which) { - case KSSL_SERVICE: - string = &kssl_ctx->service_name; - break; - case KSSL_SERVER: - string = &kssl_ctx->service_host; - break; - case KSSL_CLIENT: - string = &kssl_ctx->client_princ; - break; - case KSSL_KEYTAB: - string = &kssl_ctx->keytab_file; - break; - default: - return KSSL_CTX_ERR; - break; - } - if (*string) - kssl_free(*string); - - if (!text) { - *string = '\0'; - return KSSL_CTX_OK; - } - - if ((*string = kssl_calloc(1, strlen(text) + 1)) == NULL) - return KSSL_CTX_ERR; - else - strcpy(*string, text); - - return KSSL_CTX_OK; -} - -/* - * Copy the Kerberos session key from a (krb5_keyblock *) to a kssl_ctx - * struct. Clear kssl_ctx->key if Kerberos session key is NULL. - */ -krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session) -{ - int length; - krb5_enctype enctype; - krb5_octet FAR *contents = NULL; - - if (!kssl_ctx) - return KSSL_CTX_ERR; - - if (kssl_ctx->key) { - OPENSSL_cleanse(kssl_ctx->key, kssl_ctx->length); - kssl_free(kssl_ctx->key); - } - - if (session) { - -# ifdef KRB5_HEIMDAL - length = session->keyvalue->length; - enctype = session->keytype; - contents = session->keyvalue->contents; -# else - length = session->length; - enctype = session->enctype; - contents = session->contents; -# endif - kssl_ctx->enctype = enctype; - kssl_ctx->length = length; - } else { - kssl_ctx->enctype = ENCTYPE_UNKNOWN; - kssl_ctx->length = 0; - return KSSL_CTX_OK; - } - - if ((kssl_ctx->key = - (krb5_octet FAR *)kssl_calloc(1, kssl_ctx->length)) == NULL) { - kssl_ctx->length = 0; - return KSSL_CTX_ERR; - } else - memcpy(kssl_ctx->key, contents, length); - - return KSSL_CTX_OK; -} - -/* - * Display contents of kssl_ctx struct - */ -void kssl_ctx_show(KSSL_CTX *kssl_ctx) -{ - int i; - - printf("kssl_ctx: "); - if (kssl_ctx == NULL) { - printf("NULL\n"); - return; - } else - printf("%p\n", (void *)kssl_ctx); - - printf("\tservice:\t%s\n", - (kssl_ctx->service_name) ? kssl_ctx->service_name : "NULL"); - printf("\tclient:\t%s\n", - (kssl_ctx->client_princ) ? kssl_ctx->client_princ : "NULL"); - printf("\tserver:\t%s\n", - (kssl_ctx->service_host) ? kssl_ctx->service_host : "NULL"); - printf("\tkeytab:\t%s\n", - (kssl_ctx->keytab_file) ? kssl_ctx->keytab_file : "NULL"); - printf("\tkey [%d:%d]:\t", kssl_ctx->enctype, kssl_ctx->length); - - for (i = 0; i < kssl_ctx->length && kssl_ctx->key; i++) { - printf("%02x", kssl_ctx->key[i]); - } - printf("\n"); - return; -} - -int kssl_keytab_is_available(KSSL_CTX *kssl_ctx) -{ - krb5_context krb5context = NULL; - krb5_keytab krb5keytab = NULL; - krb5_keytab_entry entry; - krb5_principal princ = NULL; - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - int rc = 0; - - if ((krb5rc = krb5_init_context(&krb5context))) - return (0); - - /* - * kssl_ctx->keytab_file == NULL ==> use Kerberos default - */ - if (kssl_ctx->keytab_file) { - krb5rc = krb5_kt_resolve(krb5context, kssl_ctx->keytab_file, - &krb5keytab); - if (krb5rc) - goto exit; - } else { - krb5rc = krb5_kt_default(krb5context, &krb5keytab); - if (krb5rc) - goto exit; - } - - /* the host key we are looking for */ - krb5rc = krb5_sname_to_principal(krb5context, NULL, - kssl_ctx-> - service_name ? kssl_ctx->service_name : - KRB5SVC, KRB5_NT_SRV_HST, &princ); - - if (krb5rc) - goto exit; - - krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, princ, - /* IGNORE_VNO */ - 0, - /* IGNORE_ENCTYPE */ - 0, &entry); - if (krb5rc == KRB5_KT_NOTFOUND) { - rc = 1; - goto exit; - } else if (krb5rc) - goto exit; - - krb5_kt_free_entry(krb5context, &entry); - rc = 1; - - exit: - if (krb5keytab) - krb5_kt_close(krb5context, krb5keytab); - if (princ) - krb5_free_principal(krb5context, princ); - if (krb5context) - krb5_free_context(krb5context); - return (rc); -} - -int kssl_tgt_is_available(KSSL_CTX *kssl_ctx) -{ - krb5_error_code krb5rc = KRB5KRB_ERR_GENERIC; - krb5_context krb5context = NULL; - krb5_ccache krb5ccdef = NULL; - krb5_creds krb5creds, *krb5credsp = NULL; - int rc = 0; - - memset(&krb5creds, 0, sizeof(krb5creds)); - - if (!kssl_ctx) - return (0); - - if (!kssl_ctx->service_host) - return (0); - - if ((krb5rc = krb5_init_context(&krb5context)) != 0) - goto err; - - if ((krb5rc = krb5_sname_to_principal(krb5context, - kssl_ctx->service_host, - (kssl_ctx->service_name) ? - kssl_ctx->service_name : KRB5SVC, - KRB5_NT_SRV_HST, - &krb5creds.server)) != 0) - goto err; - - if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0) - goto err; - - if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef, - &krb5creds.client)) != 0) - goto err; - - if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef, - &krb5creds, &krb5credsp)) != 0) - goto err; - - rc = 1; - - err: -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - if (krb5creds.client) - krb5_free_principal(krb5context, krb5creds.client); - if (krb5creds.server) - krb5_free_principal(krb5context, krb5creds.server); - if (krb5context) - krb5_free_context(krb5context); - return (rc); -} - -# if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WIN32) -void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data) -{ -# ifdef KRB5_HEIMDAL - data->length = 0; - if (data->data) - free(data->data); -# elif defined(KRB5_MIT_OLD11) - if (data->data) { - krb5_xfree(data->data); - data->data = 0; - } -# else - krb5_free_data_contents(NULL, data); -# endif -} -# endif -/* !OPENSSL_SYS_WINDOWS && !OPENSSL_SYS_WIN32 */ - -/* - * Given pointers to KerberosTime and struct tm structs, convert the - * KerberosTime string to struct tm. Note that KerberosTime is a - * ASN1_GENERALIZEDTIME value, constrained to GMT with no fractional seconds - * as defined in RFC 1510. Return pointer to the (partially) filled in - * struct tm on success, return NULL on failure. - */ -static struct tm *k_gmtime(ASN1_GENERALIZEDTIME *gtime, struct tm *k_tm) -{ - char c, *p; - - if (!k_tm) - return NULL; - if (gtime == NULL || gtime->length < 14) - return NULL; - if (gtime->data == NULL) - return NULL; - - p = (char *)>ime->data[14]; - - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_sec = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_min = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_hour = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_mday = atoi(p); - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 2; - k_tm->tm_mon = atoi(p) - 1; - *(p + 2) = c; - c = *p; - *p = '\0'; - p -= 4; - k_tm->tm_year = atoi(p) - 1900; - *(p + 4) = c; - - return k_tm; -} - -/* - * Helper function for kssl_validate_times(). We need context->clockskew, - * but krb5_context is an opaque struct. So we try to sneek the clockskew - * out through the replay cache. If that fails just return a likely default - * (300 seconds). - */ -static krb5_deltat get_rc_clockskew(krb5_context context) -{ - krb5_rcache rc; - krb5_deltat clockskew; - - if (krb5_rc_default(context, &rc)) - return KSSL_CLOCKSKEW; - if (krb5_rc_initialize(context, rc, 0)) - return KSSL_CLOCKSKEW; - if (krb5_rc_get_lifespan(context, rc, &clockskew)) { - clockskew = KSSL_CLOCKSKEW; - } - (void)krb5_rc_destroy(context, rc); - return clockskew; -} - -/* - * kssl_validate_times() combines (and more importantly exposes) the MIT KRB5 - * internal function krb5_validate_times() and the in_clock_skew() macro. - * The authenticator client time is checked to be within clockskew secs of - * the current time and the current time is checked to be within the ticket - * start and expire times. Either check may be omitted by supplying a NULL - * value. Returns 0 for valid times, SSL_R_KRB5* error codes otherwise. See - * Also: (Kerberos source)/krb5/lib/krb5/krb/valid_times.c 20010420 VRS - */ -krb5_error_code kssl_validate_times(krb5_timestamp atime, - krb5_ticket_times *ttimes) -{ - krb5_deltat skew; - krb5_timestamp start, now; - krb5_error_code rc; - krb5_context context; - - if ((rc = krb5_init_context(&context))) - return SSL_R_KRB5_S_BAD_TICKET; - skew = get_rc_clockskew(context); - if ((rc = krb5_timeofday(context, &now))) - return SSL_R_KRB5_S_BAD_TICKET; - krb5_free_context(context); - - if (atime && labs(atime - now) >= skew) - return SSL_R_KRB5_S_TKT_SKEW; - - if (!ttimes) - return 0; - - start = (ttimes->starttime != 0) ? ttimes->starttime : ttimes->authtime; - if (start - now > skew) - return SSL_R_KRB5_S_TKT_NYV; - if ((now - ttimes->endtime) > skew) - return SSL_R_KRB5_S_TKT_EXPIRED; - -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_validate_times: %d |<- | %d - %d | < %d ->| %d\n", - start, atime, now, skew, ttimes->endtime); -# endif /* KSSL_DEBUG */ - - return 0; -} - -/* - * Decode and decrypt given DER-encoded authenticator, then pass - * authenticator ctime back in *atimep (or 0 if time unavailable). Returns - * krb5_error_code and kssl_err on error. A NULL authenticator - * (authentp->length == 0) is not considered an error. Note that - * kssl_check_authent() makes use of the KRB5 session key; you must call - * kssl_sget_tkt() to get the key before calling this routine. - */ -krb5_error_code kssl_check_authent( - /* - * IN - */ KSSL_CTX *kssl_ctx, - /* - * IN - */ krb5_data *authentp, - /* - * OUT - */ krb5_timestamp *atimep, - /* - * OUT - */ KSSL_ERR *kssl_err) -{ - krb5_error_code krb5rc = 0; - KRB5_ENCDATA *dec_authent = NULL; - KRB5_AUTHENTBODY *auth = NULL; - krb5_enctype enctype; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - const unsigned char *p; - unsigned char *unenc_authent; - int outl, unencbufsize; - struct tm tm_time, *tm_l, *tm_g; - time_t now, tl, tg, tr, tz_offset; - - EVP_CIPHER_CTX_init(&ciph_ctx); - *atimep = 0; - kssl_err_set(kssl_err, 0, ""); - -# ifndef KRB5CHECKAUTH - authentp = NULL; -# else -# if KRB5CHECKAUTH == 0 - authentp = NULL; -# endif -# endif /* KRB5CHECKAUTH */ - - if (authentp == NULL || authentp->length == 0) - return 0; - -# ifdef KSSL_DEBUG - { - unsigned int ui; - fprintf(stderr, "kssl_check_authent: authenticator[%d]:\n", - authentp->length); - p = authentp->data; - for (ui = 0; ui < authentp->length; ui++) - fprintf(stderr, "%02x ", p[ui]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ - - unencbufsize = 2 * authentp->length; - if ((unenc_authent = calloc(1, unencbufsize)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Unable to allocate authenticator buffer.\n"); - krb5rc = KRB5KRB_ERR_GENERIC; - goto err; - } - - p = (unsigned char *)authentp->data; - if ((dec_authent = d2i_KRB5_ENCDATA(NULL, &p, - (long)authentp->length)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Error decoding authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - - enctype = dec_authent->etype->data[0]; /* should = kssl_ctx->enctype */ -# if !defined(KRB5_MIT_OLD11) - switch (enctype) { - case ENCTYPE_DES3_CBC_SHA1: /* EVP_des_ede3_cbc(); */ - case ENCTYPE_DES3_CBC_SHA: - case ENCTYPE_DES3_CBC_RAW: - krb5rc = 0; /* Skip, can't handle derived keys */ - goto err; - } -# endif - enc = kssl_map_enc(enctype); - memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ - - if (enc == NULL) { - /* - * Disable kssl_check_authent for ENCTYPE_DES3_CBC_SHA1. This - * enctype indicates the authenticator was encrypted using key-usage - * derived keys which openssl cannot decrypt. - */ - goto err; - } - - if (!EVP_CipherInit(&ciph_ctx, enc, kssl_ctx->key, iv, 0)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_CipherInit error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl = dec_authent->cipher->length; - if (!EVP_Cipher - (&ciph_ctx, unenc_authent, dec_authent->cipher->data, outl)) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "EVP_Cipher error decrypting authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - -# ifdef KSSL_DEBUG - { - int padl; - fprintf(stderr, "kssl_check_authent: decrypted authenticator[%d] =\n", - outl); - for (padl = 0; padl < outl; padl++) - fprintf(stderr, "%02x ", unenc_authent[padl]); - fprintf(stderr, "\n"); - } -# endif /* KSSL_DEBUG */ - - if ((p = kssl_skip_confound(enctype, unenc_authent)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "confounded by authenticator.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - outl -= p - unenc_authent; - - if ((auth = (KRB5_AUTHENTBODY *)d2i_KRB5_AUTHENT(NULL, &p, - (long)outl)) == NULL) { - kssl_err_set(kssl_err, SSL_R_KRB5_S_INIT, - "Error decoding authenticator body.\n"); - krb5rc = KRB5KRB_AP_ERR_BAD_INTEGRITY; - goto err; - } - - memset(&tm_time, 0, sizeof(tm_tmime)); - if (k_gmtime(auth->ctime, &tm_time) && - ((tr = mktime(&tm_time)) != (time_t)(-1))) { - now = time(&now); - tm_l = localtime(&now); - tl = mktime(tm_l); - tm_g = gmtime(&now); - tg = mktime(tm_g); - tz_offset = tg - tl; - - *atimep = (krb5_timestamp)(tr - tz_offset); - } -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_check_authent: returns %d for client time ", - *atimep); - if (auth->ctime && auth->ctime->length && auth->ctime->data) - fprintf(stderr, "%.*s\n", auth->ctime->length, auth->ctime->data); - else - fprintf(stderr, "NULL\n"); -# endif /* KSSL_DEBUG */ - - err: - if (auth) - KRB5_AUTHENT_free((KRB5_AUTHENT *) auth); - if (dec_authent) - KRB5_ENCDATA_free(dec_authent); - if (unenc_authent) - free(unenc_authent); - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - return krb5rc; -} - -/* - * Replaces krb5_build_principal_ext(), with varargs length == 2 (svc, host), - * because I don't know how to stub varargs. Returns krb5_error_code == - * ENOMEM on alloc error, otherwise passes back newly constructed principal, - * which should be freed by caller. - */ -krb5_error_code kssl_build_principal_2( - /* - * UPDATE - */ krb5_context context, - /* - * OUT - */ krb5_principal *princ, - /* - * IN - */ int rlen, const char *realm, - /* - * IN - */ int slen, const char *svc, - /* - * IN - */ int hlen, const char *host) -{ - krb5_data *p_data = NULL; - krb5_principal new_p = NULL; - char *new_r = NULL; - - if ((p_data = (krb5_data *)calloc(2, sizeof(krb5_data))) == NULL || - (new_p = (krb5_principal)calloc(1, sizeof(krb5_principal_data))) - == NULL) - goto err; - new_p->length = 2; - new_p->data = p_data; - - if ((new_r = calloc(1, rlen + 1)) == NULL) - goto err; - memcpy(new_r, realm, rlen); - krb5_princ_set_realm_length(context, new_p, rlen); - krb5_princ_set_realm_data(context, new_p, new_r); - - if ((new_p->data[0].data = calloc(1, slen + 1)) == NULL) - goto err; - memcpy(new_p->data[0].data, svc, slen); - new_p->data[0].length = slen; - - if ((new_p->data[1].data = calloc(1, hlen + 1)) == NULL) - goto err; - memcpy(new_p->data[1].data, host, hlen); - new_p->data[1].length = hlen; - - krb5_princ_type(context, new_p) = KRB5_NT_UNKNOWN; - *princ = new_p; - return 0; - - err: - if (new_p && new_p[0].data) - free(new_p[0].data); - if (new_p && new_p[1].data) - free(new_p[1].data); - if (new_p) - free(new_p); - if (new_r) - free(new_r); - return ENOMEM; -} - -void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx) -{ - s->kssl_ctx = kctx; -} - -KSSL_CTX *SSL_get0_kssl_ctx(SSL *s) -{ - return s->kssl_ctx; -} - -char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx) -{ - if (kctx) - return kctx->client_princ; - return NULL; -} - -#else /* !OPENSSL_NO_KRB5 */ - -# if defined(PEDANTIC) || defined(OPENSSL_SYS_VMS) -static void *dummy = &dummy; -# endif - -#endif /* !OPENSSL_NO_KRB5 */ diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h deleted file mode 100644 index 46dcef2..0000000 --- a/ssl/kssl_lcl.h +++ /dev/null @@ -1,88 +0,0 @@ -/* ssl/kssl.h -*- mode: C; c-file-style: "eay" -*- */ -/* - * Written by Vern Staats for the OpenSSL project - * 2000. project 2000. - */ -/* ==================================================================== - * Copyright (c) 2000 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing at OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#ifndef KSSL_LCL_H -# define KSSL_LCL_H - -# include - -# ifndef OPENSSL_NO_KRB5 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Private (internal to OpenSSL) */ -void print_krb5_data(char *label, krb5_data *kdata); -void print_krb5_authdata(char *label, krb5_authdata **adata); -void print_krb5_keyblock(char *label, krb5_keyblock *keyblk); - -char *kstring(char *string); -char *knumber(int len, krb5_octet *contents); - -const EVP_CIPHER *kssl_map_enc(krb5_enctype enctype); - -int kssl_keytab_is_available(KSSL_CTX *kssl_ctx); -int kssl_tgt_is_available(KSSL_CTX *kssl_ctx); - -#ifdef __cplusplus -} -#endif -# endif /* OPENSSL_NO_KRB5 */ -#endif /* KSSL_LCL_H */ diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 1e6f88e..db6d4e7 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -644,10 +644,6 @@ int tls1_enc(SSL *s, int send) enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx); } -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_enc(%d)\n", send); -#endif /* KSSL_DEBUG */ - if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) { memmove(rec->data, rec->input, rec->length); rec->input = rec->data; @@ -707,26 +703,6 @@ int tls1_enc(SSL *s, int send) l += i; rec->length += i; } -#ifdef KSSL_DEBUG - { - unsigned long ui; - fprintf(stderr, - "EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", - ds, rec->data, rec->input, l); - fprintf(stderr, - "\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%lu %lu], %d iv_len\n", - ds->buf_len, ds->cipher->key_len, DES_KEY_SZ, - DES_SCHEDULE_SZ, ds->cipher->iv_len); - fprintf(stderr, "\t\tIV: "); - for (i = 0; i < ds->cipher->iv_len; i++) - fprintf(stderr, "%02X", ds->iv[i]); - fprintf(stderr, "\n"); - fprintf(stderr, "\trec->input="); - for (ui = 0; ui < l; ui++) - fprintf(stderr, " %02x", rec->input[ui]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ if (!send) { if (l == 0 || l % bs != 0) @@ -743,15 +719,6 @@ int tls1_enc(SSL *s, int send) rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN; rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN; } -#ifdef KSSL_DEBUG - { - unsigned long i; - fprintf(stderr, "\trec->data="); - for (i = 0; i < l; i++) - fprintf(stderr, " %02x", rec->data[i]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ ret = 1; if (!SSL_USE_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 85a3ef6..2228654 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -150,7 +150,6 @@ #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include #include #include @@ -1161,7 +1160,7 @@ int ssl3_get_server_hello(SSL *s) int ssl3_get_server_certificate(SSL *s) { - int al, i, ok, ret = -1; + int al, i, ok, ret = -1, exp_idx; unsigned long n, nc, llen, l; X509 *x = NULL; const unsigned char *q, *p; @@ -1169,8 +1168,6 @@ int ssl3_get_server_certificate(SSL *s) STACK_OF(X509) *sk = NULL; SESS_CERT *sc; EVP_PKEY *pkey = NULL; - int need_cert = 1; /* VRS: 0=> will allow null cert if auth == - * KRB5 */ n = s->method->ssl_get_message(s, SSL3_ST_CR_CERT_A, @@ -1180,9 +1177,7 @@ int ssl3_get_server_certificate(SSL *s) if (!ok) return ((int)n); - if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) || - ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) && - (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE))) { + if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) { s->s3->tmp.reuse_message = 1; return (1); } @@ -1237,12 +1232,7 @@ int ssl3_get_server_certificate(SSL *s) } i = ssl_verify_cert_chain(s, sk); - if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0) -#ifndef OPENSSL_NO_KRB5 - && !((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) -#endif /* OPENSSL_NO_KRB5 */ - ) { + if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) { al = ssl_verify_alarm_type(s->verify_result); SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, SSL_R_CERTIFICATE_VERIFY_FAILED); @@ -1275,21 +1265,7 @@ int ssl3_get_server_certificate(SSL *s) pkey = X509_get_pubkey(x); - /* VRS: allow null cert if auth == KRB5 */ - need_cert = ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5) && - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5)) - ? 0 : 1; - -#ifdef KSSL_DEBUG - fprintf(stderr, "pkey,x = %p, %p\n", pkey, x); - fprintf(stderr, "ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x, pkey)); - fprintf(stderr, "cipher, alg, nc = %s, %lx, %lx, %d\n", - s->s3->tmp.new_cipher->name, - s->s3->tmp.new_cipher->algorithm_mkey, - s->s3->tmp.new_cipher->algorithm_auth, need_cert); -#endif /* KSSL_DEBUG */ - - if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) { + if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) { x = NULL; al = SSL3_AL_FATAL; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1298,7 +1274,7 @@ int ssl3_get_server_certificate(SSL *s) } i = ssl_cert_type(x, pkey); - if (need_cert && i < 0) { + if (i < 0) { x = NULL; al = SSL3_AL_FATAL; SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, @@ -1306,35 +1282,27 @@ int ssl3_get_server_certificate(SSL *s) goto f_err; } - if (need_cert) { - int exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); - if (exp_idx >= 0 && i != exp_idx) { - x = NULL; - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, - SSL_R_WRONG_CERTIFICATE_TYPE); - goto f_err; - } - sc->peer_cert_type = i; - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - /* - * Why would the following ever happen? We just created sc a couple - * of lines ago. - */ - X509_free(sc->peer_pkeys[i].x509); - sc->peer_pkeys[i].x509 = x; - sc->peer_key = &(sc->peer_pkeys[i]); - - X509_free(s->session->peer); - CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); - s->session->peer = x; - } else { - sc->peer_cert_type = i; - sc->peer_key = NULL; - - X509_free(s->session->peer); - s->session->peer = NULL; + exp_idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher); + if (exp_idx >= 0 && i != exp_idx) { + x = NULL; + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, + SSL_R_WRONG_CERTIFICATE_TYPE); + goto f_err; } + sc->peer_cert_type = i; + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + /* + * Why would the following ever happen? We just created sc a couple + * of lines ago. + */ + X509_free(sc->peer_pkeys[i].x509); + sc->peer_pkeys[i].x509 = x; + sc->peer_key = &(sc->peer_pkeys[i]); + + X509_free(s->session->peer); + CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); + s->session->peer = x; s->session->verify_result = s->verify_result; x = NULL; @@ -2328,9 +2296,6 @@ int ssl3_send_client_key_exchange(SSL *s) unsigned char *q; EVP_PKEY *pkey = NULL; #endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_EC EC_KEY *clnt_ecdh = NULL; const EC_POINT *srvr_ecpoint = NULL; @@ -2413,131 +2378,6 @@ int ssl3_send_client_key_exchange(SSL *s) } } #endif -#ifndef OPENSSL_NO_KRB5 - else if (alg_k & SSL_kKRB5) { - krb5_error_code krb5rc; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - /* krb5_data krb5_ap_req; */ - krb5_data *enc_ticket; - krb5_data authenticator, *authp = NULL; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; - unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_IV_LENGTH]; - int padl, outl = sizeof(epms); - - EVP_CIPHER_CTX_init(&ciph_ctx); - -# ifdef KSSL_DEBUG - fprintf(stderr, "ssl3_send_client_key_exchange(%lx & %lx)\n", - alg_k, SSL_kKRB5); -# endif /* KSSL_DEBUG */ - - authp = NULL; -# ifdef KRB5SENDAUTH - if (KRB5SENDAUTH) - authp = &authenticator; -# endif /* KRB5SENDAUTH */ - - krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, &kssl_err); - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; -# ifdef KSSL_DEBUG - { - fprintf(stderr, "kssl_cget_tkt rtn %d\n", krb5rc); - if (krb5rc && kssl_err.text) - fprintf(stderr, "kssl_cget_tkt kssl_err=%s\n", - kssl_err.text); - } -# endif /* KSSL_DEBUG */ - - if (krb5rc) { - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } - - /*- - * 20010406 VRS - Earlier versions used KRB5 AP_REQ - * in place of RFC 2712 KerberosWrapper, as in: - * - * Send ticket (copy to *p, set n = length) - * n = krb5_ap_req.length; - * memcpy(p, krb5_ap_req.data, krb5_ap_req.length); - * if (krb5_ap_req.data) - * kssl_krb5_free_data_contents(NULL,&krb5_ap_req); - * - * Now using real RFC 2712 KerberosWrapper - * (Thanks to Simon Wilkinson ) - * Note: 2712 "opaque" types are here replaced - * with a 2-byte length followed by the value. - * Example: - * KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms - * Where "xx xx" = length bytes. Shown here with - * optional authenticator omitted. - */ - - /* KerberosWrapper.Ticket */ - s2n(enc_ticket->length, p); - memcpy(p, enc_ticket->data, enc_ticket->length); - p += enc_ticket->length; - n = enc_ticket->length + 2; - - /* KerberosWrapper.Authenticator */ - if (authp && authp->length) { - s2n(authp->length, p); - memcpy(p, authp->data, authp->length); - p += authp->length; - n += authp->length + 2; - - free(authp->data); - authp->data = NULL; - authp->length = 0; - } else { - s2n(0, p); /* null authenticator length */ - n += 2; - } - - pmslen = SSL_MAX_MASTER_KEY_LENGTH; - pms = OPENSSL_malloc(pmslen); - if (!pms) - goto memerr; - - pms[0] = s->client_version >> 8; - pms[1] = s->client_version & 0xff; - if (RAND_bytes(pms + 2, pmslen - 2) <= 0) - goto err; - - /*- - * 20010420 VRS. Tried it this way; failed. - * EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); - * EVP_CIPHER_CTX_set_key_length(&ciph_ctx, - * kssl_ctx->length); - * EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); - */ - - memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ - EVP_EncryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv); - EVP_EncryptUpdate(&ciph_ctx, epms, &outl, pms, pmslen); - EVP_EncryptFinal_ex(&ciph_ctx, &(epms[outl]), &padl); - outl += padl; - if (outl > (int)sizeof epms) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); - goto err; - } - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - /* KerberosWrapper.EncryptedPreMasterSecret */ - s2n(outl, p); - memcpy(p, epms, outl); - p += outl; - n += outl + 2; - OPENSSL_cleanse(epms, outl); - } -#endif #ifndef OPENSSL_NO_DH else if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { DH *dh_srvr, *dh_clnt; @@ -3394,7 +3234,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) alg_a = s->s3->tmp.new_cipher->algorithm_auth; /* we don't have a certificate */ - if ((alg_a & (SSL_aNULL | SSL_aKRB5)) || (alg_k & SSL_kPSK)) + if ((alg_a & SSL_aNULL) || (alg_k & SSL_kPSK)) return (1); sc = s->session->sess_cert; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 7e9faf4..e7f1898 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -151,7 +151,6 @@ #include #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include #ifndef OPENSSL_NO_DH # include @@ -601,233 +600,6 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { 168, }, -#ifndef OPENSSL_NO_KRB5 -/* The Kerberos ciphers*/ -/* Cipher 1E */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_SHA, - SSL3_CK_KRB5_DES_64_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - -/* Cipher 1F */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, - SSL3_CK_KRB5_DES_192_CBC3_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - -/* Cipher 20 */ - { - 1, - SSL3_TXT_KRB5_RC4_128_SHA, - SSL3_CK_KRB5_RC4_128_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 21 */ - { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_SHA, - SSL3_CK_KRB5_IDEA_128_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_SHA1, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 22 */ - { - 1, - SSL3_TXT_KRB5_DES_64_CBC_MD5, - SSL3_CK_KRB5_DES_64_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_LOW, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 56, - 56, - }, - -/* Cipher 23 */ - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, - SSL3_CK_KRB5_DES_192_CBC3_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_3DES, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 112, - 168, - }, - -/* Cipher 24 */ - { - 1, - SSL3_TXT_KRB5_RC4_128_MD5, - SSL3_CK_KRB5_RC4_128_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 25 */ - { - 1, - SSL3_TXT_KRB5_IDEA_128_CBC_MD5, - SSL3_CK_KRB5_IDEA_128_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_IDEA, - SSL_MD5, - SSL_SSLV3, - SSL_NOT_EXP | SSL_MEDIUM, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 128, - 128, - }, - -/* Cipher 26 */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_SHA, - SSL3_CK_KRB5_DES_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - -/* Cipher 27 */ - { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_SHA, - SSL3_CK_KRB5_RC2_40_CBC_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - -/* Cipher 28 */ - { - 1, - SSL3_TXT_KRB5_RC4_40_SHA, - SSL3_CK_KRB5_RC4_40_SHA, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_SHA1, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - -/* Cipher 29 */ - { - 1, - SSL3_TXT_KRB5_DES_40_CBC_MD5, - SSL3_CK_KRB5_DES_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_DES, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 56, - }, - -/* Cipher 2A */ - { - 1, - SSL3_TXT_KRB5_RC2_40_CBC_MD5, - SSL3_CK_KRB5_RC2_40_CBC_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC2, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, - -/* Cipher 2B */ - { - 1, - SSL3_TXT_KRB5_RC4_40_MD5, - SSL3_CK_KRB5_RC4_40_MD5, - SSL_kKRB5, - SSL_aKRB5, - SSL_RC4, - SSL_MD5, - SSL_SSLV3, - SSL_EXPORT | SSL_EXP40, - SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, - 40, - 128, - }, -#endif /* OPENSSL_NO_KRB5 */ - /* New AES ciphersuites */ /* Cipher 2F */ { @@ -4124,22 +3896,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, } #endif -#ifdef KSSL_DEBUG - /* - * fprintf(stderr,"ssl3_choose_cipher %d alg= %lx\n", - * i,c->algorithms); - */ -#endif /* KSSL_DEBUG */ - alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; -#ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) { - if (!kssl_keytab_is_available(s->kssl_ctx)) - continue; - } -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK /* with PSK there must be server callback set */ if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 80d04c9..04dbb7a 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -151,7 +151,6 @@ #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include "../crypto/constant_time_locl.h" #include #include @@ -163,9 +162,6 @@ # include #endif #include -#ifndef OPENSSL_NO_KRB5 -# include -#endif #include #ifndef OPENSSL_NO_SSL3_METHOD @@ -421,11 +417,10 @@ int ssl3_accept(SSL *s) case SSL3_ST_SW_CERT_A: case SSL3_ST_SW_CERT_B: /* Check if it is anon DH or anon ECDH, */ - /* normal PSK or KRB5 or SRP */ + /* normal PSK or SRP */ if (! (s->s3->tmp. - new_cipher->algorithm_auth & (SSL_aNULL | SSL_aKRB5 | - SSL_aSRP)) + new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) { ret = ssl3_send_server_certificate(s); if (ret <= 0) @@ -516,16 +511,12 @@ int ssl3_accept(SSL *s) * RFC 2246): */ ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL) && - /* - * ... except when the application insists on - * verification (against the specs, but s3_clnt.c accepts - * this for SSL 3) - */ - !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* - * never request cert in Kerberos ciphersuites + * ... except when the application insists on + * verification (against the specs, but s3_clnt.c accepts + * this for SSL 3) */ - (s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) || + !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || /* don't request certificate for SRP auth */ (s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP) /* @@ -2123,9 +2114,6 @@ int ssl3_get_client_key_exchange(SSL *s) BIGNUM *pub = NULL; DH *dh_srvr, *dh_clnt = NULL; #endif -#ifndef OPENSSL_NO_KRB5 - KSSL_ERR kssl_err; -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_EC EC_KEY *srvr_ecdh = NULL; @@ -2391,189 +2379,6 @@ int ssl3_get_client_key_exchange(SSL *s) return 2; } else #endif -#ifndef OPENSSL_NO_KRB5 - if (alg_k & SSL_kKRB5) { - krb5_error_code krb5rc; - krb5_data enc_ticket; - krb5_data authenticator; - krb5_data enc_pms; - KSSL_CTX *kssl_ctx = s->kssl_ctx; - EVP_CIPHER_CTX ciph_ctx; - const EVP_CIPHER *enc = NULL; - unsigned char iv[EVP_MAX_IV_LENGTH]; - unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH + EVP_MAX_BLOCK_LENGTH]; - int padl, outl; - krb5_timestamp authtime = 0; - krb5_ticket_times ttimes; - - EVP_CIPHER_CTX_init(&ciph_ctx); - - if (!kssl_ctx) - kssl_ctx = kssl_ctx_new(); - - n2s(p, i); - enc_ticket.length = i; - - if (n < (long)(enc_ticket.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - enc_ticket.data = (char *)p; - p += enc_ticket.length; - - n2s(p, i); - authenticator.length = i; - - if (n < (long)(enc_ticket.length + authenticator.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - authenticator.data = (char *)p; - p += authenticator.length; - - n2s(p, i); - enc_pms.length = i; - enc_pms.data = (char *)p; - p += enc_pms.length; - - /* - * Note that the length is checked again below, ** after decryption - */ - if (enc_pms.length > sizeof pms) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if (n != (long)(enc_ticket.length + authenticator.length + - enc_pms.length + 6)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - - if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, - &kssl_err)) != 0) { -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_sget_tkt rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - fprintf(stderr, "kssl_err text= %s\n", kssl_err.text); -# endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } - - /* - * Note: no authenticator is not considered an error, ** but will - * return authtime == 0. - */ - if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, - &authtime, &kssl_err)) != 0) { -# ifdef KSSL_DEBUG - fprintf(stderr, "kssl_check_authent rtn %d [%d]\n", - krb5rc, kssl_err.reason); - if (kssl_err.text) - fprintf(stderr, "kssl_err text= %s\n", kssl_err.text); -# endif /* KSSL_DEBUG */ - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, kssl_err.reason); - goto err; - } - - if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, krb5rc); - goto err; - } -# ifdef KSSL_DEBUG - kssl_ctx_show(kssl_ctx); -# endif /* KSSL_DEBUG */ - - enc = kssl_map_enc(kssl_ctx->enctype); - if (enc == NULL) - goto err; - - memset(iv, 0, sizeof(iv)); /* per RFC 1510 */ - - if (!EVP_DecryptInit_ex(&ciph_ctx, enc, NULL, kssl_ctx->key, iv)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (!EVP_DecryptUpdate(&ciph_ctx, pms, &outl, - (unsigned char *)enc_pms.data, enc_pms.length)) - { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - if (outl > SSL_MAX_MASTER_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!EVP_DecryptFinal_ex(&ciph_ctx, &(pms[outl]), &padl)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DECRYPTION_FAILED); - goto err; - } - outl += padl; - if (outl > SSL_MAX_MASTER_KEY_LENGTH) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_R_DATA_LENGTH_TOO_LONG); - goto err; - } - if (!((pms[0] == (s->client_version >> 8)) - && (pms[1] == (s->client_version & 0xff)))) { - /* - * The premaster secret must contain the same version number as - * the ClientHello to detect version rollback attacks (strangely, - * the protocol does not offer such protection for DH - * ciphersuites). However, buggy clients exist that send random - * bytes instead of the protocol version. If - * SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. - * (Perhaps we should have a separate BUG value for the Kerberos - * cipher) - */ - if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, - SSL_AD_DECODE_ERROR); - goto err; - } - } - - EVP_CIPHER_CTX_cleanup(&ciph_ctx); - - s->session->master_key_length = - s->method->ssl3_enc->generate_master_secret(s, - s-> - session->master_key, - pms, outl); - if (s->session->master_key_length < 0) { - al = SSL_AD_INTERNAL_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); - goto f_err; - } - - if (kssl_ctx->client_princ) { - size_t len = strlen(kssl_ctx->client_princ); - if (len < SSL_MAX_KRB5_PRINCIPAL_LENGTH) { - s->session->krb5_client_princ_len = len; - memcpy(s->session->krb5_client_princ, kssl_ctx->client_princ, - len); - } - } - - /*- Was doing kssl_ctx_free() here, - * but it caused problems for apache. - * kssl_ctx = kssl_ctx_free(kssl_ctx); - * if (s->kssl_ctx) s->kssl_ctx = NULL; - */ - } else -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_EC if (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) { @@ -3303,14 +3108,9 @@ int ssl3_send_server_certificate(SSL *s) if (s->state == SSL3_ST_SW_CERT_A) { cpk = ssl_get_server_send_pkey(s); if (cpk == NULL) { - /* VRS: allow null cert if auth == KRB5 */ - if ((s->s3->tmp.new_cipher->algorithm_auth != SSL_aKRB5) || - (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kKRB5)) { - SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, - ERR_R_INTERNAL_ERROR); - s->state = SSL_ST_ERR; - return (0); - } + SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR); + s->state = SSL_ST_ERR; + return (0); } if (!ssl3_output_cert_chain(s, cpk)) { diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 0df80f0..9a20b54 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -215,7 +215,7 @@ $ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ - "ssl_ciph,ssl_stat,ssl_rsa,"+ - "ssl_asn1,ssl_txt,ssl_algs,ssl_conf,"+ - - "bio_ssl,ssl_err,kssl,t1_reneg,tls_srp,t1_trce,ssl_utst" + "bio_ssl,ssl_err,t1_reneg,tls_srp,t1_trce,ssl_utst" $! $! Tell The User That We Are Compiling The Library. $! diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 3e84917..51cc72a 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -95,9 +95,6 @@ typedef struct { ASN1_OCTET_STRING *comp_id; ASN1_OCTET_STRING *master_key; ASN1_OCTET_STRING *session_id; -#ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING *krb5_princ; -#endif ASN1_OCTET_STRING *key_arg; long time; long timeout; @@ -125,9 +122,6 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING), ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING), ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING), -#ifndef OPENSSL_NO_KRB5 - ASN1_OPT(SSL_SESSION_ASN1, krb5_princ, ASN1_OCTET_STRING), -#endif ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0), ASN1_EXP_OPT(SSL_SESSION_ASN1, time, ZLONG, 1), ASN1_EXP_OPT(SSL_SESSION_ASN1, timeout, ZLONG, 2), @@ -195,10 +189,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; #endif -#ifndef OPENSSL_NO_KRB5 - ASN1_OCTET_STRING krb5_princ; -#endif - #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; #endif @@ -241,12 +231,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) ssl_session_oinit(&as.session_id_context, &sid_ctx, in->sid_ctx, in->sid_ctx_length); -#ifndef OPENSSL_NO_KRB5 - if (in->krb5_client_princ_len) { - ssl_session_oinit(&as.krb5_princ, &krb5_princ, - in->krb5_client_princ, in->krb5_client_princ_len); - } -#endif /* OPENSSL_NO_KRB5 */ as.time = in->time; as.timeout = in->timeout; @@ -368,12 +352,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, ret->master_key_length = tmpl; -#ifndef OPENSSL_NO_KRB5 - if (!ssl_session_memcpy(ret->krb5_client_princ, &ret->krb5_client_princ_len, - as->krb5_princ, SSL_MAX_KRB5_PRINCIPAL_LENGTH)) - goto err; -#endif /* OPENSSL_NO_KRB5 */ - if (as->time != 0) ret->time = as->time; else diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index ddedf5c..39b5a71 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -305,8 +305,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_DH, 0, SSL_kDHr | SSL_kDHd | SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kKRB5, 0, SSL_kKRB5, 0, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_kECDHr, 0, SSL_kECDHr, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDHe, 0, SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_kECDH, 0, SSL_kECDHr | SSL_kECDHe, 0, 0, 0, 0, 0, 0, 0, 0}, @@ -323,7 +321,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_aRSA, 0, 0, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aDSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_DSS, 0, 0, SSL_aDSS, 0, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_aKRB5, 0, 0, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_aNULL, 0, 0, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, /* no such ciphersuites supported! */ {0, SSL_TXT_aDH, 0, 0, SSL_aDH, 0, 0, 0, 0, 0, 0, 0}, @@ -342,7 +339,6 @@ static const SSL_CIPHER cipher_aliases[] = { {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_NULL, 0, 0, 0, SSL_eNULL, 0, 0, 0, 0, 0, 0}, - {0, SSL_TXT_KRB5, 0, SSL_kKRB5, SSL_aKRB5, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0}, @@ -693,10 +689,6 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, *mkey |= SSL_kDHr | SSL_kDHd | SSL_kDHE; *auth |= SSL_aDH; #endif -#ifdef OPENSSL_NO_KRB5 - *mkey |= SSL_kKRB5; - *auth |= SSL_aKRB5; -#endif #ifdef OPENSSL_NO_EC *mkey |= SSL_kECDHe | SSL_kECDHr; *auth |= SSL_aECDSA | SSL_aECDH; @@ -801,10 +793,6 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, co_list[co_list_num].prev = NULL; co_list[co_list_num].active = 0; co_list_num++; -#ifdef KSSL_DEBUG - fprintf(stderr, "\t%d: %s %lx %lx %lx\n", i, c->name, c->id, - c->algorithm_mkey, c->algorithm_auth); -#endif /* KSSL_DEBUG */ /* * if (!sk_push(ca_list,(char *)c)) goto err; */ @@ -1446,10 +1434,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK * it is used for allocation. */ num_of_ciphers = ssl_method->num_ciphers(); -#ifdef KSSL_DEBUG - fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n", - num_of_ciphers); -#endif /* KSSL_DEBUG */ + co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers); if (co_list == NULL) { SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE); @@ -1502,8 +1487,6 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK &tail); ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, - &tail); /* RC4 is sort-of broken -- move the the end */ ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, @@ -1616,13 +1599,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) const char *ver, *exp_str; const char *kx, *au, *enc, *mac; unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl; -#ifdef KSSL_DEBUG - static const char *format = - "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx/%lx/%lx/%lx/%lx\n"; -#else static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; -#endif /* KSSL_DEBUG */ alg_mkey = cipher->algorithm_mkey; alg_auth = cipher->algorithm_auth; @@ -1652,9 +1630,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kDHd: kx = "DH/DSS"; break; - case SSL_kKRB5: - kx = "KRB5"; - break; case SSL_kDHE: kx = is_export ? (pkl == 512 ? "DH(512)" : "DH(1024)") : "DH"; break; @@ -1690,9 +1665,6 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_aDH: au = "DH"; break; - case SSL_aKRB5: - au = "KRB5"; - break; case SSL_aECDH: au = "ECDH"; break; @@ -1802,13 +1774,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) } else if (len < 128) return ("Buffer too small"); -#ifdef KSSL_DEBUG - BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, - exp_str, alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl); -#else BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac, exp_str); -#endif /* KSSL_DEBUG */ + return (buf); } @@ -2000,9 +1968,6 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) return SSL_PKEY_DSA_SIGN; else if (alg_a & SSL_aRSA) return SSL_PKEY_RSA_ENC; - else if (alg_a & SSL_aKRB5) - /* VRS something else here? */ - return -1; else if (alg_a & SSL_aGOST94) return SSL_PKEY_GOST94; else if (alg_a & SSL_aGOST01) diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 3396a50..24891ad 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -462,17 +462,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, {ERR_REASON(SSL_R_INVALID_TRUST), "invalid trust"}, - {ERR_REASON(SSL_R_KRB5), "krb5"}, - {ERR_REASON(SSL_R_KRB5_C_CC_PRINC), "krb5 client cc principal (no tkt?)"}, - {ERR_REASON(SSL_R_KRB5_C_GET_CRED), "krb5 client get cred"}, - {ERR_REASON(SSL_R_KRB5_C_INIT), "krb5 client init"}, - {ERR_REASON(SSL_R_KRB5_C_MK_REQ), "krb5 client mk_req (expired tkt?)"}, - {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET), "krb5 server bad ticket"}, - {ERR_REASON(SSL_R_KRB5_S_INIT), "krb5 server init"}, - {ERR_REASON(SSL_R_KRB5_S_RD_REQ), "krb5 server rd_req (keytab perms?)"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED), "krb5 server tkt expired"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_NYV), "krb5 server tkt not yet valid"}, - {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW), "krb5 server tkt skew"}, {ERR_REASON(SSL_R_LENGTH_MISMATCH), "length mismatch"}, {ERR_REASON(SSL_R_LENGTH_TOO_SHORT), "length too short"}, {ERR_REASON(SSL_R_LIBRARY_BUG), "library bug"}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 441c6fa..3828018 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -147,7 +147,6 @@ #endif #include #include "ssl_locl.h" -#include "kssl_lcl.h" #include #include #include @@ -279,10 +278,6 @@ SSL *SSL_new(SSL_CTX *ctx) RECORD_LAYER_init(&s->rlayer, s); -#ifndef OPENSSL_NO_KRB5 - s->kssl_ctx = kssl_ctx_new(); -#endif /* OPENSSL_NO_KRB5 */ - s->options = ctx->options; s->mode = ctx->mode; s->max_cert_list = ctx->max_cert_list; @@ -584,11 +579,6 @@ void SSL_free(SSL *s) SSL_CTX_free(s->ctx); -#ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx != NULL) - kssl_ctx_free(s->kssl_ctx); -#endif /* OPENSSL_NO_KRB5 */ - #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(s->next_proto_negotiated); #endif @@ -2217,13 +2207,6 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) mask_a |= SSL_aNULL; emask_a |= SSL_aNULL; -#ifndef OPENSSL_NO_KRB5 - mask_k |= SSL_kKRB5; - mask_a |= SSL_aKRB5; - emask_k |= SSL_kKRB5; - emask_a |= SSL_aKRB5; -#endif - /* * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites * depending on the key usage extension. diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 64feb84..f9c4e12 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -300,8 +300,6 @@ # define SSL_kDHE 0x00000008L /* synonym */ # define SSL_kEDH SSL_kDHE -/* Kerberos5 key exchange */ -# define SSL_kKRB5 0x00000010L /* ECDH cert, RSA CA cert */ # define SSL_kECDHr 0x00000020L /* ECDH cert, ECDSA CA cert */ @@ -328,8 +326,6 @@ # define SSL_aDH 0x00000008L /* Fixed ECDH auth (kECDHe or kECDHr) */ # define SSL_aECDH 0x00000010L -/* KRB5 auth */ -# define SSL_aKRB5 0x00000020L /* ECDSA auth*/ # define SSL_aECDSA 0x00000040L /* PSK auth */ @@ -585,7 +581,6 @@ struct ssl_method_st { * Cipher OCTET STRING, -- the 3 byte cipher ID * Session_ID OCTET STRING, -- the Session ID * Master_key OCTET STRING, -- the master key - * KRB5_principal OCTET STRING -- optional Kerberos principal * Key_Arg [ 0 ] IMPLICIT OCTET STRING, -- the optional Key argument * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds @@ -619,10 +614,6 @@ struct ssl_session_st { */ unsigned int sid_ctx_length; unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; -# ifndef OPENSSL_NO_KRB5 - unsigned int krb5_client_princ_len; - unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; -# endif /* OPENSSL_NO_KRB5 */ # ifndef OPENSSL_NO_PSK char *psk_identity_hint; char *psk_identity; @@ -1074,10 +1065,6 @@ struct ssl_st { int error; /* actual code */ int error_code; -# ifndef OPENSSL_NO_KRB5 - /* Kerberos 5 context */ - KSSL_CTX *kssl_ctx; -# endif /* OPENSSL_NO_KRB5 */ # ifndef OPENSSL_NO_PSK unsigned int (*psk_client_callback) (SSL *ssl, const char *hint, char *identity, diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 4e73f04..2be9592 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -772,20 +772,6 @@ int SSL_set_session(SSL *s, SSL_SESSION *session) if (!SSL_set_ssl_method(s, meth)) return (0); } -#ifndef OPENSSL_NO_KRB5 - if (s->kssl_ctx && !s->kssl_ctx->client_princ && - session->krb5_client_princ_len > 0) { - s->kssl_ctx->client_princ = - OPENSSL_malloc(session->krb5_client_princ_len + 1); - if (s->kssl_ctx->client_princ == NULL) { - SSLerr(SSL_F_SSL_SET_SESSION, ERR_R_MALLOC_FAILURE); - return (0); - } - memcpy(s->kssl_ctx->client_princ, session->krb5_client_princ, - session->krb5_client_princ_len); - s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; - } -#endif /* OPENSSL_NO_KRB5 */ /* CRYPTO_w_lock(CRYPTO_LOCK_SSL); */ CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION); diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 918e75e..0da2bb4 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -165,18 +165,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0) goto err; } -#ifndef OPENSSL_NO_KRB5 - if (BIO_puts(bp, "\n Krb5 Principal: ") <= 0) - goto err; - if (x->krb5_client_princ_len == 0) { - if (BIO_puts(bp, "None") <= 0) - goto err; - } else - for (i = 0; i < x->krb5_client_princ_len; i++) { - if (BIO_printf(bp, "%02X", x->krb5_client_princ[i]) <= 0) - goto err; - } -#endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_PSK if (BIO_puts(bp, "\n PSK identity: ") <= 0) goto err; diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 47bab99..8c53aa8 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -144,9 +144,6 @@ #include #include #include -#ifdef KSSL_DEBUG -# include -#endif /* seed1 through seed5 are virtually concatenated */ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec, @@ -302,17 +299,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km, SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0, NULL, 0, s->session->master_key, s->session->master_key_length, km, tmp, num); -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_generate_key_block() ==> %d byte master_key =\n\t", - s->session->master_key_length); - { - int i; - for (i = 0; i < s->session->master_key_length; i++) { - fprintf(stderr, "%02X", s->session->master_key[i]); - } - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ + return ret; } @@ -348,24 +335,6 @@ int tls1_change_cipher_state(SSL *s, int which) comp = s->s3->tmp.new_compression; #endif -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_change_cipher_state(which= %d) w/\n", which); - fprintf(stderr, "\talg= %ld/%ld, comp= %p\n", - s->s3->tmp.new_cipher->algorithm_mkey, - s->s3->tmp.new_cipher->algorithm_auth, comp); - fprintf(stderr, "\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); - fprintf(stderr, "\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", - c->nid, c->block_size, c->key_len, c->iv_len); - fprintf(stderr, "\tkey_block: len= %d, data= ", - s->s3->tmp.key_block_length); - { - int i; - for (i = 0; i < s->s3->tmp.key_block_length; i++) - fprintf(stderr, "%02x", s->s3->tmp.key_block[i]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ - if (which & SSL3_CC_READ) { if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC) s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM; @@ -530,20 +499,6 @@ int tls1_change_cipher_state(SSL *s, int which) iv = &(iv1[k]); } } -#ifdef KSSL_DEBUG - { - int i; - fprintf(stderr, "EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); - fprintf(stderr, "\tkey= "); - for (i = 0; i < c->key_len; i++) - fprintf(stderr, "%02x", key[i]); - fprintf(stderr, "\n"); - fprintf(stderr, "\t iv= "); - for (i = 0; i < c->iv_len; i++) - fprintf(stderr, "%02x", iv[i]); - fprintf(stderr, "\n"); - } -#endif /* KSSL_DEBUG */ if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) { if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE)) @@ -621,10 +576,6 @@ int tls1_setup_key_block(SSL *s) int mac_type = NID_undef, mac_secret_size = 0; int ret = 0; -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_setup_key_block()\n"); -#endif /* KSSL_DEBUG */ - if (s->s3->tmp.key_block_length != 0) return (1); @@ -778,11 +729,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, { unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_generate_master_secret(%p,%p, %p, %d)\n", s, out, p, - len); -#endif /* KSSL_DEBUG */ - if (s->session->flags & SSL_SESS_FLAG_EXTMS) { unsigned char hash[EVP_MAX_MD_SIZE * 2]; int hashlen; @@ -848,9 +794,6 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, } #endif -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_generate_master_secret() complete\n"); -#endif /* KSSL_DEBUG */ return (SSL3_MASTER_SECRET_SIZE); } @@ -864,11 +807,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, size_t vallen, currentvalpos; int rv; -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_export_keying_material(%p,%p,%lu,%s,%lu,%p,%lu)\n", - s, out, olen, label, llen, context, contextlen); -#endif /* KSSL_DEBUG */ - buff = OPENSSL_malloc(olen); if (buff == NULL) goto err2; @@ -936,9 +874,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, OPENSSL_cleanse(val, vallen); OPENSSL_cleanse(buff, olen); -#ifdef KSSL_DEBUG - fprintf(stderr, "tls1_export_keying_material() complete\n"); -#endif /* KSSL_DEBUG */ goto ret; err1: SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f8ed091..9d90c1c 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1068,12 +1068,6 @@ void ssl_set_client_disabled(SSL *s) c->mask_k |= SSL_kDHd; if (c->mask_a & SSL_aECDSA) c->mask_k |= SSL_kECDHe; -# ifndef OPENSSL_NO_KRB5 - if (!kssl_tgt_is_available(s->kssl_ctx)) { - c->mask_a |= SSL_aKRB5; - c->mask_k |= SSL_kKRB5; - } -# endif # ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index f8d19b8..6596c87 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -778,10 +778,6 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "dh_dss"; return SSL_kDHd; } - if (alg_k & SSL_kKRB5) { - *pname = "krb5"; - return SSL_kKRB5; - } if (alg_k & SSL_kDHE) { *pname = "DHE"; return SSL_kDHE; diff --git a/test/Makefile b/test/Makefile index 97837e1..4c1d9d0 100644 --- a/test/Makefile +++ b/test/Makefile @@ -5,13 +5,10 @@ DIR= test TOP= .. CC= cc -INCLUDES= -I$(TOP) -I../include -I../crypto/include $(KRB5_INCLUDES) -I$(TOP)/fips +INCLUDES= -I$(TOP) -I../include -I../crypto/include -I$(TOP)/fips CFLAG= -g MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) PERL= perl -# KRB5 stuff -KRB5_INCLUDES= -LIBKRB5= PEX_LIBS= EX_LIBS= #-lnsl -lsocket @@ -419,14 +416,14 @@ $(DLIBCRYPTO): BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ - LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO)"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o $$testutil" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ link_app.$${shlib_target} BUILD_CMD_STATIC=shlib_target=; \ - LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO) $(LIBKRB5)"; \ + LIBRARIES="$(DLIBSSL) $(DLIBCRYPTO)"; \ $(MAKE) -f $(TOP)/Makefile.shared -e \ APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o $$testutil" \ LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \ @@ -478,7 +475,7 @@ FIPS_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ FIPS_CRYPTO_BUILD_CMD=shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \ shlib_target="$(SHLIB_TARGET)"; \ fi; \ - LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \ + LIBRARIES="$(LIBSSL) $(LIBCRYPTO)"; \ if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \ FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \ fi; \ @@ -736,9 +733,8 @@ heartbeat_test.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h heartbeat_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h heartbeat_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h heartbeat_test.o: ../include/openssl/evp.h ../include/openssl/hmac.h -heartbeat_test.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -heartbeat_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -heartbeat_test.o: ../include/openssl/opensslconf.h +heartbeat_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +heartbeat_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h heartbeat_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h heartbeat_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h heartbeat_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h @@ -844,21 +840,20 @@ ssltest.o: ../include/openssl/e_os2.h ../include/openssl/ec.h ssltest.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h ssltest.o: ../include/openssl/engine.h ../include/openssl/err.h ssltest.o: ../include/openssl/evp.h ../include/openssl/hmac.h -ssltest.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -ssltest.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -ssltest.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -ssltest.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -ssltest.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -ssltest.o: ../include/openssl/sha.h ../include/openssl/srp.h -ssltest.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssltest.o: ../include/openssl/x509v3.h ../ssl/record/record.h ../ssl/ssl_locl.h -ssltest.o: ssltest.c +ssltest.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +ssltest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +ssltest.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h +ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h +ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h +ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h +ssltest.o: ../include/openssl/srp.h ../include/openssl/srtp.h +ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c testutil.o: ../e_os.h ../include/openssl/e_os2.h testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h diff --git a/test/ssltest.c b/test/ssltest.c index e531b32..1fa2aa2c 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1719,21 +1719,6 @@ int main(int argc, char *argv[]) c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); -#ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) { - char localhost[MAXHOSTNAMELEN + 2]; - - if (gethostname(localhost, sizeof localhost - 1) == 0) { - localhost[sizeof localhost - 1] = '\0'; - if (strlen(localhost) == sizeof localhost - 1) { - BIO_printf(bio_err, "localhost name too long\n"); - goto end; - } - kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, localhost); - } - } -#endif /* OPENSSL_NO_KRB5 */ - BIO_printf(bio_stdout, "Doing handshakes=%d bytes=%ld\n", number, bytes); for (i = 0; i < number; i++) { if (!reuse) { diff --git a/util/clean-depend.pl b/util/clean-depend.pl index d3525b0..04d86b6 100755 --- a/util/clean-depend.pl +++ b/util/clean-depend.pl @@ -23,8 +23,6 @@ while() { @deps=grep(!/^\//, at deps); @deps=grep(!/^\\$/, at deps); @deps=grep(!/^$origfile$/, at deps); -# pull out the kludged kerberos header (if present). - @deps=grep(!/^[.\/]+\/krb5.h/, at deps); push @{$files{$thisfile}}, at deps; } diff --git a/util/domd b/util/domd index efbfb3a..552a352 100755 --- a/util/domd +++ b/util/domd @@ -12,8 +12,6 @@ fi if [ "$MAKEDEPEND" = "" ]; then MAKEDEPEND=makedepend; fi cp Makefile Makefile.save -# fake the presence of Kerberos -touch $TOP/krb5.h if expr "$MAKEDEPEND" : '.*cc' > /dev/null; then args="" while [ $# -gt 0 ]; do @@ -32,7 +30,5 @@ else RC=$? fi mv Makefile.new Makefile -# unfake the presence of Kerberos -rm $TOP/krb5.h exit $RC diff --git a/util/indent.pro b/util/indent.pro index 87e2b3b..5a6d452 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -305,16 +305,6 @@ -T JPAKE_STEP_PART -T JPAKE_ZKP -T KEY_TABLE_TYPE --T KRB5_APREQBODY --T KRB5_AUTHDATA --T KRB5_AUTHENTBODY --T KRB5_CHECKSUM --T KRB5_ENCDATA --T KRB5_ENCKEY --T KRB5_PRINCNAME --T KRB5_TKTBODY --T KSSL_CTX --T KSSL_ERR -T LHASH -T LHASH_COMP_FN_TYPE -T LHASH_DOALL_ARG_FN_TYPE @@ -652,9 +642,6 @@ -T STACK_OF_GENERAL_SUBTREE_ -T STACK_OF_IPAddressFamily_ -T STACK_OF_IPAddressOrRange_ --T STACK_OF_KRB5_APREQBODY_ --T STACK_OF_KRB5_AUTHENTBODY_ --T STACK_OF_KRB5_TKTBODY_ -T STACK_OF_MEM_OBJECT_DATA_ -T STACK_OF_MIME_HEADER_ -T STACK_OF_MIME_PARAM_ @@ -721,26 +708,6 @@ -T clock_t -T custom_ext_methods -T hm_fragment --T krb5_auth_context --T krb5_authdata --T KRB5_CALLCONV --T krb5_ccache --T krb5_context --T krb5_creds --T krb5_data --T krb5_deltat --T krb5_flags --T krb5_int32 --T krb5_keyblock --T krb5_keytab --T krb5_keytab_entry --T krb5_octet --T krb5_principal --T krb5_principal_data --T krb5_rcache --T krb5_ticket --T krb5_ticket_times --T krb5_timestamp -T record_pqueue -T ssl_ctx_st -T ssl_flag_tbl diff --git a/util/libeay.num b/util/libeay.num index b3dcd5d..d41686f 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1950,8 +1950,8 @@ ASN1_UTF8STRING_it 2527 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI ENGINE_unregister_ciphers 2528 EXIST::FUNCTION:ENGINE ENGINE_get_ciphers 2529 EXIST::FUNCTION:ENGINE d2i_OCSP_BASICRESP 2530 EXIST::FUNCTION: -KRB5_CHECKSUM_it 2531 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_CHECKSUM_it 2531 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_CHECKSUM_it 2531 NOEXIST::FUNCTION: +KRB5_CHECKSUM_it 2531 NOEXIST::FUNCTION: EC_POINT_add 2532 EXIST::FUNCTION:EC ASN1_item_ex_i2d 2533 EXIST::FUNCTION: OCSP_CERTID_it 2534 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -1982,8 +1982,8 @@ OCSP_SIGNATURE_it 2554 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_CRL_it 2555 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CRL_it 2555 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_BASICRESP_add_ext 2556 EXIST::FUNCTION: -KRB5_ENCKEY_it 2557 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_ENCKEY_it 2557 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_ENCKEY_it 2557 NOEXIST::FUNCTION: +KRB5_ENCKEY_it 2557 NOEXIST::FUNCTION: UI_method_set_closer 2558 EXIST::FUNCTION: X509_STORE_set_purpose 2559 EXIST::FUNCTION: i2d_ASN1_GENERALSTRING 2560 EXIST::FUNCTION: @@ -1996,11 +1996,11 @@ _ossl_old_des_random_key 2566 NOEXIST::FUNCTION: ASN1_T61STRING_it 2567 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_T61STRING_it 2567 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_method_of 2568 EXIST::FUNCTION:EC -i2d_KRB5_APREQ 2569 EXIST::FUNCTION: +i2d_KRB5_APREQ 2569 NOEXIST::FUNCTION: _ossl_old_des_encrypt 2570 NOEXIST::FUNCTION: ASN1_PRINTABLE_new 2571 EXIST::FUNCTION: HMAC_Init_ex 2572 EXIST::FUNCTION: -d2i_KRB5_AUTHENT 2573 EXIST::FUNCTION: +d2i_KRB5_AUTHENT 2573 NOEXIST::FUNCTION: OCSP_archive_cutoff_new 2574 EXIST::FUNCTION: EC_POINT_set_Jprojective_coordinates_GFp 2575 EXIST:!VMS:FUNCTION:EC EC_POINT_set_Jproj_coords_GFp 2575 EXIST:VMS:FUNCTION:EC @@ -2017,11 +2017,11 @@ ENGINE_register_DH 2584 EXIST::FUNCTION:ENGINE UI_construct_prompt 2585 EXIST::FUNCTION: X509_STORE_set_trust 2586 EXIST::FUNCTION: UI_dup_input_string 2587 EXIST::FUNCTION: -d2i_KRB5_APREQ 2588 EXIST::FUNCTION: +d2i_KRB5_APREQ 2588 NOEXIST::FUNCTION: EVP_MD_CTX_copy_ex 2589 EXIST::FUNCTION: OCSP_request_is_signed 2590 EXIST::FUNCTION: i2d_OCSP_REQINFO 2591 EXIST::FUNCTION: -KRB5_ENCKEY_free 2592 EXIST::FUNCTION: +KRB5_ENCKEY_free 2592 NOEXIST::FUNCTION: OCSP_resp_get0 2593 EXIST::FUNCTION: GENERAL_NAME_it 2594 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: GENERAL_NAME_it 2594 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2059,10 +2059,10 @@ ENGINE_register_ciphers 2620 EXIST::FUNCTION:ENGINE BN_mod_lshift_quick 2621 EXIST::FUNCTION: DSO_set_filename 2622 EXIST::FUNCTION: ASN1_item_free 2623 EXIST::FUNCTION: -KRB5_TKTBODY_free 2624 EXIST::FUNCTION: +KRB5_TKTBODY_free 2624 NOEXIST::FUNCTION: AUTHORITY_KEYID_it 2625 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: AUTHORITY_KEYID_it 2625 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_APREQBODY_new 2626 EXIST::FUNCTION: +KRB5_APREQBODY_new 2626 NOEXIST::FUNCTION: X509V3_EXT_REQ_add_nconf 2627 EXIST::FUNCTION: ENGINE_ctrl_cmd_string 2628 EXIST::FUNCTION:ENGINE i2d_OCSP_RESPDATA 2629 EXIST::FUNCTION: @@ -2071,7 +2071,7 @@ EXTENDED_KEY_USAGE_free 2631 EXIST::FUNCTION: PKCS7_ATTR_SIGN_it 2632 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ATTR_SIGN_it 2632 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_add_error_string 2633 EXIST::FUNCTION: -KRB5_CHECKSUM_free 2634 EXIST::FUNCTION: +KRB5_CHECKSUM_free 2634 NOEXIST::FUNCTION: OCSP_REQUEST_get_ext 2635 EXIST::FUNCTION: ENGINE_load_ubsec 2636 EXIST::FUNCTION:ENGINE,STATIC_ENGINE ENGINE_register_all_digests 2637 EXIST::FUNCTION:ENGINE @@ -2085,7 +2085,7 @@ X509_REVOKED_it 2642 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA X509_REVOKED_it 2642 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ASN1_STRING_encode 2643 NOEXIST::FUNCTION: EVP_aes_128_ecb 2644 EXIST::FUNCTION:AES -KRB5_AUTHENT_free 2645 EXIST::FUNCTION: +KRB5_AUTHENT_free 2645 NOEXIST::FUNCTION: OCSP_BASICRESP_get_ext_by_critical 2646 EXIST:!VMS:FUNCTION: OCSP_BASICRESP_get_ext_by_crit 2646 EXIST:VMS:FUNCTION: OCSP_cert_status_str 2647 EXIST::FUNCTION: @@ -2113,7 +2113,7 @@ ENGINE_unregister_DSA 2665 EXIST::FUNCTION:ENGINE _ossl_old_des_key_sched 2666 NOEXIST::FUNCTION: X509_EXTENSION_it 2667 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_EXTENSION_it 2667 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_KRB5_AUTHENT 2668 EXIST::FUNCTION: +i2d_KRB5_AUTHENT 2668 NOEXIST::FUNCTION: SXNETID_it 2669 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: SXNETID_it 2669 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: d2i_OCSP_SINGLERESP 2670 EXIST::FUNCTION: @@ -2123,7 +2123,7 @@ _ossl_old_des_ofb64_encrypt 2673 NOEXIST::FUNCTION: d2i_EXTENDED_KEY_USAGE 2674 EXIST::FUNCTION: ERR_print_errors_cb 2675 EXIST::FUNCTION: ENGINE_set_ciphers 2676 EXIST::FUNCTION:ENGINE -d2i_KRB5_APREQBODY 2677 EXIST::FUNCTION: +d2i_KRB5_APREQBODY 2677 NOEXIST::FUNCTION: UI_method_get_flusher 2678 EXIST::FUNCTION: X509_PUBKEY_it 2679 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_PUBKEY_it 2679 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2133,14 +2133,14 @@ PKCS7_ENCRYPT_it 2681 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI i2d_OCSP_RESPONSE 2682 EXIST::FUNCTION: EC_GROUP_get_cofactor 2683 EXIST::FUNCTION:EC PKCS12_unpack_p7data 2684 EXIST::FUNCTION: -d2i_KRB5_AUTHDATA 2685 EXIST::FUNCTION: +d2i_KRB5_AUTHDATA 2685 NOEXIST::FUNCTION: OCSP_copy_nonce 2686 EXIST::FUNCTION: -KRB5_AUTHDATA_new 2687 EXIST::FUNCTION: +KRB5_AUTHDATA_new 2687 NOEXIST::FUNCTION: OCSP_RESPDATA_new 2688 EXIST::FUNCTION: EC_GFp_mont_method 2689 EXIST::FUNCTION:EC OCSP_REVOKEDINFO_free 2690 EXIST::FUNCTION: UI_get_ex_data 2691 EXIST::FUNCTION: -KRB5_APREQBODY_free 2692 EXIST::FUNCTION: +KRB5_APREQBODY_free 2692 NOEXIST::FUNCTION: EC_GROUP_get0_generator 2693 EXIST::FUNCTION:EC UI_get_default_method 2694 EXIST::FUNCTION: X509V3_set_nconf 2695 EXIST::FUNCTION: @@ -2148,7 +2148,7 @@ PKCS12_item_i2d_encrypt 2696 EXIST::FUNCTION: X509_add1_ext_i2d 2697 EXIST::FUNCTION: PKCS7_SIGNER_INFO_it 2698 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_SIGNER_INFO_it 2698 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_PRINCNAME_new 2699 EXIST::FUNCTION: +KRB5_PRINCNAME_new 2699 NOEXIST::FUNCTION: PKCS12_SAFEBAG_it 2700 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS12_SAFEBAG_it 2700 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_get_order 2701 EXIST::FUNCTION:EC @@ -2192,8 +2192,8 @@ X509_ATTRIBUTE_it 2732 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA X509_ATTRIBUTE_it 2732 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_ONEREQ_get_ext_by_NID 2733 EXIST::FUNCTION: PKCS12_decrypt_skey 2734 EXIST::FUNCTION: -KRB5_AUTHENT_it 2735 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_AUTHENT_it 2735 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_AUTHENT_it 2735 NOEXIST::FUNCTION: +KRB5_AUTHENT_it 2735 NOEXIST::FUNCTION: UI_dup_error_string 2736 EXIST::FUNCTION: RSAPublicKey_it 2737 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA RSAPublicKey_it 2737 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA @@ -2210,8 +2210,8 @@ PKCS12_unpack_p7encdata 2746 EXIST::FUNCTION: HMAC_CTX_init 2747 EXIST::FUNCTION: ENGINE_get_digest 2748 EXIST::FUNCTION:ENGINE OCSP_RESPONSE_print 2749 EXIST::FUNCTION: -KRB5_TKTBODY_it 2750 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_TKTBODY_it 2750 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_TKTBODY_it 2750 NOEXIST::FUNCTION: +KRB5_TKTBODY_it 2750 NOEXIST::FUNCTION: ACCESS_DESCRIPTION_it 2751 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ACCESS_DESCRIPTION_it 2751 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PKCS7_ISSUER_AND_SERIAL_it 2752 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2239,12 +2239,12 @@ d2i_OCSP_CRLID 2768 EXIST::FUNCTION: EC_POINT_is_on_curve 2769 EXIST::FUNCTION:EC CRYPTO_set_locked_mem_ex_functions 2770 EXIST:!VMS:FUNCTION: CRYPTO_set_locked_mem_ex_funcs 2770 EXIST:VMS:FUNCTION: -d2i_KRB5_CHECKSUM 2771 EXIST::FUNCTION: +d2i_KRB5_CHECKSUM 2771 NOEXIST::FUNCTION: ASN1_item_dup 2772 EXIST::FUNCTION: X509_it 2773 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_it 2773 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: BN_mod_add 2774 EXIST::FUNCTION: -KRB5_AUTHDATA_free 2775 EXIST::FUNCTION: +KRB5_AUTHDATA_free 2775 NOEXIST::FUNCTION: _ossl_old_des_cbc_cksum 2776 NOEXIST::FUNCTION: ASN1_item_verify 2777 EXIST::FUNCTION: CRYPTO_set_mem_ex_functions 2778 EXIST::FUNCTION: @@ -2265,8 +2265,8 @@ ASN1_BMPSTRING_it 2787 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI ASN1_tag2bit 2788 EXIST::FUNCTION: UI_method_set_flusher 2789 EXIST::FUNCTION: X509_ocspid_print 2790 EXIST::FUNCTION: -KRB5_ENCDATA_it 2791 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_ENCDATA_it 2791 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_ENCDATA_it 2791 NOEXIST::FUNCTION: +KRB5_ENCDATA_it 2791 NOEXIST::FUNCTION: ENGINE_get_load_pubkey_function 2792 EXIST::FUNCTION:ENGINE UI_add_user_data 2793 EXIST::FUNCTION: OCSP_REQUEST_delete_ext 2794 EXIST::FUNCTION: @@ -2292,7 +2292,7 @@ ASN1_FBOOLEAN_it 2806 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI UI_set_ex_data 2807 EXIST::FUNCTION: _ossl_old_des_string_to_key 2808 NOEXIST::FUNCTION: ENGINE_register_all_RSA 2809 EXIST::FUNCTION:ENGINE -d2i_KRB5_PRINCNAME 2810 EXIST::FUNCTION: +d2i_KRB5_PRINCNAME 2810 NOEXIST::FUNCTION: OCSP_RESPBYTES_it 2811 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_RESPBYTES_it 2811 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: X509_CINF_it 2812 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2303,7 +2303,7 @@ d2i_OCSP_SERVICELOC 2815 EXIST::FUNCTION: ENGINE_get_digests 2816 EXIST::FUNCTION:ENGINE _ossl_old_des_set_odd_parity 2817 NOEXIST::FUNCTION: OCSP_RESPDATA_free 2818 EXIST::FUNCTION: -d2i_KRB5_TICKET 2819 EXIST::FUNCTION: +d2i_KRB5_TICKET 2819 NOEXIST::FUNCTION: OTHERNAME_it 2820 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OTHERNAME_it 2820 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EVP_MD_CTX_cleanup 2821 EXIST::FUNCTION: @@ -2327,10 +2327,10 @@ DISPLAYTEXT_it 2836 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI X509_CRL_set_lastUpdate 2837 EXIST::FUNCTION: OCSP_BASICRESP_free 2838 EXIST::FUNCTION: OCSP_BASICRESP_add1_ext_i2d 2839 EXIST::FUNCTION: -d2i_KRB5_AUTHENTBODY 2840 EXIST::FUNCTION: +d2i_KRB5_AUTHENTBODY 2840 NOEXIST::FUNCTION: CRYPTO_set_ex_data_implementation 2841 EXIST:!VMS:FUNCTION: CRYPTO_set_ex_data_impl 2841 EXIST:VMS:FUNCTION: -KRB5_ENCDATA_new 2842 EXIST::FUNCTION: +KRB5_ENCDATA_new 2842 NOEXIST::FUNCTION: DSO_up_ref 2843 EXIST::FUNCTION: OCSP_crl_reason_str 2844 EXIST::FUNCTION: UI_get0_result_string 2845 EXIST::FUNCTION: @@ -2342,7 +2342,7 @@ ERR_load_EC_strings 2849 EXIST::FUNCTION:EC UI_get0_action_string 2850 EXIST::FUNCTION: OCSP_ONEREQ_get_ext 2851 EXIST::FUNCTION: EC_POINT_method_of 2852 EXIST::FUNCTION:EC -i2d_KRB5_APREQBODY 2853 EXIST::FUNCTION: +i2d_KRB5_APREQBODY 2853 NOEXIST::FUNCTION: _ossl_old_des_ecb3_encrypt 2854 NOEXIST::FUNCTION: CRYPTO_get_mem_ex_functions 2855 EXIST::FUNCTION: ENGINE_get_ex_data 2856 EXIST::FUNCTION:ENGINE @@ -2398,7 +2398,7 @@ OCSP_basic_sign 2897 EXIST::FUNCTION: i2d_OCSP_RESPID 2898 EXIST::FUNCTION: OCSP_check_nonce 2899 EXIST::FUNCTION: ENGINE_ctrl_cmd 2900 EXIST::FUNCTION:ENGINE -d2i_KRB5_ENCKEY 2901 EXIST::FUNCTION: +d2i_KRB5_ENCKEY 2901 NOEXIST::FUNCTION: OCSP_parse_url 2902 EXIST::FUNCTION: OCSP_SINGLERESP_get_ext 2903 EXIST::FUNCTION: OCSP_CRLID_free 2904 EXIST::FUNCTION: @@ -2458,7 +2458,7 @@ DIST_POINT_it 2950 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA DIST_POINT_it 2950 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_SINGLERESP_it 2951 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_SINGLERESP_it 2951 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -d2i_KRB5_TKTBODY 2952 EXIST::FUNCTION: +d2i_KRB5_TKTBODY 2952 NOEXIST::FUNCTION: EC_POINT_cmp 2953 EXIST::FUNCTION:EC OCSP_REVOKEDINFO_new 2954 EXIST::FUNCTION: i2d_OCSP_CERTSTATUS 2955 EXIST::FUNCTION: @@ -2469,7 +2469,7 @@ UI_set_method 2959 EXIST::FUNCTION: OCSP_id_get0_info 2960 EXIST::FUNCTION: BN_mod_sqrt 2961 EXIST::FUNCTION: EC_GROUP_copy 2962 EXIST::FUNCTION:EC -KRB5_ENCDATA_free 2963 EXIST::FUNCTION: +KRB5_ENCDATA_free 2963 NOEXIST::FUNCTION: _ossl_old_des_cfb_encrypt 2964 NOEXIST::FUNCTION: OCSP_SINGLERESP_get_ext_by_OBJ 2965 EXIST::FUNCTION: OCSP_cert_to_id 2966 EXIST::FUNCTION: @@ -2484,19 +2484,19 @@ PKCS12_BAGS_it 2972 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI OCSP_url_svcloc_new 2973 EXIST::FUNCTION: ASN1_template_free 2974 NOEXIST::FUNCTION: OCSP_SINGLERESP_add_ext 2975 EXIST::FUNCTION: -KRB5_AUTHENTBODY_it 2976 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_AUTHENTBODY_it 2976 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_AUTHENTBODY_it 2976 NOEXIST::FUNCTION: +KRB5_AUTHENTBODY_it 2976 NOEXIST::FUNCTION: X509_supported_extension 2977 EXIST::FUNCTION: -i2d_KRB5_AUTHDATA 2978 EXIST::FUNCTION: +i2d_KRB5_AUTHDATA 2978 NOEXIST::FUNCTION: UI_method_get_opener 2979 EXIST::FUNCTION: ENGINE_set_ex_data 2980 EXIST::FUNCTION:ENGINE OCSP_REQUEST_print 2981 EXIST::FUNCTION: CBIGNUM_it 2982 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: CBIGNUM_it 2982 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_TICKET_new 2983 EXIST::FUNCTION: -KRB5_APREQ_new 2984 EXIST::FUNCTION: +KRB5_TICKET_new 2983 NOEXIST::FUNCTION: +KRB5_APREQ_new 2984 NOEXIST::FUNCTION: EC_GROUP_get_curve_GFp 2985 EXIST::FUNCTION:EC -KRB5_ENCKEY_new 2986 EXIST::FUNCTION: +KRB5_ENCKEY_new 2986 NOEXIST::FUNCTION: ASN1_template_d2i 2987 NOEXIST::FUNCTION: _ossl_old_des_quad_cksum 2988 NOEXIST::FUNCTION: OCSP_single_get0_status 2989 EXIST::FUNCTION: @@ -2509,7 +2509,7 @@ OCSP_RESPID_it 2994 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_RESPID_it 2994 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EC_GROUP_new 2995 EXIST::FUNCTION:EC EVP_aes_256_cbc 2996 EXIST::FUNCTION:AES -i2d_KRB5_PRINCNAME 2997 EXIST::FUNCTION: +i2d_KRB5_PRINCNAME 2997 NOEXIST::FUNCTION: _ossl_old_des_encrypt2 2998 NOEXIST::FUNCTION: _ossl_old_des_encrypt3 2999 NOEXIST::FUNCTION: PKCS8_PRIV_KEY_INFO_it 3000 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2518,7 +2518,7 @@ OCSP_REQINFO_it 3001 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA OCSP_REQINFO_it 3001 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: PBEPARAM_it 3002 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PBEPARAM_it 3002 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_AUTHENTBODY_new 3003 EXIST::FUNCTION: +KRB5_AUTHENTBODY_new 3003 NOEXIST::FUNCTION: X509_CRL_add0_revoked 3004 EXIST::FUNCTION: EDIPARTYNAME_it 3005 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: EDIPARTYNAME_it 3005 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2536,7 +2536,7 @@ OCSP_BASICRESP_get_ext_count 3014 EXIST::FUNCTION: ASN1_ENUMERATED_it 3015 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_ENUMERATED_it 3015 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: UI_set_result 3016 EXIST::FUNCTION: -i2d_KRB5_TICKET 3017 EXIST::FUNCTION: +i2d_KRB5_TICKET 3017 NOEXIST::FUNCTION: X509_print_ex_fp 3018 EXIST::FUNCTION:STDIO EVP_CIPHER_CTX_set_padding 3019 EXIST::FUNCTION: d2i_OCSP_RESPONSE 3020 EXIST::FUNCTION: @@ -2546,7 +2546,7 @@ _ossl_old_des_enc_write 3022 NOEXIST::FUNCTION: OCSP_RESPONSE_new 3023 EXIST::FUNCTION: AES_set_encrypt_key 3024 EXIST::FUNCTION:AES OCSP_resp_count 3025 EXIST::FUNCTION: -KRB5_CHECKSUM_new 3026 EXIST::FUNCTION: +KRB5_CHECKSUM_new 3026 NOEXIST::FUNCTION: ENGINE_load_cswift 3027 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OCSP_onereq_get0_id 3028 EXIST::FUNCTION: ENGINE_set_default_ciphers 3029 EXIST::FUNCTION:ENGINE @@ -2561,7 +2561,7 @@ ASN1_ANY_it 3035 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIA ASN1_ANY_it 3035 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: CRYPTO_ex_data_new_class 3036 EXIST::FUNCTION: _ossl_old_des_ncbc_encrypt 3037 NOEXIST::FUNCTION: -i2d_KRB5_TKTBODY 3038 EXIST::FUNCTION: +i2d_KRB5_TKTBODY 3038 NOEXIST::FUNCTION: EC_POINT_clear_free 3039 EXIST::FUNCTION:EC AES_decrypt 3040 EXIST::FUNCTION:AES asn1_enc_init 3041 NOEXIST::FUNCTION: @@ -2569,10 +2569,10 @@ UI_get_result_maxsize 3042 EXIST::FUNCTION: OCSP_CERTID_new 3043 EXIST::FUNCTION: ENGINE_unregister_RAND 3044 EXIST::FUNCTION:ENGINE UI_method_get_closer 3045 EXIST::FUNCTION: -d2i_KRB5_ENCDATA 3046 EXIST::FUNCTION: +d2i_KRB5_ENCDATA 3046 NOEXIST::FUNCTION: OCSP_request_onereq_count 3047 EXIST::FUNCTION: OCSP_basic_verify 3048 EXIST::FUNCTION: -KRB5_AUTHENTBODY_free 3049 EXIST::FUNCTION: +KRB5_AUTHENTBODY_free 3049 NOEXIST::FUNCTION: ASN1_item_d2i 3050 EXIST::FUNCTION: ASN1_primitive_free 3051 NOEXIST::FUNCTION: i2d_EXTENDED_KEY_USAGE 3052 EXIST::FUNCTION: @@ -2586,28 +2586,28 @@ OCSP_accept_responses_new 3058 EXIST::FUNCTION: asn1_do_lock 3059 NOEXIST::FUNCTION: PKCS7_ATTR_VERIFY_it 3060 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_ATTR_VERIFY_it 3060 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -KRB5_APREQBODY_it 3061 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_APREQBODY_it 3061 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_APREQBODY_it 3061 NOEXIST::FUNCTION: +KRB5_APREQBODY_it 3061 NOEXIST::FUNCTION: i2d_OCSP_SINGLERESP 3062 EXIST::FUNCTION: ASN1_item_ex_new 3063 EXIST::FUNCTION: UI_add_verify_string 3064 EXIST::FUNCTION: _ossl_old_des_set_key 3065 NOEXIST::FUNCTION: -KRB5_PRINCNAME_it 3066 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_PRINCNAME_it 3066 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_PRINCNAME_it 3066 NOEXIST::FUNCTION: +KRB5_PRINCNAME_it 3066 NOEXIST::FUNCTION: EVP_DecryptInit_ex 3067 EXIST::FUNCTION: i2d_OCSP_CERTID 3068 EXIST::FUNCTION: ASN1_item_d2i_bio 3069 EXIST::FUNCTION: EC_POINT_dbl 3070 EXIST::FUNCTION:EC asn1_get_choice_selector 3071 NOEXIST::FUNCTION: -i2d_KRB5_CHECKSUM 3072 EXIST::FUNCTION: +i2d_KRB5_CHECKSUM 3072 NOEXIST::FUNCTION: ENGINE_set_table_flags 3073 EXIST::FUNCTION:ENGINE AES_options 3074 EXIST::FUNCTION:AES ENGINE_load_chil 3075 EXIST::FUNCTION:ENGINE,STATIC_ENGINE OCSP_id_cmp 3076 EXIST::FUNCTION: OCSP_BASICRESP_new 3077 EXIST::FUNCTION: OCSP_REQUEST_get_ext_by_NID 3078 EXIST::FUNCTION: -KRB5_APREQ_it 3079 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_APREQ_it 3079 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_APREQ_it 3079 NOEXIST::FUNCTION: +KRB5_APREQ_it 3079 NOEXIST::FUNCTION: ENGINE_get_destroy_function 3080 EXIST::FUNCTION:ENGINE CONF_set_nconf 3081 EXIST::FUNCTION: ASN1_PRINTABLE_free 3082 EXIST::FUNCTION: @@ -2618,15 +2618,15 @@ X509V3_extensions_print 3085 EXIST::FUNCTION: _ossl_old_des_cfb64_encrypt 3086 NOEXIST::FUNCTION: X509_REVOKED_add1_ext_i2d 3087 EXIST::FUNCTION: _ossl_old_des_ofb_encrypt 3088 NOEXIST::FUNCTION: -KRB5_TKTBODY_new 3089 EXIST::FUNCTION: +KRB5_TKTBODY_new 3089 NOEXIST::FUNCTION: ASN1_OCTET_STRING_it 3090 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OCTET_STRING_it 3090 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: ERR_load_UI_strings 3091 EXIST::FUNCTION: -i2d_KRB5_ENCKEY 3092 EXIST::FUNCTION: +i2d_KRB5_ENCKEY 3092 NOEXIST::FUNCTION: ASN1_template_new 3093 NOEXIST::FUNCTION: OCSP_SIGNATURE_free 3094 EXIST::FUNCTION: ASN1_item_i2d_fp 3095 EXIST::FUNCTION:STDIO -KRB5_PRINCNAME_free 3096 EXIST::FUNCTION: +KRB5_PRINCNAME_free 3096 NOEXIST::FUNCTION: PKCS7_RECIP_INFO_it 3097 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: PKCS7_RECIP_INFO_it 3097 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: EXTENDED_KEY_USAGE_it 3098 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2635,7 +2635,7 @@ EC_GFp_simple_method 3099 EXIST::FUNCTION:EC EC_GROUP_precompute_mult 3100 EXIST::FUNCTION:EC OCSP_request_onereq_get0 3101 EXIST::FUNCTION: UI_method_set_writer 3102 EXIST::FUNCTION: -KRB5_AUTHENT_new 3103 EXIST::FUNCTION: +KRB5_AUTHENT_new 3103 NOEXIST::FUNCTION: X509_CRL_INFO_it 3104 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_CRL_INFO_it 3104 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: DSO_set_name_converter 3105 EXIST::FUNCTION: @@ -2658,8 +2658,8 @@ OCSP_request_add1_cert 3117 EXIST::FUNCTION: UI_get0_output_string 3118 EXIST::FUNCTION: UI_dup_verify_string 3119 EXIST::FUNCTION: BN_mod_lshift 3120 EXIST::FUNCTION: -KRB5_AUTHDATA_it 3121 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_AUTHDATA_it 3121 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_AUTHDATA_it 3121 NOEXIST::FUNCTION: +KRB5_AUTHDATA_it 3121 NOEXIST::FUNCTION: asn1_set_choice_selector 3122 NOEXIST::FUNCTION: OCSP_basic_add1_status 3123 EXIST::FUNCTION: OCSP_RESPID_free 3124 EXIST::FUNCTION: @@ -2667,7 +2667,7 @@ asn1_get_field_ptr 3125 NOEXIST::FUNCTION: UI_add_input_string 3126 EXIST::FUNCTION: OCSP_CRLID_it 3127 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: OCSP_CRLID_it 3127 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: -i2d_KRB5_AUTHENTBODY 3128 EXIST::FUNCTION: +i2d_KRB5_AUTHENTBODY 3128 NOEXIST::FUNCTION: OCSP_REQUEST_get_ext_count 3129 EXIST::FUNCTION: ENGINE_load_atalla 3130 EXIST::FUNCTION:ENGINE,STATIC_ENGINE X509_NAME_it 3131 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: @@ -2679,7 +2679,7 @@ OCSP_BASICRESP_get_ext 3134 EXIST::FUNCTION: CRYPTO_get_ex_data_implementation 3135 EXIST:!VMS:FUNCTION: CRYPTO_get_ex_data_impl 3135 EXIST:VMS:FUNCTION: ASN1_item_pack 3136 EXIST::FUNCTION: -i2d_KRB5_ENCDATA 3137 EXIST::FUNCTION: +i2d_KRB5_ENCDATA 3137 NOEXIST::FUNCTION: X509_PURPOSE_set 3138 EXIST::FUNCTION: X509_REQ_INFO_it 3139 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: X509_REQ_INFO_it 3139 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: @@ -2700,10 +2700,10 @@ ASN1_NULL_it 3150 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI BN_mod_lshift1 3151 EXIST::FUNCTION: d2i_OCSP_ONEREQ 3152 EXIST::FUNCTION: OCSP_ONEREQ_new 3153 EXIST::FUNCTION: -KRB5_TICKET_it 3154 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: -KRB5_TICKET_it 3154 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: +KRB5_TICKET_it 3154 NOEXIST::FUNCTION: +KRB5_TICKET_it 3154 NOEXIST::FUNCTION: EVP_aes_192_cbc 3155 EXIST::FUNCTION:AES -KRB5_TICKET_free 3156 EXIST::FUNCTION: +KRB5_TICKET_free 3156 NOEXIST::FUNCTION: UI_new 3157 EXIST::FUNCTION: OCSP_response_create 3158 EXIST::FUNCTION: _ossl_old_des_xcbc_encrypt 3159 NOEXIST::FUNCTION: @@ -2731,7 +2731,7 @@ i2d_ASN1_T61STRING 3175 EXIST::FUNCTION: EC_POINT_set_to_infinity 3176 EXIST::FUNCTION:EC ERR_load_OCSP_strings 3177 EXIST::FUNCTION: EC_POINT_point2oct 3178 EXIST::FUNCTION:EC -KRB5_APREQ_free 3179 EXIST::FUNCTION: +KRB5_APREQ_free 3179 NOEXIST::FUNCTION: ASN1_OBJECT_it 3180 EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE: ASN1_OBJECT_it 3180 EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION: OCSP_crlID_new 3181 EXIST:!OS2,!VMS:FUNCTION: diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 7b57055..00a3efe 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -139,7 +139,6 @@ and [options] can be one of no-ssl3 - Skip this version of SSL just-ssl - remove all non-ssl keys/digest no-asm - No x86 asm - no-krb5 - No KRB5 no-srp - No SRP no-ec - No EC no-engine - No engine @@ -294,7 +293,6 @@ $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_SRP" if $no_srp; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; -$cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5; $cflags.=" -DOPENSSL_NO_EC" if $no_ec; $cflags.=" -DOPENSSL_NO_GOST" if $no_gost; $cflags.=" -DOPENSSL_NO_ENGINE" if $no_engine; @@ -381,18 +379,12 @@ for (;;) $dir=$val; } - if ($key eq "KRB5_INCLUDES") - { $cflags .= " $val";} - if ($key eq "ZLIB_INCLUDE") { $cflags .= " $val" if $val ne "";} if ($key eq "LIBZLIB") { $zlib_lib = "$val" if $val ne "";} - if ($key eq "LIBKRB5") - { $ex_libs .= " $val" if $val ne "";} - if ($key eq "EX_LIBS") { $ex_libs .= " $val" if $val ne "";} @@ -1407,7 +1399,6 @@ sub read_options "no-ec_nistp_64_gcc_128" => 0, "no-err" => \$no_err, "no-sock" => \$no_sock, - "no-krb5" => \$no_krb5, "no-ec" => \$no_ec, "no-gost" => \$no_gost, "no-engine" => \$no_engine, @@ -1494,22 +1485,6 @@ sub read_options $xcflags="-DOPENSSL_EXPERIMENTAL_$ALGO $xcflags"; } - elsif (/^--with-krb5-flavor=(.*)$/) - { - my $krb5_flavor = $1; - if ($krb5_flavor =~ /^force-[Hh]eimdal$/) - { - $xcflags="-DKRB5_HEIMDAL $xcflags"; - } - elsif ($krb5_flavor =~ /^MIT/i) - { - $xcflags="-DKRB5_MIT $xcflags"; - if ($krb5_flavor =~ /^MIT[._-]*1[._-]*[01]/i) - { - $xcflags="-DKRB5_MIT_OLD11 $xcflags" - } - } - } elsif (/^([^=]*)=(.*)$/){ $VARS{$1}=$2; } elsif (/^-[lL].*$/) { $l_flags.="$_ "; } elsif ((!/^-help/) && (!/^-h/) && (!/^-\?/) && /^-.*$/) diff --git a/util/mkdef.pl b/util/mkdef.pl index 674ad1e..6c4ce3f 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -77,7 +77,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR", "LOCKING", # External "algorithms" - "FP_API", "STDIO", "SOCK", "KRB5", "DGRAM", + "FP_API", "STDIO", "SOCK", "DGRAM", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", # TLS @@ -121,7 +121,7 @@ close(IN); my $no_rc2; my $no_rc4; my $no_rc5; my $no_idea; my $no_des; my $no_bf; my $no_cast; my $no_whirlpool; my $no_camellia; my $no_seed; my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; -my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_krb5; +my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; @@ -210,7 +210,6 @@ foreach (@ARGV, split(/ /, $options)) #elsif (/^no-locking$/) { $no_locking=1; } elsif (/^no-comp$/) { $no_comp=1; } elsif (/^no-dso$/) { $no_dso=1; } - elsif (/^no-krb5$/) { $no_krb5=1; } elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } @@ -258,7 +257,6 @@ $max_ssl = $max_num; $max_crypto = $max_num; my $ssl="include/openssl/ssl.h"; -$ssl.=" include/openssl/kssl.h"; $ssl.=" include/openssl/tls1.h"; $ssl.=" include/openssl/srtp.h"; @@ -320,7 +318,6 @@ $crypto.=" include/openssl/rand.h"; $crypto.=" include/openssl/comp.h" ; # unless $no_comp; $crypto.=" include/openssl/ocsp.h"; $crypto.=" include/openssl/ui.h"; -$crypto.=" include/openssl/krb5_asn.h"; #$crypto.=" include/openssl/store.h"; $crypto.=" include/openssl/pqueue.h"; $crypto.=" include/openssl/cms.h"; @@ -1196,7 +1193,6 @@ sub is_valid if ($keyword eq "BIO" && $no_bio) { return 0; } if ($keyword eq "COMP" && $no_comp) { return 0; } if ($keyword eq "DSO" && $no_dso) { return 0; } - if ($keyword eq "KRB5" && $no_krb5) { return 0; } if ($keyword eq "ENGINE" && $no_engine) { return 0; } if ($keyword eq "HW" && $no_hw) { return 0; } if ($keyword eq "FP_API" && $no_fp_api) { return 0; } diff --git a/util/mkfiles.pl b/util/mkfiles.pl index a81434b..268acad 100755 --- a/util/mkfiles.pl +++ b/util/mkfiles.pl @@ -58,7 +58,6 @@ my @dirs = ( "crypto/engine", "crypto/ocsp", "crypto/ui", -"crypto/krb5", #"crypto/store", "crypto/pqueue", "crypto/whrlpool", diff --git a/util/ssleay.num b/util/ssleay.num index ab89e91..7fb0714 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -196,22 +196,22 @@ SSL_callback_ctrl 244 EXIST::FUNCTION: SSL_CTX_sessions 245 EXIST::FUNCTION: SSL_get_rfd 246 EXIST::FUNCTION: SSL_get_wfd 247 EXIST::FUNCTION: -kssl_cget_tkt 248 EXIST::FUNCTION:KRB5 +kssl_cget_tkt 248 NOEXIST::FUNCTION: SSL_has_matching_session_id 249 EXIST::FUNCTION: -kssl_err_set 250 EXIST::FUNCTION:KRB5 -kssl_ctx_show 251 EXIST::FUNCTION:KRB5 -kssl_validate_times 252 EXIST::FUNCTION:KRB5 -kssl_check_authent 253 EXIST::FUNCTION:KRB5 -kssl_ctx_new 254 EXIST::FUNCTION:KRB5 -kssl_build_principal_2 255 EXIST::FUNCTION:KRB5 -kssl_skip_confound 256 EXIST::FUNCTION:KRB5 -kssl_sget_tkt 257 EXIST::FUNCTION:KRB5 +kssl_err_set 250 NOEXIST::FUNCTION: +kssl_ctx_show 251 NOEXIST::FUNCTION: +kssl_validate_times 252 NOEXIST::FUNCTION: +kssl_check_authent 253 NOEXIST::FUNCTION: +kssl_ctx_new 254 NOEXIST::FUNCTION: +kssl_build_principal_2 255 NOEXIST::FUNCTION: +kssl_skip_confound 256 NOEXIST::FUNCTION: +kssl_sget_tkt 257 NOEXIST::FUNCTION: SSL_set_generate_session_id 258 EXIST::FUNCTION: -kssl_ctx_setkey 259 EXIST::FUNCTION:KRB5 -kssl_ctx_setprinc 260 EXIST::FUNCTION:KRB5 -kssl_ctx_free 261 EXIST::FUNCTION:KRB5 -kssl_krb5_free_data_contents 262 EXIST::FUNCTION:KRB5 -kssl_ctx_setstring 263 EXIST::FUNCTION:KRB5 +kssl_ctx_setkey 259 NOEXIST::FUNCTION: +kssl_ctx_setprinc 260 NOEXIST::FUNCTION: +kssl_ctx_free 261 NOEXIST::FUNCTION: +kssl_krb5_free_data_contents 262 NOEXIST::FUNCTION: +kssl_ctx_setstring 263 NOEXIST::FUNCTION: SSL_CTX_set_generate_session_id 264 EXIST::FUNCTION: SSL_renegotiate_pending 265 EXIST::FUNCTION: SSL_CTX_set_msg_callback 266 EXIST::FUNCTION: @@ -301,14 +301,14 @@ TLSv1_2_client_method 341 EXIST::FUNCTION: SSL_SESSION_set1_id_context 342 EXIST::FUNCTION: TLSv1_2_server_method 343 EXIST::FUNCTION: SSL_cache_hit 344 EXIST::FUNCTION: -SSL_get0_kssl_ctx 345 EXIST::FUNCTION:KRB5 -SSL_set0_kssl_ctx 346 EXIST::FUNCTION:KRB5 +SSL_get0_kssl_ctx 345 NOEXIST::FUNCTION: +SSL_set0_kssl_ctx 346 NOEXIST::FUNCTION: SSL_SESSION_get0_id 347 NOEXIST::FUNCTION: SSL_set_state 348 EXIST::FUNCTION: SSL_CIPHER_get_id 349 EXIST::FUNCTION: TLSv1_2_method 350 EXIST::FUNCTION: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: -kssl_ctx_get0_client_princ 352 EXIST::FUNCTION:KRB5 +kssl_ctx_get0_client_princ 352 NOEXIST::FUNCTION: SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG From matt at openssl.org Wed May 13 14:27:25 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 14:27:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431527245.186386.23476.nullmailer@dev.openssl.org> The branch master has been updated via 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be (commit) from c3d734701cd57575856bf9b542446811518dd28c (commit) - Log ----------------------------------------------------------------- commit 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be Author: Hanno B?ck Date: Mon May 11 11:33:37 2015 +0100 Call of memcmp with null pointers in obj_cmp() The function obj_cmp() (file crypto/objects/obj_dat.c) can in some situations call memcmp() with a null pointer and a zero length. This is invalid behaviour. When compiling openssl with undefined behaviour sanitizer (add -fsanitize=undefined to compile flags) this can be seen. One example that triggers this behaviour is the pkcs7 command (but there are others, e.g. I've seen it with the timestamp function): apps/openssl pkcs7 -in test/testp7.pem What happens is that obj_cmp takes objects of the type ASN1_OBJECT and passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT structures can have a null pointer as data. RT#3816 Signed-off-by: Matt Caswell Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 3df7ff2..6a068ee 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -380,6 +380,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) j = (a->length - b->length); if (j) return (j); + if (a->length == 0) + return 0; return (memcmp(a->data, b->data, a->length)); } From matt at openssl.org Wed May 13 14:34:05 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 14:34:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431527645.029779.24752.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via eba8bf485a81541ad25a685f13f00a862cc371a8 (commit) from 464774d75f91ab84772de71743e3c8c0db9a96a6 (commit) - Log ----------------------------------------------------------------- commit eba8bf485a81541ad25a685f13f00a862cc371a8 Author: Hanno B?ck Date: Mon May 11 11:33:37 2015 +0100 Call of memcmp with null pointers in obj_cmp() The function obj_cmp() (file crypto/objects/obj_dat.c) can in some situations call memcmp() with a null pointer and a zero length. This is invalid behaviour. When compiling openssl with undefined behaviour sanitizer (add -fsanitize=undefined to compile flags) this can be seen. One example that triggers this behaviour is the pkcs7 command (but there are others, e.g. I've seen it with the timestamp function): apps/openssl pkcs7 -in test/testp7.pem What happens is that obj_cmp takes objects of the type ASN1_OBJECT and passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT structures can have a null pointer as data. RT#3816 Signed-off-by: Matt Caswell Reviewed-by: Rich Salz (cherry picked from commit 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5cd755d..5ff1294 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) j = (a->length - b->length); if (j) return (j); + if (a->length == 0) + return 0; return (memcmp(a->data, b->data, a->length)); } From matt at openssl.org Wed May 13 14:34:15 2015 From: matt at openssl.org (Matt Caswell) Date: Wed, 13 May 2015 14:34:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431527655.985289.24985.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 5e0ec9012bae4cc261ec300a0bf1432fbb13ee2a (commit) from 5c122908ab42399df020981d0238e59d4ec38098 (commit) - Log ----------------------------------------------------------------- commit 5e0ec9012bae4cc261ec300a0bf1432fbb13ee2a Author: Hanno B?ck Date: Mon May 11 11:33:37 2015 +0100 Call of memcmp with null pointers in obj_cmp() The function obj_cmp() (file crypto/objects/obj_dat.c) can in some situations call memcmp() with a null pointer and a zero length. This is invalid behaviour. When compiling openssl with undefined behaviour sanitizer (add -fsanitize=undefined to compile flags) this can be seen. One example that triggers this behaviour is the pkcs7 command (but there are others, e.g. I've seen it with the timestamp function): apps/openssl pkcs7 -in test/testp7.pem What happens is that obj_cmp takes objects of the type ASN1_OBJECT and passes their ->data pointer to memcmp. Zero-sized ASN1_OBJECT structures can have a null pointer as data. RT#3816 Signed-off-by: Matt Caswell Reviewed-by: Rich Salz (cherry picked from commit 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be) ----------------------------------------------------------------------- Summary of changes: crypto/objects/obj_dat.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 5cd755d..5ff1294 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -400,6 +400,8 @@ static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) j = (a->length - b->length); if (j) return (j); + if (a->length == 0) + return 0; return (memcmp(a->data, b->data, a->length)); } From appro at openssl.org Wed May 13 14:49:59 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 14:49:59 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0-stable update Message-ID: <1431528599.422695.27018.nullmailer@dev.openssl.org> The branch OpenSSL-fips-2_0-stable has been updated via 34f39b062c76fbd3082521b26edee7f53afc061d (commit) via 6db8e3bdc9ef83d83b83f3eec9722c96daa91f82 (commit) via 50e2a0ea4615124aa159e8f43317dedcf0cfcaa2 (commit) via 3f137e6f1d326fee773a8af363f051d331c46fd2 (commit) via 97fbb0c88c2f601f98e25e57b9f6f9679d14f3a8 (commit) via 5837e90f08ffcf5ad84933793bc285630018ce26 (commit) via 874faf2ffb22187ad5483d9691a3a2eb7112f161 (commit) via 0b45df73d2b4cd52a390f2345ff52fb6705f2eba (commit) via 2bd3976ed01e76496a509ecd3443559f2be6f60c (commit) via c6d109051d1c2b9a453427a2a53ad3d40acc9276 (commit) via 083ed53defb42ab4d3488bc7f80d9170d22293e7 (commit) via b84813ec017cb03b8dd0b85bce2bb3e021c45685 (commit) from 7447e65fccc95fa2ee97b40e43dc46f97e7b958b (commit) - Log ----------------------------------------------------------------- commit 34f39b062c76fbd3082521b26edee7f53afc061d Author: Andy Polyakov Date: Mon May 11 12:16:01 2015 +0200 util/incore update that allows FINGERPRINT_premain-free build. As for complementary fips.c modification. Goal is to ensure that FIPS_signature does not end up in .bss segment, one guaranteed to be zeroed upon program start-up. One would expect explicitly initialized values to end up in .data segment, but it turned out that values explicitly initialized with zeros can end up in .bss. The modification does not affect program flow, because first byte was the only one of significance [to FINGERPRINT_premain]. Reviewed-by: Dr. Stephen Henson commit 6db8e3bdc9ef83d83b83f3eec9722c96daa91f82 Author: Andy Polyakov Date: Mon May 11 12:04:12 2015 +0200 Add support for Android 5, both 32- and 64-bit cases. Special note about additional -pie flag in android-armv7. The initial reason for adding it is that Android 5 refuses to execute non-PIE binaries. But what about older systems and previously validated platforms? It should be noted that flag is not used when compiling object code, fipscanister.o in this context, only when linking applications, *supplementary* fips_algvs used during validation procedure. Reviewed-by: Dr. Stephen Henson commit 50e2a0ea4615124aa159e8f43317dedcf0cfcaa2 Author: Andy Polyakov Date: Mon May 11 11:56:30 2015 +0200 Additional vxWorks target. Reviewed-by: Dr. Stephen Henson commit 3f137e6f1d326fee773a8af363f051d331c46fd2 Author: Andy Polyakov Date: Mon May 11 11:55:19 2015 +0200 fipsalgtest.pl update. Reviewed-by: Dr. Stephen Henson commit 97fbb0c88c2f601f98e25e57b9f6f9679d14f3a8 Author: Andy Polyakov Date: Mon May 11 11:53:41 2015 +0200 Configure: add ios-cross target with ARM assembly support. Reviewed-by: Dr. Stephen Henson commit 5837e90f08ffcf5ad84933793bc285630018ce26 Author: Andy Polyakov Date: Mon May 11 11:50:29 2015 +0200 Add iOS-specific armv4cpud.S module. Normally it would be generated from a perlasm module, but doing so would affect existing armv4cpuid.S, which in turn would formally void previously validated platforms. Hense separate module is generated. Reviewed-by: Dr. Stephen Henson commit 874faf2ffb22187ad5483d9691a3a2eb7112f161 Author: Andy Polyakov Date: Mon May 11 11:43:55 2015 +0200 Adapt ARM assembly pack for iOS. This is achieved by filtering perlasm output through arm-xlate.pl. But note that it's done only if "flavour" argument is not 'void'. As 'void' is default value for other ARM targets, permasm output is not actually filtered on previously validated platforms. Reviewed-by: Dr. Stephen Henson commit 0b45df73d2b4cd52a390f2345ff52fb6705f2eba Author: Andy Polyakov Date: Mon May 11 11:20:52 2015 +0200 crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on iOS. While ARMv7 in general is capable of unaligned access, not all instructions actually are. And trouble is that compiler doesn't seem to differentiate those capable and incapable of unaligned access. As result exceptions could be observed in xts128.c and ccm128.c modules. Contemporary Linux kernels handle such exceptions by performing requested operation and resuming execution as is if it succeeded. While on iOS exception is fatal. Correct solution is to let STRICT_ALIGNMENT be on all ARM platforms, but doing so is in formal conflict with FIPS maintenance policy. Reviewed-by: Dr. Stephen Henson commit 2bd3976ed01e76496a509ecd3443559f2be6f60c Author: Andy Polyakov Date: Mon May 11 11:39:04 2015 +0200 Add iOS-specific fips_algvs application. Reviewed-by: Dr. Stephen Henson commit c6d109051d1c2b9a453427a2a53ad3d40acc9276 Author: Andy Polyakov Date: Mon May 11 11:36:48 2015 +0200 Configure: engage ARMv8 assembly pack in ios64-cross target. Reviewed-by: Dr. Stephen Henson commit 083ed53defb42ab4d3488bc7f80d9170d22293e7 Author: Andy Polyakov Date: Mon May 11 11:34:56 2015 +0200 Engage ARMv8 assembly pack. Reviewed-by: Dr. Stephen Henson commit b84813ec017cb03b8dd0b85bce2bb3e021c45685 Author: Andy Polyakov Date: Mon May 11 11:18:04 2015 +0200 Add ARMv8 assembly pack. Reviewed-by: Dr. Stephen Henson ----------------------------------------------------------------------- Summary of changes: Configure | 12 +- config | 11 +- crypto/Makefile | 1 + crypto/aes/Makefile | 4 + crypto/aes/asm/aes-armv4.pl | 31 +- crypto/aes/asm/aesv8-armx.pl | 968 ++++++++++++++++++++++++++++++ crypto/arm64cpuid.pl | 68 +++ crypto/arm_arch.h | 17 +- crypto/armcap.c | 26 + crypto/armv4cpuid_ios.S | 210 +++++++ crypto/bn/asm/armv4-gf2m.pl | 23 +- crypto/bn/asm/armv4-mont.pl | 16 +- crypto/evp/e_aes.c | 113 ++++ crypto/modes/Makefile | 3 + crypto/modes/asm/ghash-armv4.pl | 33 +- crypto/modes/asm/ghashv8-armx.pl | 376 ++++++++++++ crypto/modes/gcm128.c | 27 +- crypto/modes/modes_lcl.h | 17 +- crypto/perlasm/arm-xlate.pl | 165 ++++++ crypto/sha/Makefile | 3 + crypto/sha/asm/sha1-armv4-large.pl | 16 +- crypto/sha/asm/sha1-armv8.pl | 343 +++++++++++ crypto/sha/asm/sha256-armv4.pl | 16 +- crypto/sha/asm/sha512-armv4.pl | 22 +- crypto/sha/asm/sha512-armv8.pl | 428 ++++++++++++++ fips/fips.c | 2 +- fips/fips_canister.c | 1 + fips/fips_test_suite.c | 6 + fips/fipsalgtest.pl | 38 +- fips/fipssyms.h | 44 ++ iOS/Makefile | 76 +++ iOS/fips_algvs.app/Entitlements.plist | 8 + iOS/fips_algvs.app/Info.plist | 24 + iOS/fips_algvs.app/ResourceRules.plist | 25 + iOS/fopen.m | 93 +++ iOS/incore_macho.c | 1016 ++++++++++++++++++++++++++++++++ test/fips_algvs.c | 71 +++ util/incore | 7 +- 38 files changed, 4280 insertions(+), 80 deletions(-) create mode 100644 crypto/aes/asm/aesv8-armx.pl create mode 100644 crypto/arm64cpuid.pl create mode 100644 crypto/armv4cpuid_ios.S create mode 100644 crypto/modes/asm/ghashv8-armx.pl create mode 100644 crypto/perlasm/arm-xlate.pl create mode 100644 crypto/sha/asm/sha1-armv8.pl create mode 100644 crypto/sha/asm/sha512-armv8.pl create mode 100644 iOS/Makefile create mode 100644 iOS/fips_algvs.app/Entitlements.plist create mode 100644 iOS/fips_algvs.app/Info.plist create mode 100644 iOS/fips_algvs.app/ResourceRules.plist create mode 100644 iOS/fopen.m create mode 100644 iOS/incore_macho.c diff --git a/Configure b/Configure index 8fc25f4..613f829 100755 --- a/Configure +++ b/Configure @@ -136,6 +136,7 @@ my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o:::: my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes_ctr.o aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void"; +my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o:::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::"; @@ -404,7 +405,8 @@ my %table=( # Android: linux-* but without -DTERMIO and pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-pie%-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -586,7 +588,8 @@ my %table=( "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", # iPhoneOS/iOS "iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"ios64-cross","clang:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios-cross","cc:-O3 -arch armv7 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:armcap.o armv4cpuid_ios.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::ios32:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", @@ -603,6 +606,7 @@ my %table=( ##### VxWorks for various targets "vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", "vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", +"vxworks-ppcgen-kernel","ccppc:-D_REENTRANT -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip:::VXWORKS::::::", "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", @@ -1565,7 +1569,7 @@ if ($rmd160_obj =~ /\.o$/) } if ($aes_obj =~ /\.o$/) { - $cflags.=" -DAES_ASM"; + $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/); # aes_ctr.o is not a real file, only indication that assembler # module implements AES_ctr32_encrypt... $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes_ctr\.o//); @@ -1586,7 +1590,7 @@ else { $wp_obj="wp_block.o"; } $cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/); -if ($modes_obj =~ /ghash/) +if ($modes_obj =~ /ghash\-/) { $cflags.=" -DGHASH_ASM"; } diff --git a/config b/config index b858d80..9d0383e 100755 --- a/config +++ b/config @@ -383,6 +383,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "nsr-tandem-nsk"; exit 0; ;; + vxworks:kernel*) + echo "${MACHINE}-kernel-vxworks"; exit 0; + ;; + vxworks*) echo "${MACHINE}-whatever-vxworks"; exit 0; ;; @@ -584,8 +588,9 @@ case "$GUESSOS" in *-*-iphoneos) options="$options -arch%20${MACHINE}" OUT="iphoneos-cross" ;; - arm64-*-ios64) - options="$options -arch%20${MACHINE}" + armv7-*-ios) + OUT="ios-cross" ;; + arm64-*-ios*) OUT="ios64-cross" ;; alpha-*-linux2) ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` @@ -612,6 +617,7 @@ case "$GUESSOS" in ;; ppc-*-linux2) OUT="linux-ppc" ;; ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; + ppcgen-kernel-vxworks*) OUT="vxworks-ppcgen-kernel" ;; ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;; pentium-*-vxworks*) OUT="vxworks-pentium" ;; simlinux-*-vxworks*) OUT="vxworks-simlinux" ;; @@ -866,6 +872,7 @@ case "$GUESSOS" in *-*-qnx6) OUT="QNX6" ;; x86-*-android|i?86-*-android) OUT="android-x86" ;; armv[7-9]*-*-android) OUT="android-armv7" ;; + aarch64-*-android) OUT="android64-aarch64" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac diff --git a/crypto/Makefile b/crypto/Makefile index 22cb2a5..7304684 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -87,6 +87,7 @@ ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@ alphacpuid.s: alphacpuid.pl $(PERL) $< | $(CC) -E - | tee $@ > /dev/null +arm64cpuid.S: arm64cpuid.pl; $(PERL) arm64cpuid.pl $(PERLASM_SCHEME) > $@ subdirs: @target=all; $(RECURSIVE_MAKE) diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 8edd358..1d9e82a 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -78,6 +78,10 @@ aes-parisc.s: asm/aes-parisc.pl aes-mips.S: asm/aes-mips.pl $(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@ +aesv8-armx.S: asm/aesv8-armx.pl + $(PERL) asm/aesv8-armx.pl $(PERLASM_SCHEME) $@ +aesv8-armx.o: aesv8-armx.S + # GNU make "catch all" aes-%.S: asm/aes-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ aes-armv4.o: aes-armv4.S diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index 55b6e04..ed51258 100644 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl @@ -32,8 +32,20 @@ # Profiler-assisted and platform-specific optimization resulted in 16% # improvement on Cortex A8 core and ~21.5 cycles per byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $s0="r0"; $s1="r1"; @@ -171,7 +183,12 @@ AES_encrypt: stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp mov $key,r2 +#ifdef __APPLE__ + mov $tbl,#AES_encrypt-AES_Te + sub $tbl,r3,$tbl @ Te +#else sub $tbl,r3,#AES_encrypt-AES_Te @ Te +#endif #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -425,7 +442,12 @@ AES_set_encrypt_key: bne .Labrt .Lok: stmdb sp!,{r4-r12,lr} +#ifdef __APPLE__ + mov $tbl,#AES_set_encrypt_key-AES_Te-1024 + sub $tbl,r3,$tbl @ Te4 +#else sub $tbl,r3,#AES_set_encrypt_key-AES_Te-1024 @ Te4 +#endif mov $rounds,r0 @ inp mov lr,r1 @ bits @@ -886,7 +908,12 @@ AES_decrypt: stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp mov $key,r2 +#ifdef __APPLE__ + mov $tbl,#AES_decrypt-AES_Td + sub $tbl,r3,$tbl @ Td +#else sub $tbl,r3,#AES_decrypt-AES_Td @ Td +#endif #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl new file mode 100644 index 0000000..104f417 --- /dev/null +++ b/crypto/aes/asm/aesv8-armx.pl @@ -0,0 +1,968 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# This module implements support for ARMv8 AES instructions. The +# module is endian-agnostic in sense that it supports both big- and +# little-endian cases. As does it support both 32- and 64-bit modes +# of operation. Latter is achieved by limiting amount of utilized +# registers to 16, which implies additional NEON load and integer +# instructions. This has no effect on mighty Apple A7, where results +# are literally equal to the theoretical estimates based on AES +# instruction latencies and issue rates. On Cortex-A53, an in-order +# execution core, this costs up to 10-15%, which is partially +# compensated by implementing dedicated code path for 128-bit +# CBC encrypt case. On Cortex-A57 parallelizable mode performance +# seems to be limited by sheer amount of NEON instructions... +# +# Performance in cycles per byte processed with 128-bit key: +# +# CBC enc CBC dec CTR +# Apple A7 2.39 1.20 1.20 +# Cortex-A53 2.45 1.87 1.94 +# Cortex-A57 3.64 1.34 1.32 + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$prefix="aes_v8"; + +$code=<<___; +#include "arm_arch.h" + +#if __ARM_ARCH__>=7 +.text +___ +$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); +$code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); + +# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax, +# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to +# maintain both 32- and 64-bit codes within single module and +# transliterate common code to either flavour with regex vodoo. +# +{{{ +my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12"); +my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)= + $flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10)); + + +$code.=<<___; +.align 5 +.Lrcon: +.long 0x01,0x01,0x01,0x01 +.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat +.long 0x1b,0x1b,0x1b,0x1b + +.globl ${prefix}_set_encrypt_key +.type ${prefix}_set_encrypt_key,%function +.align 5 +${prefix}_set_encrypt_key: +.Lenc_key: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___; + mov $ptr,#-1 + cmp $inp,#0 + b.eq .Lenc_key_abort + cmp $out,#0 + b.eq .Lenc_key_abort + mov $ptr,#-2 + cmp $bits,#128 + b.lt .Lenc_key_abort + cmp $bits,#256 + b.gt .Lenc_key_abort + tst $bits,#0x3f + b.ne .Lenc_key_abort + + adr $ptr,.Lrcon + cmp $bits,#192 + + veor $zero,$zero,$zero + vld1.8 {$in0},[$inp],#16 + mov $bits,#8 // reuse $bits + vld1.32 {$rcon,$mask},[$ptr],#32 + + b.lt .Loop128 + b.eq .L192 + b .L256 + +.align 4 +.Loop128: + vtbl.8 $key,{$in0},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in0},[$out],#16 + aese $key,$zero + subs $bits,$bits,#1 + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + vshl.u8 $rcon,$rcon,#1 + veor $in0,$in0,$key + b.ne .Loop128 + + vld1.32 {$rcon},[$ptr] + + vtbl.8 $key,{$in0},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in0},[$out],#16 + aese $key,$zero + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + vshl.u8 $rcon,$rcon,#1 + veor $in0,$in0,$key + + vtbl.8 $key,{$in0},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in0},[$out],#16 + aese $key,$zero + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + veor $in0,$in0,$key + vst1.32 {$in0},[$out] + add $out,$out,#0x50 + + mov $rounds,#10 + b .Ldone + +.align 4 +.L192: + vld1.8 {$in1},[$inp],#8 + vmov.i8 $key,#8 // borrow $key + vst1.32 {$in0},[$out],#16 + vsub.i8 $mask,$mask,$key // adjust the mask + +.Loop192: + vtbl.8 $key,{$in1},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in1},[$out],#8 + aese $key,$zero + subs $bits,$bits,#1 + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + + vdup.32 $tmp,${in0}[3] + veor $tmp,$tmp,$in1 + veor $key,$key,$rcon + vext.8 $in1,$zero,$in1,#12 + vshl.u8 $rcon,$rcon,#1 + veor $in1,$in1,$tmp + veor $in0,$in0,$key + veor $in1,$in1,$key + vst1.32 {$in0},[$out],#16 + b.ne .Loop192 + + mov $rounds,#12 + add $out,$out,#0x20 + b .Ldone + +.align 4 +.L256: + vld1.8 {$in1},[$inp] + mov $bits,#7 + mov $rounds,#14 + vst1.32 {$in0},[$out],#16 + +.Loop256: + vtbl.8 $key,{$in1},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in1},[$out],#16 + aese $key,$zero + subs $bits,$bits,#1 + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + vshl.u8 $rcon,$rcon,#1 + veor $in0,$in0,$key + vst1.32 {$in0},[$out],#16 + b.eq .Ldone + + vdup.32 $key,${in0}[3] // just splat + vext.8 $tmp,$zero,$in1,#12 + aese $key,$zero + + veor $in1,$in1,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in1,$in1,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in1,$in1,$tmp + + veor $in1,$in1,$key + b .Loop256 + +.Ldone: + str $rounds,[$out] + mov $ptr,#0 + +.Lenc_key_abort: + mov x0,$ptr // return value + `"ldr x29,[sp],#16" if ($flavour =~ /64/)` + ret +.size ${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key + +.globl ${prefix}_set_decrypt_key +.type ${prefix}_set_decrypt_key,%function +.align 5 +${prefix}_set_decrypt_key: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___ if ($flavour !~ /64/); + stmdb sp!,{r4,lr} +___ +$code.=<<___; + bl .Lenc_key + + cmp x0,#0 + b.ne .Ldec_key_abort + + sub $out,$out,#240 // restore original $out + mov x4,#-16 + add $inp,$out,x12,lsl#4 // end of key schedule + + vld1.32 {v0.16b},[$out] + vld1.32 {v1.16b},[$inp] + vst1.32 {v0.16b},[$inp],x4 + vst1.32 {v1.16b},[$out],#16 + +.Loop_imc: + vld1.32 {v0.16b},[$out] + vld1.32 {v1.16b},[$inp] + aesimc v0.16b,v0.16b + aesimc v1.16b,v1.16b + vst1.32 {v0.16b},[$inp],x4 + vst1.32 {v1.16b},[$out],#16 + cmp $inp,$out + b.hi .Loop_imc + + vld1.32 {v0.16b},[$out] + aesimc v0.16b,v0.16b + vst1.32 {v0.16b},[$inp] + + eor x0,x0,x0 // return value +.Ldec_key_abort: +___ +$code.=<<___ if ($flavour !~ /64/); + ldmia sp!,{r4,pc} +___ +$code.=<<___ if ($flavour =~ /64/); + ldp x29,x30,[sp],#16 + ret +___ +$code.=<<___; +.size ${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key +___ +}}} +{{{ +sub gen_block () { +my $dir = shift; +my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc"); +my ($inp,$out,$key)=map("x$_",(0..2)); +my $rounds="w3"; +my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3)); + +$code.=<<___; +.globl ${prefix}_${dir}crypt +.type ${prefix}_${dir}crypt,%function +.align 5 +${prefix}_${dir}crypt: + ldr $rounds,[$key,#240] + vld1.32 {$rndkey0},[$key],#16 + vld1.8 {$inout},[$inp] + sub $rounds,$rounds,#2 + vld1.32 {$rndkey1},[$key],#16 + +.Loop_${dir}c: + aes$e $inout,$rndkey0 + vld1.32 {$rndkey0},[$key],#16 + aes$mc $inout,$inout + subs $rounds,$rounds,#2 + aes$e $inout,$rndkey1 + vld1.32 {$rndkey1},[$key],#16 + aes$mc $inout,$inout + b.gt .Loop_${dir}c + + aes$e $inout,$rndkey0 + vld1.32 {$rndkey0},[$key] + aes$mc $inout,$inout + aes$e $inout,$rndkey1 + veor $inout,$inout,$rndkey0 + + vst1.8 {$inout},[$out] + ret +.size ${prefix}_${dir}crypt,.-${prefix}_${dir}crypt +___ +} +&gen_block("en"); +&gen_block("de"); +}}} +{{{ +my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5"; +my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12"); +my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); + +my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); + +### q8-q15 preloaded key schedule + +$code.=<<___; +.globl ${prefix}_cbc_encrypt +.type ${prefix}_cbc_encrypt,%function +.align 5 +${prefix}_cbc_encrypt: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___ if ($flavour !~ /64/); + mov ip,sp + stmdb sp!,{r4-r8,lr} + vstmdb sp!,{d8-d15} @ ABI specification says so + ldmia ip,{r4-r5} @ load remaining args +___ +$code.=<<___; + subs $len,$len,#16 + mov $step,#16 + b.lo .Lcbc_abort + cclr $step,eq + + cmp $enc,#0 // en- or decrypting? + ldr $rounds,[$key,#240] + and $len,$len,#-16 + vld1.8 {$ivec},[$ivp] + vld1.8 {$dat},[$inp],$step + + vld1.32 {q8-q9},[$key] // load key schedule... + sub $rounds,$rounds,#6 + add $key_,$key,x5,lsl#4 // pointer to last 7 round keys + sub $rounds,$rounds,#2 + vld1.32 {q10-q11},[$key_],#32 + vld1.32 {q12-q13},[$key_],#32 + vld1.32 {q14-q15},[$key_],#32 + vld1.32 {$rndlast},[$key_] + + add $key_,$key,#32 + mov $cnt,$rounds + b.eq .Lcbc_dec + + cmp $rounds,#2 + veor $dat,$dat,$ivec + veor $rndzero_n_last,q8,$rndlast + b.eq .Lcbc_enc128 + +.Loop_cbc_enc: + aese $dat,q8 + vld1.32 {q8},[$key_],#16 + aesmc $dat,$dat + subs $cnt,$cnt,#2 + aese $dat,q9 + vld1.32 {q9},[$key_],#16 + aesmc $dat,$dat + b.gt .Loop_cbc_enc + + aese $dat,q8 + aesmc $dat,$dat + subs $len,$len,#16 + aese $dat,q9 + aesmc $dat,$dat + cclr $step,eq + aese $dat,q10 + aesmc $dat,$dat + add $key_,$key,#16 + aese $dat,q11 + aesmc $dat,$dat + vld1.8 {q8},[$inp],$step + aese $dat,q12 + aesmc $dat,$dat + veor q8,q8,$rndzero_n_last + aese $dat,q13 + aesmc $dat,$dat + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + aese $dat,q14 + aesmc $dat,$dat + aese $dat,q15 + + mov $cnt,$rounds + veor $ivec,$dat,$rndlast + vst1.8 {$ivec},[$out],#16 + b.hs .Loop_cbc_enc + + b .Lcbc_done + +.align 5 +.Lcbc_enc128: + vld1.32 {$in0-$in1},[$key_] + aese $dat,q8 + aesmc $dat,$dat + b .Lenter_cbc_enc128 +.Loop_cbc_enc128: + aese $dat,q8 + aesmc $dat,$dat + vst1.8 {$ivec},[$out],#16 +.Lenter_cbc_enc128: + aese $dat,q9 + aesmc $dat,$dat + subs $len,$len,#16 + aese $dat,$in0 + aesmc $dat,$dat + cclr $step,eq + aese $dat,$in1 + aesmc $dat,$dat + aese $dat,q10 + aesmc $dat,$dat + aese $dat,q11 + aesmc $dat,$dat + vld1.8 {q8},[$inp],$step + aese $dat,q12 + aesmc $dat,$dat + aese $dat,q13 + aesmc $dat,$dat + aese $dat,q14 + aesmc $dat,$dat + veor q8,q8,$rndzero_n_last + aese $dat,q15 + veor $ivec,$dat,$rndlast + b.hs .Loop_cbc_enc128 + + vst1.8 {$ivec},[$out],#16 + b .Lcbc_done +___ +{ +my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); +$code.=<<___; +.align 5 +.Lcbc_dec: + vld1.8 {$dat2},[$inp],#16 + subs $len,$len,#32 // bias + add $cnt,$rounds,#2 + vorr $in1,$dat,$dat + vorr $dat1,$dat,$dat + vorr $in2,$dat2,$dat2 + b.lo .Lcbc_dec_tail + + vorr $dat1,$dat2,$dat2 + vld1.8 {$dat2},[$inp],#16 + vorr $in0,$dat,$dat + vorr $in1,$dat1,$dat1 + vorr $in2,$dat2,$dat2 + +.Loop3x_cbc_dec: + aesd $dat0,q8 + aesd $dat1,q8 + aesd $dat2,q8 + vld1.32 {q8},[$key_],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + subs $cnt,$cnt,#2 + aesd $dat0,q9 + aesd $dat1,q9 + aesd $dat2,q9 + vld1.32 {q9},[$key_],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + b.gt .Loop3x_cbc_dec + + aesd $dat0,q8 + aesd $dat1,q8 + aesd $dat2,q8 + veor $tmp0,$ivec,$rndlast + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + veor $tmp1,$in0,$rndlast + aesd $dat0,q9 + aesd $dat1,q9 + aesd $dat2,q9 + veor $tmp2,$in1,$rndlast + subs $len,$len,#0x30 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + vorr $ivec,$in2,$in2 + mov.lo x6,$len // x6, $cnt, is zero at this point + aesd $dat0,q12 + aesd $dat1,q12 + aesd $dat2,q12 + add $inp,$inp,x6 // $inp is adjusted in such way that + // at exit from the loop $dat1-$dat2 + // are loaded with last "words" + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + mov $key_,$key + aesd $dat0,q13 + aesd $dat1,q13 + aesd $dat2,q13 + vld1.8 {$in0},[$inp],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + vld1.8 {$in1},[$inp],#16 + aesd $dat0,q14 + aesd $dat1,q14 + aesd $dat2,q14 + vld1.8 {$in2},[$inp],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + aesd $dat0,q15 + aesd $dat1,q15 + aesd $dat2,q15 + + add $cnt,$rounds,#2 + veor $tmp0,$tmp0,$dat0 + veor $tmp1,$tmp1,$dat1 + veor $dat2,$dat2,$tmp2 + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vorr $dat0,$in0,$in0 + vst1.8 {$tmp0},[$out],#16 + vorr $dat1,$in1,$in1 + vst1.8 {$tmp1},[$out],#16 + vst1.8 {$dat2},[$out],#16 + vorr $dat2,$in2,$in2 + b.hs .Loop3x_cbc_dec + + cmn $len,#0x30 + b.eq .Lcbc_done + nop + +.Lcbc_dec_tail: + aesd $dat1,q8 + aesd $dat2,q8 + vld1.32 {q8},[$key_],#16 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + subs $cnt,$cnt,#2 + aesd $dat1,q9 + aesd $dat2,q9 + vld1.32 {q9},[$key_],#16 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + b.gt .Lcbc_dec_tail + + aesd $dat1,q8 + aesd $dat2,q8 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + aesd $dat1,q9 + aesd $dat2,q9 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + aesd $dat1,q12 + aesd $dat2,q12 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + cmn $len,#0x20 + aesd $dat1,q13 + aesd $dat2,q13 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + veor $tmp1,$ivec,$rndlast + aesd $dat1,q14 + aesd $dat2,q14 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + veor $tmp2,$in1,$rndlast + aesd $dat1,q15 + aesd $dat2,q15 + b.eq .Lcbc_dec_one + veor $tmp1,$tmp1,$dat1 + veor $tmp2,$tmp2,$dat2 + vorr $ivec,$in2,$in2 + vst1.8 {$tmp1},[$out],#16 + vst1.8 {$tmp2},[$out],#16 + b .Lcbc_done + +.Lcbc_dec_one: + veor $tmp1,$tmp1,$dat2 + vorr $ivec,$in2,$in2 + vst1.8 {$tmp1},[$out],#16 + +.Lcbc_done: + vst1.8 {$ivec},[$ivp] +.Lcbc_abort: +___ +} +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} + ldmia sp!,{r4-r8,pc} +___ +$code.=<<___ if ($flavour =~ /64/); + ldr x29,[sp],#16 + ret +___ +$code.=<<___; +.size ${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt +___ +}}} +{{{ +my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); +my ($rounds,$cnt,$key_)=("w5","w6","x7"); +my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12)); +my $step="x12"; # aliases with $tctr2 + +my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); +my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); + +my ($dat,$tmp)=($dat0,$tmp0); + +### q8-q15 preloaded key schedule + +$code.=<<___; +.globl ${prefix}_ctr32_encrypt_blocks +.type ${prefix}_ctr32_encrypt_blocks,%function +.align 5 +${prefix}_ctr32_encrypt_blocks: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___ if ($flavour !~ /64/); + mov ip,sp + stmdb sp!,{r4-r10,lr} + vstmdb sp!,{d8-d15} @ ABI specification says so + ldr r4, [ip] @ load remaining arg +___ +$code.=<<___; + ldr $rounds,[$key,#240] + + ldr $ctr, [$ivp, #12] + vld1.32 {$dat0},[$ivp] + + vld1.32 {q8-q9},[$key] // load key schedule... + sub $rounds,$rounds,#4 + mov $step,#16 + cmp $len,#2 + add $key_,$key,x5,lsl#4 // pointer to last 5 round keys + sub $rounds,$rounds,#2 + vld1.32 {q12-q13},[$key_],#32 + vld1.32 {q14-q15},[$key_],#32 + vld1.32 {$rndlast},[$key_] + add $key_,$key,#32 + mov $cnt,$rounds + cclr $step,lo +#ifndef __ARMEB__ + rev $ctr, $ctr +#endif + vorr $dat1,$dat0,$dat0 + add $tctr1, $ctr, #1 + vorr $dat2,$dat0,$dat0 + add $ctr, $ctr, #2 + vorr $ivec,$dat0,$dat0 + rev $tctr1, $tctr1 + vmov.32 ${dat1}[3],$tctr1 + b.ls .Lctr32_tail + rev $tctr2, $ctr + sub $len,$len,#3 // bias + vmov.32 ${dat2}[3],$tctr2 + b .Loop3x_ctr32 + +.align 4 +.Loop3x_ctr32: + aese $dat0,q8 + aese $dat1,q8 + aese $dat2,q8 + vld1.32 {q8},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aesmc $dat2,$dat2 + subs $cnt,$cnt,#2 + aese $dat0,q9 + aese $dat1,q9 + aese $dat2,q9 + vld1.32 {q9},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aesmc $dat2,$dat2 + b.gt .Loop3x_ctr32 + + aese $dat0,q8 + aese $dat1,q8 + aese $dat2,q8 + mov $key_,$key + aesmc $tmp0,$dat0 + vld1.8 {$in0},[$inp],#16 + aesmc $tmp1,$dat1 + aesmc $dat2,$dat2 + vorr $dat0,$ivec,$ivec + aese $tmp0,q9 + vld1.8 {$in1},[$inp],#16 + aese $tmp1,q9 + aese $dat2,q9 + vorr $dat1,$ivec,$ivec + aesmc $tmp0,$tmp0 + vld1.8 {$in2},[$inp],#16 + aesmc $tmp1,$tmp1 + aesmc $tmp2,$dat2 + vorr $dat2,$ivec,$ivec + add $tctr0,$ctr,#1 + aese $tmp0,q12 + aese $tmp1,q12 + aese $tmp2,q12 + veor $in0,$in0,$rndlast + add $tctr1,$ctr,#2 + aesmc $tmp0,$tmp0 + aesmc $tmp1,$tmp1 + aesmc $tmp2,$tmp2 + veor $in1,$in1,$rndlast + add $ctr,$ctr,#3 + aese $tmp0,q13 + aese $tmp1,q13 + aese $tmp2,q13 + veor $in2,$in2,$rndlast + rev $tctr0,$tctr0 + aesmc $tmp0,$tmp0 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + aesmc $tmp1,$tmp1 + aesmc $tmp2,$tmp2 + vmov.32 ${dat0}[3], $tctr0 + rev $tctr1,$tctr1 + aese $tmp0,q14 + aese $tmp1,q14 + aese $tmp2,q14 + vmov.32 ${dat1}[3], $tctr1 + rev $tctr2,$ctr + aesmc $tmp0,$tmp0 + aesmc $tmp1,$tmp1 + aesmc $tmp2,$tmp2 + vmov.32 ${dat2}[3], $tctr2 + subs $len,$len,#3 + aese $tmp0,q15 + aese $tmp1,q15 + aese $tmp2,q15 + + mov $cnt,$rounds + veor $in0,$in0,$tmp0 + veor $in1,$in1,$tmp1 + veor $in2,$in2,$tmp2 + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vst1.8 {$in0},[$out],#16 + vst1.8 {$in1},[$out],#16 + vst1.8 {$in2},[$out],#16 + b.hs .Loop3x_ctr32 + + adds $len,$len,#3 + b.eq .Lctr32_done + cmp $len,#1 + mov $step,#16 + cclr $step,eq + +.Lctr32_tail: + aese $dat0,q8 + aese $dat1,q8 + vld1.32 {q8},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + subs $cnt,$cnt,#2 + aese $dat0,q9 + aese $dat1,q9 + vld1.32 {q9},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + b.gt .Lctr32_tail + + aese $dat0,q8 + aese $dat1,q8 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aese $dat0,q9 + aese $dat1,q9 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + vld1.8 {$in0},[$inp],$step + aese $dat0,q12 + aese $dat1,q12 + vld1.8 {$in1},[$inp] + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aese $dat0,q13 + aese $dat1,q13 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aese $dat0,q14 + aese $dat1,q14 + veor $in0,$in0,$rndlast + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + veor $in1,$in1,$rndlast + aese $dat0,q15 + aese $dat1,q15 + + cmp $len,#1 + veor $in0,$in0,$dat0 + veor $in1,$in1,$dat1 + vst1.8 {$in0},[$out],#16 + b.eq .Lctr32_done + vst1.8 {$in1},[$out] + +.Lctr32_done: +___ +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} + ldmia sp!,{r4-r10,pc} +___ +$code.=<<___ if ($flavour =~ /64/); + ldr x29,[sp],#16 + ret +___ +$code.=<<___; +.size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks +___ +}}} +$code.=<<___; +#endif +___ +######################################## +if ($flavour =~ /64/) { ######## 64-bit code + my %opcode = ( + "aesd" => 0x4e285800, "aese" => 0x4e284800, + "aesimc"=> 0x4e287800, "aesmc" => 0x4e286800 ); + + local *unaes = sub { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5), + $mnemonic,$arg; + }; + + foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval($1)/geo; + + s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo; # old->new registers + s/@\s/\/\//o; # old->new style commentary + + #s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo or + s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel $1$2,$1zr,$1$2,$3/o or + s/mov\.([a-z]+)\s+([wx][0-9]+),\s*([wx][0-9]+)/csel $2,$3,$2,$1/o or + s/vmov\.i8/movi/o or # fix up legacy mnemonics + s/vext\.8/ext/o or + s/vrev32\.8/rev32/o or + s/vtst\.8/cmtst/o or + s/vshr/ushr/o or + s/^(\s+)v/$1/o or # strip off v prefix + s/\bbx\s+lr\b/ret/o; + + # fix up remainig legacy suffixes + s/\.[ui]?8//o; + m/\],#8/o and s/\.16b/\.8b/go; + s/\.[ui]?32//o and s/\.16b/\.4s/go; + s/\.[ui]?64//o and s/\.16b/\.2d/go; + s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + + print $_,"\n"; + } +} else { ######## 32-bit code + my %opcode = ( + "aesd" => 0xf3b00340, "aese" => 0xf3b00300, + "aesimc"=> 0xf3b003c0, "aesmc" => 0xf3b00380 ); + + local *unaes = sub { + my ($mnemonic,$arg)=@_; + + if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) { + my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19) + |(($2&7)<<1) |(($2&8)<<2); + # since ARMv7 instructions are always encoded little-endian. + # correct solution is to use .inst directive, but older + # assemblers don't implement it:-( + sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", + $word&0xff,($word>>8)&0xff, + ($word>>16)&0xff,($word>>24)&0xff, + $mnemonic,$arg; + } + }; + + sub unvtbl { + my $arg=shift; + + $arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o && + sprintf "vtbl.8 d%d,{q%d},d%d\n\t". + "vtbl.8 d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1; + } + + sub unvdup32 { + my $arg=shift; + + $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && + sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; + } + + sub unvmov32 { + my $arg=shift; + + $arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o && + sprintf "vmov.32 d%d[%d],%s",2*$1+($2>>1),$2&1,$3; + } + + foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval($1)/geo; + + s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers + s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers + s/\/\/\s?/@ /o; # new->old style commentary + + # fix up remainig new-style suffixes + s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo or + s/\],#[0-9]+/]!/o; + + s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo or + s/cclr\s+([^,]+),\s*([a-z]+)/mov$2 $1,#0/o or + s/vtbl\.8\s+(.*)/unvtbl($1)/geo or + s/vdup\.32\s+(.*)/unvdup32($1)/geo or + s/vmov\.32\s+(.*)/unvmov32($1)/geo or + s/^(\s+)b\./$1b/o or + s/^(\s+)mov\./$1mov/o or + s/^(\s+)ret/$1bx\tlr/o; + + print $_,"\n"; + } +} + +close STDOUT; diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl new file mode 100644 index 0000000..bfec664 --- /dev/null +++ b/crypto/arm64cpuid.pl @@ -0,0 +1,68 @@ +#!/usr/bin/env perl + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$code.=<<___; +#include "arm_arch.h" + +.text +.arch armv8-a+crypto + +.align 5 +.globl _armv7_neon_probe +.type _armv7_neon_probe,%function +_armv7_neon_probe: + orr v15.16b, v15.16b, v15.16b + ret +.size _armv7_neon_probe,.-_armv7_neon_probe + +.globl _armv7_tick +.type _armv7_tick,%function +_armv7_tick: +#ifdef __APPLE__ + mrs x0, CNTPCT_EL0 +#else + mrs x0, CNTVCT_EL0 +#endif + ret +.size _armv7_tick,.-_armv7_tick + +.globl _armv8_aes_probe +.type _armv8_aes_probe,%function +_armv8_aes_probe: + aese v0.16b, v0.16b + ret +.size _armv8_aes_probe,.-_armv8_aes_probe + +.globl _armv8_sha1_probe +.type _armv8_sha1_probe,%function +_armv8_sha1_probe: + sha1h s0, s0 + ret +.size _armv8_sha1_probe,.-_armv8_sha1_probe + +.globl _armv8_sha256_probe +.type _armv8_sha256_probe,%function +_armv8_sha256_probe: + sha256su0 v0.4s, v0.4s + ret +.size _armv8_sha256_probe,.-_armv8_sha256_probe +.globl _armv8_pmull_probe +.type _armv8_pmull_probe,%function +_armv8_pmull_probe: + pmull v0.1q, v0.1d, v0.1d + ret +.size _armv8_pmull_probe,.-_armv8_pmull_probe +___ + +print $code; +close STDOUT; diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index a50c366..7a37775 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -10,13 +10,22 @@ # define __ARMEL__ # endif # elif defined(__GNUC__) +# if defined(__aarch64__) +# define __ARM_ARCH__ 8 +# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ +# define __ARMEB__ +# else +# define __ARMEL__ +# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectires[] table in * gcc/config/arm/arm.c. On a side note it defines * __ARMEL__/__ARMEB__ for little-/big-endian. */ -# if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ +# elif defined(__ARM_ARCH_8A__) +# define __ARM_ARCH__ 8 +# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ defined(__ARM_ARCH_7EM__) # define __ARM_ARCH__ 7 @@ -42,10 +51,14 @@ #if !__ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; +#endif #define ARMV7_NEON (1<<0) #define ARMV7_TICK (1<<1) -#endif +#define ARMV8_AES (1<<2) +#define ARMV8_SHA1 (1<<3) +#define ARMV8_SHA256 (1<<4) +#define ARMV8_PMULL (1<<5) #endif #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index 5258d2f..2579389 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -20,6 +20,10 @@ static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } */ void _armv7_neon_probe(void); unsigned int _armv7_tick(void); +void _armv8_aes_probe(void); +void _armv8_sha1_probe(void); +void _armv8_sha256_probe(void); +void _armv8_pmull_probe(void); unsigned int OPENSSL_rdtsc(void) { @@ -68,6 +72,28 @@ void OPENSSL_cpuid_setup(void) { _armv7_neon_probe(); OPENSSL_armcap_P |= ARMV7_NEON; +#ifdef __aarch64__ + if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_pmull_probe(); + OPENSSL_armcap_P |= ARMV8_PMULL|ARMV8_AES; + } + else if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_aes_probe(); + OPENSSL_armcap_P |= ARMV8_AES; + } + if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_sha1_probe(); + OPENSSL_armcap_P |= ARMV8_SHA1; + } + if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_sha256_probe(); + OPENSSL_armcap_P |= ARMV8_SHA256; + } +#endif } if (sigsetjmp(ill_jmp,1) == 0) { diff --git a/crypto/armv4cpuid_ios.S b/crypto/armv4cpuid_ios.S new file mode 100644 index 0000000..cce9a79 --- /dev/null +++ b/crypto/armv4cpuid_ios.S @@ -0,0 +1,210 @@ +#include "arm_arch.h" + +.text +.code 32 + +.align 5 +.globl _OPENSSL_atomic_add + +_OPENSSL_atomic_add: +#if __ARM_ARCH__>=6 +Ladd: ldrex r2,[r0] + add r3,r2,r1 + strex r2,r3,[r0] + cmp r2,#0 + bne Ladd + mov r0,r3 + bx lr +#else + stmdb sp!,{r4,r5,r6,lr} + ldr r2,Lspinlock + adr r3,Lspinlock + mov r4,r0 + mov r5,r1 + add r6,r3,r2 @ &spinlock + b .+8 +Lspin: bl sched_yield + mov r0,#-1 + swp r0,r0,[r6] + cmp r0,#0 + bne Lspin + + ldr r2,[r4] + add r2,r2,r5 + str r2,[r4] + str r0,[r6] @ release spinlock + ldmia sp!,{r4,r5,r6,lr} + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.globl _OPENSSL_cleanse + +_OPENSSL_cleanse: + eor ip,ip,ip + cmp r1,#7 + subhs r1,r1,#4 + bhs Lot + cmp r1,#0 + beq Lcleanse_done +Little: + strb ip,[r0],#1 + subs r1,r1,#1 + bhi Little + b Lcleanse_done + +Lot: tst r0,#3 + beq Laligned + strb ip,[r0],#1 + sub r1,r1,#1 + b Lot +Laligned: + str ip,[r0],#4 + subs r1,r1,#4 + bhs Laligned + adds r1,r1,#4 + bne Little +Lcleanse_done: +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + + + +.align 5 +.globl __armv7_neon_probe + +__armv7_neon_probe: + vorr q0,q0,q0 + bx lr + + +.globl __armv7_tick + +__armv7_tick: +#ifdef __APPLE__ + mrrc p15,0,r0,r1,c14 @ CNTPCT +#else + mrrc p15,1,r0,r1,c14 @ CNTVCT +#endif + bx lr + + +.globl __armv8_aes_probe + +__armv8_aes_probe: +.byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 + bx lr + + +.globl __armv8_sha1_probe + +__armv8_sha1_probe: +.byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 + bx lr + + +.globl __armv8_sha256_probe + +__armv8_sha256_probe: +.byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 + bx lr + +.globl __armv8_pmull_probe + +__armv8_pmull_probe: +.byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 + bx lr + +.globl _OPENSSL_wipe_cpu + +_OPENSSL_wipe_cpu: + ldr r0,LOPENSSL_armcap + adr r1,LOPENSSL_armcap + ldr r0,[r1,r0] +#ifdef __APPLE__ + ldr r0,[r0] +#endif + eor r2,r2,r2 + eor r3,r3,r3 + eor ip,ip,ip + tst r0,#1 + beq Lwipe_done + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + veor q8, q8, q8 + veor q9, q9, q9 + veor q10, q10, q10 + veor q11, q11, q11 + veor q12, q12, q12 + veor q13, q13, q13 + veor q14, q14, q14 + veor q15, q15, q15 +Lwipe_done: + mov r0,sp +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.globl _OPENSSL_instrument_bus + +_OPENSSL_instrument_bus: + eor r0,r0,r0 +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.globl _OPENSSL_instrument_bus2 + +_OPENSSL_instrument_bus2: + eor r0,r0,r0 +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.align 5 +LOPENSSL_armcap: +.word OPENSSL_armcap_P-. +#if __ARM_ARCH__>=6 +.align 5 +#else +Lspinlock: +.word atomic_add_spinlock-Lspinlock +.align 5 + +.data +.align 2 +atomic_add_spinlock: +.word +#endif + +.comm _OPENSSL_armcap_P,4 +.non_lazy_symbol_pointer +OPENSSL_armcap_P: +.indirect_symbol _OPENSSL_armcap_P +.long 0 +.private_extern _OPENSSL_armcap_P diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index c52e0b7..737659f 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -21,8 +21,20 @@ # runs in even less cycles, ~30, improvement is measurable only on # longer keys. One has to optimize code elsewhere to get NEON glow... -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } @@ -170,11 +182,18 @@ bn_GF2m_mul_2x2: #if __ARM_ARCH__>=7 ldr r12,.LOPENSSL_armcap .Lpic: ldr r12,[pc,r12] +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#1 beq .Lialu veor $A1,$A1 +#ifdef __APPLE__ + vmov $B1,r3,r3 @ two copies of b1 +#else vmov.32 $B1,r3,r3 @ two copies of b1 +#endif vmov.32 ${A1}[0],r1 @ a1 veor $A0,$A0 diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index f78a8b5..aa00f38 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -23,8 +23,20 @@ # than 1/2KB. Windows CE port would be trivial, as it's exclusively # about decorations, ABI and instruction syntax are identical. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $num="r0"; # starts as num argument, but holds &tp[num-1] $ap="r1"; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 45e8504..3854b51 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -471,6 +471,35 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return &aes_##keylen##_##mode; } #endif +#if defined(OPENSSL_CPUID_OBJ) && defined(__aarch64__) +#include "arm_arch.h" +#if __ARM_ARCH__>=7 +# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +# define HWAES_encrypt aes_v8_encrypt +# define HWAES_decrypt aes_v8_decrypt +# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +#endif +#endif + +#if defined(HWAES_CAPABLE) +int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void HWAES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, const unsigned char ivec[16]); +#endif + #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ @@ -489,6 +518,19 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, mode = ctx->cipher->flags & EVP_CIPH_MODE; if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + ret = HWAES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); + dat->block = (block128_f)HWAES_decrypt; + dat->stream.cbc = NULL; +#ifdef HWAES_cbc_encrypt + if (mode==EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; +#endif + } + else +#endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE) { @@ -517,6 +559,26 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, NULL; } else +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + ret = HWAES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); + dat->block = (block128_f)HWAES_encrypt; + dat->stream.cbc = NULL; +#ifdef HWAES_cbc_encrypt + if (mode==EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; + else +#endif +#ifdef HWAES_ctr32_encrypt_blocks + if (mode==EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; + else +#endif + (void)0; /* terminate potentially open 'else' */ + } + else +#endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE) { @@ -809,6 +871,21 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) { do { +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + HWAES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); + CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, + (block128_f)HWAES_encrypt); +#ifdef HWAES_ctr32_encrypt_blocks + gctx->ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; +#else + gctx->ctr = NULL; +#endif + break; + } + else +#endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE) { @@ -1047,6 +1124,29 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, { xctx->stream = NULL; /* key_len is two AES keys */ +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + if (enc) + { + HWAES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)HWAES_encrypt; + } + else + { + HWAES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)HWAES_decrypt; + } + + HWAES_set_encrypt_key(key + ctx->key_len/2, + ctx->key_len * 4, &xctx->ks2); + xctx->xts.block2 = (block128_f)HWAES_encrypt; + + xctx->xts.key1 = &xctx->ks1; + break; + } + else +#endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { @@ -1189,6 +1289,19 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) do { +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + HWAES_set_encrypt_key(key,ctx->key_len*8,&cctx->ks); + + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f)HWAES_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + break; + } + else +#endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index 8119693..f4930c6 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -56,11 +56,14 @@ ghash-alpha.s: asm/ghash-alpha.pl $(PERL) $< | $(CC) -E - | tee $@ > /dev/null ghash-parisc.s: asm/ghash-parisc.pl $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ +ghashv8-armx.S: asm/ghashv8-armx.pl + $(PERL) asm/ghashv8-armx.pl $(PERLASM_SCHEME) $@ # GNU make "catch all" ghash-%.S: asm/ghash-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ ghash-armv4.o: ghash-armv4.S +ghashv8-armx.o: ghashv8-armx.S files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index d91586e..3799b2b 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -57,8 +57,20 @@ # *native* byte order on current platform. See gcm128.c for working # example... -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $Xi="r0"; # argument block $Htbl="r1"; @@ -112,6 +124,11 @@ $code=<<___; .text .code 32 +#ifdef __APPLE__ +#define ldrplb ldrbpl +#define ldrneb ldrbne +#endif + .type rem_4bit,%object .align 5 rem_4bit: @@ -326,9 +343,9 @@ $code.=<<___; .align 4 gcm_gmult_neon: sub $Htbl,#16 @ point at H in GCM128_CTX - vld1.64 `&Dhi("$IN")`,[$Xi,:64]!@ load Xi + vld1.64 `&Dhi("$IN")`,[$Xi]! @ load Xi vmov.i32 $mod,#0xe1 @ our irreducible polynomial - vld1.64 `&Dlo("$IN")`,[$Xi,:64]! + vld1.64 `&Dlo("$IN")`,[$Xi]! vshr.u64 $mod,#32 vldmia $Htbl,{$Hhi-$Hlo} @ load H veor $zero,$zero @@ -349,9 +366,9 @@ gcm_gmult_neon: .type gcm_ghash_neon,%function .align 4 gcm_ghash_neon: - vld1.64 `&Dhi("$Z")`,[$Xi,:64]! @ load Xi + vld1.64 `&Dhi("$Z")`,[$Xi]! @ load Xi vmov.i32 $mod,#0xe1 @ our irreducible polynomial - vld1.64 `&Dlo("$Z")`,[$Xi,:64]! + vld1.64 `&Dlo("$Z")`,[$Xi]! vshr.u64 $mod,#32 vldmia $Xi,{$Hhi-$Hlo} @ load H veor $zero,$zero @@ -410,8 +427,8 @@ gcm_ghash_neon: vrev64.8 $Z,$Z #endif sub $Xi,#16 - vst1.64 `&Dhi("$Z")`,[$Xi,:64]! @ write out Xi - vst1.64 `&Dlo("$Z")`,[$Xi,:64] + vst1.64 `&Dhi("$Z")`,[$Xi]! @ write out Xi + vst1.64 `&Dlo("$Z")`,[$Xi] bx lr .size gcm_ghash_neon,.-gcm_ghash_neon diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl new file mode 100644 index 0000000..300e8d5 --- /dev/null +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -0,0 +1,376 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication. +# +# June 2014 +# +# Initial version was developed in tight cooperation with Ard +# Biesheuvel from bits-n-pieces from +# other assembly modules. Just like aesv8-armx.pl this module +# supports both AArch32 and AArch64 execution modes. +# +# July 2014 +# +# Implement 2x aggregated reduction [see ghash-x86.pl for background +# information]. +# +# Current performance in cycles per processed byte: +# +# PMULL[2] 32-bit NEON(*) +# Apple A7 0.92 5.62 +# Cortex-A53 1.01 8.39 +# Cortex-A57 1.17 7.61 +# +# (*) presented for reference/comparison purposes; + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$Xi="x0"; # argument block +$Htbl="x1"; +$inp="x2"; +$len="x3"; + +$inc="x12"; + +{ +my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); +my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); + +$code=<<___; +#include "arm_arch.h" + +.text +___ +$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); +$code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); + +$code.=<<___; +.global gcm_init_v8 +.type gcm_init_v8,%function +.align 4 +gcm_init_v8: + vld1.64 {$t1},[x1] @ load H + vmov.i8 $xC2,#0xe1 + vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 + vext.8 $IN,$t1,$t1,#8 + vshr.u64 $t2,$xC2,#63 + vdup.32 $t1,${t1}[1] + vext.8 $t0,$t2,$xC2,#8 @ t0=0xc2....01 + vshr.u64 $t2,$IN,#63 + vshr.s32 $t1,$t1,#31 @ broadcast carry bit + vand $t2,$t2,$t0 + vshl.i64 $IN,$IN,#1 + vext.8 $t2,$t2,$t2,#8 + vand $t0,$t0,$t1 + vorr $IN,$IN,$t2 @ H<<<=1 + veor $H,$IN,$t0 @ twisted H + vst1.64 {$H},[x0],#16 + + @ calculate H^2 + vext.8 $t0,$H,$H,#8 @ Karatsuba pre-processing + vpmull.p64 $Xl,$H,$H + veor $t0,$t0,$H + vpmull2.p64 $Xh,$H,$H + vpmull.p64 $Xm,$t0,$t0 + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $H2,$Xl,$t2 + + vext.8 $t1,$H2,$H2,#8 @ Karatsuba pre-processing + veor $t1,$t1,$H2 + vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed + vst1.64 {$Hhl-$H2},[x0] + + ret +.size gcm_init_v8,.-gcm_init_v8 + +.global gcm_gmult_v8 +.type gcm_gmult_v8,%function +.align 4 +gcm_gmult_v8: + vld1.64 {$t1},[$Xi] @ load Xi + vmov.i8 $xC2,#0xe1 + vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... + vshl.u64 $xC2,$xC2,#57 +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vext.8 $IN,$t1,$t1,#8 + + vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + veor $t1,$t1,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vext.8 $Xl,$Xl,$Xl,#8 + vst1.64 {$Xl},[$Xi] @ write out Xi + + ret +.size gcm_gmult_v8,.-gcm_gmult_v8 + +.global gcm_ghash_v8 +.type gcm_ghash_v8,%function +.align 4 +gcm_ghash_v8: +___ +$code.=<<___ if ($flavour !~ /64/); + vstmdb sp!,{d8-d15} +___ +$code.=<<___; + vld1.64 {$Xl},[$Xi] @ load [rotated] Xi + subs $len,$len,#32 + vmov.i8 $xC2,#0xe1 + mov $inc,#16 + vld1.64 {$H-$Hhl},[$Htbl],#32 @ load twisted H, ..., H^2 + vld1.64 {$H2},[$Htbl] + cclr $inc,eq + vext.8 $Xl,$Xl,$Xl,#8 + vld1.64 {$t0},[$inp],#16 @ load [rotated] I[0] + vshl.u64 $xC2,$xC2,#57 @ 0xc2.0 +#ifndef __ARMEB__ + vrev64.8 $t0,$t0 + vrev64.8 $Xl,$Xl +#endif + vext.8 $IN,$t0,$t0,#8 + b.lo .Lodd_tail_v8 +___ +{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7)); + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # +$code.=<<___; + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[1] +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vext.8 $In,$t1,$t1,#8 + veor $IN,$IN,$Xl @ I[i]^=Xi + vpmull.p64 $Xln,$H,$In @ H?Ii+1 + veor $t1,$t1,$In @ Karatsuba pre-processing + vpmull2.p64 $Xhn,$H,$In + b .Loop_mod2x_v8 + +.align 4 +.Loop_mod2x_v8: + vext.8 $t2,$IN,$IN,#8 + subs $len,$len,#32 + vpmull.p64 $Xl,$H2,$IN @ H^2.lo?Xi.lo + cclr $inc,lo + + vpmull.p64 $Xmn,$Hhl,$t1 + veor $t2,$t2,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi?Xi.hi + veor $Xl,$Xl,$Xln @ accumulate + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)?(Xi.lo+Xi.hi) + vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i] + + veor $Xh,$Xh,$Xhn + cclr $inc,eq + veor $Xm,$Xm,$Xmn + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[i+1] +#ifndef __ARMEB__ + vrev64.8 $t0,$t0 +#endif + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vext.8 $In,$t1,$t1,#8 + vext.8 $IN,$t0,$t0,#8 + veor $Xl,$Xm,$t2 + vpmull.p64 $Xln,$H,$In @ H?Ii+1 + veor $IN,$IN,$Xh @ accumulate $IN early + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $IN,$IN,$t2 + veor $t1,$t1,$In @ Karatsuba pre-processing + veor $IN,$IN,$Xl + vpmull2.p64 $Xhn,$H,$In + b.hs .Loop_mod2x_v8 + + veor $Xh,$Xh,$t2 + vext.8 $IN,$t0,$t0,#8 @ re-construct $IN + adds $len,$len,#32 + veor $Xl,$Xl,$Xh @ re-construct $Xl + b.eq .Ldone_v8 +___ +} +$code.=<<___; +.Lodd_tail_v8: + vext.8 $t2,$Xl,$Xl,#8 + veor $IN,$IN,$Xl @ inp^=Xi + veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi + + vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + veor $t1,$t1,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + +.Ldone_v8: +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vext.8 $Xl,$Xl,$Xl,#8 + vst1.64 {$Xl},[$Xi] @ write out Xi + +___ +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} +___ +$code.=<<___; + ret +.size gcm_ghash_v8,.-gcm_ghash_v8 +___ +} +$code.=<<___; +.asciz "GHASH for ARMv8, CRYPTOGAMS by " +.align 2 +___ + +if ($flavour =~ /64/) { ######## 64-bit code + sub unvmov { + my $arg=shift; + + $arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o && + sprintf "ins v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1; + } + foreach(split("\n",$code)) { + s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel $1$2,$1zr,$1$2,$3/o or + s/vmov\.i8/movi/o or # fix up legacy mnemonics + s/vmov\s+(.*)/unvmov($1)/geo or + s/vext\.8/ext/o or + s/vshr\.s/sshr\.s/o or + s/vshr/ushr/o or + s/^(\s+)v/$1/o or # strip off v prefix + s/\bbx\s+lr\b/ret/o; + + s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo; # old->new registers + s/@\s/\/\//o; # old->new style commentary + + # fix up remainig legacy suffixes + s/\.[ui]?8(\s)/$1/o; + s/\.[uis]?32//o and s/\.16b/\.4s/go; + m/\.p64/o and s/\.16b/\.1q/o; # 1st pmull argument + m/l\.p64/o and s/\.16b/\.1d/go; # 2nd and 3rd pmull arguments + s/\.[uisp]?64//o and s/\.16b/\.2d/go; + s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + + print $_,"\n"; + } +} else { ######## 32-bit code + sub unvdup32 { + my $arg=shift; + + $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && + sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; + } + sub unvpmullp64 { + my ($mnemonic,$arg)=@_; + + if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) { + my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19) + |(($2&7)<<17)|(($2&8)<<4) + |(($3&7)<<1) |(($3&8)<<2); + $word |= 0x00010001 if ($mnemonic =~ "2"); + # since ARMv7 instructions are always encoded little-endian. + # correct solution is to use .inst directive, but older + # assemblers don't implement it:-( + sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", + $word&0xff,($word>>8)&0xff, + ($word>>16)&0xff,($word>>24)&0xff, + $mnemonic,$arg; + } + } + + foreach(split("\n",$code)) { + s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers + s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers + s/\/\/\s?/@ /o; # new->old style commentary + + # fix up remainig new-style suffixes + s/\],#[0-9]+/]!/o; + + s/cclr\s+([^,]+),\s*([a-z]+)/mov$2 $1,#0/o or + s/vdup\.32\s+(.*)/unvdup32($1)/geo or + s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo or + s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or + s/^(\s+)b\./$1b/o or + s/^(\s+)ret/$1bx\tlr/o; + + print $_,"\n"; + } +} + +close STDOUT; # enforce flush diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index 8dfeae5..a5b76c5 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -645,7 +645,7 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2]) #endif -#if TABLE_BITS==4 && defined(GHASH_ASM) +#if TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ)) # if !defined(I386_ONLY) && \ (defined(__i386) || defined(__i386__) || \ defined(__x86_64) || defined(__x86_64__) || \ @@ -666,13 +666,22 @@ void gcm_ghash_4bit_mmx(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len void gcm_gmult_4bit_x86(u64 Xi[2],const u128 Htable[16]); void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); # endif -# elif defined(__arm__) || defined(__arm) +# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" # if __ARM_ARCH__>=7 # define GHASH_ASM_ARM # define GCM_FUNCREF_4BIT +# if defined(__aarch64__) +# define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) +# endif +# if defined(__arm__) || defined(__arm) +# define NEON_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]); void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +void gcm_init_v8(u128 Htable[16],const u64 Xi[2]); +void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); # endif # elif defined(_TMS320C6400_PLUS) # define GHASH_ASM_C64Xplus @@ -740,10 +749,20 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) ctx->ghash = gcm_ghash_4bit; # endif # elif defined(GHASH_ASM_ARM) - if (OPENSSL_armcap_P & ARMV7_NEON) { +# ifdef PMULL_CAPABLE + if (PMULL_CAPABLE) { + gcm_init_v8(ctx->Htable,ctx->H.u); + ctx->gmult = gcm_gmult_v8; + ctx->ghash = gcm_ghash_v8; + } else +# endif +# ifdef NEON_CAPABLE + if (NEON_CAPABLE) { ctx->gmult = gcm_gmult_neon; ctx->ghash = gcm_ghash_neon; - } else { + } else +# endif + { gcm_init_4bit(ctx->Htable,ctx->H.u); ctx->gmult = gcm_gmult_4bit; ctx->ghash = gcm_ghash_4bit; diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index 4dab6a6..01ad9f3 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -26,13 +26,16 @@ typedef unsigned int u32; typedef unsigned char u8; #define STRICT_ALIGNMENT 1 -#if defined(__i386) || defined(__i386__) || \ - defined(__x86_64) || defined(__x86_64__) || \ - defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - ( (defined(__arm__) || defined(__arm)) && \ - (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) ) +#if defined(__i386) || defined(__i386__) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ + defined(__s390__) || defined(__s390x__) || \ + ( \ + ( (defined(__arm__) || defined(__arm)) && \ + (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ + defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) ) && \ + !( defined(__arm__) && defined(__APPLE__) ) \ + ) # undef STRICT_ALIGNMENT #endif diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl new file mode 100644 index 0000000..22dc7e4 --- /dev/null +++ b/crypto/perlasm/arm-xlate.pl @@ -0,0 +1,165 @@ +#!/usr/bin/env perl + +# ARM assembler distiller by . + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +$flavour = "linux32" if (!$flavour or $flavour eq "void"); + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $arch = sub { + if ($flavour =~ /linux/) { ".arch\t".join(',', at _); } + else { ""; } +}; +my $fpu = sub { + if ($flavour =~ /linux/) { ".fpu\t".join(',', at _); } + else { ""; } +}; +my $hidden = sub { + if ($flavour =~ /ios/) { ".private_extern\t".join(',', at _); } + else { ".hidden\t".join(',', at _); } +}; +my $comm = sub { + my @args = split(/,\s*/,shift); + my $name = @args[0]; + my $global = \$GLOBALS{$name}; + my $ret; + + if ($flavour =~ /ios32/) { + $ret = ".comm\t_$name, at args[1]\n"; + $ret .= ".non_lazy_symbol_pointer\n"; + $ret .= "$name:\n"; + $ret .= ".indirect_symbol\t_$name\n"; + $ret .= ".long\t0"; + $name = "_$name"; + } else { $ret = ".comm\t".join(',', at args); } + + $$global = $name; + $ret; +}; +my $globl = sub { + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + SWITCH: for ($flavour) { + /ios/ && do { $name = "_$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $global = $globl; +my $extern = sub { + &$globl(@_); + return; # return nothing +}; +my $type = sub { + if ($flavour =~ /linux/) { ".type\t".join(',', at _); } + else { ""; } +}; +my $size = sub { + if ($flavour =~ /linux/) { ".size\t".join(',', at _); } + else { ""; } +}; +my $inst = sub { + if ($flavour =~ /linux/) { ".inst\t".join(',', at _); } + else { ".long\t".join(',', at _); } +}; +my $asciz = sub { + my $line = join(",", at _); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +sub range { + my ($r,$sfx,$start,$end) = @_; + + join(",",map("$r$_$sfx",($start..$end))); +} + +sub expand_line { + my $line = shift; + my @ret = (); + + pos($line)=0; + + while ($line =~ m/\G[^@\/\{\"]*/g) { + if ($line =~ m/\G(@|\/\/|$)/gc) { + last; + } + elsif ($line =~ m/\G\{/gc) { + my $saved_pos = pos($line); + $line =~ s/\G([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/e; + pos($line) = $saved_pos; + $line =~ m/\G[^\}]*\}/g; + } + elsif ($line =~ m/\G\"/gc) { + $line =~ m/\G[^\"]*\"/g; + } + } + + $line =~ s/\b(\w+)/$GLOBALS{$1} or $1/ge; + + return $line; +} + +while($line=<>) { + + if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } + + $line =~ s|/\*.*\*/||; # get rid of C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|[\b\.]L(\w{2,})|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w{2,})|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + if ($label) { + printf "%s:",($GLOBALS{$label} or $label); + } + } + + if ($line !~ m/^[#@]/) { + $line =~ s|^\s*(\.?)(\S+)\s*||; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $opcode; + if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/) { + $opcode = eval("\$$1_$2"); + } else { + $opcode = eval("\$$mnemonic"); + } + + my $arg=expand_line($line); + + if (ref($opcode) eq 'CODE') { + $line = &$opcode($arg); + } elsif ($mnemonic) { + $line = $c.$mnemonic; + $line.= "\t$arg" if ($arg); + } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index b1582f2..63e1171 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -90,6 +90,9 @@ sha512-%.S: asm/sha512-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ sha1-armv4-large.o: sha1-armv4-large.S sha256-armv4.o: sha256-armv4.S sha512-armv4.o: sha512-armv4.S +sha1-armv8.o: sha1-armv8.S +sha256-armv8.o: sha256-armv8.S +sha512-armv8.o: sha512-armv8.S files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 33da3e0..6c0adb9 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -52,8 +52,20 @@ # Profiler-assisted and platform-specific optimization resulted in 10% # improvement on Cortex A8 core and 12.2 cycles per byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; $inp="r1"; diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl new file mode 100644 index 0000000..6be8624 --- /dev/null +++ b/crypto/sha/asm/sha1-armv8.pl @@ -0,0 +1,343 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA1 for ARMv8. +# +# Performance in cycles per processed byte and improvement coefficient +# over code generated with "default" compiler: +# +# hardware-assisted software(*) +# Apple A7 2.31 4.13 (+14%) +# Cortex-A53 2.19 8.73 (+108%) +# Cortex-A57 2.35 7.88 (+74%) +# +# (*) Software results are presented mostly for reference purposes. + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +($ctx,$inp,$num)=("x0","x1","x2"); + at Xw=map("w$_",(3..17,19)); + at Xx=map("x$_",(3..17,19)); + at V=($A,$B,$C,$D,$E)=map("w$_",(20..24)); +($t0,$t1,$t2,$K)=map("w$_",(25..28)); + + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=($i+2)&15; + +$code.=<<___ if ($i<15 && !($i&1)); + lsr @Xx[$i+1], at Xx[$i],#32 +___ +$code.=<<___ if ($i<14 && !($i&1)); + ldr @Xx[$i+2],[$inp,#`($i+2)*4-64`] +___ +$code.=<<___ if ($i<14 && ($i&1)); +#ifdef __ARMEB__ + ror @Xx[$i+1], at Xx[$i+1],#32 +#else + rev32 @Xx[$i+1], at Xx[$i+1] +#endif +___ +$code.=<<___ if ($i<14); + bic $t0,$d,$b + and $t1,$c,$b + ror $t2,$a,#27 + add $d,$d,$K // future e+=K + orr $t0,$t0,$t1 + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) +___ +$code.=<<___ if ($i==19); + movz $K,#0xeba1 + movk $K,#0x6ed9,lsl#16 +___ +$code.=<<___ if ($i>=14); + eor @Xw[$j], at Xw[$j], at Xw[($j+2)&15] + bic $t0,$d,$b + and $t1,$c,$b + ror $t2,$a,#27 + eor @Xw[$j], at Xw[$j], at Xw[($j+8)&15] + add $d,$d,$K // future e+=K + orr $t0,$t0,$t1 + add $e,$e,$t2 // e+=rot(a,5) + eor @Xw[$j], at Xw[$j], at Xw[($j+13)&15] + ror $b,$b,#2 + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) + ror @Xw[$j], at Xw[$j],#31 +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=($i+2)&15; + +$code.=<<___ if ($i==59); + movz $K,#0xc1d6 + movk $K,#0xca62,lsl#16 +___ +$code.=<<___; + orr $t0,$b,$c + and $t1,$b,$c + eor @Xw[$j], at Xw[$j], at Xw[($j+2)&15] + ror $t2,$a,#27 + and $t0,$t0,$d + add $d,$d,$K // future e+=K + eor @Xw[$j], at Xw[$j], at Xw[($j+8)&15] + add $e,$e,$t2 // e+=rot(a,5) + orr $t0,$t0,$t1 + ror $b,$b,#2 + eor @Xw[$j], at Xw[$j], at Xw[($j+13)&15] + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) + ror @Xw[$j], at Xw[$j],#31 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=($i+2)&15; + +$code.=<<___ if ($i==39); + movz $K,#0xbcdc + movk $K,#0x8f1b,lsl#16 +___ +$code.=<<___ if ($i<78); + eor @Xw[$j], at Xw[$j], at Xw[($j+2)&15] + eor $t0,$d,$b + ror $t2,$a,#27 + add $d,$d,$K // future e+=K + eor @Xw[$j], at Xw[$j], at Xw[($j+8)&15] + eor $t0,$t0,$c + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + eor @Xw[$j], at Xw[$j], at Xw[($j+13)&15] + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) + ror @Xw[$j], at Xw[$j],#31 +___ +$code.=<<___ if ($i==78); + ldp @Xw[1], at Xw[2],[$ctx] + eor $t0,$d,$b + ror $t2,$a,#27 + add $d,$d,$K // future e+=K + eor $t0,$t0,$c + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) +___ +$code.=<<___ if ($i==79); + ldp @Xw[3], at Xw[4],[$ctx,#8] + eor $t0,$d,$b + ror $t2,$a,#27 + eor $t0,$t0,$c + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + ldr @Xw[5],[$ctx,#16] + add $e,$e,$t0 // e+=F(b,c,d) +___ +} + +$code.=<<___; +#include "arm_arch.h" + +.text + +.extern OPENSSL_armcap_P +.globl sha1_block_data_order +.type sha1_block_data_order,%function +.align 6 +sha1_block_data_order: + ldr x16,.LOPENSSL_armcap_P + adr x17,.LOPENSSL_armcap_P + add x16,x16,x17 + ldr w16,[x16] + tst w16,#ARMV8_SHA1 + b.ne .Lv8_entry + + stp x29,x30,[sp,#-96]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + + ldp $A,$B,[$ctx] + ldp $C,$D,[$ctx,#8] + ldr $E,[$ctx,#16] + +.Loop: + ldr @Xx[0],[$inp],#64 + movz $K,#0x7999 + sub $num,$num,#1 + movk $K,#0x5a82,lsl#16 +#ifdef __ARMEB__ + ror $Xx[0], at Xx[0],#32 +#else + rev32 @Xx[0], at Xx[0] +#endif + add $E,$E,$K // warm it up + add $E,$E, at Xw[0] +___ +for($i=0;$i<20;$i++) { &BODY_00_19($i, at V); unshift(@V,pop(@V)); } +for(;$i<40;$i++) { &BODY_20_39($i, at V); unshift(@V,pop(@V)); } +for(;$i<60;$i++) { &BODY_40_59($i, at V); unshift(@V,pop(@V)); } +for(;$i<80;$i++) { &BODY_20_39($i, at V); unshift(@V,pop(@V)); } +$code.=<<___; + add $B,$B, at Xw[2] + add $C,$C, at Xw[3] + add $A,$A, at Xw[1] + add $D,$D, at Xw[4] + add $E,$E, at Xw[5] + stp $A,$B,[$ctx] + stp $C,$D,[$ctx,#8] + str $E,[$ctx,#16] + cbnz $num,.Loop + + ldp x19,x20,[sp,#16] + ldp x21,x22,[sp,#32] + ldp x23,x24,[sp,#48] + ldp x25,x26,[sp,#64] + ldp x27,x28,[sp,#80] + ldr x29,[sp],#96 + ret +.size sha1_block_data_order,.-sha1_block_data_order +___ +{{{ +my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3)); +my @MSG=map("v$_.16b",(4..7)); +my @Kxx=map("v$_.4s",(16..19)); +my ($W0,$W1)=("v20.4s","v21.4s"); +my $ABCD_SAVE="v22.16b"; + +$code.=<<___; +.type sha1_block_armv8,%function +.align 6 +sha1_block_armv8: +.Lv8_entry: + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + + adr x4,.Lconst + eor $E,$E,$E + ld1.32 {$ABCD},[$ctx],#16 + ld1.32 {$E}[0],[$ctx] + sub $ctx,$ctx,#16 + ld1.32 {@Kxx[0]- at Kxx[3]},[x4] + +.Loop_hw: + ld1 {@MSG[0]- at MSG[3]},[$inp],#64 + sub $num,$num,#1 + rev32 @MSG[0], at MSG[0] + rev32 @MSG[1], at MSG[1] + + add.i32 $W0, at Kxx[0], at MSG[0] + rev32 @MSG[2], at MSG[2] + orr $ABCD_SAVE,$ABCD,$ABCD // offload + + add.i32 $W1, at Kxx[0], at MSG[1] + rev32 @MSG[3], at MSG[3] + sha1h $E1,$ABCD + sha1c $ABCD,$E,$W0 // 0 + add.i32 $W0, at Kxx[$j], at MSG[2] + sha1su0 @MSG[0], at MSG[1], at MSG[2] +___ +for ($j=0,$i=1;$i<20-3;$i++) { +my $f=("c","p","m","p")[$i/5]; +$code.=<<___; + sha1h $E0,$ABCD // $i + sha1$f $ABCD,$E1,$W1 + add.i32 $W1, at Kxx[$j], at MSG[3] + sha1su1 @MSG[0], at MSG[3] +___ +$code.=<<___ if ($i<20-4); + sha1su0 @MSG[1], at MSG[2], at MSG[3] +___ + ($E0,$E1)=($E1,$E0); ($W0,$W1)=($W1,$W0); + push(@MSG,shift(@MSG)); $j++ if ((($i+3)%5)==0); +} +$code.=<<___; + sha1h $E0,$ABCD // $i + sha1p $ABCD,$E1,$W1 + add.i32 $W1, at Kxx[$j], at MSG[3] + + sha1h $E1,$ABCD // 18 + sha1p $ABCD,$E0,$W0 + + sha1h $E0,$ABCD // 19 + sha1p $ABCD,$E1,$W1 + + add.i32 $E,$E,$E0 + add.i32 $ABCD,$ABCD,$ABCD_SAVE + + cbnz $num,.Loop_hw + + st1.32 {$ABCD},[$ctx],#16 + st1.32 {$E}[0],[$ctx] + + ldr x29,[sp],#16 + ret +.size sha1_block_armv8,.-sha1_block_armv8 +.align 6 +.Lconst: +.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19 +.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59 +.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79 +.LOPENSSL_armcap_P: +.quad OPENSSL_armcap_P-. +.asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " +.align 2 +.comm OPENSSL_armcap_P,4,4 +___ +}}} + +{ my %opcode = ( + "sha1c" => 0x5e000000, "sha1p" => 0x5e001000, + "sha1m" => 0x5e002000, "sha1su0" => 0x5e003000, + "sha1h" => 0x5e280800, "sha1su1" => 0x5e281800 ); + + sub unsha1 { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o + && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5)|($3<<16), + $mnemonic,$arg; + } +} + +foreach(split("\n",$code)) { + + s/\`([^\`]*)\`/eval($1)/geo; + + s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo; + + s/\.\w?32\b//o and s/\.16b/\.4s/go; + m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go; + + print $_,"\n"; +} + +close STDOUT; diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 9c84e8d..252a583 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -23,8 +23,20 @@ # Profiler-assisted and platform-specific optimization resulted in 16% # improvement on Cortex A8 core and ~17 cycles per processed byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; $t0="r0"; $inp="r1"; $t3="r1"; diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 7faf37b..c032afd 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -38,8 +38,20 @@ $hi="HI"; $lo="LO"; # ==================================================================== -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; # parameter block $inp="r1"; @@ -221,17 +233,21 @@ WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 .LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha512_block_data_order +.word OPENSSL_armcap_P-.Lsha512_block_data_order .skip 32-4 .global sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: +.Lsha512_block_data_order: sub r3,pc,#8 @ sha512_block_data_order add $len,$inp,$len,lsl#7 @ len to point at the end of inp #if __ARM_ARCH__>=7 ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#1 bne .LNEON #endif diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl new file mode 100644 index 0000000..45eb719 --- /dev/null +++ b/crypto/sha/asm/sha512-armv8.pl @@ -0,0 +1,428 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA256/512 for ARMv8. +# +# Performance in cycles per processed byte and improvement coefficient +# over code generated with "default" compiler: +# +# SHA256-hw SHA256(*) SHA512 +# Apple A7 1.97 10.5 (+33%) 6.73 (-1%(**)) +# Cortex-A53 2.38 15.6 (+110%) 10.1 (+190%(***)) +# Cortex-A57 2.31 11.6 (+86%) 7.51 (+260%(***)) +# +# (*) Software SHA256 results are of lesser relevance, presented +# mostly for informational purposes. +# (**) The result is a trade-off: it's possible to improve it by +# 10% (or by 1 cycle per round), but at the cost of 20% loss +# on Cortex-A53 (or by 4 cycles per round). +# (***) Super-impressive coefficients over gcc-generated code are +# indication of some compiler "pathology", most notably code +# generated with -mgeneral-regs-only is significanty faster +# and lags behind assembly only by 50-90%. + +$flavour=shift; +$output=shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +if ($output =~ /512/) { + $BITS=512; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $reg_t="x"; +} else { + $BITS=256; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $reg_t="w"; +} + +$func="sha${BITS}_block_data_order"; + +($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30)); + + at X=map("$reg_t$_",(3..15,0..2)); + at V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27)); +($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28)); + +sub BODY_00_xx { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +my $j=($i+1)&15; +my ($T0,$T1,$T2)=(@X[($i-8)&15], at X[($i-9)&15], at X[($i-10)&15]); + $T0=@X[$i+3] if ($i<11); + +$code.=<<___ if ($i<16); +#ifndef __ARMEB__ + rev @X[$i], at X[$i] // $i +#endif +___ +$code.=<<___ if ($i<13 && ($i&1)); + ldp @X[$i+1], at X[$i+2],[$inp],#2*$SZ +___ +$code.=<<___ if ($i==13); + ldp @X[14], at X[15],[$inp] +___ +$code.=<<___ if ($i>=14); + ldr @X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`] +___ +$code.=<<___ if ($i>0 && $i<16); + add $a,$a,$t1 // h+=Sigma0(a) +___ +$code.=<<___ if ($i>=11); + str @X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`] +___ +# While ARMv8 specifies merged rotate-n-logical operation such as +# 'eor x,y,z,ror#n', it was found to negatively affect performance +# on Apple A7. The reason seems to be that it requires even 'y' to +# be available earlier. This means that such merged instruction is +# not necessarily best choice on critical path... On the other hand +# Cortex-A5x handles merged instructions much better than disjoint +# rotate and logical... See (**) footnote above. +$code.=<<___ if ($i<15); + ror $t0,$e,#$Sigma1[0] + add $h,$h,$t2 // h+=K[i] + eor $T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]` + and $t1,$f,$e + bic $t2,$g,$e + add $h,$h, at X[$i&15] // h+=X[i] + orr $t1,$t1,$t2 // Ch(e,f,g) + eor $t2,$a,$b // a^b, b^c in next round + eor $t0,$t0,$T0,ror#$Sigma1[1] // Sigma1(e) + ror $T0,$a,#$Sigma0[0] + add $h,$h,$t1 // h+=Ch(e,f,g) + eor $t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]` + add $h,$h,$t0 // h+=Sigma1(e) + and $t3,$t3,$t2 // (b^c)&=(a^b) + add $d,$d,$h // d+=h + eor $t3,$t3,$b // Maj(a,b,c) + eor $t1,$T0,$t1,ror#$Sigma0[1] // Sigma0(a) + add $h,$h,$t3 // h+=Maj(a,b,c) + ldr $t3,[$Ktbl],#$SZ // *K++, $t2 in next round + //add $h,$h,$t1 // h+=Sigma0(a) +___ +$code.=<<___ if ($i>=15); + ror $t0,$e,#$Sigma1[0] + add $h,$h,$t2 // h+=K[i] + ror $T1, at X[($j+1)&15],#$sigma0[0] + and $t1,$f,$e + ror $T2, at X[($j+14)&15],#$sigma1[0] + bic $t2,$g,$e + ror $T0,$a,#$Sigma0[0] + add $h,$h, at X[$i&15] // h+=X[i] + eor $t0,$t0,$e,ror#$Sigma1[1] + eor $T1,$T1, at X[($j+1)&15],ror#$sigma0[1] + orr $t1,$t1,$t2 // Ch(e,f,g) + eor $t2,$a,$b // a^b, b^c in next round + eor $t0,$t0,$e,ror#$Sigma1[2] // Sigma1(e) + eor $T0,$T0,$a,ror#$Sigma0[1] + add $h,$h,$t1 // h+=Ch(e,f,g) + and $t3,$t3,$t2 // (b^c)&=(a^b) + eor $T2,$T2, at X[($j+14)&15],ror#$sigma1[1] + eor $T1,$T1, at X[($j+1)&15],lsr#$sigma0[2] // sigma0(X[i+1]) + add $h,$h,$t0 // h+=Sigma1(e) + eor $t3,$t3,$b // Maj(a,b,c) + eor $t1,$T0,$a,ror#$Sigma0[2] // Sigma0(a) + eor $T2,$T2, at X[($j+14)&15],lsr#$sigma1[2] // sigma1(X[i+14]) + add @X[$j], at X[$j], at X[($j+9)&15] + add $d,$d,$h // d+=h + add $h,$h,$t3 // h+=Maj(a,b,c) + ldr $t3,[$Ktbl],#$SZ // *K++, $t2 in next round + add @X[$j], at X[$j],$T1 + add $h,$h,$t1 // h+=Sigma0(a) + add @X[$j], at X[$j],$T2 +___ + ($t2,$t3)=($t3,$t2); +} + +$code.=<<___; +#include "arm_arch.h" + +.text + +.extern OPENSSL_armcap_P +.globl $func +.type $func,%function +.align 6 +$func: +___ +$code.=<<___ if ($SZ==4); + ldr x16,.LOPENSSL_armcap_P + adr x17,.LOPENSSL_armcap_P + add x16,x16,x17 + ldr w16,[x16] + tst w16,#ARMV8_SHA256 + b.ne .Lv8_entry +___ +$code.=<<___; + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + sub sp,sp,#4*$SZ + + ldp $A,$B,[$ctx] // load context + ldp $C,$D,[$ctx,#2*$SZ] + ldp $E,$F,[$ctx,#4*$SZ] + add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input + ldp $G,$H,[$ctx,#6*$SZ] + adr $Ktbl,.LK$BITS + stp $ctx,$num,[x29,#96] + +.Loop: + ldp @X[0], at X[1],[$inp],#2*$SZ + ldr $t2,[$Ktbl],#$SZ // *K++ + eor $t3,$B,$C // magic seed + str $inp,[x29,#112] +___ +for ($i=0;$i<16;$i++) { &BODY_00_xx($i, at V); unshift(@V,pop(@V)); } +$code.=".Loop_16_xx:\n"; +for (;$i<32;$i++) { &BODY_00_xx($i, at V); unshift(@V,pop(@V)); } +$code.=<<___; + cbnz $t2,.Loop_16_xx + + ldp $ctx,$num,[x29,#96] + ldr $inp,[x29,#112] + sub $Ktbl,$Ktbl,#`$SZ*($rounds+1)` // rewind + + ldp @X[0], at X[1],[$ctx] + ldp @X[2], at X[3],[$ctx,#2*$SZ] + add $inp,$inp,#14*$SZ // advance input pointer + ldp @X[4], at X[5],[$ctx,#4*$SZ] + add $A,$A, at X[0] + ldp @X[6], at X[7],[$ctx,#6*$SZ] + add $B,$B, at X[1] + add $C,$C, at X[2] + add $D,$D, at X[3] + stp $A,$B,[$ctx] + add $E,$E, at X[4] + add $F,$F, at X[5] + stp $C,$D,[$ctx,#2*$SZ] + add $G,$G, at X[6] + add $H,$H, at X[7] + cmp $inp,$num + stp $E,$F,[$ctx,#4*$SZ] + stp $G,$H,[$ctx,#6*$SZ] + b.ne .Loop + + ldp x19,x20,[x29,#16] + add sp,sp,#4*$SZ + ldp x21,x22,[x29,#32] + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#128 + ret +.size $func,.-$func + +.align 6 +.type .LK$BITS,%object +.LK$BITS: +___ +$code.=<<___ if ($SZ==8); + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + .quad 0 // terminator +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 + .long 0 //terminator +___ +$code.=<<___; +.size .LK$BITS,.-.LK$BITS +.align 3 +.LOPENSSL_armcap_P: + .quad OPENSSL_armcap_P-. +.asciz "SHA$BITS block transform for ARMv8, CRYPTOGAMS by " +.align 2 +___ + +if ($SZ==4) { +my $Ktbl="x3"; + +my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2)); +my @MSG=map("v$_.16b",(4..7)); +my ($W0,$W1)=("v16.4s","v17.4s"); +my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b"); + +$code.=<<___; +.type sha256_block_armv8,%function +.align 6 +sha256_block_armv8: +.Lv8_entry: + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + + ld1.32 {$ABCD,$EFGH},[$ctx] + adr $Ktbl,.LK256 + +.Loop_hw: + ld1 {@MSG[0]- at MSG[3]},[$inp],#64 + sub $num,$num,#1 + ld1.32 {$W0},[$Ktbl],#16 + rev32 @MSG[0], at MSG[0] + rev32 @MSG[1], at MSG[1] + rev32 @MSG[2], at MSG[2] + rev32 @MSG[3], at MSG[3] + orr $ABCD_SAVE,$ABCD,$ABCD // offload + orr $EFGH_SAVE,$EFGH,$EFGH +___ +for($i=0;$i<12;$i++) { +$code.=<<___; + ld1.32 {$W1},[$Ktbl],#16 + add.i32 $W0,$W0, at MSG[0] + sha256su0 @MSG[0], at MSG[1] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W0 + sha256h2 $EFGH,$abcd,$W0 + sha256su1 @MSG[0], at MSG[2], at MSG[3] +___ + ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); +} +$code.=<<___; + ld1.32 {$W1},[$Ktbl],#16 + add.i32 $W0,$W0, at MSG[0] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W0 + sha256h2 $EFGH,$abcd,$W0 + + ld1.32 {$W0},[$Ktbl],#16 + add.i32 $W1,$W1, at MSG[1] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W1 + sha256h2 $EFGH,$abcd,$W1 + + ld1.32 {$W1},[$Ktbl] + add.i32 $W0,$W0, at MSG[2] + sub $Ktbl,$Ktbl,#$rounds*$SZ-16 // rewind + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W0 + sha256h2 $EFGH,$abcd,$W0 + + add.i32 $W1,$W1, at MSG[3] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W1 + sha256h2 $EFGH,$abcd,$W1 + + add.i32 $ABCD,$ABCD,$ABCD_SAVE + add.i32 $EFGH,$EFGH,$EFGH_SAVE + + cbnz $num,.Loop_hw + + st1.32 {$ABCD,$EFGH},[$ctx] + + ldr x29,[sp],#16 + ret +.size sha256_block_armv8,.-sha256_block_armv8 +___ +} + +$code.=<<___; +.comm OPENSSL_armcap_P,4,4 +___ + +{ my %opcode = ( + "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, + "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); + + sub unsha256 { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o + && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5)|($3<<16), + $mnemonic,$arg; + } +} + +foreach(split("\n",$code)) { + + s/\`([^\`]*)\`/eval($1)/geo; + + s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo; + + s/\.\w?32\b//o and s/\.16b/\.4s/go; + m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go; + + print $_,"\n"; +} + +close STDOUT; diff --git a/fips/fips.c b/fips/fips.c index 8c9e187..0269609 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -151,7 +151,7 @@ extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[]; #ifdef _TMS320C6X const #endif -unsigned char FIPS_signature [20] = { 0 }; +unsigned char FIPS_signature [20] = { 0, 0xff }; __fips_constseg static const char FIPS_hmac_key[]="etaonrishdlcupfm"; diff --git a/fips/fips_canister.c b/fips/fips_canister.c index dcdb067..adbe696 100644 --- a/fips/fips_canister.c +++ b/fips/fips_canister.c @@ -29,6 +29,7 @@ const void *FIPS_text_end(void); #if !defined(FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE) # if (defined(__ANDROID__) && (defined(__arm__) || defined(__arm) || \ + defined(__aarch64__) || \ defined(__i386__)|| defined(__i386))) || \ (defined(__vxworks) && (defined(__ppc__) || defined(__ppc) || \ defined(__mips__)|| defined(__mips))) || \ diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index e2506ff..3c9bbaa 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -1325,6 +1325,12 @@ int main(int argc, char **argv) FIPS_post_set_callback(post_cb); +#if (defined(__arm__) || defined(__aarch64__)) + extern unsigned int OPENSSL_armcap_P; + if (0 == OPENSSL_armcap_P) + fprintf(stderr, "Optimizations disabled\n"); +#endif + printf("\tFIPS-mode test application\n"); printf("\t%s\n\n", FIPS_module_version_text()); diff --git a/fips/fipsalgtest.pl b/fips/fipsalgtest.pl index 672c261..3009521 100644 --- a/fips/fipsalgtest.pl +++ b/fips/fipsalgtest.pl @@ -7,17 +7,6 @@ # FIPS test definitions # List of all the unqualified file names we expect and command lines to run -# DSA tests -my @fips_dsa_test_list = ( - - "DSA", - - [ "PQGGen", "fips_dssvs pqg", "path:[^C]DSA/.*PQGGen" ], - [ "KeyPair", "fips_dssvs keypair", "path:[^C]DSA/.*KeyPair" ], - [ "SigGen", "fips_dssvs siggen", "path:[^C]DSA/.*SigGen" ], - [ "SigVer", "fips_dssvs sigver", "path:[^C]DSA/.*SigVer" ] - -); my @fips_dsa_pqgver_test_list = ( "DSA", @@ -38,16 +27,7 @@ my @fips_dsa2_test_list = ( ); -# ECDSA and ECDSA2 tests -my @fips_ecdsa_test_list = ( - - "ECDSA", - - [ "KeyPair", "fips_ecdsavs KeyPair", "path:/ECDSA/.*KeyPair" ], - [ "PKV", "fips_ecdsavs PKV", "path:/ECDSA/.*PKV" ], - [ "SigGen", "fips_ecdsavs SigGen", "path:/ECDSA/.*SigGen" ], - [ "SigVer", "fips_ecdsavs SigVer", "path:/ECDSA/.*SigVer" ], -); +# ECDSA2 tests my @fips_ecdsa2_test_list = ( "ECDSA2", @@ -357,10 +337,8 @@ my @fips_des3_test_list = ( "Triple DES", [ "TCBCinvperm", "fips_desmovs -f" ], - [ "TCBCMMT1", "fips_desmovs -f" ], [ "TCBCMMT2", "fips_desmovs -f" ], [ "TCBCMMT3", "fips_desmovs -f" ], - [ "TCBCMonte1", "fips_desmovs -f" ], [ "TCBCMonte2", "fips_desmovs -f" ], [ "TCBCMonte3", "fips_desmovs -f" ], [ "TCBCpermop", "fips_desmovs -f" ], @@ -368,10 +346,8 @@ my @fips_des3_test_list = ( [ "TCBCvarkey", "fips_desmovs -f" ], [ "TCBCvartext", "fips_desmovs -f" ], [ "TCFB64invperm", "fips_desmovs -f" ], - [ "TCFB64MMT1", "fips_desmovs -f" ], [ "TCFB64MMT2", "fips_desmovs -f" ], [ "TCFB64MMT3", "fips_desmovs -f" ], - [ "TCFB64Monte1", "fips_desmovs -f" ], [ "TCFB64Monte2", "fips_desmovs -f" ], [ "TCFB64Monte3", "fips_desmovs -f" ], [ "TCFB64permop", "fips_desmovs -f" ], @@ -379,10 +355,8 @@ my @fips_des3_test_list = ( [ "TCFB64varkey", "fips_desmovs -f" ], [ "TCFB64vartext", "fips_desmovs -f" ], [ "TCFB8invperm", "fips_desmovs -f" ], - [ "TCFB8MMT1", "fips_desmovs -f" ], [ "TCFB8MMT2", "fips_desmovs -f" ], [ "TCFB8MMT3", "fips_desmovs -f" ], - [ "TCFB8Monte1", "fips_desmovs -f" ], [ "TCFB8Monte2", "fips_desmovs -f" ], [ "TCFB8Monte3", "fips_desmovs -f" ], [ "TCFB8permop", "fips_desmovs -f" ], @@ -390,10 +364,8 @@ my @fips_des3_test_list = ( [ "TCFB8varkey", "fips_desmovs -f" ], [ "TCFB8vartext", "fips_desmovs -f" ], [ "TECBinvperm", "fips_desmovs -f" ], - [ "TECBMMT1", "fips_desmovs -f" ], [ "TECBMMT2", "fips_desmovs -f" ], [ "TECBMMT3", "fips_desmovs -f" ], - [ "TECBMonte1", "fips_desmovs -f" ], [ "TECBMonte2", "fips_desmovs -f" ], [ "TECBMonte3", "fips_desmovs -f" ], [ "TECBpermop", "fips_desmovs -f" ], @@ -401,10 +373,8 @@ my @fips_des3_test_list = ( [ "TECBvarkey", "fips_desmovs -f" ], [ "TECBvartext", "fips_desmovs -f" ], [ "TOFBinvperm", "fips_desmovs -f" ], - [ "TOFBMMT1", "fips_desmovs -f" ], [ "TOFBMMT2", "fips_desmovs -f" ], [ "TOFBMMT3", "fips_desmovs -f" ], - [ "TOFBMonte1", "fips_desmovs -f" ], [ "TOFBMonte2", "fips_desmovs -f" ], [ "TOFBMonte3", "fips_desmovs -f" ], [ "TOFBpermop", "fips_desmovs -f" ], @@ -419,10 +389,8 @@ my @fips_des3_cfb1_test_list = ( # DES3 CFB1 tests [ "TCFB1invperm", "fips_desmovs -f" ], - [ "TCFB1MMT1", "fips_desmovs -f" ], [ "TCFB1MMT2", "fips_desmovs -f" ], [ "TCFB1MMT3", "fips_desmovs -f" ], - [ "TCFB1Monte1", "fips_desmovs -f" ], [ "TCFB1Monte2", "fips_desmovs -f" ], [ "TCFB1Monte3", "fips_desmovs -f" ], [ "TCFB1permop", "fips_desmovs -f" ], @@ -475,8 +443,6 @@ my @fips_ecdh_test_list = ( # my %verify_special = ( - "DSA:PQGGen" => "fips_dssvs pqgver", - "DSA:KeyPair" => "fips_dssvs keyver", "DSA:SigGen" => "fips_dssvs sigver", "DSA2:PQGGen" => "fips_dssvs pqgver", "DSA2:KeyPair" => "fips_dssvs keyver", @@ -650,10 +616,8 @@ if (!$fips_enabled{"v2"}) { } } -push @fips_test_list, @fips_dsa_test_list if $fips_enabled{"dsa"}; push @fips_test_list, @fips_dsa2_test_list if $fips_enabled{"dsa2"}; push @fips_test_list, @fips_dsa_pqgver_test_list if $fips_enabled{"dsa-pqgver"}; -push @fips_test_list, @fips_ecdsa_test_list if $fips_enabled{"ecdsa"}; push @fips_test_list, @fips_ecdsa2_test_list if $fips_enabled{"ecdsa2"}; push @fips_test_list, @fips_rsa_test_list if $fips_enabled{"rsa"}; push @fips_test_list, @fips_rsa_pss0_test_list if $fips_enabled{"rsa-pss0"}; diff --git a/fips/fipssyms.h b/fips/fipssyms.h index 5719aea..76db619 100644 --- a/fips/fipssyms.h +++ b/fips/fipssyms.h @@ -668,6 +668,50 @@ #define bn_mul_mont_gather5 fips_bn_mul_mont_gather5 #define bn_scatter5 fips_bn_scatter5 #define bn_gather5 fips_bn_gather5 +#define _armv8_aes_probe _fips_armv8_aes_probe +#define _armv8_pmull_probe _fips_armv8_pmull_probe +#define _armv8_sha1_probe _fips_armv8_sha1_probe +#define _armv8_sha256_probe _fips_armv8_sha256_probe +#define aes_v8_encrypt fips_aes_v8_encrypt +#define aes_v8_decrypt fips_aes_v8_decrypt +#define aes_v8_set_encrypt_key fips_aes_v8_set_encrypt_key +#define aes_v8_set_decrypt_key fips_aes_v8_set_decrypt_key +#define aes_v8_cbc_encrypt fips_aes_v8_cbc_encrypt +#define aes_v8_ctr32_encrypt_blocks fips_aes_v8_ctr32_encrypt_blocks +#define gcm_init_v8 fips_gcm_init_v8 +#define gcm_gmult_v8 fips_gcm_gmult_v8 +#define gcm_ghash_v8 fips_gcm_ghash_v8 +#if defined(__APPLE__) && __ASSEMBLER__ +#define _OPENSSL_armcap_P _fips_openssl_armcap_P +#define __armv7_neon_probe __fips_armv7_neon_probe +#define __armv7_tick __fips_armv7_tick +#define __armv8_aes_probe __fips_armv8_aes_probe +#define __armv8_pmull_probe __fips_armv8_pmull_probe +#define __armv8_sha1_probe __fips_armv8_sha1_probe +#define __armv8_sha256_probe __fips_armv8_sha256_probe +#define _aes_v8_encrypt _fips_aes_v8_encrypt +#define _aes_v8_decrypt _fips_aes_v8_decrypt +#define _aes_v8_set_encrypt_key _fips_aes_v8_set_encrypt_key +#define _aes_v8_set_decrypt_key _fips_aes_v8_set_decrypt_key +#define _aes_v8_cbc_encrypt _fips_aes_v8_cbc_encrypt +#define _aes_v8_ctr32_encrypt_blocks _fips_aes_v8_ctr32_encrypt_blocks +#define _gcm_init_v8 _fips_gcm_init_v8 +#define _gcm_gmult_v8 _fips_gcm_gmult_v8 +#define _gcm_ghash_v8 _fips_gcm_ghash_v8 +#define _sha1_block_data_order _fips_sha1_block_data_order +#define _sha256_block_data_order _fips_sha256_block_data_order +#define _sha512_block_data_order _fips_sha512_block_data_order +#define _AES_decrypt _fips_aes_decrypt +#define _AES_encrypt _fips_aes_encrypt +#define _AES_set_decrypt_key _fips_aes_set_decrypt_key +#define _AES_set_encrypt_key _fips_aes_set_encrypt_key +#define _gcm_gmult_4bit _fips_gcm_gmult_4bit +#define _gcm_ghash_4bit _fips_gcm_ghash_4bit +#define _gcm_gmult_neon _fips_gcm_gmult_neon +#define _gcm_ghash_neon _fips_gcm_ghash_neon +#define _bn_GF2m_mul_2x2 _fips_bn_GF2m_mul_2x2 +#define _OPENSSL_cleanse _FIPS_openssl_cleanse +#endif #if defined(_MSC_VER) # pragma const_seg("fipsro$b") diff --git a/iOS/Makefile b/iOS/Makefile new file mode 100644 index 0000000..db26da6 --- /dev/null +++ b/iOS/Makefile @@ -0,0 +1,76 @@ +# +# OpenSSL/iOS/Makefile +# + +DIR= iOS +TOP= .. +CC= cc +INCLUDES= -I$(TOP) -I$(TOP)/include +CFLAG= -g -static +MAKEFILE= Makefile +PERL= perl +RM= rm -f + +EXE=incore_macho + +CFLAGS= $(INCLUDES) $(CFLAG) + +top: + @$(MAKE) -f $(TOP)/Makefile reflect THIS=exe + +exe: fips_algvs.app/fips_algvs + +incore_macho: incore_macho.c $(TOP)/crypto/sha/sha1dgst.c + $(HOSTCC) $(HOSTCFLAGS) -I$(TOP)/include -I$(TOP)/crypto -o $@ incore_macho.c $(TOP)/crypto/sha/sha1dgst.c + +fips_algvs.app/fips_algvs: $(TOP)/test/fips_algvs.c $(TOP)/fips/fipscanister.o fopen.m incore_macho + FIPS_SIG=./incore_macho \ + $(TOP)/fips/fipsld $(CFLAGS) -I$(TOP)/fips -o $@ \ + $(TOP)/test/fips_algvs.c $(TOP)/fips/fipscanister.o \ + fopen.m -framework Foundation || rm $@ + codesign -f -s "iPhone Developer" --entitlements fips_algvs.app/Entitlements.plist fips_algvs.app || rm $@ + +install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @set -e; for i in $(EXE); \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + @set -e; for i in $(SCRIPTS); \ + do \ + (echo installing $$i; \ + cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ + done + +tags: + ctags $(SRC) + +tests: + +links: + +lint: + lint -DLINT $(INCLUDES) $(SRC)>fluff + +depend: + @if [ -z "$(THIS)" ]; then \ + $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ + else \ + $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ + fi + +dclean: + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + mv -f Makefile.new $(MAKEFILE) + +clean: + rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) + rm -f fips_algvs.app/fips_algvs + +# DO NOT DELETE THIS LINE -- make depend depends on it. + diff --git a/iOS/fips_algvs.app/Entitlements.plist b/iOS/fips_algvs.app/Entitlements.plist new file mode 100644 index 0000000..929c4e9 --- /dev/null +++ b/iOS/fips_algvs.app/Entitlements.plist @@ -0,0 +1,8 @@ + + + + + get-task-allow + + + \ No newline at end of file diff --git a/iOS/fips_algvs.app/Info.plist b/iOS/fips_algvs.app/Info.plist new file mode 100644 index 0000000..3fd8fb4 --- /dev/null +++ b/iOS/fips_algvs.app/Info.plist @@ -0,0 +1,24 @@ + + + + + CFBundleName + fips_algvs + CFBundleSupportedPlatforms + + iPhoneOS + + CFBundleExecutable + fips_algvs + CFBundleIdentifier + fips_algvs + CFBundleResourceSpecification + ResourceRules.plist + LSRequiresIPhoneOS + + CFBundleDisplayName + fips_algvs + CFBundleVersion + 1.0 + + diff --git a/iOS/fips_algvs.app/ResourceRules.plist b/iOS/fips_algvs.app/ResourceRules.plist new file mode 100644 index 0000000..e7ec329 --- /dev/null +++ b/iOS/fips_algvs.app/ResourceRules.plist @@ -0,0 +1,25 @@ + + + + + rules + + .* + + Info.plist + + omit + + weight + 10 + + ResourceRules.plist + + omit + + weight + 100 + + + + diff --git a/iOS/fopen.m b/iOS/fopen.m new file mode 100644 index 0000000..8d2e790 --- /dev/null +++ b/iOS/fopen.m @@ -0,0 +1,93 @@ +#include +#include +#include +#include +#include +#include + +static FILE *(*libc_fopen)(const char *, const char *) = NULL; + +__attribute__((constructor)) +static void pre_main(void) +{ + /* + * Pull reference to fopen(3) from libc. + */ + void *handle = dlopen("libSystem.B.dylib",RTLD_LAZY); + + if (handle) { + libc_fopen = dlsym(handle,"fopen"); + dlclose(handle); + } + + /* + * Change to Documents directory. + */ + NSString *docs = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) lastObject]; + + NSFileManager *filemgr = [NSFileManager defaultManager]; + [filemgr changeCurrentDirectoryPath: docs]; + [filemgr release]; +} + +char *mkdirhier(char *path) +{ + char *slash; + struct stat buf; + + if (path[0]=='.' && path[1]=='/') path+=2; + + if ((slash = strrchr(path,'/'))) { + *slash = '\0'; + if (stat(path,&buf)==0) { + *slash = '/'; + return NULL; + } + (void)mkdirhier(path); + mkdir (path,0777); + *slash = '/'; + } + + return slash; +} +/* + * Replacement fopen(3) + */ +FILE *fopen(const char *filename, const char *mode) +{ + FILE *ret; + + if ((ret = (*libc_fopen)(filename,mode)) == NULL) { + /* + * If file is not present in Documents directory, try from Bundle. + */ + NSString *nsspath = [NSString stringWithFormat:@"%@/%s", + [[NSBundle mainBundle] bundlePath], + filename]; + + if ((ret = (*libc_fopen)([nsspath cStringUsingEncoding:NSUTF8StringEncoding],mode)) == NULL && + mode[0]=='w' && + ((filename[0]!='.' && filename[0]!='/') || + (filename[0]=='.' && filename[1]=='/')) ) { + /* + * If not present in Bundle, create directory in Documents + */ + char *path = strdup(filename), *slash; + static int once = 1; + + if ((slash = mkdirhier(path)) && once) { + /* + * For some reason iOS truncates first created file + * upon program exit, so we create one preemptively... + */ + once = 0; + strcpy(slash,"/.0"); + creat(path,0444); + } + free(path); + ret = (*libc_fopen)(filename,mode); + } + } + + return ret; +} diff --git a/iOS/incore_macho.c b/iOS/incore_macho.c new file mode 100644 index 0000000..8842764 --- /dev/null +++ b/iOS/incore_macho.c @@ -0,0 +1,1016 @@ +/* incore_macho.c */ +/* ==================================================================== + * Copyright (c) 2011 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core at openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* ==================================================================== + * Copyright 2011 Thursby Software Systems, Inc. All rights reserved. + * + * The portions of the attached software ("Contribution") is developed by + * Thursby Software Systems, Inc and is licensed pursuant to the OpenSSL + * open source license. + * + * The Contribution, originally written by Paul W. Nelson of + * Thursby Software Systems, Inc, consists of the fingerprint calculation + * required for the FIPS140 integrity check. + * + * No patent licenses or other rights except those expressly stated in + * the OpenSSL open source license shall be deemed granted or received + * expressly, by implication, estoppel, or otherwise. + * + * No assurances are provided by Thursby that the Contribution does not + * infringe the patent or other intellectual property rights of any third + * party or that the license provides you with all the necessary rights + * to make use of the Contribution. + * + * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN + * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, THURSBY + * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY + * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR + * OTHERWISE. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef CPU_SUBRTPE_V7F +# define CPU_SUBRTPE_V7F ((cpu_subtype_t) 10) +#endif +/* iPhone 5 and iPad 4 (A6 Processors) */ +#ifndef CPU_SUBTYPE_ARM_V7S +# define CPU_SUBTYPE_ARM_V7S ((cpu_subtype_t) 11) +#endif +#ifndef CPU_SUBTYPE_ARM_V7K +# define CPU_SUBTYPE_ARM_V7K ((cpu_subtype_t) 12) +#endif +#ifndef CPU_SUBTYPE_ARM_V8 +# define CPU_SUBTYPE_ARM_V8 ((cpu_subtype_t) 13) +#endif + +#ifndef CPU_TYPE_ARM64 +# define CPU_TYPE_ARM64 (CPU_TYPE_ARM | CPU_ARCH_ABI64) +#endif + +static int gVerbosity = 0; + +static void hexdump(const unsigned char *buf,size_t len, + unsigned long address,FILE* fp) +{ + unsigned long addr; + int i; + + addr = 0; + while(addrflags; + memcpy( sec->sectname, pSec->sectname, 16 ); + memcpy( sec->segname, pSec->segname, 16 ); + sec->addr = pSec->addr; + sec->size = pSec->size; + sec->offset = pSec->offset; + sec->align = pSec->align; + sec->reloff = pSec->reloff; + sec->nreloc = pSec->nreloc; + sec->flags = pSec->flags; + rval = pCommand + sizeof(struct section_64); + } + else + { + struct section* pSec = (struct section*)pCommand; + flags = pSec->flags; + memcpy( sec->sectname, pSec->sectname, 16 ); + memcpy( sec->segname, pSec->segname, 16 ); + sec->addr = pSec->addr; + sec->size = pSec->size; + sec->offset = pSec->offset; + sec->align = pSec->align; + sec->reloff = pSec->reloff; + sec->nreloc = pSec->nreloc; + sec->flags = pSec->flags; + rval = pCommand + sizeof(struct section); + } + if( gVerbosity > 2 ) + fprintf(stderr, " flags=%x\n", flags); + sec->segment = segment; + sec->_next = NULL; + if( macho->sec_head ) + macho->sec_tail->_next = sec; + else + macho->sec_head = sec; + macho->sec_tail = sec; + return rval; +} + +static section_t *lookup_section(macho_file_t* macho, uint32_t nsect) +{ + section_t *rval = macho->sec_head; + + if(nsect == 0) return NULL; + + while( rval != NULL && --nsect > 0 ) + rval = rval->_next; + return rval; +} + +static void *add_segment( macho_file_t *macho, void *pCommand, uint8_t is64bit ) +{ + void *rval = 0; + segment_t *seg = (segment_t *)calloc(1, sizeof(segment_t)); + + if(!seg) + return 0; + if(is64bit) + { + struct segment_command_64 *pSeg = (struct segment_command_64*)pCommand; + + memcpy( seg->segname, pSeg->segname, 16 ); + seg->vmaddr = pSeg->vmaddr; + seg->vmsize = pSeg->vmsize; + seg->fileoff = pSeg->fileoff; + seg->filesize = pSeg->filesize; + seg->maxprot = pSeg->maxprot; + seg->initprot = pSeg->initprot; + seg->nsects = pSeg->nsects; + seg->flags = pSeg->flags; + rval = pCommand + sizeof(struct segment_command_64); + } else { + struct segment_command *pSeg = (struct segment_command*)pCommand; + + memcpy( seg->segname, pSeg->segname, 16 ); + seg->vmaddr = pSeg->vmaddr; + seg->vmsize = pSeg->vmsize; + seg->fileoff = pSeg->fileoff; + seg->filesize = pSeg->filesize; + seg->maxprot = pSeg->maxprot; + seg->initprot = pSeg->initprot; + seg->nsects = pSeg->nsects; + seg->flags = pSeg->flags; + rval = pCommand + sizeof(struct segment_command); + } + seg->_next = NULL; + seg->mapped = macho->mapped + seg->fileoff; + + if( macho->seg_head ) + macho->seg_tail->_next = seg; + else + macho->seg_head = seg; + macho->seg_tail = seg; + + if( gVerbosity > 2 ) + fprintf(stderr, "Segment %s: flags=%x\n", seg->segname, seg->flags ); + + unsigned int ii; + for( ii=0; iinsects; ii++ ) + { + rval = add_section(macho, rval, is64bit, seg); + } + return rval; +} + +static const char *type_str(uint8_t n_type) +{ + static char result[16] = {}; + int idx = 0; + uint8_t stab; + + memset(result, 0, sizeof(result)); + if( n_type & N_PEXT ) + result[idx++] = 'P'; + if( n_type & N_EXT ) + result[idx++] = 'E'; + if( idx > 0 ) + result[idx++] = ':'; + switch( n_type & N_TYPE ) + { + case N_UNDF: result[idx++] = 'U'; break; + case N_ABS: result[idx++] = 'A'; break; + case N_PBUD: result[idx++] = 'P'; break; + case N_SECT: result[idx++] = 'S'; break; + case N_INDR: result[idx++] = 'I'; break; + default: result[idx++] = '*'; break; + } + stab = n_type & N_STAB; + if( stab ) + { + result[idx++] = ':'; + result[idx++] = '0'+(stab >> 5); + } + result[idx++] = 0; + return result; +} + +static symtab_entry_t *lookup_entry_by_name( macho_file_t *macho, + const char *name) +{ + symtab_entry_t *entry; + + for( entry = macho->sym_head; entry; entry = entry->_next ) + { + if(strcmp(entry->n_symbol,name)==0 && (entry->n_type & N_STAB)==0 ) + { + if( entry->section == NULL ) + { + entry->section = lookup_section( macho, entry->n_sect ); + if( entry->section ) + { + section_t* sec = entry->section; + segment_t* seg = sec->segment; + uint64_t offset = entry->n_value - seg->vmaddr; + + entry->mapped = seg->mapped+offset; + } + else + entry = 0; + } + break; + } + } + return entry; +} + +static void check_symtab(macho_file_t *macho,void *pCommand,uint8_t is64bit ) +{ + + struct symtab_command *pSym = (struct symtab_command *)pCommand; + void *pS = macho->mapped + pSym->symoff; + unsigned int ii = 0; + + /* collect symbols */ + for( ii=0; iinsyms; ii++ ) + { + struct nlist *pnlist=(struct nlist*)pS; + symtab_entry_t *entry=(symtab_entry_t*)calloc(1,sizeof(symtab_entry_t)); + + if(!entry) + { + fprintf(stderr, "out of memory!\n"); + _exit(1); + } + entry->n_strx = pnlist->n_un.n_strx; + entry->n_type = pnlist->n_type; + entry->n_sect = pnlist->n_sect; + entry->n_desc = pnlist->n_desc; + entry->section = NULL; + if(is64bit) + { + struct nlist_64 *pnlist64 = (struct nlist_64*)pS; + + entry->n_value = pnlist64->n_value; + pS += sizeof(struct nlist_64); + } + else + { + entry->n_value = pnlist->n_value; + pS += sizeof(struct nlist); + } + entry->n_symbol=(const char *)macho->mapped+pSym->stroff+entry->n_strx; + entry->_next = NULL; + if( macho->sym_head ) + macho->sym_tail->_next = entry; + else + macho->sym_head = entry; + macho->sym_tail = entry; + } + if( gVerbosity > 2 ) + { + /* dump info */ + symtab_entry_t* entry; + + for( entry = macho->sym_head; entry; entry=entry->_next ) + { + /* only do non-debug symbols */ + if( (entry->n_type & N_STAB) == 0 ) + fprintf(stderr, "%32.32s %18llx type=%s, sect=%d\n", + entry->n_symbol, entry->n_value, + type_str(entry->n_type), entry->n_sect); + } + } +} + +static int load_architecture( macho_file_t* inFile ) +{ + /* check the header */ + unsigned int ii; + void * pCurrent = inFile->mapped; + struct mach_header* header = (struct mach_header*)pCurrent; + + if( header->magic != MH_MAGIC && header->magic != MH_MAGIC_64 ) + { + fprintf(stderr, "%s is not a mach-o file\n", inFile->filename); + return -1; + } + else if( header->filetype == MH_BUNDLE ) + { + fprintf(stderr, "%s is not a mach-o executable file (filetype MH_BUNDLE, should be MH_EXECUTE or MH_DYLIB)\n", inFile->filename); + return -1; + } + else if( header->filetype == MH_DYLINKER ) + { + fprintf(stderr, "%s is not a mach-o executable file (filetype MH_DYLINKER, should be MH_EXECUTE or MH_DYLIB)\n", inFile->filename); + return -1; + } + else if( !(header->filetype == MH_EXECUTE || header->filetype == MH_DYLIB) ) + { + fprintf(stderr, "%s is not a mach-o executable file (filetype %d, should be MH_EXECUTE or MH_DYLIB)\n", inFile->filename, header->filetype); + return -1; + } + + if( gVerbosity > 1 ) + fprintf(stderr, "loading %s(%s)\n", inFile->filename, cputype(header->cputype, header->cpusubtype)); + + inFile->cpu_type = header->cputype; + inFile->cpu_subtype = header->cpusubtype; + + if( header->magic == MH_MAGIC ) + pCurrent += sizeof( struct mach_header ); + else if( header->magic == MH_MAGIC_64 ) + pCurrent += sizeof( struct mach_header_64 ); + for( ii=0; iincmds; ii++ ) + { + struct load_command* command = (struct load_command*)pCurrent; + const char * lc_name; + + switch( command->cmd ) + { + case LC_SEGMENT: + { + lc_name = "LC_SEGMENT"; + add_segment(inFile, pCurrent, header->magic == MH_MAGIC_64); + break; + } + case LC_SYMTAB: + { + lc_name = "LC_SYMTAB"; + check_symtab(inFile, pCurrent, header->magic == MH_MAGIC_64 ); + break; + } + case LC_SYMSEG: lc_name = "LC_SYMSEG"; break; + case LC_THREAD: lc_name = "LC_THREAD"; break; + case LC_UNIXTHREAD: lc_name = "LC_UNIXTHREAD"; break; + case LC_LOADFVMLIB: lc_name = "LC_LOADFVMLIB"; break; + case LC_IDFVMLIB: lc_name = "LC_IDFVMLIB"; break; + case LC_IDENT: lc_name = "LC_IDENT"; break; + case LC_FVMFILE: lc_name = "LC_FVMFILE"; break; + case LC_PREPAGE: lc_name = "LC_PREPAGE"; break; + case LC_DYSYMTAB: lc_name = "LC_DYSYMTAB"; break; + case LC_LOAD_DYLIB: lc_name = "LC_LOAD_DYLIB"; break; + case LC_ID_DYLIB: lc_name = "LC_ID_DYLIB"; break; + case LC_LOAD_DYLINKER: lc_name = "LC_LOAD_DYLINKER"; break; + case LC_ID_DYLINKER: lc_name = "LC_ID_DYLINKER"; break; + case LC_PREBOUND_DYLIB: lc_name = "LC_PREBOUND_DYLIB"; break; + case LC_ROUTINES: lc_name = "LC_ROUTINES"; break; + case LC_SUB_FRAMEWORK: lc_name = "LC_SUB_FRAMEWORK"; break; + case LC_SUB_UMBRELLA: lc_name = "LC_SUB_UMBRELLA"; break; + case LC_SUB_CLIENT: lc_name = "LC_SUB_CLIENT"; break; + case LC_SUB_LIBRARY: lc_name = "LC_SUB_LIBRARY"; break; + case LC_TWOLEVEL_HINTS: lc_name = "LC_TWOLEVEL_HINTS"; break; + case LC_PREBIND_CKSUM: lc_name = "LC_PREBIND_CKSUM"; break; + case LC_LOAD_WEAK_DYLIB: lc_name = "LC_LOAD_WEAK_DYLIB"; break; + case LC_SEGMENT_64: + { + lc_name = "LC_SEGMENT_64"; + add_segment(inFile, pCurrent, TRUE); + break; + } + case LC_ROUTINES_64: lc_name = "LC_ROUTINES_64"; break; + case LC_UUID: lc_name = "LC_UUID"; break; + case LC_RPATH: lc_name = "LC_RPATH"; break; + case LC_CODE_SIGNATURE: lc_name = "LC_CODE_SIGNATURE"; break; + case LC_SEGMENT_SPLIT_INFO: + lc_name = "LC_SEGMENT_SPLIT_INFO"; break; + case LC_REEXPORT_DYLIB: lc_name = "LC_REEXPORT_DYLIB"; break; + case LC_LAZY_LOAD_DYLIB: lc_name = "LC_LAZY_LOAD_DYLIB"; break; + case LC_ENCRYPTION_INFO: lc_name = "LC_ENCRYPTION_INFO"; break; + case LC_DYLD_INFO: lc_name = "LC_DYLD_INFO"; break; + case LC_DYLD_INFO_ONLY: lc_name = "LC_DYLD_INFO_ONLY"; break; + case LC_LOAD_UPWARD_DYLIB: lc_name = "LC_LOAD_UPWARD_DYLIB"; break; + case LC_VERSION_MIN_MACOSX: + lc_name = "LC_VERSION_MIN_MACOSX"; break; + case LC_VERSION_MIN_IPHONEOS: + lc_name = "LC_VERSION_MIN_IPHONEOS"; break; + case LC_FUNCTION_STARTS: lc_name = "LC_FUNCTION_STARTS"; break; + case LC_DYLD_ENVIRONMENT: lc_name = "LC_DYLD_ENVIRONMENT"; break; + default: lc_name=NULL; break; + } + if( gVerbosity > 1 ) + { + if(lc_name) + fprintf(stderr,"command %s: size=%d\n",lc_name, + command->cmdsize ); + else + fprintf(stderr,"command %x, size=%d\n",command->cmd, + command->cmdsize); + } + pCurrent += command->cmdsize; + } + return 0; +} + +#define HOSTORDER_VALUE(val) (isBigEndian ? OSSwapBigToHostInt32(val) : (val)) + +static macho_file_t *load_file(macho_file_t *inFile) +{ + macho_file_t *rval = NULL; + void *pCurrent = inFile->mapped; + struct fat_header *fat = (struct fat_header *)pCurrent; + + if( fat->magic==FAT_MAGIC || fat->magic==FAT_CIGAM ) + { + int isBigEndian = fat->magic == FAT_CIGAM; + unsigned int ii = 0; + struct fat_arch *pArch = NULL; + uint32_t nfat_arch = 0; + + pCurrent += sizeof(struct fat_header); + pArch = pCurrent; + nfat_arch = HOSTORDER_VALUE(fat->nfat_arch); + for( ii=0; iifilename = strdup(inFile->filename); + archfile->mapped = inFile->mapped + + HOSTORDER_VALUE(pArch->offset); + archfile->size = HOSTORDER_VALUE(pArch->size); + archfile->align = HOSTORDER_VALUE(pArch->align); + archfile->isBigEndian = isBigEndian; + archfile->cpu_type = HOSTORDER_VALUE(pArch->cputype); + archfile->cpu_subtype = HOSTORDER_VALUE(pArch->cpusubtype); + if( load_architecture(archfile) == 0 ) + { + archfile->next = rval; + rval = archfile; + } + } + else + return NULL; /* no memory */ + pArch++; + } + } + else + { + struct mach_header* header = (struct mach_header*)pCurrent; + + if( header->magic != MH_MAGIC && header->magic != MH_MAGIC_64 ) + { + fprintf(stderr, "%s is not a mach-o file\n", inFile->filename); + } + else if( header->filetype == MH_BUNDLE ) + { + fprintf(stderr, "%s is not a mach-o executable file " + "(filetype MH_BUNDLE, should be MH_EXECUTE or MH_DYLIB)\n", inFile->filename); + } + else if( header->filetype == MH_DYLINKER ) + { + fprintf(stderr, "%s is not a mach-o executable file " + "(filetype MH_DYLINKER, should be MH_EXECUTE or MH_DYLIB)\n", inFile->filename); + } + else if( !(header->filetype == MH_EXECUTE || header->filetype == MH_DYLIB) ) + { + fprintf(stderr, "%s is not a mach-o executable file " + "(filetype %d should be MH_EXECUTE or MH_DYLIB)\n", + inFile->filename, header->filetype ); + } + if( load_architecture(inFile) == 0 ) + { + inFile->next = 0; + rval = inFile; + } + } + return rval; +} + +#define FIPS_SIGNATURE_SIZE 20 +#define FIPS_FINGERPRINT_SIZE 40 + +static void debug_symbol( symtab_entry_t* sym ) +{ + if( gVerbosity > 1 ) + { + section_t* sec = sym->section; + segment_t* seg = sec->segment; + fprintf(stderr, "%-40.40s: %llx sect=%s, segment=%s prot=(%x->%x)\n", + sym->n_symbol, sym->n_value, sec->sectname, + seg->segname, seg->initprot, seg->maxprot ); + } +} + +/* + * Minimalistic HMAC from fips_standalone_sha1.c + */ +static void hmac_init(SHA_CTX *md_ctx,SHA_CTX *o_ctx, + const char *key) + { + size_t len=strlen(key); + int i; + unsigned char keymd[HMAC_MAX_MD_CBLOCK]; + unsigned char pad[HMAC_MAX_MD_CBLOCK]; + + if (len > SHA_CBLOCK) + { + SHA1_Init(md_ctx); + SHA1_Update(md_ctx,key,len); + SHA1_Final(keymd,md_ctx); + len=20; + } + else + memcpy(keymd,key,len); + memset(&keymd[len],'\0',HMAC_MAX_MD_CBLOCK-len); + + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) + pad[i]=0x36^keymd[i]; + SHA1_Init(md_ctx); + SHA1_Update(md_ctx,pad,SHA_CBLOCK); + + for(i=0 ; i < HMAC_MAX_MD_CBLOCK ; i++) + pad[i]=0x5c^keymd[i]; + SHA1_Init(o_ctx); + SHA1_Update(o_ctx,pad,SHA_CBLOCK); + } + +static void hmac_final(unsigned char *md,SHA_CTX *md_ctx,SHA_CTX *o_ctx) + { + unsigned char buf[20]; + + SHA1_Final(buf,md_ctx); + SHA1_Update(o_ctx,buf,sizeof buf); + SHA1_Final(md,o_ctx); + } + +static int fingerprint(macho_file_t* inFile, int addFingerprint) +{ + int rval = 0; + unsigned char signature[FIPS_SIGNATURE_SIZE]; + char signature_string[FIPS_FINGERPRINT_SIZE+1]; + unsigned int len = sizeof(signature); + const char *fingerprint = NULL; + int ii = 0; + +#define LOOKUP_SYMBOL( symname, prot ) \ + symtab_entry_t *symname = \ + lookup_entry_by_name( inFile, "_" #symname ); \ + if( ! symname ) { \ + fprintf(stderr, "%s: Not a FIPS executable (" \ + #symname " not found)\n", inFile->filename ); \ + return -1;\ + } \ + if( (symname->section->segment->initprot & \ + (PROT_READ|PROT_WRITE|PROT_EXEC)) != (prot) ) { \ + fprintf(stderr, #symname \ + " segment has the wrong protection.\n"); \ + debug_symbol(symname);return -1;\ + } + + LOOKUP_SYMBOL( FIPS_rodata_start, PROT_READ | PROT_EXEC ); + LOOKUP_SYMBOL( FIPS_rodata_end, PROT_READ | PROT_EXEC ); + LOOKUP_SYMBOL( FIPS_text_startX, PROT_READ | PROT_EXEC ); + LOOKUP_SYMBOL( FIPS_text_endX, PROT_READ | PROT_EXEC ); + LOOKUP_SYMBOL( FIPS_signature, PROT_WRITE | PROT_READ ); + LOOKUP_SYMBOL( FINGERPRINT_ascii_value, PROT_READ | PROT_EXEC ); + + if( gVerbosity > 1 ) + { + debug_symbol( FIPS_rodata_start ); + debug_symbol( FIPS_rodata_end ); + debug_symbol( FIPS_text_startX ); + debug_symbol( FIPS_text_endX ); + debug_symbol( FIPS_signature ); + debug_symbol( FINGERPRINT_ascii_value ); + + fingerprint = (const char *)FINGERPRINT_ascii_value->mapped; + fprintf(stderr, "fingerprint: "); + for(ii=0; ii<40; ii++ ) + { + if( fingerprint[ii] == 0 ) + break; + putc(fingerprint[ii], stderr); + } + putc('\n', stderr); + } + + /* check for the prefix ? character */ + { + const unsigned char * p1 = FIPS_text_startX->mapped; + const unsigned char * p2 = FIPS_text_endX->mapped; + const unsigned char * p3 = FIPS_rodata_start->mapped; + const unsigned char * p4 = FIPS_rodata_end->mapped; + static const char FIPS_hmac_key[]="etaonrishdlcupfm"; + SHA_CTX md_ctx,o_ctx; + + hmac_init(&md_ctx,&o_ctx,FIPS_hmac_key); + + if (p1<=p3 && p2>=p3) + p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL; + else if (p3<=p1 && p4>=p1) + p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL; + + if (p1) { + + SHA1_Update(&md_ctx,p1,(size_t)p2-(size_t)p1); + } + if (FIPS_signature->mapped>=p3 && FIPS_signature->mappedmapped+FIPS_SIGNATURE_SIZE; + if (p3mapped; + inFile->fingerprint_original = strndup(fingerprint,FIPS_FINGERPRINT_SIZE); + inFile->fingerprint_computed = strdup(signature_string); + + if( addFingerprint ) + { + void *fp_page = NULL; + void *fp_end = NULL; + + if(strcmp(fingerprint,"?have to make sure this string is unique")!=0) + { + if (memcmp((char*)fingerprint, signature_string, FIPS_FINGERPRINT_SIZE)!=0) + { + fprintf(stderr, + "%s(%s) original fingerprint incorrect: %s\n", + inFile->filename, + cputype(inFile->cpu_type, inFile->cpu_subtype), + fingerprint); + } + } + + fp_page = (void*)((uintptr_t)fingerprint & ~PAGE_MASK); + fp_end = (void*)((uintptr_t)(fingerprint+(PAGE_SIZE*2)) & ~PAGE_MASK); + if( mprotect( fp_page, fp_end-fp_page, PROT_READ|PROT_WRITE ) ) + { + perror("Can't write the fingerprint - mprotect failed"); + fprintf(stderr, "fp_page=%p, fp_end=%p, len=%ld\n", + fp_page, fp_end, (size_t)(fp_end-fp_page)); + rval = 1; + } + else + { + memcpy((char*)fingerprint, signature_string, FIPS_FINGERPRINT_SIZE); + if( msync(fp_page, (fp_end-fp_page), 0) ) + perror("msync failed"); + } + if( gVerbosity > 0 ) + fprintf(stderr, "%s(%s) fingerprint: %s\n", inFile->filename, + cputype(inFile->cpu_type,inFile->cpu_subtype), + signature_string); + } + if( *fingerprint == '?' ) + { + printf("%s(%s) has no fingerprint.\n", inFile->filename, + cputype(inFile->cpu_type, inFile->cpu_subtype)); + rval = 2; + } + else if( strncmp( fingerprint, signature_string, FIPS_FINGERPRINT_SIZE) == 0 ) + { + if( ! addFingerprint ) + printf("%s(%s) fingerprint is correct: %s\n", inFile->filename, + cputype(inFile->cpu_type, inFile->cpu_subtype), + signature_string); + } + else + { + printf("%s(%s) fingerprint %.40s is not correct\n", inFile->filename, + cputype(inFile->cpu_type,inFile->cpu_subtype), fingerprint); + printf("calculated: %s\n", signature_string); + rval = -1; + } + return rval; +} + +static int make_fingerprint( const char * inApp, int addFingerprint ) +{ + int rval = 1; + int appfd = -1; + if( addFingerprint ) + appfd = open( inApp, O_RDWR ); + if( appfd < 0 ) + { + if( addFingerprint ) + fprintf(stderr, "Can't modify %s. Verifying only.\n", inApp); + addFingerprint = 0; + appfd = open( inApp, O_RDONLY ); + } + if( appfd >= 0 ) + { + struct stat stbuf; + fstat(appfd, &stbuf); + void * pApp = mmap(0, (size_t)stbuf.st_size, PROT_READ, + MAP_SHARED, appfd, (off_t)0); + if( pApp == MAP_FAILED ) + { + perror(inApp); + } + else + { + macho_file_t theFile; + macho_file_t* architectures; + macho_file_t* pArchitecture; + + memset( &theFile, 0, sizeof(theFile) ); + theFile.filename = inApp; + theFile.mapped = pApp; + architectures = load_file(&theFile); + for( pArchitecture = architectures; pArchitecture; + pArchitecture = pArchitecture->next ) + { + rval = fingerprint(pArchitecture, addFingerprint); + if( rval && addFingerprint ) + { + printf("Failure\n"); + break; + } + } + if((rval==0) && addFingerprint) + { + printf("Fingerprint Stored\n"); + } + munmap(pApp, (size_t)stbuf.st_size); + } + close(appfd); + } + else + { + fprintf(stderr, "Can't open %s\n", inApp ); + } + return rval; +} + +static void print_usage(const char * prog) +{ + fprintf(stderr, "usage:\n\t%s [--debug] [--quiet] [-exe|-dso|-dylib] executable\n", prog); + _exit(1); +} + +int main (int argc, const char * argv[]) +{ + const char * pname = argv[0]; + const char * filename = NULL; + int addFingerprint = 1; + const char * verbose_env = getenv("FIPS_SIG_VERBOSE"); + + if( verbose_env ) + gVerbosity = atoi(verbose_env); + + if( gVerbosity < 0 ) + gVerbosity = 1; + + while( --argc ) + { + ++argv; + if( strcmp(*argv,"-exe")==0 || strcmp(*argv,"--exe")==0 || + strcmp(*argv,"-dso")==0 || strcmp(*argv,"--dso")==0 || + strcmp(*argv,"-dylib")==0 || strcmp(*argv,"--dylib")==0 || + strcmp(*argv,"--verify")==0 ) + { + if(strcmp(*argv,"--verify")==0) + addFingerprint=0; + + if( argc > 0 ) + { + filename = *++argv; + argc--; + } + } + else if(strcmp(*argv,"-d")==0 || strcmp(*argv,"-debug")==0 || strcmp(*argv,"--debug")==0) + { + if( gVerbosity < 2 ) + gVerbosity = 2; + else + gVerbosity++; + } + else if(strcmp(*argv,"-q")==0 || strcmp(*argv,"-quiet")==0 || strcmp(*argv,"--quiet")==0) + gVerbosity = 0; + else if(strncmp(*argv,"-",1)!=0) { + filename = *argv; + } + } + + if( !filename ) + { + print_usage(pname); + return 1; + } + + if( access(filename, R_OK) ) + { + fprintf(stderr, "Can't access %s\n", filename); + return 1; + } + + return make_fingerprint( filename, addFingerprint ); +} + diff --git a/test/fips_algvs.c b/test/fips_algvs.c index ed03507..8ff75dc 100644 --- a/test/fips_algvs.c +++ b/test/fips_algvs.c @@ -70,6 +70,67 @@ int main(int argc, char **argv) } #else +#if defined(__vxworks) + +#include +#include + +int fips_algvs_main(int argc, char **argv); +#define main fips_algvs_main + +static int fips_algvs_argv(char *a0) +{ + char *argv[32] = { "fips_algvs" }; + int argc = 1; + int main_ret; + + if (a0) { + char *scan = a0, *arg = a0; + + while (*scan) { + if (*scan++ == ' ') { + scan[-1] = '\0'; + argv[argc++] = arg; + if (argc == (sizeof(argv)/sizeof(argv[0])-1)) + break; + + while (*scan == ' ') scan++; + arg = scan; + } + } + if (*scan == '\0') argv[argc++] = arg; + } + + argv[argc] = NULL; + + main_ret = fips_algvs_main(argc, argv); + + if (a0) free(a0); + + return main_ret; +} + +int fips_algvs(int a0) +{ + return taskSpawn("fips_algvs", 100, (VX_FP_TASK | VX_SPE_TASK), 100000, + (FUNCPTR)fips_algvs_argv, + a0 ? strdup(a0) : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); +} + +static FILE *fips_fopen(const char *path, const char *mode) +{ + char fips_path [256]; + + if (path[0] != '/' && strlen(path) < (sizeof(fips_path)-8)) { + strcpy(fips_path,"/fips0/"); + strcat(fips_path,path); + return fopen(fips_path,mode); + } + return fopen(path,mode); +} +#define fopen fips_fopen +#endif + #define FIPS_ALGVS extern int fips_aesavs_main(int argc, char **argv); @@ -265,6 +326,16 @@ int main(int argc, char **argv) SysInit(); #endif +#if (defined(__arm__) || defined(__aarch64__)) + if (*args && !strcmp(*args, "-noaccel")) + { + extern unsigned int OPENSSL_armcap_P; + + OPENSSL_armcap_P=0; + args++; + argc--; + } +#endif if (*args && *args[0] != '-') { rv = run_prg(argc - 1, args); diff --git a/util/incore b/util/incore index e6e6ecf..bb765b1 100755 --- a/util/incore +++ b/util/incore @@ -382,7 +382,7 @@ if (!$legacy_mode) { } $FINGERPRINT_ascii_value - = $exe->Lookup("FINGERPRINT_ascii_value") or die; + = $exe->Lookup("FINGERPRINT_ascii_value"); } if ($FIPS_text_startX && $FIPS_text_endX) { @@ -439,9 +439,12 @@ $fingerprint = FIPS_incore_fingerprint(); if ($legacy_mode) { print unpack("H*",$fingerprint); -} else { +} elsif (defined($FINGERPRINT_ascii_value)) { seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!"; print FD unpack("H*",$fingerprint) or die "$!"; +} else { + seek(FD,$FIPS_signature->{st_offset},0) or die "$!"; + print FD $fingerprint or die "$!"; } close (FD); From appro at openssl.org Wed May 13 14:59:34 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 14:59:34 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431529174.827117.28175.nullmailer@dev.openssl.org> The branch master has been updated via 82c4a079395223c0063100854a0981976db9848f (commit) from 2b8dc08b74fc3c6d4c2fc855cc23bac691d985be (commit) - Log ----------------------------------------------------------------- commit 82c4a079395223c0063100854a0981976db9848f Author: Andy Polyakov Date: Tue Apr 21 14:52:17 2015 +0200 aes/asm/aesni-sha256-x86_64.pl: fix Windows compilation failure with old assembler. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesni-sha256-x86_64.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index c1fce89..19b0433 100644 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1499,13 +1499,13 @@ ___ # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { +if ($win64 && $avx) { $rec="%rcx"; $frame="%rdx"; $context="%r8"; $disp="%r9"; -$code.=<<___ if ($avx); +$code.=<<___; .extern __imp_RtlVirtualUnwind .type se_handler,\@abi-omnipotent .align 16 @@ -1643,7 +1643,7 @@ $code.=<<___ if ($shaext); .rva .LSEH_end_${func}_shaext .rva .LSEH_info_${func}_shaext ___ -$code.=<<___ if ($avx); +$code.=<<___; .section .xdata .align 8 .LSEH_info_${func}_xop: From appro at openssl.org Wed May 13 15:00:24 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 15:00:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431529224.934986.29016.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via d3bb25e30ac1e07ce3b163655d8d33bc9f1186e3 (commit) from eba8bf485a81541ad25a685f13f00a862cc371a8 (commit) - Log ----------------------------------------------------------------- commit d3bb25e30ac1e07ce3b163655d8d33bc9f1186e3 Author: Andy Polyakov Date: Tue Apr 21 14:52:17 2015 +0200 aes/asm/aesni-sha256-x86_64.pl: fix Windows compilation failure with old assembler. Reviewed-by: Matt Caswell (cherry picked from commit 82c4a079395223c0063100854a0981976db9848f) ----------------------------------------------------------------------- Summary of changes: crypto/aes/asm/aesni-sha256-x86_64.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl index c1fce89..19b0433 100644 --- a/crypto/aes/asm/aesni-sha256-x86_64.pl +++ b/crypto/aes/asm/aesni-sha256-x86_64.pl @@ -1499,13 +1499,13 @@ ___ # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame, # CONTEXT *context,DISPATCHER_CONTEXT *disp) -if ($win64) { +if ($win64 && $avx) { $rec="%rcx"; $frame="%rdx"; $context="%r8"; $disp="%r9"; -$code.=<<___ if ($avx); +$code.=<<___; .extern __imp_RtlVirtualUnwind .type se_handler,\@abi-omnipotent .align 16 @@ -1643,7 +1643,7 @@ $code.=<<___ if ($shaext); .rva .LSEH_end_${func}_shaext .rva .LSEH_info_${func}_shaext ___ -$code.=<<___ if ($avx); +$code.=<<___; .section .xdata .align 8 .LSEH_info_${func}_xop: From appro at openssl.org Wed May 13 15:11:46 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 15:11:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431529906.786140.30323.nullmailer@dev.openssl.org> The branch master has been updated via d11582f133bf49d47054b97a0406b13fbeecbdef (commit) via c4cd8316068f1c3b5a0050e60b3ea21a20db276e (commit) from 82c4a079395223c0063100854a0981976db9848f (commit) - Log ----------------------------------------------------------------- commit d11582f133bf49d47054b97a0406b13fbeecbdef Author: Andy Polyakov Date: Tue Apr 21 09:13:27 2015 +0200 Configurations/10-main.conf: update iOS commentary. Reviewed-by: Richard Levitte commit c4cd8316068f1c3b5a0050e60b3ea21a20db276e Author: Andy Polyakov Date: Mon Apr 20 23:18:08 2015 +0200 aes/asm/bsaes-armv7.pl: fix compilation with Xcode 6.3. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 2 +- crypto/aes/asm/bsaes-armv7.pl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 372080c..1d1a212 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -1388,7 +1388,7 @@ inherit_from => [ "darwin-common", asm("armv4_asm") ], # It should be possible to go below iOS 6 and even add -arch armv6, # thus targeting iPhone pre-3GS, but it's assumed to be irrelevant - # at this point (and impossible to download SDK for). + # at this point. cflags => "-arch armv7 -mios-version-min=6.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common", sys_id => "iOS", perlasm_scheme => "ios32", diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl index 043fa38..f9293d5 100644 --- a/crypto/aes/asm/bsaes-armv7.pl +++ b/crypto/aes/asm/bsaes-armv7.pl @@ -1417,7 +1417,7 @@ bsaes_ctr32_encrypt_blocks: vld1.8 {@XMM[0]}, [$ctr] @ load counter #ifdef __APPLE__ - mov $ctr, #.LREVM0SR-.LM0 + mov $ctr, #:lower16:(.LREVM0SR-.LM0) add $ctr, $const, $ctr #else add $ctr, $const, #.LREVM0SR-.LM0 @ borrow $ctr @@ -1479,7 +1479,7 @@ bsaes_ctr32_encrypt_blocks: mov r5, $rounds @ pass rounds vstmia $fp, {@XMM[10]} @ save next counter #ifdef __APPLE__ - mov $const, #.LREVM0SR-.LSR + mov $const, #:lower16:(.LREVM0SR-.LSR) sub $const, $ctr, $const #else sub $const, $ctr, #.LREVM0SR-.LSR @ pass constants From appro at openssl.org Wed May 13 15:14:36 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 15:14:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431530076.705025.31171.nullmailer@dev.openssl.org> The branch master has been updated via 7ee7f9202581f2bf4098384ce3bb55c8fe2180b3 (commit) via d38f1b39f192fb29bb667825874d25beaf73c275 (commit) from d11582f133bf49d47054b97a0406b13fbeecbdef (commit) - Log ----------------------------------------------------------------- commit 7ee7f9202581f2bf4098384ce3bb55c8fe2180b3 Author: Andy Polyakov Date: Mon Apr 20 20:48:59 2015 +0200 bn/Makefile: give MacOS X hand to compiler armv8-mont module. Reviewed-by: Richard Levitte commit d38f1b39f192fb29bb667825874d25beaf73c275 Author: Andy Polyakov Date: Mon Apr 20 15:13:24 2015 +0200 bn/asm/armv8-mont.pl: boost performance. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bn/Makefile | 1 + crypto/bn/asm/armv8-mont.pl | 1277 ++++++++++++++++++++++++++++++++++- crypto/ec/asm/ecp_nistz256-armv8.pl | 17 +- 3 files changed, 1276 insertions(+), 19 deletions(-) diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 2bae4ab..624f581 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -141,6 +141,7 @@ alpha-mont.s: asm/alpha-mont.pl armv4-mont.o: armv4-mont.S armv4-gf2m.o: armv4-gf2m.S +armv8-mont.o: armv8-mont.S files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/bn/asm/armv8-mont.pl b/crypto/bn/asm/armv8-mont.pl index 0bf9bf3..f04aab1 100755 --- a/crypto/bn/asm/armv8-mont.pl +++ b/crypto/bn/asm/armv8-mont.pl @@ -22,6 +22,16 @@ # umulh and therefore uses same amount of multiplication instructions # to do the job. Assembly's edge is to minimize number of "collateral" # instructions and of course instruction scheduling. +# +# April 2015 +# +# Squaring procedure that handles lengths divisible by 8 improves +# RSA/DSA performance by 25-40-60% depending on processor and key +# length. Overall improvement coefficients are always positive in +# comparison to compiler-generated code. On Cortex-A57 improvement +# is still modest on longest key lengths, while others exhibit e.g. +# 50-70% improvement for RSA4096 sign. RSA2048 sign is ~25% faster +# on Cortex-A57 and ~60-100% faster on others. $flavour = shift; $output = shift; @@ -53,6 +63,11 @@ $code.=<<___; .type bn_mul_mont,%function .align 5 bn_mul_mont: + tst $num,#7 + b.eq __bn_sqr8x_mont + tst $num,#3 + b.eq __bn_mul4x_mont +.Lmul_mont: stp x29,x30,[sp,#-64]! add x29,sp,#0 stp x19,x20,[sp,#16] @@ -76,10 +91,20 @@ bn_mul_mont: mul $m1,$lo0,$n0 // "tp[0]"*n0 mov sp,$tp // alloca - mul $lo1,$hi1,$m1 // np[0]*m1 + // (*) mul $lo1,$hi1,$m1 // np[0]*m1 umulh $hi1,$hi1,$m1 mul $nlo,$nj,$m1 // np[1]*m1 - adds $lo1,$lo1,$lo0 // discarded + // (*) adds $lo1,$lo1,$lo0 // discarded + // (*) As for removal of first multiplication and addition + // instructions. The outcome of first addition is + // guaranteed to be zero, which leaves two computationally + // significant outcomes: it either carries or not. Then + // question is when does it carry? Is there alternative + // way to deduce it? If you follow operations, you can + // observe that condition for carry is quite simple: + // $lo0 being non-zero. So that carry can be calculated + // by adding -1 to $lo0. That's what next instruction does. + subs xzr,$lo0,#1 // (*) umulh $nhi,$nj,$m1 adc $hi1,$hi1,xzr cbz $j,.L1st_skip @@ -137,10 +162,11 @@ bn_mul_mont: mul $m1,$lo0,$n0 sub $i,$i,#8 // i-- - mul $lo1,$hi1,$m1 // np[0]*m1 + // (*) mul $lo1,$hi1,$m1 // np[0]*m1 umulh $hi1,$hi1,$m1 mul $nlo,$nj,$m1 // np[1]*m1 - adds $lo1,$lo1,$lo0 + // (*) adds $lo1,$lo1,$lo0 + subs xzr,$lo0,#1 // (*) umulh $nhi,$nj,$m1 cbz $j,.Linner_skip @@ -176,14 +202,15 @@ bn_mul_mont: adds $lo1,$nlo,$hi1 sub $np,$np,$num // rewind $np - adc $hi1,$nhi,$ovf + adcs $hi1,$nhi,$ovf + adc $ovf,xzr,xzr adds $lo0,$lo0,$tj adc $hi0,$hi0,xzr adds $lo1,$lo1,$lo0 adcs $hi1,$hi1,$hi0 - adc $ovf,xzr,xzr // upmost overflow bit + adc $ovf,$ovf,xzr // upmost overflow bit stp $lo1,$hi1,[$tp,#-16] cbnz $i,.Louter @@ -191,7 +218,7 @@ bn_mul_mont: // Final step. We see if result is larger than modulus, and // if it is, subtract the modulus. But comparison implies // subtraction. So we subtract modulus, see if it borrowed, - // and conditionally copy original value. + // and conditionally copy original value. ldr $tj,[sp] // tp[0] add $tp,sp,#8 ldr $nj,[$np],#8 // np[0] @@ -216,25 +243,1257 @@ bn_mul_mont: nop .Lcond_copy: sub $num,$num,#8 // num-- - csel $nj,$aj,$tj,cs // did it borrow? + csel $nj,$tj,$aj,lo // did it borrow? ldr $tj,[$tp],#8 ldr $aj,[$rp],#8 str xzr,[$tp,#-16] // wipe tp str $nj,[$rp,#-16] cbnz $num,.Lcond_copy - csel $nj,$aj,$tj,cs + csel $nj,$tj,$aj,lo str xzr,[$tp,#-8] // wipe tp str $nj,[$rp,#-8] ldp x19,x20,[x29,#16] mov sp,x29 ldp x21,x22,[x29,#32] + mov x0,#1 ldp x23,x24,[x29,#48] ldr x29,[sp],#64 ret .size bn_mul_mont,.-bn_mul_mont +___ +{ +######################################################################## +# Following is ARMv8 adaptation of sqrx8x_mont from x86_64-mont5 module. + +my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("x$_",(6..13)); +my ($t0,$t1,$t2,$t3)=map("x$_",(14..17)); +my ($acc0,$acc1,$acc2,$acc3,$acc4,$acc5,$acc6,$acc7)=map("x$_",(19..26)); +my ($cnt,$carry,$topmost)=("x27","x28","x30"); +my ($tp,$ap_end,$na0)=($bp,$np,$carry); + +$code.=<<___; +.type __bn_sqr8x_mont,%function +.align 5 +__bn_sqr8x_mont: + cmp $ap,$bp + b.ne __bn_mul4x_mont +.Lsqr8x_mont: + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + stp $rp,$np,[sp,#96] // offload rp and np + + ldp $a0,$a1,[$ap,#8*0] + ldp $a2,$a3,[$ap,#8*2] + ldp $a4,$a5,[$ap,#8*4] + ldp $a6,$a7,[$ap,#8*6] + + sub $tp,sp,$num,lsl#4 + lsl $num,$num,#3 + ldr $n0,[$n0] // *n0 + mov sp,$tp // alloca + sub $cnt,$num,#8*8 + b .Lsqr8x_zero_start + +.Lsqr8x_zero: + sub $cnt,$cnt,#8*8 + stp xzr,xzr,[$tp,#8*0] + stp xzr,xzr,[$tp,#8*2] + stp xzr,xzr,[$tp,#8*4] + stp xzr,xzr,[$tp,#8*6] +.Lsqr8x_zero_start: + stp xzr,xzr,[$tp,#8*8] + stp xzr,xzr,[$tp,#8*10] + stp xzr,xzr,[$tp,#8*12] + stp xzr,xzr,[$tp,#8*14] + add $tp,$tp,#8*16 + cbnz $cnt,.Lsqr8x_zero + + add $ap_end,$ap,$num + add $ap,$ap,#8*8 + mov $acc0,xzr + mov $acc1,xzr + mov $acc2,xzr + mov $acc3,xzr + mov $acc4,xzr + mov $acc5,xzr + mov $acc6,xzr + mov $acc7,xzr + mov $tp,sp + str $n0,[x29,#112] // offload n0 + + // Multiply everything but a[i]*a[i] +.align 4 +.Lsqr8x_outer_loop: + // a[1]a[0] (i) + // a[2]a[0] + // a[3]a[0] + // a[4]a[0] + // a[5]a[0] + // a[6]a[0] + // a[7]a[0] + // a[2]a[1] (ii) + // a[3]a[1] + // a[4]a[1] + // a[5]a[1] + // a[6]a[1] + // a[7]a[1] + // a[3]a[2] (iii) + // a[4]a[2] + // a[5]a[2] + // a[6]a[2] + // a[7]a[2] + // a[4]a[3] (iv) + // a[5]a[3] + // a[6]a[3] + // a[7]a[3] + // a[5]a[4] (v) + // a[6]a[4] + // a[7]a[4] + // a[6]a[5] (vi) + // a[7]a[5] + // a[7]a[6] (vii) + + mul $t0,$a1,$a0 // lo(a[1..7]*a[0]) (i) + mul $t1,$a2,$a0 + mul $t2,$a3,$a0 + mul $t3,$a4,$a0 + adds $acc1,$acc1,$t0 // t[1]+lo(a[1]*a[0]) + mul $t0,$a5,$a0 + adcs $acc2,$acc2,$t1 + mul $t1,$a6,$a0 + adcs $acc3,$acc3,$t2 + mul $t2,$a7,$a0 + adcs $acc4,$acc4,$t3 + umulh $t3,$a1,$a0 // hi(a[1..7]*a[0]) + adcs $acc5,$acc5,$t0 + umulh $t0,$a2,$a0 + adcs $acc6,$acc6,$t1 + umulh $t1,$a3,$a0 + adcs $acc7,$acc7,$t2 + umulh $t2,$a4,$a0 + stp $acc0,$acc1,[$tp],#8*2 // t[0..1] + adc $acc0,xzr,xzr // t[8] + adds $acc2,$acc2,$t3 // t[2]+lo(a[1]*a[0]) + umulh $t3,$a5,$a0 + adcs $acc3,$acc3,$t0 + umulh $t0,$a6,$a0 + adcs $acc4,$acc4,$t1 + umulh $t1,$a7,$a0 + adcs $acc5,$acc5,$t2 + mul $t2,$a2,$a1 // lo(a[2..7]*a[1]) (ii) + adcs $acc6,$acc6,$t3 + mul $t3,$a3,$a1 + adcs $acc7,$acc7,$t0 + mul $t0,$a4,$a1 + adc $acc0,$acc0,$t1 + + mul $t1,$a5,$a1 + adds $acc3,$acc3,$t2 + mul $t2,$a6,$a1 + adcs $acc4,$acc4,$t3 + mul $t3,$a7,$a1 + adcs $acc5,$acc5,$t0 + umulh $t0,$a2,$a1 // hi(a[2..7]*a[1]) + adcs $acc6,$acc6,$t1 + umulh $t1,$a3,$a1 + adcs $acc7,$acc7,$t2 + umulh $t2,$a4,$a1 + adcs $acc0,$acc0,$t3 + umulh $t3,$a5,$a1 + stp $acc2,$acc3,[$tp],#8*2 // t[2..3] + adc $acc1,xzr,xzr // t[9] + adds $acc4,$acc4,$t0 + umulh $t0,$a6,$a1 + adcs $acc5,$acc5,$t1 + umulh $t1,$a7,$a1 + adcs $acc6,$acc6,$t2 + mul $t2,$a3,$a2 // lo(a[3..7]*a[2]) (iii) + adcs $acc7,$acc7,$t3 + mul $t3,$a4,$a2 + adcs $acc0,$acc0,$t0 + mul $t0,$a5,$a2 + adc $acc1,$acc1,$t1 + + mul $t1,$a6,$a2 + adds $acc5,$acc5,$t2 + mul $t2,$a7,$a2 + adcs $acc6,$acc6,$t3 + umulh $t3,$a3,$a2 // hi(a[3..7]*a[2]) + adcs $acc7,$acc7,$t0 + umulh $t0,$a4,$a2 + adcs $acc0,$acc0,$t1 + umulh $t1,$a5,$a2 + adcs $acc1,$acc1,$t2 + umulh $t2,$a6,$a2 + stp $acc4,$acc5,[$tp],#8*2 // t[4..5] + adc $acc2,xzr,xzr // t[10] + adds $acc6,$acc6,$t3 + umulh $t3,$a7,$a2 + adcs $acc7,$acc7,$t0 + mul $t0,$a4,$a3 // lo(a[4..7]*a[3]) (iv) + adcs $acc0,$acc0,$t1 + mul $t1,$a5,$a3 + adcs $acc1,$acc1,$t2 + mul $t2,$a6,$a3 + adc $acc2,$acc2,$t3 + + mul $t3,$a7,$a3 + adds $acc7,$acc7,$t0 + umulh $t0,$a4,$a3 // hi(a[4..7]*a[3]) + adcs $acc0,$acc0,$t1 + umulh $t1,$a5,$a3 + adcs $acc1,$acc1,$t2 + umulh $t2,$a6,$a3 + adcs $acc2,$acc2,$t3 + umulh $t3,$a7,$a3 + stp $acc6,$acc7,[$tp],#8*2 // t[6..7] + adc $acc3,xzr,xzr // t[11] + adds $acc0,$acc0,$t0 + mul $t0,$a5,$a4 // lo(a[5..7]*a[4]) (v) + adcs $acc1,$acc1,$t1 + mul $t1,$a6,$a4 + adcs $acc2,$acc2,$t2 + mul $t2,$a7,$a4 + adc $acc3,$acc3,$t3 + + umulh $t3,$a5,$a4 // hi(a[5..7]*a[4]) + adds $acc1,$acc1,$t0 + umulh $t0,$a6,$a4 + adcs $acc2,$acc2,$t1 + umulh $t1,$a7,$a4 + adcs $acc3,$acc3,$t2 + mul $t2,$a6,$a5 // lo(a[6..7]*a[5]) (vi) + adc $acc4,xzr,xzr // t[12] + adds $acc2,$acc2,$t3 + mul $t3,$a7,$a5 + adcs $acc3,$acc3,$t0 + umulh $t0,$a6,$a5 // hi(a[6..7]*a[5]) + adc $acc4,$acc4,$t1 + + umulh $t1,$a7,$a5 + adds $acc3,$acc3,$t2 + mul $t2,$a7,$a6 // lo(a[7]*a[6]) (vii) + adcs $acc4,$acc4,$t3 + umulh $t3,$a7,$a6 // hi(a[7]*a[6]) + adc $acc5,xzr,xzr // t[13] + adds $acc4,$acc4,$t0 + sub $cnt,$ap_end,$ap // done yet? + adc $acc5,$acc5,$t1 + + adds $acc5,$acc5,$t2 + sub $t0,$ap_end,$num // rewinded ap + adc $acc6,xzr,xzr // t[14] + add $acc6,$acc6,$t3 + + cbz $cnt,.Lsqr8x_outer_break + + mov $n0,$a0 + ldp $a0,$a1,[$tp,#8*0] + ldp $a2,$a3,[$tp,#8*2] + ldp $a4,$a5,[$tp,#8*4] + ldp $a6,$a7,[$tp,#8*6] + adds $acc0,$acc0,$a0 + adcs $acc1,$acc1,$a1 + ldp $a0,$a1,[$ap,#8*0] + adcs $acc2,$acc2,$a2 + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$ap,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$ap,#8*4] + adcs $acc6,$acc6,$a6 + mov $rp,$ap + adcs $acc7,xzr,$a7 + ldp $a6,$a7,[$ap,#8*6] + add $ap,$ap,#8*8 + //adc $carry,xzr,xzr // moved below + mov $cnt,#-8*8 + + // a[8]a[0] + // a[9]a[0] + // a[a]a[0] + // a[b]a[0] + // a[c]a[0] + // a[d]a[0] + // a[e]a[0] + // a[f]a[0] + // a[8]a[1] + // a[f]a[1]........................ + // a[8]a[2] + // a[f]a[2]........................ + // a[8]a[3] + // a[f]a[3]........................ + // a[8]a[4] + // a[f]a[4]........................ + // a[8]a[5] + // a[f]a[5]........................ + // a[8]a[6] + // a[f]a[6]........................ + // a[8]a[7] + // a[f]a[7]........................ +.Lsqr8x_mul: + mul $t0,$a0,$n0 + adc $carry,xzr,xzr // carry bit, modulo-scheduled + mul $t1,$a1,$n0 + add $cnt,$cnt,#8 + mul $t2,$a2,$n0 + mul $t3,$a3,$n0 + adds $acc0,$acc0,$t0 + mul $t0,$a4,$n0 + adcs $acc1,$acc1,$t1 + mul $t1,$a5,$n0 + adcs $acc2,$acc2,$t2 + mul $t2,$a6,$n0 + adcs $acc3,$acc3,$t3 + mul $t3,$a7,$n0 + adcs $acc4,$acc4,$t0 + umulh $t0,$a0,$n0 + adcs $acc5,$acc5,$t1 + umulh $t1,$a1,$n0 + adcs $acc6,$acc6,$t2 + umulh $t2,$a2,$n0 + adcs $acc7,$acc7,$t3 + umulh $t3,$a3,$n0 + adc $carry,$carry,xzr + str $acc0,[$tp],#8 + adds $acc0,$acc1,$t0 + umulh $t0,$a4,$n0 + adcs $acc1,$acc2,$t1 + umulh $t1,$a5,$n0 + adcs $acc2,$acc3,$t2 + umulh $t2,$a6,$n0 + adcs $acc3,$acc4,$t3 + umulh $t3,$a7,$n0 + ldr $n0,[$rp,$cnt] + adcs $acc4,$acc5,$t0 + adcs $acc5,$acc6,$t1 + adcs $acc6,$acc7,$t2 + adcs $acc7,$carry,$t3 + //adc $carry,xzr,xzr // moved above + cbnz $cnt,.Lsqr8x_mul + // note that carry flag is guaranteed + // to be zero at this point + cmp $ap,$ap_end // done yet? + b.eq .Lsqr8x_break + + ldp $a0,$a1,[$tp,#8*0] + ldp $a2,$a3,[$tp,#8*2] + ldp $a4,$a5,[$tp,#8*4] + ldp $a6,$a7,[$tp,#8*6] + adds $acc0,$acc0,$a0 + ldr $n0,[$rp,#-8*8] + adcs $acc1,$acc1,$a1 + ldp $a0,$a1,[$ap,#8*0] + adcs $acc2,$acc2,$a2 + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$ap,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$ap,#8*4] + adcs $acc6,$acc6,$a6 + mov $cnt,#-8*8 + adcs $acc7,$acc7,$a7 + ldp $a6,$a7,[$ap,#8*6] + add $ap,$ap,#8*8 + //adc $carry,xzr,xzr // moved above + b .Lsqr8x_mul + +.align 4 +.Lsqr8x_break: + ldp $a0,$a1,[$rp,#8*0] + add $ap,$rp,#8*8 + ldp $a2,$a3,[$rp,#8*2] + sub $t0,$ap_end,$ap // is it last iteration? + ldp $a4,$a5,[$rp,#8*4] + sub $t1,$tp,$t0 + ldp $a6,$a7,[$rp,#8*6] + cbz $t0,.Lsqr8x_outer_loop + + stp $acc0,$acc1,[$tp,#8*0] + ldp $acc0,$acc1,[$t1,#8*0] + stp $acc2,$acc3,[$tp,#8*2] + ldp $acc2,$acc3,[$t1,#8*2] + stp $acc4,$acc5,[$tp,#8*4] + ldp $acc4,$acc5,[$t1,#8*4] + stp $acc6,$acc7,[$tp,#8*6] + mov $tp,$t1 + ldp $acc6,$acc7,[$t1,#8*6] + b .Lsqr8x_outer_loop + +.align 4 +.Lsqr8x_outer_break: + // Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0] + ldp $a1,$a3,[$t0,#8*0] // recall that $t0 is &a[0] + ldp $t1,$t2,[sp,#8*1] + ldp $a5,$a7,[$t0,#8*2] + add $ap,$t0,#8*4 + ldp $t3,$t0,[sp,#8*3] + + stp $acc0,$acc1,[$tp,#8*0] + mul $acc0,$a1,$a1 + stp $acc2,$acc3,[$tp,#8*2] + umulh $a1,$a1,$a1 + stp $acc4,$acc5,[$tp,#8*4] + mul $a2,$a3,$a3 + stp $acc6,$acc7,[$tp,#8*6] + mov $tp,sp + umulh $a3,$a3,$a3 + adds $acc1,$a1,$t1,lsl#1 + extr $t1,$t2,$t1,#63 + sub $cnt,$num,#8*4 + +.Lsqr4x_shift_n_add: + adcs $acc2,$a2,$t1 + extr $t2,$t3,$t2,#63 + sub $cnt,$cnt,#8*4 + adcs $acc3,$a3,$t2 + ldp $t1,$t2,[$tp,#8*5] + mul $a4,$a5,$a5 + ldp $a1,$a3,[$ap],#8*2 + umulh $a5,$a5,$a5 + mul $a6,$a7,$a7 + umulh $a7,$a7,$a7 + extr $t3,$t0,$t3,#63 + stp $acc0,$acc1,[$tp,#8*0] + adcs $acc4,$a4,$t3 + extr $t0,$t1,$t0,#63 + stp $acc2,$acc3,[$tp,#8*2] + adcs $acc5,$a5,$t0 + ldp $t3,$t0,[$tp,#8*7] + extr $t1,$t2,$t1,#63 + adcs $acc6,$a6,$t1 + extr $t2,$t3,$t2,#63 + adcs $acc7,$a7,$t2 + ldp $t1,$t2,[$tp,#8*9] + mul $a0,$a1,$a1 + ldp $a5,$a7,[$ap],#8*2 + umulh $a1,$a1,$a1 + mul $a2,$a3,$a3 + umulh $a3,$a3,$a3 + stp $acc4,$acc5,[$tp,#8*4] + extr $t3,$t0,$t3,#63 + stp $acc6,$acc7,[$tp,#8*6] + add $tp,$tp,#8*8 + adcs $acc0,$a0,$t3 + extr $t0,$t1,$t0,#63 + adcs $acc1,$a1,$t0 + ldp $t3,$t0,[$tp,#8*3] + extr $t1,$t2,$t1,#63 + cbnz $cnt,.Lsqr4x_shift_n_add +___ +my ($np,$np_end)=($ap,$ap_end); +$code.=<<___; + ldp $np,$n0,[x29,#104] // pull np and n0 + + adcs $acc2,$a2,$t1 + extr $t2,$t3,$t2,#63 + adcs $acc3,$a3,$t2 + ldp $t1,$t2,[$tp,#8*5] + mul $a4,$a5,$a5 + umulh $a5,$a5,$a5 + stp $acc0,$acc1,[$tp,#8*0] + mul $a6,$a7,$a7 + umulh $a7,$a7,$a7 + stp $acc2,$acc3,[$tp,#8*2] + extr $t3,$t0,$t3,#63 + adcs $acc4,$a4,$t3 + extr $t0,$t1,$t0,#63 + ldp $acc0,$acc1,[sp,#8*0] + adcs $acc5,$a5,$t0 + extr $t1,$t2,$t1,#63 + ldp $a0,$a1,[$np,#8*0] + adcs $acc6,$a6,$t1 + extr $t2,xzr,$t2,#63 + ldp $a2,$a3,[$np,#8*2] + adc $acc7,$a7,$t2 + ldp $a4,$a5,[$np,#8*4] + + // Reduce by 512 bits per iteration + mul $na0,$n0,$acc0 // t[0]*n0 + ldp $a6,$a7,[$np,#8*6] + add $np_end,$np,$num + ldp $acc2,$acc3,[sp,#8*2] + stp $acc4,$acc5,[$tp,#8*4] + ldp $acc4,$acc5,[sp,#8*4] + stp $acc6,$acc7,[$tp,#8*6] + ldp $acc6,$acc7,[sp,#8*6] + add $np,$np,#8*8 + mov $topmost,xzr // initial top-most carry + mov $tp,sp + mov $cnt,#8 + +.Lsqr8x_reduction: + // (*) mul $t0,$a0,$na0 // lo(n[0-7])*lo(t[0]*n0) + mul $t1,$a1,$na0 + sub $cnt,$cnt,#1 + mul $t2,$a2,$na0 + str $na0,[$tp],#8 // put aside t[0]*n0 for tail processing + mul $t3,$a3,$na0 + // (*) adds xzr,$acc0,$t0 + subs xzr,$acc0,#1 // (*) + mul $t0,$a4,$na0 + adcs $acc0,$acc1,$t1 + mul $t1,$a5,$na0 + adcs $acc1,$acc2,$t2 + mul $t2,$a6,$na0 + adcs $acc2,$acc3,$t3 + mul $t3,$a7,$na0 + adcs $acc3,$acc4,$t0 + umulh $t0,$a0,$na0 // hi(n[0-7])*lo(t[0]*n0) + adcs $acc4,$acc5,$t1 + umulh $t1,$a1,$na0 + adcs $acc5,$acc6,$t2 + umulh $t2,$a2,$na0 + adcs $acc6,$acc7,$t3 + umulh $t3,$a3,$na0 + adc $acc7,xzr,xzr + adds $acc0,$acc0,$t0 + umulh $t0,$a4,$na0 + adcs $acc1,$acc1,$t1 + umulh $t1,$a5,$na0 + adcs $acc2,$acc2,$t2 + umulh $t2,$a6,$na0 + adcs $acc3,$acc3,$t3 + umulh $t3,$a7,$na0 + mul $na0,$n0,$acc0 // next t[0]*n0 + adcs $acc4,$acc4,$t0 + adcs $acc5,$acc5,$t1 + adcs $acc6,$acc6,$t2 + adc $acc7,$acc7,$t3 + cbnz $cnt,.Lsqr8x_reduction + + ldp $t0,$t1,[$tp,#8*0] + ldp $t2,$t3,[$tp,#8*2] + mov $rp,$tp + sub $cnt,$np_end,$np // done yet? + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + ldp $t0,$t1,[$tp,#8*4] + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + ldp $t2,$t3,[$tp,#8*6] + adcs $acc4,$acc4,$t0 + adcs $acc5,$acc5,$t1 + adcs $acc6,$acc6,$t2 + adcs $acc7,$acc7,$t3 + //adc $carry,xzr,xzr // moved below + cbz $cnt,.Lsqr8x8_post_condition + + ldr $n0,[$tp,#-8*8] + ldp $a0,$a1,[$np,#8*0] + ldp $a2,$a3,[$np,#8*2] + ldp $a4,$a5,[$np,#8*4] + mov $cnt,#-8*8 + ldp $a6,$a7,[$np,#8*6] + add $np,$np,#8*8 + +.Lsqr8x_tail: + mul $t0,$a0,$n0 + adc $carry,xzr,xzr // carry bit, modulo-scheduled + mul $t1,$a1,$n0 + add $cnt,$cnt,#8 + mul $t2,$a2,$n0 + mul $t3,$a3,$n0 + adds $acc0,$acc0,$t0 + mul $t0,$a4,$n0 + adcs $acc1,$acc1,$t1 + mul $t1,$a5,$n0 + adcs $acc2,$acc2,$t2 + mul $t2,$a6,$n0 + adcs $acc3,$acc3,$t3 + mul $t3,$a7,$n0 + adcs $acc4,$acc4,$t0 + umulh $t0,$a0,$n0 + adcs $acc5,$acc5,$t1 + umulh $t1,$a1,$n0 + adcs $acc6,$acc6,$t2 + umulh $t2,$a2,$n0 + adcs $acc7,$acc7,$t3 + umulh $t3,$a3,$n0 + adc $carry,$carry,xzr + str $acc0,[$tp],#8 + adds $acc0,$acc1,$t0 + umulh $t0,$a4,$n0 + adcs $acc1,$acc2,$t1 + umulh $t1,$a5,$n0 + adcs $acc2,$acc3,$t2 + umulh $t2,$a6,$n0 + adcs $acc3,$acc4,$t3 + umulh $t3,$a7,$n0 + ldr $n0,[$rp,$cnt] + adcs $acc4,$acc5,$t0 + adcs $acc5,$acc6,$t1 + adcs $acc6,$acc7,$t2 + adcs $acc7,$carry,$t3 + //adc $carry,xzr,xzr // moved above + cbnz $cnt,.Lsqr8x_tail + // note that carry flag is guaranteed + // to be zero at this point + ldp $a0,$a1,[$tp,#8*0] + sub $cnt,$np_end,$np // done yet? + sub $t2,$np_end,$num // rewinded np + ldp $a2,$a3,[$tp,#8*2] + ldp $a4,$a5,[$tp,#8*4] + ldp $a6,$a7,[$tp,#8*6] + cbz $cnt,.Lsqr8x_tail_break + + ldr $n0,[$rp,#-8*8] + adds $acc0,$acc0,$a0 + adcs $acc1,$acc1,$a1 + ldp $a0,$a1,[$np,#8*0] + adcs $acc2,$acc2,$a2 + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$np,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$np,#8*4] + adcs $acc6,$acc6,$a6 + mov $cnt,#-8*8 + adcs $acc7,$acc7,$a7 + ldp $a6,$a7,[$np,#8*6] + add $np,$np,#8*8 + //adc $carry,xzr,xzr // moved above + b .Lsqr8x_tail + +.align 4 +.Lsqr8x_tail_break: + ldr $n0,[x29,#112] // pull n0 + add $cnt,$tp,#8*8 // end of current t[num] window + + subs xzr,$topmost,#1 // "move" top-most carry to carry bit + adcs $t0,$acc0,$a0 + adcs $t1,$acc1,$a1 + ldp $acc0,$acc1,[$rp,#8*0] + adcs $acc2,$acc2,$a2 + ldp $a0,$a1,[$t2,#8*0] // recall that $t2 is &n[0] + adcs $acc3,$acc3,$a3 + ldp $a2,$a3,[$t2,#8*2] + adcs $acc4,$acc4,$a4 + adcs $acc5,$acc5,$a5 + ldp $a4,$a5,[$t2,#8*4] + adcs $acc6,$acc6,$a6 + adcs $acc7,$acc7,$a7 + ldp $a6,$a7,[$t2,#8*6] + add $np,$t2,#8*8 + adc $topmost,xzr,xzr // top-most carry + mul $na0,$n0,$acc0 + stp $t0,$t1,[$tp,#8*0] + stp $acc2,$acc3,[$tp,#8*2] + ldp $acc2,$acc3,[$rp,#8*2] + stp $acc4,$acc5,[$tp,#8*4] + ldp $acc4,$acc5,[$rp,#8*4] + cmp $cnt,x29 // did we hit the bottom? + stp $acc6,$acc7,[$tp,#8*6] + mov $tp,$rp // slide the window + ldp $acc6,$acc7,[$rp,#8*6] + mov $cnt,#8 + b.ne .Lsqr8x_reduction + + // Final step. We see if result is larger than modulus, and + // if it is, subtract the modulus. But comparison implies + // subtraction. So we subtract modulus, see if it borrowed, + // and conditionally copy original value. + ldr $rp,[x29,#96] // pull rp + add $tp,$tp,#8*8 + subs $t0,$acc0,$a0 + sbcs $t1,$acc1,$a1 + sub $cnt,$num,#8*8 + mov $ap_end,$rp // $rp copy + +.Lsqr8x_sub: + sbcs $t2,$acc2,$a2 + ldp $a0,$a1,[$np,#8*0] + sbcs $t3,$acc3,$a3 + stp $t0,$t1,[$rp,#8*0] + sbcs $t0,$acc4,$a4 + ldp $a2,$a3,[$np,#8*2] + sbcs $t1,$acc5,$a5 + stp $t2,$t3,[$rp,#8*2] + sbcs $t2,$acc6,$a6 + ldp $a4,$a5,[$np,#8*4] + sbcs $t3,$acc7,$a7 + ldp $a6,$a7,[$np,#8*6] + add $np,$np,#8*8 + ldp $acc0,$acc1,[$tp,#8*0] + sub $cnt,$cnt,#8*8 + ldp $acc2,$acc3,[$tp,#8*2] + ldp $acc4,$acc5,[$tp,#8*4] + ldp $acc6,$acc7,[$tp,#8*6] + add $tp,$tp,#8*8 + stp $t0,$t1,[$rp,#8*4] + sbcs $t0,$acc0,$a0 + stp $t2,$t3,[$rp,#8*6] + add $rp,$rp,#8*8 + sbcs $t1,$acc1,$a1 + cbnz $cnt,.Lsqr8x_sub + + sbcs $t2,$acc2,$a2 + mov $tp,sp + add $ap,sp,$num + ldp $a0,$a1,[$ap_end,#8*0] + sbcs $t3,$acc3,$a3 + stp $t0,$t1,[$rp,#8*0] + sbcs $t0,$acc4,$a4 + ldp $a2,$a3,[$ap_end,#8*2] + sbcs $t1,$acc5,$a5 + stp $t2,$t3,[$rp,#8*2] + sbcs $t2,$acc6,$a6 + ldp $acc0,$acc1,[$ap,#8*0] + sbcs $t3,$acc7,$a7 + ldp $acc2,$acc3,[$ap,#8*2] + sbcs xzr,$topmost,xzr // did it borrow? + ldr x30,[x29,#8] // pull return address + stp $t0,$t1,[$rp,#8*4] + stp $t2,$t3,[$rp,#8*6] + + sub $cnt,$num,#8*4 +.Lsqr4x_cond_copy: + sub $cnt,$cnt,#8*4 + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + ldp $a0,$a1,[$ap_end,#8*4] + ldp $acc0,$acc1,[$ap,#8*4] + csel $t2,$acc2,$a2,lo + stp xzr,xzr,[$tp,#8*2] + add $tp,$tp,#8*4 + csel $t3,$acc3,$a3,lo + ldp $a2,$a3,[$ap_end,#8*6] + ldp $acc2,$acc3,[$ap,#8*6] + add $ap,$ap,#8*4 + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + add $ap_end,$ap_end,#8*4 + stp xzr,xzr,[$ap,#8*0] + stp xzr,xzr,[$ap,#8*2] + cbnz $cnt,.Lsqr4x_cond_copy + + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + stp xzr,xzr,[$tp,#8*2] + csel $t2,$acc2,$a2,lo + csel $t3,$acc3,$a3,lo + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + + b .Lsqr8x_done + +.align 4 +.Lsqr8x8_post_condition: + adc $carry,xzr,xzr + ldr x30,[x29,#8] // pull return address + // $acc0-7,$carry hold result, $a0-7 hold modulus + subs $a0,$acc0,$a0 + ldr $ap,[x29,#96] // pull rp + sbcs $a1,$acc1,$a1 + stp xzr,xzr,[sp,#8*0] + sbcs $a2,$acc2,$a2 + stp xzr,xzr,[sp,#8*2] + sbcs $a3,$acc3,$a3 + stp xzr,xzr,[sp,#8*4] + sbcs $a4,$acc4,$a4 + stp xzr,xzr,[sp,#8*6] + sbcs $a5,$acc5,$a5 + stp xzr,xzr,[sp,#8*8] + sbcs $a6,$acc6,$a6 + stp xzr,xzr,[sp,#8*10] + sbcs $a7,$acc7,$a7 + stp xzr,xzr,[sp,#8*12] + sbcs $carry,$carry,xzr // did it borrow? + stp xzr,xzr,[sp,#8*14] + + // $a0-7 hold result-modulus + csel $a0,$acc0,$a0,lo + csel $a1,$acc1,$a1,lo + csel $a2,$acc2,$a2,lo + csel $a3,$acc3,$a3,lo + stp $a0,$a1,[$ap,#8*0] + csel $a4,$acc4,$a4,lo + csel $a5,$acc5,$a5,lo + stp $a2,$a3,[$ap,#8*2] + csel $a6,$acc6,$a6,lo + csel $a7,$acc7,$a7,lo + stp $a4,$a5,[$ap,#8*4] + stp $a6,$a7,[$ap,#8*6] +.Lsqr8x_done: + ldp x19,x20,[x29,#16] + mov sp,x29 + ldp x21,x22,[x29,#32] + mov x0,#1 + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldr x29,[sp],#128 + ret +.size __bn_sqr8x_mont,.-__bn_sqr8x_mont +___ +} + +{ +######################################################################## +# Even though this might look as ARMv8 adaptation of mulx4x_mont from +# x86_64-mont5 module, it's different in sense that it performs +# reduction 256 bits at a time. + +my ($a0,$a1,$a2,$a3, + $t0,$t1,$t2,$t3, + $m0,$m1,$m2,$m3, + $acc0,$acc1,$acc2,$acc3,$acc4, + $bi,$mi,$tp,$ap_end,$cnt) = map("x$_",(6..17,19..28)); +my $bp_end=$rp; +my ($carry,$topmost) = ($rp,"x30"); + +$code.=<<___; +.type __bn_mul4x_mont,%function +.align 5 +__bn_mul4x_mont: + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + + sub $tp,sp,$num,lsl#3 + lsl $num,$num,#3 + ldr $n0,[$n0] // *n0 + sub sp,$tp,#8*4 // alloca + + add $t0,$bp,$num + add $ap_end,$ap,$num + stp $rp,$t0,[x29,#96] // offload rp and &b[num] + + ldr $bi,[$bp,#8*0] // b[0] + ldp $a0,$a1,[$ap,#8*0] // a[0..3] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + mov $acc0,xzr + mov $acc1,xzr + mov $acc2,xzr + mov $acc3,xzr + ldp $m0,$m1,[$np,#8*0] // n[0..3] + ldp $m2,$m3,[$np,#8*2] + adds $np,$np,#8*4 // clear carry bit + mov $carry,xzr + mov $cnt,#0 + mov $tp,sp + +.Loop_mul4x_1st_reduction: + mul $t0,$a0,$bi // lo(a[0..3]*b[0]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[0..3]*b[0]) + adcs $acc1,$acc1,$t1 + mul $mi,$acc0,$n0 // t[0]*n0 + adcs $acc2,$acc2,$t2 + umulh $t1,$a1,$bi + adcs $acc3,$acc3,$t3 + umulh $t2,$a2,$bi + adc $acc4,xzr,xzr + umulh $t3,$a3,$bi + ldr $bi,[$bp,$cnt] // next b[i] (or b[0]) + adds $acc1,$acc1,$t0 + // (*) mul $t0,$m0,$mi // lo(n[0..3]*t[0]*n0) + str $mi,[$tp],#8 // put aside t[0]*n0 for tail processing + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + // (*) adds xzr,$acc0,$t0 + subs xzr,$acc0,#1 // (*) + umulh $t0,$m0,$mi // hi(n[0..3]*t[0]*n0) + adcs $acc0,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc1,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc2,$acc3,$t3 + umulh $t3,$m3,$mi + adcs $acc3,$acc4,$carry + adc $carry,xzr,xzr + adds $acc0,$acc0,$t0 + sub $t0,$ap_end,$ap + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_1st_reduction + + cbz $t0,.Lmul4x4_post_condition + + ldp $a0,$a1,[$ap,#8*0] // a[4..7] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + ldr $mi,[sp] // a[0]*n0 + ldp $m0,$m1,[$np,#8*0] // n[4..7] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + +.Loop_mul4x_1st_tail: + mul $t0,$a0,$bi // lo(a[4..7]*b[i]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[4..7]*b[i]) + adcs $acc1,$acc1,$t1 + umulh $t1,$a1,$bi + adcs $acc2,$acc2,$t2 + umulh $t2,$a2,$bi + adcs $acc3,$acc3,$t3 + umulh $t3,$a3,$bi + adc $acc4,xzr,xzr + ldr $bi,[$bp,$cnt] // next b[i] (or b[0]) + adds $acc1,$acc1,$t0 + mul $t0,$m0,$mi // lo(n[4..7]*a[0]*n0) + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + adds $acc0,$acc0,$t0 + umulh $t0,$m0,$mi // hi(n[4..7]*a[0]*n0) + adcs $acc1,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc2,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc3,$acc3,$t3 + adcs $acc4,$acc4,$carry + umulh $t3,$m3,$mi + adc $carry,xzr,xzr + ldr $mi,[sp,$cnt] // next t[0]*n0 + str $acc0,[$tp],#8 // result!!! + adds $acc0,$acc1,$t0 + sub $t0,$ap_end,$ap // done yet? + adcs $acc1,$acc2,$t1 + adcs $acc2,$acc3,$t2 + adcs $acc3,$acc4,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_1st_tail + + sub $t1,$ap_end,$num // rewinded $ap + cbz $t0,.Lmul4x_proceed + + ldp $a0,$a1,[$ap,#8*0] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + ldp $m0,$m1,[$np,#8*0] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + b .Loop_mul4x_1st_tail + +.align 5 +.Lmul4x_proceed: + ldr $bi,[$bp,#8*4]! // *++b + adc $topmost,$carry,xzr + ldp $a0,$a1,[$t1,#8*0] // a[0..3] + sub $np,$np,$num // rewind np + ldp $a2,$a3,[$t1,#8*2] + add $ap,$t1,#8*4 + + stp $acc0,$acc1,[$tp,#8*0] // result!!! + ldp $acc0,$acc1,[sp,#8*4] // t[0..3] + stp $acc2,$acc3,[$tp,#8*2] // result!!! + ldp $acc2,$acc3,[sp,#8*6] + + ldp $m0,$m1,[$np,#8*0] // n[0..3] + mov $tp,sp + ldp $m2,$m3,[$np,#8*2] + adds $np,$np,#8*4 // clear carry bit + mov $carry,xzr + +.align 4 +.Loop_mul4x_reduction: + mul $t0,$a0,$bi // lo(a[0..3]*b[4]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[0..3]*b[4]) + adcs $acc1,$acc1,$t1 + mul $mi,$acc0,$n0 // t[0]*n0 + adcs $acc2,$acc2,$t2 + umulh $t1,$a1,$bi + adcs $acc3,$acc3,$t3 + umulh $t2,$a2,$bi + adc $acc4,xzr,xzr + umulh $t3,$a3,$bi + ldr $bi,[$bp,$cnt] // next b[i] + adds $acc1,$acc1,$t0 + // (*) mul $t0,$m0,$mi + str $mi,[$tp],#8 // put aside t[0]*n0 for tail processing + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi // lo(n[0..3]*t[0]*n0 + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + // (*) adds xzr,$acc0,$t0 + subs xzr,$acc0,#1 // (*) + umulh $t0,$m0,$mi // hi(n[0..3]*t[0]*n0 + adcs $acc0,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc1,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc2,$acc3,$t3 + umulh $t3,$m3,$mi + adcs $acc3,$acc4,$carry + adc $carry,xzr,xzr + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_reduction + + adc $carry,$carry,xzr + ldp $t0,$t1,[$tp,#8*4] // t[4..7] + ldp $t2,$t3,[$tp,#8*6] + ldp $a0,$a1,[$ap,#8*0] // a[4..7] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + + ldr $mi,[sp] // t[0]*n0 + ldp $m0,$m1,[$np,#8*0] // n[4..7] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + +.align 4 +.Loop_mul4x_tail: + mul $t0,$a0,$bi // lo(a[4..7]*b[4]) + adc $carry,$carry,xzr // modulo-scheduled + mul $t1,$a1,$bi + add $cnt,$cnt,#8 + mul $t2,$a2,$bi + and $cnt,$cnt,#31 + mul $t3,$a3,$bi + adds $acc0,$acc0,$t0 + umulh $t0,$a0,$bi // hi(a[4..7]*b[4]) + adcs $acc1,$acc1,$t1 + umulh $t1,$a1,$bi + adcs $acc2,$acc2,$t2 + umulh $t2,$a2,$bi + adcs $acc3,$acc3,$t3 + umulh $t3,$a3,$bi + adc $acc4,xzr,xzr + ldr $bi,[$bp,$cnt] // next b[i] + adds $acc1,$acc1,$t0 + mul $t0,$m0,$mi // lo(n[4..7]*t[0]*n0) + adcs $acc2,$acc2,$t1 + mul $t1,$m1,$mi + adcs $acc3,$acc3,$t2 + mul $t2,$m2,$mi + adc $acc4,$acc4,$t3 // can't overflow + mul $t3,$m3,$mi + adds $acc0,$acc0,$t0 + umulh $t0,$m0,$mi // hi(n[4..7]*t[0]*n0) + adcs $acc1,$acc1,$t1 + umulh $t1,$m1,$mi + adcs $acc2,$acc2,$t2 + umulh $t2,$m2,$mi + adcs $acc3,$acc3,$t3 + umulh $t3,$m3,$mi + adcs $acc4,$acc4,$carry + ldr $mi,[sp,$cnt] // next a[0]*n0 + adc $carry,xzr,xzr + str $acc0,[$tp],#8 // result!!! + adds $acc0,$acc1,$t0 + sub $t0,$ap_end,$ap // done yet? + adcs $acc1,$acc2,$t1 + adcs $acc2,$acc3,$t2 + adcs $acc3,$acc4,$t3 + //adc $carry,$carry,xzr + cbnz $cnt,.Loop_mul4x_tail + + sub $t1,$np,$num // rewinded np? + adc $carry,$carry,xzr + cbz $t0,.Loop_mul4x_break + + ldp $t0,$t1,[$tp,#8*4] + ldp $t2,$t3,[$tp,#8*6] + ldp $a0,$a1,[$ap,#8*0] + ldp $a2,$a3,[$ap,#8*2] + add $ap,$ap,#8*4 + adds $acc0,$acc0,$t0 + adcs $acc1,$acc1,$t1 + adcs $acc2,$acc2,$t2 + adcs $acc3,$acc3,$t3 + //adc $carry,$carry,xzr + ldp $m0,$m1,[$np,#8*0] + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + b .Loop_mul4x_tail + +.align 4 +.Loop_mul4x_break: + ldp $t2,$t3,[x29,#96] // pull rp and &b[num] + adds $acc0,$acc0,$topmost + add $bp,$bp,#8*4 // bp++ + adcs $acc1,$acc1,xzr + sub $ap,$ap,$num // rewind ap + adcs $acc2,$acc2,xzr + stp $acc0,$acc1,[$tp,#8*0] // result!!! + adcs $acc3,$acc3,xzr + ldp $acc0,$acc1,[sp,#8*4] // t[0..3] + adc $topmost,$carry,xzr + stp $acc2,$acc3,[$tp,#8*2] // result!!! + cmp $bp,$t3 // done yet? + ldp $acc2,$acc3,[sp,#8*6] + ldp $m0,$m1,[$t1,#8*0] // n[0..3] + ldp $m2,$m3,[$t1,#8*2] + add $np,$t1,#8*4 + b.eq .Lmul4x_post + + ldr $bi,[$bp] + ldp $a0,$a1,[$ap,#8*0] // a[0..3] + ldp $a2,$a3,[$ap,#8*2] + adds $ap,$ap,#8*4 // clear carry bit + mov $carry,xzr + mov $tp,sp + b .Loop_mul4x_reduction + +.align 4 +.Lmul4x_post: + // Final step. We see if result is larger than modulus, and + // if it is, subtract the modulus. But comparison implies + // subtraction. So we subtract modulus, see if it borrowed, + // and conditionally copy original value. + mov $rp,$t2 + mov $ap_end,$t2 // $rp copy + subs $t0,$acc0,$m0 + add $tp,sp,#8*8 + sbcs $t1,$acc1,$m1 + sub $cnt,$num,#8*4 + +.Lmul4x_sub: + sbcs $t2,$acc2,$m2 + ldp $m0,$m1,[$np,#8*0] + sub $cnt,$cnt,#8*4 + ldp $acc0,$acc1,[$tp,#8*0] + sbcs $t3,$acc3,$m3 + ldp $m2,$m3,[$np,#8*2] + add $np,$np,#8*4 + ldp $acc2,$acc3,[$tp,#8*2] + add $tp,$tp,#8*4 + stp $t0,$t1,[$rp,#8*0] + sbcs $t0,$acc0,$m0 + stp $t2,$t3,[$rp,#8*2] + add $rp,$rp,#8*4 + sbcs $t1,$acc1,$m1 + cbnz $cnt,.Lmul4x_sub + + sbcs $t2,$acc2,$m2 + mov $tp,sp + add $ap,sp,#8*4 + ldp $a0,$a1,[$ap_end,#8*0] + sbcs $t3,$acc3,$m3 + stp $t0,$t1,[$rp,#8*0] + ldp $a2,$a3,[$ap_end,#8*2] + stp $t2,$t3,[$rp,#8*2] + ldp $acc0,$acc1,[$ap,#8*0] + ldp $acc2,$acc3,[$ap,#8*2] + sbcs xzr,$topmost,xzr // did it borrow? + ldr x30,[x29,#8] // pull return address + + sub $cnt,$num,#8*4 +.Lmul4x_cond_copy: + sub $cnt,$cnt,#8*4 + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + ldp $a0,$a1,[$ap_end,#8*4] + ldp $acc0,$acc1,[$ap,#8*4] + csel $t2,$acc2,$a2,lo + stp xzr,xzr,[$tp,#8*2] + add $tp,$tp,#8*4 + csel $t3,$acc3,$a3,lo + ldp $a2,$a3,[$ap_end,#8*6] + ldp $acc2,$acc3,[$ap,#8*6] + add $ap,$ap,#8*4 + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + add $ap_end,$ap_end,#8*4 + cbnz $cnt,.Lmul4x_cond_copy + + csel $t0,$acc0,$a0,lo + stp xzr,xzr,[$tp,#8*0] + csel $t1,$acc1,$a1,lo + stp xzr,xzr,[$tp,#8*2] + csel $t2,$acc2,$a2,lo + stp xzr,xzr,[$tp,#8*3] + csel $t3,$acc3,$a3,lo + stp xzr,xzr,[$tp,#8*4] + stp $t0,$t1,[$ap_end,#8*0] + stp $t2,$t3,[$ap_end,#8*2] + + b .Lmul4x_done + +.align 4 +.Lmul4x4_post_condition: + adc $carry,$carry,xzr + ldr $ap,[x29,#96] // pull rp + // $acc0-3,$carry hold result, $m0-7 hold modulus + subs $a0,$acc0,$m0 + ldr x30,[x29,#8] // pull return address + sbcs $a1,$acc1,$m1 + stp xzr,xzr,[sp,#8*0] + sbcs $a2,$acc2,$m2 + stp xzr,xzr,[sp,#8*2] + sbcs $a3,$acc3,$m3 + stp xzr,xzr,[sp,#8*4] + sbcs xzr,$carry,xzr // did it borrow? + stp xzr,xzr,[sp,#8*6] + + // $a0-3 hold result-modulus + csel $a0,$acc0,$a0,lo + csel $a1,$acc1,$a1,lo + csel $a2,$acc2,$a2,lo + csel $a3,$acc3,$a3,lo + stp $a0,$a1,[$ap,#8*0] + stp $a2,$a3,[$ap,#8*2] + +.Lmul4x_done: + ldp x19,x20,[x29,#16] + mov sp,x29 + ldp x21,x22,[x29,#32] + mov x0,#1 + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldr x29,[sp],#128 + ret +.size __bn_mul4x_mont,.-__bn_mul4x_mont +___ +} +$code.=<<___; .asciz "Montgomery Multiplication for ARMv8, CRYPTOGAMS by " .align 4 ___ diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl index 1c9eb6b..9d1bce1 100644 --- a/crypto/ec/asm/ecp_nistz256-armv8.pl +++ b/crypto/ec/asm/ecp_nistz256-armv8.pl @@ -14,19 +14,16 @@ # Original ECP_NISTZ256 submission targeting x86_64 is detailed in # http://eprint.iacr.org/2013/816. # -# with/without -DECP_NISTZ256_ASM(*) -# Apple A7 +140-590% -# Cortex-A53 +135-720% -# Cortex-A57 +145-570% -# X-Gene +120-700% -# Denver +150-740% -# -# (*) comparison is not really "fair", because it's compared to C -# implementation, unlike other similar cases that is; +# with/without -DECP_NISTZ256_ASM +# Apple A7 +120-360% +# Cortex-A53 +120-400% +# Cortex-A57 +120-350% +# X-Gene +200-330% +# Denver +140-400% # # Ranges denote minimum and maximum improvement coefficients depending # on benchmark. Lower coefficients are for ECDSA sign, server-side -# operation. Keep in mind that +500% means 6x improvement. +# operation. Keep in mind that +400% means 5x improvement. $flavour = shift; while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} From appro at openssl.org Wed May 13 15:24:23 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 15:24:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431530663.763682.506.nullmailer@dev.openssl.org> The branch master has been updated via bd576049a9db8c6caca99c8f965663422658a464 (commit) from 7ee7f9202581f2bf4098384ce3bb55c8fe2180b3 (commit) - Log ----------------------------------------------------------------- commit bd576049a9db8c6caca99c8f965663422658a464 Author: Andy Polyakov Date: Mon Apr 20 15:53:12 2015 +0200 util/incore update. Support cross-compile platforms that don't support FINGERPRINT_premain, e.g. VxWorks. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/incore | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/util/incore b/util/incore index e6e6ecf..bb765b1 100755 --- a/util/incore +++ b/util/incore @@ -382,7 +382,7 @@ if (!$legacy_mode) { } $FINGERPRINT_ascii_value - = $exe->Lookup("FINGERPRINT_ascii_value") or die; + = $exe->Lookup("FINGERPRINT_ascii_value"); } if ($FIPS_text_startX && $FIPS_text_endX) { @@ -439,9 +439,12 @@ $fingerprint = FIPS_incore_fingerprint(); if ($legacy_mode) { print unpack("H*",$fingerprint); -} else { +} elsif (defined($FINGERPRINT_ascii_value)) { seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!"; print FD unpack("H*",$fingerprint) or die "$!"; +} else { + seek(FD,$FIPS_signature->{st_offset},0) or die "$!"; + print FD $fingerprint or die "$!"; } close (FD); From appro at openssl.org Wed May 13 16:05:50 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 13 May 2015 16:05:50 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0-dev update Message-ID: <1431533150.528693.4972.nullmailer@dev.openssl.org> The branch OpenSSL-fips-2_0-dev has been updated via 8a09500d9cc1bafcbafb4d18c1bf2238bf354171 (commit) via 0ae16722876a9e424a1abc2c5285268476d99c35 (commit) via 292c1f34ec27f95fdc3c9dfa5c2df93dde7861e0 (commit) via f447329da7bf1e95691c8019af3e846002ba554d (commit) via 80b1e89bbc901a8f4a5e11945e367e0e0def11ec (commit) via bb98f6bef66dc423a3736cc9c5e5602933f58c64 (commit) via 728b53058ee6f89fa95c0ed3feaa410a85db7323 (commit) via 3b3114770a2ab3df863701b2b8518b5c01fa0cae (commit) via 9b5db104eca33372b3acb7c7029c211c16b68b5e (commit) from 788715cecf22fac32fa87b812609b6e1ad227a3a (commit) - Log ----------------------------------------------------------------- commit 8a09500d9cc1bafcbafb4d18c1bf2238bf354171 Author: Andy Polyakov Date: Mon May 11 12:16:01 2015 +0200 util/incore update that allows FINGERPRINT_premain-free build. As for complementary fips.c modification. Goal is to ensure that FIPS_signature does not end up in .bss segment, one guaranteed to be zeroed upon program start-up. One would expect explicitly initialized values to end up in .data segment, but it turned out that values explicitly initialized with zeros can end up in .bss. The modification does not affect program flow, because first byte was the only one of significance [to FINGERPRINT_premain]. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 34f39b062c76fbd3082521b26edee7f53afc061d) commit 0ae16722876a9e424a1abc2c5285268476d99c35 Author: Andy Polyakov Date: Mon May 11 12:04:12 2015 +0200 Add support for Android 5, both 32- and 64-bit cases. Special note about additional -pie flag in android-armv7. The initial reason for adding it is that Android 5 refuses to execute non-PIE binaries. But what about older systems and previously validated platforms? It should be noted that flag is not used when compiling object code, fipscanister.o in this context, only when linking applications, *supplementary* fips_algvs used during validation procedure. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 6db8e3bdc9ef83d83b83f3eec9722c96daa91f82) Resolved conflicts: test/fips_algvs.c commit 292c1f34ec27f95fdc3c9dfa5c2df93dde7861e0 Author: Andy Polyakov Date: Mon May 11 11:56:30 2015 +0200 Additional vxWorks target. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 50e2a0ea4615124aa159e8f43317dedcf0cfcaa2) commit f447329da7bf1e95691c8019af3e846002ba554d Author: Andy Polyakov Date: Mon May 11 11:53:41 2015 +0200 Configure: add ios-cross target with ARM assembly support. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 97fbb0c88c2f601f98e25e57b9f6f9679d14f3a8) Resolved conflicts: Configure config commit 80b1e89bbc901a8f4a5e11945e367e0e0def11ec Author: Andy Polyakov Date: Mon May 11 11:50:29 2015 +0200 Add iOS-specific armv4cpud.S module. Normally it would be generated from a perlasm module, but doing so would affect existing armv4cpuid.S, which in turn would formally void previously validated platforms. Hense separate module is generated. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 5837e90f08ffcf5ad84933793bc285630018ce26) commit bb98f6bef66dc423a3736cc9c5e5602933f58c64 Author: Andy Polyakov Date: Mon May 11 11:43:55 2015 +0200 Adapt ARM assembly pack for iOS. This is achieved by filtering perlasm output through arm-xlate.pl. But note that it's done only if "flavour" argument is not 'void'. As 'void' is default value for other ARM targets, permasm output is not actually filtered on previously validated platforms. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 874faf2ffb22187ad5483d9691a3a2eb7112f161) commit 728b53058ee6f89fa95c0ed3feaa410a85db7323 Author: Andy Polyakov Date: Mon May 11 11:36:48 2015 +0200 Configure: engage ARMv8 assembly pack in ios64-cross target. Reviewed-by: Dr. Stephen Henson (cherry picked from commit c6d109051d1c2b9a453427a2a53ad3d40acc9276) Resolved Conflicts: Configure commit 3b3114770a2ab3df863701b2b8518b5c01fa0cae Author: Andy Polyakov Date: Mon May 11 11:34:56 2015 +0200 Engage ARMv8 assembly pack. Reviewed-by: Dr. Stephen Henson (cherry picked from commit 083ed53defb42ab4d3488bc7f80d9170d22293e7) commit 9b5db104eca33372b3acb7c7029c211c16b68b5e Author: Andy Polyakov Date: Mon May 11 11:18:04 2015 +0200 Add ARMv8 assembly pack. Reviewed-by: Dr. Stephen Henson (cherry picked from commit b84813ec017cb03b8dd0b85bce2bb3e021c45685) ----------------------------------------------------------------------- Summary of changes: Configure | 12 +- config | 10 +- crypto/Makefile | 1 + crypto/aes/Makefile | 4 + crypto/aes/asm/aes-armv4.pl | 31 +- crypto/aes/asm/aesv8-armx.pl | 968 +++++++++++++++++++++++++++++++++++++ crypto/arm64cpuid.pl | 68 +++ crypto/arm_arch.h | 17 +- crypto/armcap.c | 26 + crypto/armv4cpuid_ios.S | 210 ++++++++ crypto/bn/asm/armv4-gf2m.pl | 23 +- crypto/bn/asm/armv4-mont.pl | 16 +- crypto/evp/e_aes.c | 113 +++++ crypto/modes/Makefile | 3 + crypto/modes/asm/ghash-armv4.pl | 33 +- crypto/modes/asm/ghashv8-armx.pl | 376 ++++++++++++++ crypto/modes/gcm128.c | 27 +- crypto/perlasm/arm-xlate.pl | 165 +++++++ crypto/sha/Makefile | 3 + crypto/sha/asm/sha1-armv4-large.pl | 16 +- crypto/sha/asm/sha1-armv8.pl | 343 +++++++++++++ crypto/sha/asm/sha256-armv4.pl | 16 +- crypto/sha/asm/sha512-armv4.pl | 22 +- crypto/sha/asm/sha512-armv8.pl | 428 ++++++++++++++++ fips/fips.c | 2 +- fips/fips_canister.c | 1 + fips/fips_test_suite.c | 6 + fips/fipssyms.h | 44 ++ test/fips_algvs.c | 71 +++ util/incore | 7 +- 30 files changed, 3027 insertions(+), 35 deletions(-) create mode 100644 crypto/aes/asm/aesv8-armx.pl create mode 100644 crypto/arm64cpuid.pl create mode 100644 crypto/armv4cpuid_ios.S create mode 100644 crypto/modes/asm/ghashv8-armx.pl create mode 100644 crypto/perlasm/arm-xlate.pl create mode 100644 crypto/sha/asm/sha1-armv8.pl create mode 100644 crypto/sha/asm/sha512-armv8.pl diff --git a/Configure b/Configure index 34856e2..6bb8f10 100755 --- a/Configure +++ b/Configure @@ -136,6 +136,7 @@ my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o:::: my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::"; my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes_ctr.o aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:"; my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void"; +my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o:::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:"; my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32"; my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64"; my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::"; @@ -401,7 +402,8 @@ my %table=( # Android: linux-* but without -DTERMIO and pointers to headers and libs. "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-pie%-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"android64-aarch64","gcc:-mandroid -fPIC -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-pie%-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### *BSD [do see comment about ${BSDthreads} above!] "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -596,7 +598,8 @@ my %table=( # CROSS_SDK=iPhoneOS7.0.sdk # "iphoneos-cross","cc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios-cross","cc:-O3 -arch armv7 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:armcap.o armv4cpuid_ios.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::ios32:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"ios64-cross","cc:-O3 -arch arm64 -mios-version-min=7.0.0 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR -RC4_CHUNK DES_INT DES_UNROLL -BF_PTR:${aarch64_asm}:ios64:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", @@ -613,6 +616,7 @@ my %table=( ##### VxWorks for various targets "vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::", "vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::", +"vxworks-ppcgen-kernel","ccppc:-D_REENTRANT -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip:::VXWORKS::::::", "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::", "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::", "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::", @@ -1575,7 +1579,7 @@ if ($rmd160_obj =~ /\.o$/) } if ($aes_obj =~ /\.o$/) { - $cflags.=" -DAES_ASM"; + $cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/); # aes_ctr.o is not a real file, only indication that assembler # module implements AES_ctr32_encrypt... $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes_ctr\.o//); @@ -1596,7 +1600,7 @@ else { $wp_obj="wp_block.o"; } $cmll_obj=$cmll_enc unless ($cmll_obj =~ /.o$/); -if ($modes_obj =~ /ghash/) +if ($modes_obj =~ /ghash\-/) { $cflags.=" -DGHASH_ASM"; } diff --git a/config b/config index fc78a30..4003e2f 100755 --- a/config +++ b/config @@ -375,6 +375,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in echo "nsr-tandem-nsk"; exit 0; ;; + vxworks:kernel*) + echo "${MACHINE}-kernel-vxworks"; exit 0; + ;; + vxworks*) echo "${MACHINE}-whatever-vxworks"; exit 0; ;; @@ -576,7 +580,9 @@ case "$GUESSOS" in *-*-iphoneos) options="$options -arch%20${MACHINE}" OUT="iphoneos-cross" ;; - arm64-*-iphoneos|*-*-ios64) + armv7-*-ios) + OUT="ios-cross" ;; + arm64-*-ios*) OUT="ios64-cross" ;; alpha-*-linux2) ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo` @@ -603,6 +609,7 @@ case "$GUESSOS" in ;; ppc-*-linux2) OUT="linux-ppc" ;; ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;; + ppcgen-kernel-vxworks*) OUT="vxworks-ppcgen-kernel" ;; ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;; pentium-*-vxworks*) OUT="vxworks-pentium" ;; simlinux-*-vxworks*) OUT="vxworks-simlinux" ;; @@ -854,6 +861,7 @@ case "$GUESSOS" in *-*-qnx6) OUT="QNX6" ;; x86-*-android|i?86-*-android) OUT="android-x86" ;; armv[7-9]*-*-android) OUT="android-armv7" ;; + aarch64-*-android) OUT="android64-aarch64" ;; *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;; esac diff --git a/crypto/Makefile b/crypto/Makefile index 22cb2a5..7304684 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -87,6 +87,7 @@ ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@ pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@ alphacpuid.s: alphacpuid.pl $(PERL) $< | $(CC) -E - | tee $@ > /dev/null +arm64cpuid.S: arm64cpuid.pl; $(PERL) arm64cpuid.pl $(PERLASM_SCHEME) > $@ subdirs: @target=all; $(RECURSIVE_MAKE) diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 8edd358..1d9e82a 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -78,6 +78,10 @@ aes-parisc.s: asm/aes-parisc.pl aes-mips.S: asm/aes-mips.pl $(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@ +aesv8-armx.S: asm/aesv8-armx.pl + $(PERL) asm/aesv8-armx.pl $(PERLASM_SCHEME) $@ +aesv8-armx.o: aesv8-armx.S + # GNU make "catch all" aes-%.S: asm/aes-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ aes-armv4.o: aes-armv4.S diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl index 55b6e04..ed51258 100644 --- a/crypto/aes/asm/aes-armv4.pl +++ b/crypto/aes/asm/aes-armv4.pl @@ -32,8 +32,20 @@ # Profiler-assisted and platform-specific optimization resulted in 16% # improvement on Cortex A8 core and ~21.5 cycles per byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $s0="r0"; $s1="r1"; @@ -171,7 +183,12 @@ AES_encrypt: stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp mov $key,r2 +#ifdef __APPLE__ + mov $tbl,#AES_encrypt-AES_Te + sub $tbl,r3,$tbl @ Te +#else sub $tbl,r3,#AES_encrypt-AES_Te @ Te +#endif #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... @@ -425,7 +442,12 @@ AES_set_encrypt_key: bne .Labrt .Lok: stmdb sp!,{r4-r12,lr} +#ifdef __APPLE__ + mov $tbl,#AES_set_encrypt_key-AES_Te-1024 + sub $tbl,r3,$tbl @ Te4 +#else sub $tbl,r3,#AES_set_encrypt_key-AES_Te-1024 @ Te4 +#endif mov $rounds,r0 @ inp mov lr,r1 @ bits @@ -886,7 +908,12 @@ AES_decrypt: stmdb sp!,{r1,r4-r12,lr} mov $rounds,r0 @ inp mov $key,r2 +#ifdef __APPLE__ + mov $tbl,#AES_decrypt-AES_Td + sub $tbl,r3,$tbl @ Td +#else sub $tbl,r3,#AES_decrypt-AES_Td @ Td +#endif #if __ARM_ARCH__<7 ldrb $s0,[$rounds,#3] @ load input data in endian-neutral ldrb $t1,[$rounds,#2] @ manner... diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl new file mode 100644 index 0000000..104f417 --- /dev/null +++ b/crypto/aes/asm/aesv8-armx.pl @@ -0,0 +1,968 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# This module implements support for ARMv8 AES instructions. The +# module is endian-agnostic in sense that it supports both big- and +# little-endian cases. As does it support both 32- and 64-bit modes +# of operation. Latter is achieved by limiting amount of utilized +# registers to 16, which implies additional NEON load and integer +# instructions. This has no effect on mighty Apple A7, where results +# are literally equal to the theoretical estimates based on AES +# instruction latencies and issue rates. On Cortex-A53, an in-order +# execution core, this costs up to 10-15%, which is partially +# compensated by implementing dedicated code path for 128-bit +# CBC encrypt case. On Cortex-A57 parallelizable mode performance +# seems to be limited by sheer amount of NEON instructions... +# +# Performance in cycles per byte processed with 128-bit key: +# +# CBC enc CBC dec CTR +# Apple A7 2.39 1.20 1.20 +# Cortex-A53 2.45 1.87 1.94 +# Cortex-A57 3.64 1.34 1.32 + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$prefix="aes_v8"; + +$code=<<___; +#include "arm_arch.h" + +#if __ARM_ARCH__>=7 +.text +___ +$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); +$code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); + +# Assembler mnemonics are an eclectic mix of 32- and 64-bit syntax, +# NEON is mostly 32-bit mnemonics, integer - mostly 64. Goal is to +# maintain both 32- and 64-bit codes within single module and +# transliterate common code to either flavour with regex vodoo. +# +{{{ +my ($inp,$bits,$out,$ptr,$rounds)=("x0","w1","x2","x3","w12"); +my ($zero,$rcon,$mask,$in0,$in1,$tmp,$key)= + $flavour=~/64/? map("q$_",(0..6)) : map("q$_",(0..3,8..10)); + + +$code.=<<___; +.align 5 +.Lrcon: +.long 0x01,0x01,0x01,0x01 +.long 0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d // rotate-n-splat +.long 0x1b,0x1b,0x1b,0x1b + +.globl ${prefix}_set_encrypt_key +.type ${prefix}_set_encrypt_key,%function +.align 5 +${prefix}_set_encrypt_key: +.Lenc_key: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___; + mov $ptr,#-1 + cmp $inp,#0 + b.eq .Lenc_key_abort + cmp $out,#0 + b.eq .Lenc_key_abort + mov $ptr,#-2 + cmp $bits,#128 + b.lt .Lenc_key_abort + cmp $bits,#256 + b.gt .Lenc_key_abort + tst $bits,#0x3f + b.ne .Lenc_key_abort + + adr $ptr,.Lrcon + cmp $bits,#192 + + veor $zero,$zero,$zero + vld1.8 {$in0},[$inp],#16 + mov $bits,#8 // reuse $bits + vld1.32 {$rcon,$mask},[$ptr],#32 + + b.lt .Loop128 + b.eq .L192 + b .L256 + +.align 4 +.Loop128: + vtbl.8 $key,{$in0},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in0},[$out],#16 + aese $key,$zero + subs $bits,$bits,#1 + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + vshl.u8 $rcon,$rcon,#1 + veor $in0,$in0,$key + b.ne .Loop128 + + vld1.32 {$rcon},[$ptr] + + vtbl.8 $key,{$in0},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in0},[$out],#16 + aese $key,$zero + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + vshl.u8 $rcon,$rcon,#1 + veor $in0,$in0,$key + + vtbl.8 $key,{$in0},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in0},[$out],#16 + aese $key,$zero + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + veor $in0,$in0,$key + vst1.32 {$in0},[$out] + add $out,$out,#0x50 + + mov $rounds,#10 + b .Ldone + +.align 4 +.L192: + vld1.8 {$in1},[$inp],#8 + vmov.i8 $key,#8 // borrow $key + vst1.32 {$in0},[$out],#16 + vsub.i8 $mask,$mask,$key // adjust the mask + +.Loop192: + vtbl.8 $key,{$in1},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in1},[$out],#8 + aese $key,$zero + subs $bits,$bits,#1 + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + + vdup.32 $tmp,${in0}[3] + veor $tmp,$tmp,$in1 + veor $key,$key,$rcon + vext.8 $in1,$zero,$in1,#12 + vshl.u8 $rcon,$rcon,#1 + veor $in1,$in1,$tmp + veor $in0,$in0,$key + veor $in1,$in1,$key + vst1.32 {$in0},[$out],#16 + b.ne .Loop192 + + mov $rounds,#12 + add $out,$out,#0x20 + b .Ldone + +.align 4 +.L256: + vld1.8 {$in1},[$inp] + mov $bits,#7 + mov $rounds,#14 + vst1.32 {$in0},[$out],#16 + +.Loop256: + vtbl.8 $key,{$in1},$mask + vext.8 $tmp,$zero,$in0,#12 + vst1.32 {$in1},[$out],#16 + aese $key,$zero + subs $bits,$bits,#1 + + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in0,$in0,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $key,$key,$rcon + veor $in0,$in0,$tmp + vshl.u8 $rcon,$rcon,#1 + veor $in0,$in0,$key + vst1.32 {$in0},[$out],#16 + b.eq .Ldone + + vdup.32 $key,${in0}[3] // just splat + vext.8 $tmp,$zero,$in1,#12 + aese $key,$zero + + veor $in1,$in1,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in1,$in1,$tmp + vext.8 $tmp,$zero,$tmp,#12 + veor $in1,$in1,$tmp + + veor $in1,$in1,$key + b .Loop256 + +.Ldone: + str $rounds,[$out] + mov $ptr,#0 + +.Lenc_key_abort: + mov x0,$ptr // return value + `"ldr x29,[sp],#16" if ($flavour =~ /64/)` + ret +.size ${prefix}_set_encrypt_key,.-${prefix}_set_encrypt_key + +.globl ${prefix}_set_decrypt_key +.type ${prefix}_set_decrypt_key,%function +.align 5 +${prefix}_set_decrypt_key: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___ if ($flavour !~ /64/); + stmdb sp!,{r4,lr} +___ +$code.=<<___; + bl .Lenc_key + + cmp x0,#0 + b.ne .Ldec_key_abort + + sub $out,$out,#240 // restore original $out + mov x4,#-16 + add $inp,$out,x12,lsl#4 // end of key schedule + + vld1.32 {v0.16b},[$out] + vld1.32 {v1.16b},[$inp] + vst1.32 {v0.16b},[$inp],x4 + vst1.32 {v1.16b},[$out],#16 + +.Loop_imc: + vld1.32 {v0.16b},[$out] + vld1.32 {v1.16b},[$inp] + aesimc v0.16b,v0.16b + aesimc v1.16b,v1.16b + vst1.32 {v0.16b},[$inp],x4 + vst1.32 {v1.16b},[$out],#16 + cmp $inp,$out + b.hi .Loop_imc + + vld1.32 {v0.16b},[$out] + aesimc v0.16b,v0.16b + vst1.32 {v0.16b},[$inp] + + eor x0,x0,x0 // return value +.Ldec_key_abort: +___ +$code.=<<___ if ($flavour !~ /64/); + ldmia sp!,{r4,pc} +___ +$code.=<<___ if ($flavour =~ /64/); + ldp x29,x30,[sp],#16 + ret +___ +$code.=<<___; +.size ${prefix}_set_decrypt_key,.-${prefix}_set_decrypt_key +___ +}}} +{{{ +sub gen_block () { +my $dir = shift; +my ($e,$mc) = $dir eq "en" ? ("e","mc") : ("d","imc"); +my ($inp,$out,$key)=map("x$_",(0..2)); +my $rounds="w3"; +my ($rndkey0,$rndkey1,$inout)=map("q$_",(0..3)); + +$code.=<<___; +.globl ${prefix}_${dir}crypt +.type ${prefix}_${dir}crypt,%function +.align 5 +${prefix}_${dir}crypt: + ldr $rounds,[$key,#240] + vld1.32 {$rndkey0},[$key],#16 + vld1.8 {$inout},[$inp] + sub $rounds,$rounds,#2 + vld1.32 {$rndkey1},[$key],#16 + +.Loop_${dir}c: + aes$e $inout,$rndkey0 + vld1.32 {$rndkey0},[$key],#16 + aes$mc $inout,$inout + subs $rounds,$rounds,#2 + aes$e $inout,$rndkey1 + vld1.32 {$rndkey1},[$key],#16 + aes$mc $inout,$inout + b.gt .Loop_${dir}c + + aes$e $inout,$rndkey0 + vld1.32 {$rndkey0},[$key] + aes$mc $inout,$inout + aes$e $inout,$rndkey1 + veor $inout,$inout,$rndkey0 + + vst1.8 {$inout},[$out] + ret +.size ${prefix}_${dir}crypt,.-${prefix}_${dir}crypt +___ +} +&gen_block("en"); +&gen_block("de"); +}}} +{{{ +my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); my $enc="w5"; +my ($rounds,$cnt,$key_,$step,$step1)=($enc,"w6","x7","x8","x12"); +my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); + +my ($dat,$tmp,$rndzero_n_last)=($dat0,$tmp0,$tmp1); + +### q8-q15 preloaded key schedule + +$code.=<<___; +.globl ${prefix}_cbc_encrypt +.type ${prefix}_cbc_encrypt,%function +.align 5 +${prefix}_cbc_encrypt: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___ if ($flavour !~ /64/); + mov ip,sp + stmdb sp!,{r4-r8,lr} + vstmdb sp!,{d8-d15} @ ABI specification says so + ldmia ip,{r4-r5} @ load remaining args +___ +$code.=<<___; + subs $len,$len,#16 + mov $step,#16 + b.lo .Lcbc_abort + cclr $step,eq + + cmp $enc,#0 // en- or decrypting? + ldr $rounds,[$key,#240] + and $len,$len,#-16 + vld1.8 {$ivec},[$ivp] + vld1.8 {$dat},[$inp],$step + + vld1.32 {q8-q9},[$key] // load key schedule... + sub $rounds,$rounds,#6 + add $key_,$key,x5,lsl#4 // pointer to last 7 round keys + sub $rounds,$rounds,#2 + vld1.32 {q10-q11},[$key_],#32 + vld1.32 {q12-q13},[$key_],#32 + vld1.32 {q14-q15},[$key_],#32 + vld1.32 {$rndlast},[$key_] + + add $key_,$key,#32 + mov $cnt,$rounds + b.eq .Lcbc_dec + + cmp $rounds,#2 + veor $dat,$dat,$ivec + veor $rndzero_n_last,q8,$rndlast + b.eq .Lcbc_enc128 + +.Loop_cbc_enc: + aese $dat,q8 + vld1.32 {q8},[$key_],#16 + aesmc $dat,$dat + subs $cnt,$cnt,#2 + aese $dat,q9 + vld1.32 {q9},[$key_],#16 + aesmc $dat,$dat + b.gt .Loop_cbc_enc + + aese $dat,q8 + aesmc $dat,$dat + subs $len,$len,#16 + aese $dat,q9 + aesmc $dat,$dat + cclr $step,eq + aese $dat,q10 + aesmc $dat,$dat + add $key_,$key,#16 + aese $dat,q11 + aesmc $dat,$dat + vld1.8 {q8},[$inp],$step + aese $dat,q12 + aesmc $dat,$dat + veor q8,q8,$rndzero_n_last + aese $dat,q13 + aesmc $dat,$dat + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + aese $dat,q14 + aesmc $dat,$dat + aese $dat,q15 + + mov $cnt,$rounds + veor $ivec,$dat,$rndlast + vst1.8 {$ivec},[$out],#16 + b.hs .Loop_cbc_enc + + b .Lcbc_done + +.align 5 +.Lcbc_enc128: + vld1.32 {$in0-$in1},[$key_] + aese $dat,q8 + aesmc $dat,$dat + b .Lenter_cbc_enc128 +.Loop_cbc_enc128: + aese $dat,q8 + aesmc $dat,$dat + vst1.8 {$ivec},[$out],#16 +.Lenter_cbc_enc128: + aese $dat,q9 + aesmc $dat,$dat + subs $len,$len,#16 + aese $dat,$in0 + aesmc $dat,$dat + cclr $step,eq + aese $dat,$in1 + aesmc $dat,$dat + aese $dat,q10 + aesmc $dat,$dat + aese $dat,q11 + aesmc $dat,$dat + vld1.8 {q8},[$inp],$step + aese $dat,q12 + aesmc $dat,$dat + aese $dat,q13 + aesmc $dat,$dat + aese $dat,q14 + aesmc $dat,$dat + veor q8,q8,$rndzero_n_last + aese $dat,q15 + veor $ivec,$dat,$rndlast + b.hs .Loop_cbc_enc128 + + vst1.8 {$ivec},[$out],#16 + b .Lcbc_done +___ +{ +my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); +$code.=<<___; +.align 5 +.Lcbc_dec: + vld1.8 {$dat2},[$inp],#16 + subs $len,$len,#32 // bias + add $cnt,$rounds,#2 + vorr $in1,$dat,$dat + vorr $dat1,$dat,$dat + vorr $in2,$dat2,$dat2 + b.lo .Lcbc_dec_tail + + vorr $dat1,$dat2,$dat2 + vld1.8 {$dat2},[$inp],#16 + vorr $in0,$dat,$dat + vorr $in1,$dat1,$dat1 + vorr $in2,$dat2,$dat2 + +.Loop3x_cbc_dec: + aesd $dat0,q8 + aesd $dat1,q8 + aesd $dat2,q8 + vld1.32 {q8},[$key_],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + subs $cnt,$cnt,#2 + aesd $dat0,q9 + aesd $dat1,q9 + aesd $dat2,q9 + vld1.32 {q9},[$key_],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + b.gt .Loop3x_cbc_dec + + aesd $dat0,q8 + aesd $dat1,q8 + aesd $dat2,q8 + veor $tmp0,$ivec,$rndlast + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + veor $tmp1,$in0,$rndlast + aesd $dat0,q9 + aesd $dat1,q9 + aesd $dat2,q9 + veor $tmp2,$in1,$rndlast + subs $len,$len,#0x30 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + vorr $ivec,$in2,$in2 + mov.lo x6,$len // x6, $cnt, is zero at this point + aesd $dat0,q12 + aesd $dat1,q12 + aesd $dat2,q12 + add $inp,$inp,x6 // $inp is adjusted in such way that + // at exit from the loop $dat1-$dat2 + // are loaded with last "words" + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + mov $key_,$key + aesd $dat0,q13 + aesd $dat1,q13 + aesd $dat2,q13 + vld1.8 {$in0},[$inp],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + vld1.8 {$in1},[$inp],#16 + aesd $dat0,q14 + aesd $dat1,q14 + aesd $dat2,q14 + vld1.8 {$in2},[$inp],#16 + aesimc $dat0,$dat0 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + aesd $dat0,q15 + aesd $dat1,q15 + aesd $dat2,q15 + + add $cnt,$rounds,#2 + veor $tmp0,$tmp0,$dat0 + veor $tmp1,$tmp1,$dat1 + veor $dat2,$dat2,$tmp2 + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vorr $dat0,$in0,$in0 + vst1.8 {$tmp0},[$out],#16 + vorr $dat1,$in1,$in1 + vst1.8 {$tmp1},[$out],#16 + vst1.8 {$dat2},[$out],#16 + vorr $dat2,$in2,$in2 + b.hs .Loop3x_cbc_dec + + cmn $len,#0x30 + b.eq .Lcbc_done + nop + +.Lcbc_dec_tail: + aesd $dat1,q8 + aesd $dat2,q8 + vld1.32 {q8},[$key_],#16 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + subs $cnt,$cnt,#2 + aesd $dat1,q9 + aesd $dat2,q9 + vld1.32 {q9},[$key_],#16 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + b.gt .Lcbc_dec_tail + + aesd $dat1,q8 + aesd $dat2,q8 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + aesd $dat1,q9 + aesd $dat2,q9 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + aesd $dat1,q12 + aesd $dat2,q12 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + cmn $len,#0x20 + aesd $dat1,q13 + aesd $dat2,q13 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + veor $tmp1,$ivec,$rndlast + aesd $dat1,q14 + aesd $dat2,q14 + aesimc $dat1,$dat1 + aesimc $dat2,$dat2 + veor $tmp2,$in1,$rndlast + aesd $dat1,q15 + aesd $dat2,q15 + b.eq .Lcbc_dec_one + veor $tmp1,$tmp1,$dat1 + veor $tmp2,$tmp2,$dat2 + vorr $ivec,$in2,$in2 + vst1.8 {$tmp1},[$out],#16 + vst1.8 {$tmp2},[$out],#16 + b .Lcbc_done + +.Lcbc_dec_one: + veor $tmp1,$tmp1,$dat2 + vorr $ivec,$in2,$in2 + vst1.8 {$tmp1},[$out],#16 + +.Lcbc_done: + vst1.8 {$ivec},[$ivp] +.Lcbc_abort: +___ +} +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} + ldmia sp!,{r4-r8,pc} +___ +$code.=<<___ if ($flavour =~ /64/); + ldr x29,[sp],#16 + ret +___ +$code.=<<___; +.size ${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt +___ +}}} +{{{ +my ($inp,$out,$len,$key,$ivp)=map("x$_",(0..4)); +my ($rounds,$cnt,$key_)=("w5","w6","x7"); +my ($ctr,$tctr0,$tctr1,$tctr2)=map("w$_",(8..10,12)); +my $step="x12"; # aliases with $tctr2 + +my ($dat0,$dat1,$in0,$in1,$tmp0,$tmp1,$ivec,$rndlast)=map("q$_",(0..7)); +my ($dat2,$in2,$tmp2)=map("q$_",(10,11,9)); + +my ($dat,$tmp)=($dat0,$tmp0); + +### q8-q15 preloaded key schedule + +$code.=<<___; +.globl ${prefix}_ctr32_encrypt_blocks +.type ${prefix}_ctr32_encrypt_blocks,%function +.align 5 +${prefix}_ctr32_encrypt_blocks: +___ +$code.=<<___ if ($flavour =~ /64/); + stp x29,x30,[sp,#-16]! + add x29,sp,#0 +___ +$code.=<<___ if ($flavour !~ /64/); + mov ip,sp + stmdb sp!,{r4-r10,lr} + vstmdb sp!,{d8-d15} @ ABI specification says so + ldr r4, [ip] @ load remaining arg +___ +$code.=<<___; + ldr $rounds,[$key,#240] + + ldr $ctr, [$ivp, #12] + vld1.32 {$dat0},[$ivp] + + vld1.32 {q8-q9},[$key] // load key schedule... + sub $rounds,$rounds,#4 + mov $step,#16 + cmp $len,#2 + add $key_,$key,x5,lsl#4 // pointer to last 5 round keys + sub $rounds,$rounds,#2 + vld1.32 {q12-q13},[$key_],#32 + vld1.32 {q14-q15},[$key_],#32 + vld1.32 {$rndlast},[$key_] + add $key_,$key,#32 + mov $cnt,$rounds + cclr $step,lo +#ifndef __ARMEB__ + rev $ctr, $ctr +#endif + vorr $dat1,$dat0,$dat0 + add $tctr1, $ctr, #1 + vorr $dat2,$dat0,$dat0 + add $ctr, $ctr, #2 + vorr $ivec,$dat0,$dat0 + rev $tctr1, $tctr1 + vmov.32 ${dat1}[3],$tctr1 + b.ls .Lctr32_tail + rev $tctr2, $ctr + sub $len,$len,#3 // bias + vmov.32 ${dat2}[3],$tctr2 + b .Loop3x_ctr32 + +.align 4 +.Loop3x_ctr32: + aese $dat0,q8 + aese $dat1,q8 + aese $dat2,q8 + vld1.32 {q8},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aesmc $dat2,$dat2 + subs $cnt,$cnt,#2 + aese $dat0,q9 + aese $dat1,q9 + aese $dat2,q9 + vld1.32 {q9},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aesmc $dat2,$dat2 + b.gt .Loop3x_ctr32 + + aese $dat0,q8 + aese $dat1,q8 + aese $dat2,q8 + mov $key_,$key + aesmc $tmp0,$dat0 + vld1.8 {$in0},[$inp],#16 + aesmc $tmp1,$dat1 + aesmc $dat2,$dat2 + vorr $dat0,$ivec,$ivec + aese $tmp0,q9 + vld1.8 {$in1},[$inp],#16 + aese $tmp1,q9 + aese $dat2,q9 + vorr $dat1,$ivec,$ivec + aesmc $tmp0,$tmp0 + vld1.8 {$in2},[$inp],#16 + aesmc $tmp1,$tmp1 + aesmc $tmp2,$dat2 + vorr $dat2,$ivec,$ivec + add $tctr0,$ctr,#1 + aese $tmp0,q12 + aese $tmp1,q12 + aese $tmp2,q12 + veor $in0,$in0,$rndlast + add $tctr1,$ctr,#2 + aesmc $tmp0,$tmp0 + aesmc $tmp1,$tmp1 + aesmc $tmp2,$tmp2 + veor $in1,$in1,$rndlast + add $ctr,$ctr,#3 + aese $tmp0,q13 + aese $tmp1,q13 + aese $tmp2,q13 + veor $in2,$in2,$rndlast + rev $tctr0,$tctr0 + aesmc $tmp0,$tmp0 + vld1.32 {q8},[$key_],#16 // re-pre-load rndkey[0] + aesmc $tmp1,$tmp1 + aesmc $tmp2,$tmp2 + vmov.32 ${dat0}[3], $tctr0 + rev $tctr1,$tctr1 + aese $tmp0,q14 + aese $tmp1,q14 + aese $tmp2,q14 + vmov.32 ${dat1}[3], $tctr1 + rev $tctr2,$ctr + aesmc $tmp0,$tmp0 + aesmc $tmp1,$tmp1 + aesmc $tmp2,$tmp2 + vmov.32 ${dat2}[3], $tctr2 + subs $len,$len,#3 + aese $tmp0,q15 + aese $tmp1,q15 + aese $tmp2,q15 + + mov $cnt,$rounds + veor $in0,$in0,$tmp0 + veor $in1,$in1,$tmp1 + veor $in2,$in2,$tmp2 + vld1.32 {q9},[$key_],#16 // re-pre-load rndkey[1] + vst1.8 {$in0},[$out],#16 + vst1.8 {$in1},[$out],#16 + vst1.8 {$in2},[$out],#16 + b.hs .Loop3x_ctr32 + + adds $len,$len,#3 + b.eq .Lctr32_done + cmp $len,#1 + mov $step,#16 + cclr $step,eq + +.Lctr32_tail: + aese $dat0,q8 + aese $dat1,q8 + vld1.32 {q8},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + subs $cnt,$cnt,#2 + aese $dat0,q9 + aese $dat1,q9 + vld1.32 {q9},[$key_],#16 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + b.gt .Lctr32_tail + + aese $dat0,q8 + aese $dat1,q8 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aese $dat0,q9 + aese $dat1,q9 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + vld1.8 {$in0},[$inp],$step + aese $dat0,q12 + aese $dat1,q12 + vld1.8 {$in1},[$inp] + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aese $dat0,q13 + aese $dat1,q13 + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + aese $dat0,q14 + aese $dat1,q14 + veor $in0,$in0,$rndlast + aesmc $dat0,$dat0 + aesmc $dat1,$dat1 + veor $in1,$in1,$rndlast + aese $dat0,q15 + aese $dat1,q15 + + cmp $len,#1 + veor $in0,$in0,$dat0 + veor $in1,$in1,$dat1 + vst1.8 {$in0},[$out],#16 + b.eq .Lctr32_done + vst1.8 {$in1},[$out] + +.Lctr32_done: +___ +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} + ldmia sp!,{r4-r10,pc} +___ +$code.=<<___ if ($flavour =~ /64/); + ldr x29,[sp],#16 + ret +___ +$code.=<<___; +.size ${prefix}_ctr32_encrypt_blocks,.-${prefix}_ctr32_encrypt_blocks +___ +}}} +$code.=<<___; +#endif +___ +######################################## +if ($flavour =~ /64/) { ######## 64-bit code + my %opcode = ( + "aesd" => 0x4e285800, "aese" => 0x4e284800, + "aesimc"=> 0x4e287800, "aesmc" => 0x4e286800 ); + + local *unaes = sub { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5), + $mnemonic,$arg; + }; + + foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval($1)/geo; + + s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo; # old->new registers + s/@\s/\/\//o; # old->new style commentary + + #s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo or + s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel $1$2,$1zr,$1$2,$3/o or + s/mov\.([a-z]+)\s+([wx][0-9]+),\s*([wx][0-9]+)/csel $2,$3,$2,$1/o or + s/vmov\.i8/movi/o or # fix up legacy mnemonics + s/vext\.8/ext/o or + s/vrev32\.8/rev32/o or + s/vtst\.8/cmtst/o or + s/vshr/ushr/o or + s/^(\s+)v/$1/o or # strip off v prefix + s/\bbx\s+lr\b/ret/o; + + # fix up remainig legacy suffixes + s/\.[ui]?8//o; + m/\],#8/o and s/\.16b/\.8b/go; + s/\.[ui]?32//o and s/\.16b/\.4s/go; + s/\.[ui]?64//o and s/\.16b/\.2d/go; + s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + + print $_,"\n"; + } +} else { ######## 32-bit code + my %opcode = ( + "aesd" => 0xf3b00340, "aese" => 0xf3b00300, + "aesimc"=> 0xf3b003c0, "aesmc" => 0xf3b00380 ); + + local *unaes = sub { + my ($mnemonic,$arg)=@_; + + if ($arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)/o) { + my $word = $opcode{$mnemonic}|(($1&7)<<13)|(($1&8)<<19) + |(($2&7)<<1) |(($2&8)<<2); + # since ARMv7 instructions are always encoded little-endian. + # correct solution is to use .inst directive, but older + # assemblers don't implement it:-( + sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", + $word&0xff,($word>>8)&0xff, + ($word>>16)&0xff,($word>>24)&0xff, + $mnemonic,$arg; + } + }; + + sub unvtbl { + my $arg=shift; + + $arg =~ m/q([0-9]+),\s*\{q([0-9]+)\},\s*q([0-9]+)/o && + sprintf "vtbl.8 d%d,{q%d},d%d\n\t". + "vtbl.8 d%d,{q%d},d%d", 2*$1,$2,2*$3, 2*$1+1,$2,2*$3+1; + } + + sub unvdup32 { + my $arg=shift; + + $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && + sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; + } + + sub unvmov32 { + my $arg=shift; + + $arg =~ m/q([0-9]+)\[([0-3])\],(.*)/o && + sprintf "vmov.32 d%d[%d],%s",2*$1+($2>>1),$2&1,$3; + } + + foreach(split("\n",$code)) { + s/\`([^\`]*)\`/eval($1)/geo; + + s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers + s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers + s/\/\/\s?/@ /o; # new->old style commentary + + # fix up remainig new-style suffixes + s/\{q([0-9]+)\},\s*\[(.+)\],#8/sprintf "{d%d},[$2]!",2*$1/eo or + s/\],#[0-9]+/]!/o; + + s/[v]?(aes\w+)\s+([qv].*)/unaes($1,$2)/geo or + s/cclr\s+([^,]+),\s*([a-z]+)/mov$2 $1,#0/o or + s/vtbl\.8\s+(.*)/unvtbl($1)/geo or + s/vdup\.32\s+(.*)/unvdup32($1)/geo or + s/vmov\.32\s+(.*)/unvmov32($1)/geo or + s/^(\s+)b\./$1b/o or + s/^(\s+)mov\./$1mov/o or + s/^(\s+)ret/$1bx\tlr/o; + + print $_,"\n"; + } +} + +close STDOUT; diff --git a/crypto/arm64cpuid.pl b/crypto/arm64cpuid.pl new file mode 100644 index 0000000..bfec664 --- /dev/null +++ b/crypto/arm64cpuid.pl @@ -0,0 +1,68 @@ +#!/usr/bin/env perl + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$code.=<<___; +#include "arm_arch.h" + +.text +.arch armv8-a+crypto + +.align 5 +.globl _armv7_neon_probe +.type _armv7_neon_probe,%function +_armv7_neon_probe: + orr v15.16b, v15.16b, v15.16b + ret +.size _armv7_neon_probe,.-_armv7_neon_probe + +.globl _armv7_tick +.type _armv7_tick,%function +_armv7_tick: +#ifdef __APPLE__ + mrs x0, CNTPCT_EL0 +#else + mrs x0, CNTVCT_EL0 +#endif + ret +.size _armv7_tick,.-_armv7_tick + +.globl _armv8_aes_probe +.type _armv8_aes_probe,%function +_armv8_aes_probe: + aese v0.16b, v0.16b + ret +.size _armv8_aes_probe,.-_armv8_aes_probe + +.globl _armv8_sha1_probe +.type _armv8_sha1_probe,%function +_armv8_sha1_probe: + sha1h s0, s0 + ret +.size _armv8_sha1_probe,.-_armv8_sha1_probe + +.globl _armv8_sha256_probe +.type _armv8_sha256_probe,%function +_armv8_sha256_probe: + sha256su0 v0.4s, v0.4s + ret +.size _armv8_sha256_probe,.-_armv8_sha256_probe +.globl _armv8_pmull_probe +.type _armv8_pmull_probe,%function +_armv8_pmull_probe: + pmull v0.1q, v0.1d, v0.1d + ret +.size _armv8_pmull_probe,.-_armv8_pmull_probe +___ + +print $code; +close STDOUT; diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h index a50c366..7a37775 100644 --- a/crypto/arm_arch.h +++ b/crypto/arm_arch.h @@ -10,13 +10,22 @@ # define __ARMEL__ # endif # elif defined(__GNUC__) +# if defined(__aarch64__) +# define __ARM_ARCH__ 8 +# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ +# define __ARMEB__ +# else +# define __ARMEL__ +# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectires[] table in * gcc/config/arm/arm.c. On a side note it defines * __ARMEL__/__ARMEB__ for little-/big-endian. */ -# if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ +# elif defined(__ARM_ARCH_8A__) +# define __ARM_ARCH__ 8 +# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ defined(__ARM_ARCH_7EM__) # define __ARM_ARCH__ 7 @@ -42,10 +51,14 @@ #if !__ASSEMBLER__ extern unsigned int OPENSSL_armcap_P; +#endif #define ARMV7_NEON (1<<0) #define ARMV7_TICK (1<<1) -#endif +#define ARMV8_AES (1<<2) +#define ARMV8_SHA1 (1<<3) +#define ARMV8_SHA256 (1<<4) +#define ARMV8_PMULL (1<<5) #endif #endif diff --git a/crypto/armcap.c b/crypto/armcap.c index 5258d2f..2579389 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -20,6 +20,10 @@ static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); } */ void _armv7_neon_probe(void); unsigned int _armv7_tick(void); +void _armv8_aes_probe(void); +void _armv8_sha1_probe(void); +void _armv8_sha256_probe(void); +void _armv8_pmull_probe(void); unsigned int OPENSSL_rdtsc(void) { @@ -68,6 +72,28 @@ void OPENSSL_cpuid_setup(void) { _armv7_neon_probe(); OPENSSL_armcap_P |= ARMV7_NEON; +#ifdef __aarch64__ + if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_pmull_probe(); + OPENSSL_armcap_P |= ARMV8_PMULL|ARMV8_AES; + } + else if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_aes_probe(); + OPENSSL_armcap_P |= ARMV8_AES; + } + if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_sha1_probe(); + OPENSSL_armcap_P |= ARMV8_SHA1; + } + if (sigsetjmp(ill_jmp,1) == 0) + { + _armv8_sha256_probe(); + OPENSSL_armcap_P |= ARMV8_SHA256; + } +#endif } if (sigsetjmp(ill_jmp,1) == 0) { diff --git a/crypto/armv4cpuid_ios.S b/crypto/armv4cpuid_ios.S new file mode 100644 index 0000000..cce9a79 --- /dev/null +++ b/crypto/armv4cpuid_ios.S @@ -0,0 +1,210 @@ +#include "arm_arch.h" + +.text +.code 32 + +.align 5 +.globl _OPENSSL_atomic_add + +_OPENSSL_atomic_add: +#if __ARM_ARCH__>=6 +Ladd: ldrex r2,[r0] + add r3,r2,r1 + strex r2,r3,[r0] + cmp r2,#0 + bne Ladd + mov r0,r3 + bx lr +#else + stmdb sp!,{r4,r5,r6,lr} + ldr r2,Lspinlock + adr r3,Lspinlock + mov r4,r0 + mov r5,r1 + add r6,r3,r2 @ &spinlock + b .+8 +Lspin: bl sched_yield + mov r0,#-1 + swp r0,r0,[r6] + cmp r0,#0 + bne Lspin + + ldr r2,[r4] + add r2,r2,r5 + str r2,[r4] + str r0,[r6] @ release spinlock + ldmia sp!,{r4,r5,r6,lr} + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.globl _OPENSSL_cleanse + +_OPENSSL_cleanse: + eor ip,ip,ip + cmp r1,#7 + subhs r1,r1,#4 + bhs Lot + cmp r1,#0 + beq Lcleanse_done +Little: + strb ip,[r0],#1 + subs r1,r1,#1 + bhi Little + b Lcleanse_done + +Lot: tst r0,#3 + beq Laligned + strb ip,[r0],#1 + sub r1,r1,#1 + b Lot +Laligned: + str ip,[r0],#4 + subs r1,r1,#4 + bhs Laligned + adds r1,r1,#4 + bne Little +Lcleanse_done: +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + + + +.align 5 +.globl __armv7_neon_probe + +__armv7_neon_probe: + vorr q0,q0,q0 + bx lr + + +.globl __armv7_tick + +__armv7_tick: +#ifdef __APPLE__ + mrrc p15,0,r0,r1,c14 @ CNTPCT +#else + mrrc p15,1,r0,r1,c14 @ CNTVCT +#endif + bx lr + + +.globl __armv8_aes_probe + +__armv8_aes_probe: +.byte 0x00,0x03,0xb0,0xf3 @ aese.8 q0,q0 + bx lr + + +.globl __armv8_sha1_probe + +__armv8_sha1_probe: +.byte 0x40,0x0c,0x00,0xf2 @ sha1c.32 q0,q0,q0 + bx lr + + +.globl __armv8_sha256_probe + +__armv8_sha256_probe: +.byte 0x40,0x0c,0x00,0xf3 @ sha256h.32 q0,q0,q0 + bx lr + +.globl __armv8_pmull_probe + +__armv8_pmull_probe: +.byte 0x00,0x0e,0xa0,0xf2 @ vmull.p64 q0,d0,d0 + bx lr + +.globl _OPENSSL_wipe_cpu + +_OPENSSL_wipe_cpu: + ldr r0,LOPENSSL_armcap + adr r1,LOPENSSL_armcap + ldr r0,[r1,r0] +#ifdef __APPLE__ + ldr r0,[r0] +#endif + eor r2,r2,r2 + eor r3,r3,r3 + eor ip,ip,ip + tst r0,#1 + beq Lwipe_done + veor q0, q0, q0 + veor q1, q1, q1 + veor q2, q2, q2 + veor q3, q3, q3 + veor q8, q8, q8 + veor q9, q9, q9 + veor q10, q10, q10 + veor q11, q11, q11 + veor q12, q12, q12 + veor q13, q13, q13 + veor q14, q14, q14 + veor q15, q15, q15 +Lwipe_done: + mov r0,sp +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.globl _OPENSSL_instrument_bus + +_OPENSSL_instrument_bus: + eor r0,r0,r0 +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.globl _OPENSSL_instrument_bus2 + +_OPENSSL_instrument_bus2: + eor r0,r0,r0 +#if __ARM_ARCH__>=5 + bx lr +#else + tst lr,#1 + moveq pc,lr +.word 0xe12fff1e @ bx lr +#endif + + +.align 5 +LOPENSSL_armcap: +.word OPENSSL_armcap_P-. +#if __ARM_ARCH__>=6 +.align 5 +#else +Lspinlock: +.word atomic_add_spinlock-Lspinlock +.align 5 + +.data +.align 2 +atomic_add_spinlock: +.word +#endif + +.comm _OPENSSL_armcap_P,4 +.non_lazy_symbol_pointer +OPENSSL_armcap_P: +.indirect_symbol _OPENSSL_armcap_P +.long 0 +.private_extern _OPENSSL_armcap_P diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl index c52e0b7..737659f 100644 --- a/crypto/bn/asm/armv4-gf2m.pl +++ b/crypto/bn/asm/armv4-gf2m.pl @@ -21,8 +21,20 @@ # runs in even less cycles, ~30, improvement is measurable only on # longer keys. One has to optimize code elsewhere to get NEON glow... -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} sub Dlo() { shift=~m|q([1]?[0-9])|?"d".($1*2):""; } sub Dhi() { shift=~m|q([1]?[0-9])|?"d".($1*2+1):""; } @@ -170,11 +182,18 @@ bn_GF2m_mul_2x2: #if __ARM_ARCH__>=7 ldr r12,.LOPENSSL_armcap .Lpic: ldr r12,[pc,r12] +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#1 beq .Lialu veor $A1,$A1 +#ifdef __APPLE__ + vmov $B1,r3,r3 @ two copies of b1 +#else vmov.32 $B1,r3,r3 @ two copies of b1 +#endif vmov.32 ${A1}[0],r1 @ a1 veor $A0,$A0 diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl index f78a8b5..aa00f38 100644 --- a/crypto/bn/asm/armv4-mont.pl +++ b/crypto/bn/asm/armv4-mont.pl @@ -23,8 +23,20 @@ # than 1/2KB. Windows CE port would be trivial, as it's exclusively # about decorations, ABI and instruction syntax are identical. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $num="r0"; # starts as num argument, but holds &tp[num-1] $ap="r1"; diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c index 56e5fff..9a2de16 100644 --- a/crypto/evp/e_aes.c +++ b/crypto/evp/e_aes.c @@ -471,6 +471,35 @@ const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \ { return &aes_##keylen##_##mode; } #endif +#if defined(OPENSSL_CPUID_OBJ) && defined(__aarch64__) +#include "arm_arch.h" +#if __ARM_ARCH__>=7 +# define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES) +# define HWAES_set_encrypt_key aes_v8_set_encrypt_key +# define HWAES_set_decrypt_key aes_v8_set_decrypt_key +# define HWAES_encrypt aes_v8_encrypt +# define HWAES_decrypt aes_v8_decrypt +# define HWAES_cbc_encrypt aes_v8_cbc_encrypt +# define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks +#endif +#endif + +#if defined(HWAES_CAPABLE) +int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits, + AES_KEY *key); +void HWAES_encrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_decrypt(const unsigned char *in, unsigned char *out, + const AES_KEY *key); +void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out, + size_t length, const AES_KEY *key, + unsigned char *ivec, const int enc); +void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, + size_t len, const AES_KEY *key, const unsigned char ivec[16]); +#endif + #define BLOCK_CIPHER_generic_pack(nid,keylen,flags) \ BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1) \ @@ -489,6 +518,19 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, mode = ctx->cipher->flags & EVP_CIPH_MODE; if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE) && !enc) +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + ret = HWAES_set_decrypt_key(key,ctx->key_len*8,&dat->ks); + dat->block = (block128_f)HWAES_decrypt; + dat->stream.cbc = NULL; +#ifdef HWAES_cbc_encrypt + if (mode==EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; +#endif + } + else +#endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE) { @@ -517,6 +559,26 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, NULL; } else +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + ret = HWAES_set_encrypt_key(key,ctx->key_len*8,&dat->ks); + dat->block = (block128_f)HWAES_encrypt; + dat->stream.cbc = NULL; +#ifdef HWAES_cbc_encrypt + if (mode==EVP_CIPH_CBC_MODE) + dat->stream.cbc = (cbc128_f)HWAES_cbc_encrypt; + else +#endif +#ifdef HWAES_ctr32_encrypt_blocks + if (mode==EVP_CIPH_CTR_MODE) + dat->stream.ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; + else +#endif + (void)0; /* terminate potentially open 'else' */ + } + else +#endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE) { @@ -831,6 +893,21 @@ static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) { do { +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + HWAES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks); + CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks, + (block128_f)HWAES_encrypt); +#ifdef HWAES_ctr32_encrypt_blocks + gctx->ctr = (ctr128_f)HWAES_ctr32_encrypt_blocks; +#else + gctx->ctr = NULL; +#endif + break; + } + else +#endif #ifdef BSAES_CAPABLE if (BSAES_CAPABLE) { @@ -1088,6 +1165,29 @@ static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, { xctx->stream = NULL; /* key_len is two AES keys */ +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + if (enc) + { + HWAES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)HWAES_encrypt; + } + else + { + HWAES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1); + xctx->xts.block1 = (block128_f)HWAES_decrypt; + } + + HWAES_set_encrypt_key(key + ctx->key_len/2, + ctx->key_len * 4, &xctx->ks2); + xctx->xts.block2 = (block128_f)HWAES_encrypt; + + xctx->xts.key1 = &xctx->ks1; + break; + } + else +#endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { @@ -1244,6 +1344,19 @@ static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, return 1; if (key) do { +#ifdef HWAES_CAPABLE + if (HWAES_CAPABLE) + { + HWAES_set_encrypt_key(key,ctx->key_len*8,&cctx->ks); + + CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L, + &cctx->ks, (block128_f)HWAES_encrypt); + cctx->str = NULL; + cctx->key_set = 1; + break; + } + else +#endif #ifdef VPAES_CAPABLE if (VPAES_CAPABLE) { diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index 8119693..f4930c6 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -56,11 +56,14 @@ ghash-alpha.s: asm/ghash-alpha.pl $(PERL) $< | $(CC) -E - | tee $@ > /dev/null ghash-parisc.s: asm/ghash-parisc.pl $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@ +ghashv8-armx.S: asm/ghashv8-armx.pl + $(PERL) asm/ghashv8-armx.pl $(PERLASM_SCHEME) $@ # GNU make "catch all" ghash-%.S: asm/ghash-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ ghash-armv4.o: ghash-armv4.S +ghashv8-armx.o: ghashv8-armx.S files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl index d91586e..3799b2b 100644 --- a/crypto/modes/asm/ghash-armv4.pl +++ b/crypto/modes/asm/ghash-armv4.pl @@ -57,8 +57,20 @@ # *native* byte order on current platform. See gcm128.c for working # example... -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $Xi="r0"; # argument block $Htbl="r1"; @@ -112,6 +124,11 @@ $code=<<___; .text .code 32 +#ifdef __APPLE__ +#define ldrplb ldrbpl +#define ldrneb ldrbne +#endif + .type rem_4bit,%object .align 5 rem_4bit: @@ -326,9 +343,9 @@ $code.=<<___; .align 4 gcm_gmult_neon: sub $Htbl,#16 @ point at H in GCM128_CTX - vld1.64 `&Dhi("$IN")`,[$Xi,:64]!@ load Xi + vld1.64 `&Dhi("$IN")`,[$Xi]! @ load Xi vmov.i32 $mod,#0xe1 @ our irreducible polynomial - vld1.64 `&Dlo("$IN")`,[$Xi,:64]! + vld1.64 `&Dlo("$IN")`,[$Xi]! vshr.u64 $mod,#32 vldmia $Htbl,{$Hhi-$Hlo} @ load H veor $zero,$zero @@ -349,9 +366,9 @@ gcm_gmult_neon: .type gcm_ghash_neon,%function .align 4 gcm_ghash_neon: - vld1.64 `&Dhi("$Z")`,[$Xi,:64]! @ load Xi + vld1.64 `&Dhi("$Z")`,[$Xi]! @ load Xi vmov.i32 $mod,#0xe1 @ our irreducible polynomial - vld1.64 `&Dlo("$Z")`,[$Xi,:64]! + vld1.64 `&Dlo("$Z")`,[$Xi]! vshr.u64 $mod,#32 vldmia $Xi,{$Hhi-$Hlo} @ load H veor $zero,$zero @@ -410,8 +427,8 @@ gcm_ghash_neon: vrev64.8 $Z,$Z #endif sub $Xi,#16 - vst1.64 `&Dhi("$Z")`,[$Xi,:64]! @ write out Xi - vst1.64 `&Dlo("$Z")`,[$Xi,:64] + vst1.64 `&Dhi("$Z")`,[$Xi]! @ write out Xi + vst1.64 `&Dlo("$Z")`,[$Xi] bx lr .size gcm_ghash_neon,.-gcm_ghash_neon diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl new file mode 100644 index 0000000..300e8d5 --- /dev/null +++ b/crypto/modes/asm/ghashv8-armx.pl @@ -0,0 +1,376 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# GHASH for ARMv8 Crypto Extension, 64-bit polynomial multiplication. +# +# June 2014 +# +# Initial version was developed in tight cooperation with Ard +# Biesheuvel from bits-n-pieces from +# other assembly modules. Just like aesv8-armx.pl this module +# supports both AArch32 and AArch64 execution modes. +# +# July 2014 +# +# Implement 2x aggregated reduction [see ghash-x86.pl for background +# information]. +# +# Current performance in cycles per processed byte: +# +# PMULL[2] 32-bit NEON(*) +# Apple A7 0.92 5.62 +# Cortex-A53 1.01 8.39 +# Cortex-A57 1.17 7.61 +# +# (*) presented for reference/comparison purposes; + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +$Xi="x0"; # argument block +$Htbl="x1"; +$inp="x2"; +$len="x3"; + +$inc="x12"; + +{ +my ($Xl,$Xm,$Xh,$IN)=map("q$_",(0..3)); +my ($t0,$t1,$t2,$xC2,$H,$Hhl,$H2)=map("q$_",(8..14)); + +$code=<<___; +#include "arm_arch.h" + +.text +___ +$code.=".arch armv8-a+crypto\n" if ($flavour =~ /64/); +$code.=".fpu neon\n.code 32\n" if ($flavour !~ /64/); + +$code.=<<___; +.global gcm_init_v8 +.type gcm_init_v8,%function +.align 4 +gcm_init_v8: + vld1.64 {$t1},[x1] @ load H + vmov.i8 $xC2,#0xe1 + vshl.i64 $xC2,$xC2,#57 @ 0xc2.0 + vext.8 $IN,$t1,$t1,#8 + vshr.u64 $t2,$xC2,#63 + vdup.32 $t1,${t1}[1] + vext.8 $t0,$t2,$xC2,#8 @ t0=0xc2....01 + vshr.u64 $t2,$IN,#63 + vshr.s32 $t1,$t1,#31 @ broadcast carry bit + vand $t2,$t2,$t0 + vshl.i64 $IN,$IN,#1 + vext.8 $t2,$t2,$t2,#8 + vand $t0,$t0,$t1 + vorr $IN,$IN,$t2 @ H<<<=1 + veor $H,$IN,$t0 @ twisted H + vst1.64 {$H},[x0],#16 + + @ calculate H^2 + vext.8 $t0,$H,$H,#8 @ Karatsuba pre-processing + vpmull.p64 $Xl,$H,$H + veor $t0,$t0,$H + vpmull2.p64 $Xh,$H,$H + vpmull.p64 $Xm,$t0,$t0 + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $H2,$Xl,$t2 + + vext.8 $t1,$H2,$H2,#8 @ Karatsuba pre-processing + veor $t1,$t1,$H2 + vext.8 $Hhl,$t0,$t1,#8 @ pack Karatsuba pre-processed + vst1.64 {$Hhl-$H2},[x0] + + ret +.size gcm_init_v8,.-gcm_init_v8 + +.global gcm_gmult_v8 +.type gcm_gmult_v8,%function +.align 4 +gcm_gmult_v8: + vld1.64 {$t1},[$Xi] @ load Xi + vmov.i8 $xC2,#0xe1 + vld1.64 {$H-$Hhl},[$Htbl] @ load twisted H, ... + vshl.u64 $xC2,$xC2,#57 +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vext.8 $IN,$t1,$t1,#8 + + vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + veor $t1,$t1,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vext.8 $Xl,$Xl,$Xl,#8 + vst1.64 {$Xl},[$Xi] @ write out Xi + + ret +.size gcm_gmult_v8,.-gcm_gmult_v8 + +.global gcm_ghash_v8 +.type gcm_ghash_v8,%function +.align 4 +gcm_ghash_v8: +___ +$code.=<<___ if ($flavour !~ /64/); + vstmdb sp!,{d8-d15} +___ +$code.=<<___; + vld1.64 {$Xl},[$Xi] @ load [rotated] Xi + subs $len,$len,#32 + vmov.i8 $xC2,#0xe1 + mov $inc,#16 + vld1.64 {$H-$Hhl},[$Htbl],#32 @ load twisted H, ..., H^2 + vld1.64 {$H2},[$Htbl] + cclr $inc,eq + vext.8 $Xl,$Xl,$Xl,#8 + vld1.64 {$t0},[$inp],#16 @ load [rotated] I[0] + vshl.u64 $xC2,$xC2,#57 @ 0xc2.0 +#ifndef __ARMEB__ + vrev64.8 $t0,$t0 + vrev64.8 $Xl,$Xl +#endif + vext.8 $IN,$t0,$t0,#8 + b.lo .Lodd_tail_v8 +___ +{ my ($Xln,$Xmn,$Xhn,$In) = map("q$_",(4..7)); + ####### + # Xi+2 =[H*(Ii+1 + Xi+1)] mod P = + # [(H*Ii+1) + (H*Xi+1)] mod P = + # [(H*Ii+1) + H^2*(Ii+Xi)] mod P + # +$code.=<<___; + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[1] +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vext.8 $In,$t1,$t1,#8 + veor $IN,$IN,$Xl @ I[i]^=Xi + vpmull.p64 $Xln,$H,$In @ H?Ii+1 + veor $t1,$t1,$In @ Karatsuba pre-processing + vpmull2.p64 $Xhn,$H,$In + b .Loop_mod2x_v8 + +.align 4 +.Loop_mod2x_v8: + vext.8 $t2,$IN,$IN,#8 + subs $len,$len,#32 + vpmull.p64 $Xl,$H2,$IN @ H^2.lo?Xi.lo + cclr $inc,lo + + vpmull.p64 $Xmn,$Hhl,$t1 + veor $t2,$t2,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H2,$IN @ H^2.hi?Xi.hi + veor $Xl,$Xl,$Xln @ accumulate + vpmull2.p64 $Xm,$Hhl,$t2 @ (H^2.lo+H^2.hi)?(Xi.lo+Xi.hi) + vld1.64 {$t0},[$inp],$inc @ load [rotated] I[i] + + veor $Xh,$Xh,$Xhn + cclr $inc,eq + veor $Xm,$Xm,$Xmn + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + vld1.64 {$t1},[$inp],$inc @ load [rotated] I[i+1] +#ifndef __ARMEB__ + vrev64.8 $t0,$t0 +#endif + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + +#ifndef __ARMEB__ + vrev64.8 $t1,$t1 +#endif + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + vext.8 $In,$t1,$t1,#8 + vext.8 $IN,$t0,$t0,#8 + veor $Xl,$Xm,$t2 + vpmull.p64 $Xln,$H,$In @ H?Ii+1 + veor $IN,$IN,$Xh @ accumulate $IN early + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $IN,$IN,$t2 + veor $t1,$t1,$In @ Karatsuba pre-processing + veor $IN,$IN,$Xl + vpmull2.p64 $Xhn,$H,$In + b.hs .Loop_mod2x_v8 + + veor $Xh,$Xh,$t2 + vext.8 $IN,$t0,$t0,#8 @ re-construct $IN + adds $len,$len,#32 + veor $Xl,$Xl,$Xh @ re-construct $Xl + b.eq .Ldone_v8 +___ +} +$code.=<<___; +.Lodd_tail_v8: + vext.8 $t2,$Xl,$Xl,#8 + veor $IN,$IN,$Xl @ inp^=Xi + veor $t1,$t0,$t2 @ $t1 is rotated inp^Xi + + vpmull.p64 $Xl,$H,$IN @ H.lo?Xi.lo + veor $t1,$t1,$IN @ Karatsuba pre-processing + vpmull2.p64 $Xh,$H,$IN @ H.hi?Xi.hi + vpmull.p64 $Xm,$Hhl,$t1 @ (H.lo+H.hi)?(Xi.lo+Xi.hi) + + vext.8 $t1,$Xl,$Xh,#8 @ Karatsuba post-processing + veor $t2,$Xl,$Xh + veor $Xm,$Xm,$t1 + veor $Xm,$Xm,$t2 + vpmull.p64 $t2,$Xl,$xC2 @ 1st phase + + vmov $Xh#lo,$Xm#hi @ Xh|Xm - 256-bit result + vmov $Xm#hi,$Xl#lo @ Xm is rotated Xl + veor $Xl,$Xm,$t2 + + vext.8 $t2,$Xl,$Xl,#8 @ 2nd phase + vpmull.p64 $Xl,$Xl,$xC2 + veor $t2,$t2,$Xh + veor $Xl,$Xl,$t2 + +.Ldone_v8: +#ifndef __ARMEB__ + vrev64.8 $Xl,$Xl +#endif + vext.8 $Xl,$Xl,$Xl,#8 + vst1.64 {$Xl},[$Xi] @ write out Xi + +___ +$code.=<<___ if ($flavour !~ /64/); + vldmia sp!,{d8-d15} +___ +$code.=<<___; + ret +.size gcm_ghash_v8,.-gcm_ghash_v8 +___ +} +$code.=<<___; +.asciz "GHASH for ARMv8, CRYPTOGAMS by " +.align 2 +___ + +if ($flavour =~ /64/) { ######## 64-bit code + sub unvmov { + my $arg=shift; + + $arg =~ m/q([0-9]+)#(lo|hi),\s*q([0-9]+)#(lo|hi)/o && + sprintf "ins v%d.d[%d],v%d.d[%d]",$1,($2 eq "lo")?0:1,$3,($4 eq "lo")?0:1; + } + foreach(split("\n",$code)) { + s/cclr\s+([wx])([^,]+),\s*([a-z]+)/csel $1$2,$1zr,$1$2,$3/o or + s/vmov\.i8/movi/o or # fix up legacy mnemonics + s/vmov\s+(.*)/unvmov($1)/geo or + s/vext\.8/ext/o or + s/vshr\.s/sshr\.s/o or + s/vshr/ushr/o or + s/^(\s+)v/$1/o or # strip off v prefix + s/\bbx\s+lr\b/ret/o; + + s/\bq([0-9]+)\b/"v".($1<8?$1:$1+8).".16b"/geo; # old->new registers + s/@\s/\/\//o; # old->new style commentary + + # fix up remainig legacy suffixes + s/\.[ui]?8(\s)/$1/o; + s/\.[uis]?32//o and s/\.16b/\.4s/go; + m/\.p64/o and s/\.16b/\.1q/o; # 1st pmull argument + m/l\.p64/o and s/\.16b/\.1d/go; # 2nd and 3rd pmull arguments + s/\.[uisp]?64//o and s/\.16b/\.2d/go; + s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + + print $_,"\n"; + } +} else { ######## 32-bit code + sub unvdup32 { + my $arg=shift; + + $arg =~ m/q([0-9]+),\s*q([0-9]+)\[([0-3])\]/o && + sprintf "vdup.32 q%d,d%d[%d]",$1,2*$2+($3>>1),$3&1; + } + sub unvpmullp64 { + my ($mnemonic,$arg)=@_; + + if ($arg =~ m/q([0-9]+),\s*q([0-9]+),\s*q([0-9]+)/o) { + my $word = 0xf2a00e00|(($1&7)<<13)|(($1&8)<<19) + |(($2&7)<<17)|(($2&8)<<4) + |(($3&7)<<1) |(($3&8)<<2); + $word |= 0x00010001 if ($mnemonic =~ "2"); + # since ARMv7 instructions are always encoded little-endian. + # correct solution is to use .inst directive, but older + # assemblers don't implement it:-( + sprintf ".byte\t0x%02x,0x%02x,0x%02x,0x%02x\t@ %s %s", + $word&0xff,($word>>8)&0xff, + ($word>>16)&0xff,($word>>24)&0xff, + $mnemonic,$arg; + } + } + + foreach(split("\n",$code)) { + s/\b[wx]([0-9]+)\b/r$1/go; # new->old registers + s/\bv([0-9])\.[12468]+[bsd]\b/q$1/go; # new->old registers + s/\/\/\s?/@ /o; # new->old style commentary + + # fix up remainig new-style suffixes + s/\],#[0-9]+/]!/o; + + s/cclr\s+([^,]+),\s*([a-z]+)/mov$2 $1,#0/o or + s/vdup\.32\s+(.*)/unvdup32($1)/geo or + s/v?(pmull2?)\.p64\s+(.*)/unvpmullp64($1,$2)/geo or + s/\bq([0-9]+)#(lo|hi)/sprintf "d%d",2*$1+($2 eq "hi")/geo or + s/^(\s+)b\./$1b/o or + s/^(\s+)ret/$1bx\tlr/o; + + print $_,"\n"; + } +} + +close STDOUT; # enforce flush diff --git a/crypto/modes/gcm128.c b/crypto/modes/gcm128.c index a52ffb1..2b4df39 100644 --- a/crypto/modes/gcm128.c +++ b/crypto/modes/gcm128.c @@ -645,7 +645,7 @@ static void gcm_gmult_1bit(u64 Xi[2],const u64 H[2]) #endif -#if TABLE_BITS==4 && defined(GHASH_ASM) +#if TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ)) # if !defined(I386_ONLY) && \ (defined(__i386) || defined(__i386__) || \ defined(__x86_64) || defined(__x86_64__) || \ @@ -666,13 +666,22 @@ void gcm_ghash_4bit_mmx(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len void gcm_gmult_4bit_x86(u64 Xi[2],const u128 Htable[16]); void gcm_ghash_4bit_x86(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); # endif -# elif defined(__arm__) || defined(__arm) +# elif defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" # if __ARM_ARCH__>=7 # define GHASH_ASM_ARM # define GCM_FUNCREF_4BIT +# if defined(__aarch64__) +# define PMULL_CAPABLE (OPENSSL_armcap_P & ARMV8_PMULL) +# endif +# if defined(__arm__) || defined(__arm) +# define NEON_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON) +# endif void gcm_gmult_neon(u64 Xi[2],const u128 Htable[16]); void gcm_ghash_neon(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); +void gcm_init_v8(u128 Htable[16],const u64 Xi[2]); +void gcm_gmult_v8(u64 Xi[2],const u128 Htable[16]); +void gcm_ghash_v8(u64 Xi[2],const u128 Htable[16],const u8 *inp,size_t len); # endif # elif defined(_TMS320C6400_PLUS) # define GHASH_ASM_C64Xplus @@ -740,10 +749,20 @@ void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block) ctx->ghash = gcm_ghash_4bit; # endif # elif defined(GHASH_ASM_ARM) - if (OPENSSL_armcap_P & ARMV7_NEON) { +# ifdef PMULL_CAPABLE + if (PMULL_CAPABLE) { + gcm_init_v8(ctx->Htable,ctx->H.u); + ctx->gmult = gcm_gmult_v8; + ctx->ghash = gcm_ghash_v8; + } else +# endif +# ifdef NEON_CAPABLE + if (NEON_CAPABLE) { ctx->gmult = gcm_gmult_neon; ctx->ghash = gcm_ghash_neon; - } else { + } else +# endif + { gcm_init_4bit(ctx->Htable,ctx->H.u); ctx->gmult = gcm_gmult_4bit; ctx->ghash = gcm_ghash_4bit; diff --git a/crypto/perlasm/arm-xlate.pl b/crypto/perlasm/arm-xlate.pl new file mode 100644 index 0000000..22dc7e4 --- /dev/null +++ b/crypto/perlasm/arm-xlate.pl @@ -0,0 +1,165 @@ +#!/usr/bin/env perl + +# ARM assembler distiller by . + +my $flavour = shift; +my $output = shift; +open STDOUT,">$output" || die "can't open $output: $!"; + +$flavour = "linux32" if (!$flavour or $flavour eq "void"); + +my %GLOBALS; +my $dotinlocallabels=($flavour=~/linux/)?1:0; + +################################################################ +# directives which need special treatment on different platforms +################################################################ +my $arch = sub { + if ($flavour =~ /linux/) { ".arch\t".join(',', at _); } + else { ""; } +}; +my $fpu = sub { + if ($flavour =~ /linux/) { ".fpu\t".join(',', at _); } + else { ""; } +}; +my $hidden = sub { + if ($flavour =~ /ios/) { ".private_extern\t".join(',', at _); } + else { ".hidden\t".join(',', at _); } +}; +my $comm = sub { + my @args = split(/,\s*/,shift); + my $name = @args[0]; + my $global = \$GLOBALS{$name}; + my $ret; + + if ($flavour =~ /ios32/) { + $ret = ".comm\t_$name, at args[1]\n"; + $ret .= ".non_lazy_symbol_pointer\n"; + $ret .= "$name:\n"; + $ret .= ".indirect_symbol\t_$name\n"; + $ret .= ".long\t0"; + $name = "_$name"; + } else { $ret = ".comm\t".join(',', at args); } + + $$global = $name; + $ret; +}; +my $globl = sub { + my $name = shift; + my $global = \$GLOBALS{$name}; + my $ret; + + SWITCH: for ($flavour) { + /ios/ && do { $name = "_$name"; + last; + }; + } + + $ret = ".globl $name" if (!$ret); + $$global = $name; + $ret; +}; +my $global = $globl; +my $extern = sub { + &$globl(@_); + return; # return nothing +}; +my $type = sub { + if ($flavour =~ /linux/) { ".type\t".join(',', at _); } + else { ""; } +}; +my $size = sub { + if ($flavour =~ /linux/) { ".size\t".join(',', at _); } + else { ""; } +}; +my $inst = sub { + if ($flavour =~ /linux/) { ".inst\t".join(',', at _); } + else { ".long\t".join(',', at _); } +}; +my $asciz = sub { + my $line = join(",", at _); + if ($line =~ /^"(.*)"$/) + { ".byte " . join(",",unpack("C*",$1),0) . "\n.align 2"; } + else + { ""; } +}; + +sub range { + my ($r,$sfx,$start,$end) = @_; + + join(",",map("$r$_$sfx",($start..$end))); +} + +sub expand_line { + my $line = shift; + my @ret = (); + + pos($line)=0; + + while ($line =~ m/\G[^@\/\{\"]*/g) { + if ($line =~ m/\G(@|\/\/|$)/gc) { + last; + } + elsif ($line =~ m/\G\{/gc) { + my $saved_pos = pos($line); + $line =~ s/\G([rdqv])([0-9]+)([^\-]*)\-\1([0-9]+)\3/range($1,$3,$2,$4)/e; + pos($line) = $saved_pos; + $line =~ m/\G[^\}]*\}/g; + } + elsif ($line =~ m/\G\"/gc) { + $line =~ m/\G[^\"]*\"/g; + } + } + + $line =~ s/\b(\w+)/$GLOBALS{$1} or $1/ge; + + return $line; +} + +while($line=<>) { + + if ($line =~ m/^\s*(#|@|\/\/)/) { print $line; next; } + + $line =~ s|/\*.*\*/||; # get rid of C-style comments... + $line =~ s|^\s+||; # ... and skip white spaces in beginning... + $line =~ s|\s+$||; # ... and at the end + + { + $line =~ s|[\b\.]L(\w{2,})|L$1|g; # common denominator for Locallabel + $line =~ s|\bL(\w{2,})|\.L$1|g if ($dotinlocallabels); + } + + { + $line =~ s|(^[\.\w]+)\:\s*||; + my $label = $1; + if ($label) { + printf "%s:",($GLOBALS{$label} or $label); + } + } + + if ($line !~ m/^[#@]/) { + $line =~ s|^\s*(\.?)(\S+)\s*||; + my $c = $1; $c = "\t" if ($c eq ""); + my $mnemonic = $2; + my $opcode; + if ($mnemonic =~ m/([^\.]+)\.([^\.]+)/) { + $opcode = eval("\$$1_$2"); + } else { + $opcode = eval("\$$mnemonic"); + } + + my $arg=expand_line($line); + + if (ref($opcode) eq 'CODE') { + $line = &$opcode($arg); + } elsif ($mnemonic) { + $line = $c.$mnemonic; + $line.= "\t$arg" if ($arg); + } + } + + print $line if ($line); + print "\n"; +} + +close STDOUT; diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index b1582f2..63e1171 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -90,6 +90,9 @@ sha512-%.S: asm/sha512-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@ sha1-armv4-large.o: sha1-armv4-large.S sha256-armv4.o: sha256-armv4.S sha512-armv4.o: sha512-armv4.S +sha1-armv8.o: sha1-armv8.S +sha256-armv8.o: sha256-armv8.S +sha512-armv8.o: sha512-armv8.S files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl index 33da3e0..6c0adb9 100644 --- a/crypto/sha/asm/sha1-armv4-large.pl +++ b/crypto/sha/asm/sha1-armv4-large.pl @@ -52,8 +52,20 @@ # Profiler-assisted and platform-specific optimization resulted in 10% # improvement on Cortex A8 core and 12.2 cycles per byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; $inp="r1"; diff --git a/crypto/sha/asm/sha1-armv8.pl b/crypto/sha/asm/sha1-armv8.pl new file mode 100644 index 0000000..6be8624 --- /dev/null +++ b/crypto/sha/asm/sha1-armv8.pl @@ -0,0 +1,343 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA1 for ARMv8. +# +# Performance in cycles per processed byte and improvement coefficient +# over code generated with "default" compiler: +# +# hardware-assisted software(*) +# Apple A7 2.31 4.13 (+14%) +# Cortex-A53 2.19 8.73 (+108%) +# Cortex-A57 2.35 7.88 (+74%) +# +# (*) Software results are presented mostly for reference purposes. + +$flavour = shift; +$output = shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +($ctx,$inp,$num)=("x0","x1","x2"); + at Xw=map("w$_",(3..17,19)); + at Xx=map("x$_",(3..17,19)); + at V=($A,$B,$C,$D,$E)=map("w$_",(20..24)); +($t0,$t1,$t2,$K)=map("w$_",(25..28)); + + +sub BODY_00_19 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=($i+2)&15; + +$code.=<<___ if ($i<15 && !($i&1)); + lsr @Xx[$i+1], at Xx[$i],#32 +___ +$code.=<<___ if ($i<14 && !($i&1)); + ldr @Xx[$i+2],[$inp,#`($i+2)*4-64`] +___ +$code.=<<___ if ($i<14 && ($i&1)); +#ifdef __ARMEB__ + ror @Xx[$i+1], at Xx[$i+1],#32 +#else + rev32 @Xx[$i+1], at Xx[$i+1] +#endif +___ +$code.=<<___ if ($i<14); + bic $t0,$d,$b + and $t1,$c,$b + ror $t2,$a,#27 + add $d,$d,$K // future e+=K + orr $t0,$t0,$t1 + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) +___ +$code.=<<___ if ($i==19); + movz $K,#0xeba1 + movk $K,#0x6ed9,lsl#16 +___ +$code.=<<___ if ($i>=14); + eor @Xw[$j], at Xw[$j], at Xw[($j+2)&15] + bic $t0,$d,$b + and $t1,$c,$b + ror $t2,$a,#27 + eor @Xw[$j], at Xw[$j], at Xw[($j+8)&15] + add $d,$d,$K // future e+=K + orr $t0,$t0,$t1 + add $e,$e,$t2 // e+=rot(a,5) + eor @Xw[$j], at Xw[$j], at Xw[($j+13)&15] + ror $b,$b,#2 + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) + ror @Xw[$j], at Xw[$j],#31 +___ +} + +sub BODY_40_59 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=($i+2)&15; + +$code.=<<___ if ($i==59); + movz $K,#0xc1d6 + movk $K,#0xca62,lsl#16 +___ +$code.=<<___; + orr $t0,$b,$c + and $t1,$b,$c + eor @Xw[$j], at Xw[$j], at Xw[($j+2)&15] + ror $t2,$a,#27 + and $t0,$t0,$d + add $d,$d,$K // future e+=K + eor @Xw[$j], at Xw[$j], at Xw[($j+8)&15] + add $e,$e,$t2 // e+=rot(a,5) + orr $t0,$t0,$t1 + ror $b,$b,#2 + eor @Xw[$j], at Xw[$j], at Xw[($j+13)&15] + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) + ror @Xw[$j], at Xw[$j],#31 +___ +} + +sub BODY_20_39 { +my ($i,$a,$b,$c,$d,$e)=@_; +my $j=($i+2)&15; + +$code.=<<___ if ($i==39); + movz $K,#0xbcdc + movk $K,#0x8f1b,lsl#16 +___ +$code.=<<___ if ($i<78); + eor @Xw[$j], at Xw[$j], at Xw[($j+2)&15] + eor $t0,$d,$b + ror $t2,$a,#27 + add $d,$d,$K // future e+=K + eor @Xw[$j], at Xw[$j], at Xw[($j+8)&15] + eor $t0,$t0,$c + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + eor @Xw[$j], at Xw[$j], at Xw[($j+13)&15] + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) + ror @Xw[$j], at Xw[$j],#31 +___ +$code.=<<___ if ($i==78); + ldp @Xw[1], at Xw[2],[$ctx] + eor $t0,$d,$b + ror $t2,$a,#27 + add $d,$d,$K // future e+=K + eor $t0,$t0,$c + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + add $d,$d, at Xw[($i+1)&15] // future e+=X[i] + add $e,$e,$t0 // e+=F(b,c,d) +___ +$code.=<<___ if ($i==79); + ldp @Xw[3], at Xw[4],[$ctx,#8] + eor $t0,$d,$b + ror $t2,$a,#27 + eor $t0,$t0,$c + add $e,$e,$t2 // e+=rot(a,5) + ror $b,$b,#2 + ldr @Xw[5],[$ctx,#16] + add $e,$e,$t0 // e+=F(b,c,d) +___ +} + +$code.=<<___; +#include "arm_arch.h" + +.text + +.extern OPENSSL_armcap_P +.globl sha1_block_data_order +.type sha1_block_data_order,%function +.align 6 +sha1_block_data_order: + ldr x16,.LOPENSSL_armcap_P + adr x17,.LOPENSSL_armcap_P + add x16,x16,x17 + ldr w16,[x16] + tst w16,#ARMV8_SHA1 + b.ne .Lv8_entry + + stp x29,x30,[sp,#-96]! + add x29,sp,#0 + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + + ldp $A,$B,[$ctx] + ldp $C,$D,[$ctx,#8] + ldr $E,[$ctx,#16] + +.Loop: + ldr @Xx[0],[$inp],#64 + movz $K,#0x7999 + sub $num,$num,#1 + movk $K,#0x5a82,lsl#16 +#ifdef __ARMEB__ + ror $Xx[0], at Xx[0],#32 +#else + rev32 @Xx[0], at Xx[0] +#endif + add $E,$E,$K // warm it up + add $E,$E, at Xw[0] +___ +for($i=0;$i<20;$i++) { &BODY_00_19($i, at V); unshift(@V,pop(@V)); } +for(;$i<40;$i++) { &BODY_20_39($i, at V); unshift(@V,pop(@V)); } +for(;$i<60;$i++) { &BODY_40_59($i, at V); unshift(@V,pop(@V)); } +for(;$i<80;$i++) { &BODY_20_39($i, at V); unshift(@V,pop(@V)); } +$code.=<<___; + add $B,$B, at Xw[2] + add $C,$C, at Xw[3] + add $A,$A, at Xw[1] + add $D,$D, at Xw[4] + add $E,$E, at Xw[5] + stp $A,$B,[$ctx] + stp $C,$D,[$ctx,#8] + str $E,[$ctx,#16] + cbnz $num,.Loop + + ldp x19,x20,[sp,#16] + ldp x21,x22,[sp,#32] + ldp x23,x24,[sp,#48] + ldp x25,x26,[sp,#64] + ldp x27,x28,[sp,#80] + ldr x29,[sp],#96 + ret +.size sha1_block_data_order,.-sha1_block_data_order +___ +{{{ +my ($ABCD,$E,$E0,$E1)=map("v$_.16b",(0..3)); +my @MSG=map("v$_.16b",(4..7)); +my @Kxx=map("v$_.4s",(16..19)); +my ($W0,$W1)=("v20.4s","v21.4s"); +my $ABCD_SAVE="v22.16b"; + +$code.=<<___; +.type sha1_block_armv8,%function +.align 6 +sha1_block_armv8: +.Lv8_entry: + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + + adr x4,.Lconst + eor $E,$E,$E + ld1.32 {$ABCD},[$ctx],#16 + ld1.32 {$E}[0],[$ctx] + sub $ctx,$ctx,#16 + ld1.32 {@Kxx[0]- at Kxx[3]},[x4] + +.Loop_hw: + ld1 {@MSG[0]- at MSG[3]},[$inp],#64 + sub $num,$num,#1 + rev32 @MSG[0], at MSG[0] + rev32 @MSG[1], at MSG[1] + + add.i32 $W0, at Kxx[0], at MSG[0] + rev32 @MSG[2], at MSG[2] + orr $ABCD_SAVE,$ABCD,$ABCD // offload + + add.i32 $W1, at Kxx[0], at MSG[1] + rev32 @MSG[3], at MSG[3] + sha1h $E1,$ABCD + sha1c $ABCD,$E,$W0 // 0 + add.i32 $W0, at Kxx[$j], at MSG[2] + sha1su0 @MSG[0], at MSG[1], at MSG[2] +___ +for ($j=0,$i=1;$i<20-3;$i++) { +my $f=("c","p","m","p")[$i/5]; +$code.=<<___; + sha1h $E0,$ABCD // $i + sha1$f $ABCD,$E1,$W1 + add.i32 $W1, at Kxx[$j], at MSG[3] + sha1su1 @MSG[0], at MSG[3] +___ +$code.=<<___ if ($i<20-4); + sha1su0 @MSG[1], at MSG[2], at MSG[3] +___ + ($E0,$E1)=($E1,$E0); ($W0,$W1)=($W1,$W0); + push(@MSG,shift(@MSG)); $j++ if ((($i+3)%5)==0); +} +$code.=<<___; + sha1h $E0,$ABCD // $i + sha1p $ABCD,$E1,$W1 + add.i32 $W1, at Kxx[$j], at MSG[3] + + sha1h $E1,$ABCD // 18 + sha1p $ABCD,$E0,$W0 + + sha1h $E0,$ABCD // 19 + sha1p $ABCD,$E1,$W1 + + add.i32 $E,$E,$E0 + add.i32 $ABCD,$ABCD,$ABCD_SAVE + + cbnz $num,.Loop_hw + + st1.32 {$ABCD},[$ctx],#16 + st1.32 {$E}[0],[$ctx] + + ldr x29,[sp],#16 + ret +.size sha1_block_armv8,.-sha1_block_armv8 +.align 6 +.Lconst: +.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 //K_00_19 +.long 0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1 //K_20_39 +.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc //K_40_59 +.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 //K_60_79 +.LOPENSSL_armcap_P: +.quad OPENSSL_armcap_P-. +.asciz "SHA1 block transform for ARMv8, CRYPTOGAMS by " +.align 2 +.comm OPENSSL_armcap_P,4,4 +___ +}}} + +{ my %opcode = ( + "sha1c" => 0x5e000000, "sha1p" => 0x5e001000, + "sha1m" => 0x5e002000, "sha1su0" => 0x5e003000, + "sha1h" => 0x5e280800, "sha1su1" => 0x5e281800 ); + + sub unsha1 { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o + && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5)|($3<<16), + $mnemonic,$arg; + } +} + +foreach(split("\n",$code)) { + + s/\`([^\`]*)\`/eval($1)/geo; + + s/\b(sha1\w+)\s+([qv].*)/unsha1($1,$2)/geo; + + s/\.\w?32\b//o and s/\.16b/\.4s/go; + m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go; + + print $_,"\n"; +} + +close STDOUT; diff --git a/crypto/sha/asm/sha256-armv4.pl b/crypto/sha/asm/sha256-armv4.pl index 9c84e8d..252a583 100644 --- a/crypto/sha/asm/sha256-armv4.pl +++ b/crypto/sha/asm/sha256-armv4.pl @@ -23,8 +23,20 @@ # Profiler-assisted and platform-specific optimization resulted in 16% # improvement on Cortex A8 core and ~17 cycles per processed byte. -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; $t0="r0"; $inp="r1"; $t3="r1"; diff --git a/crypto/sha/asm/sha512-armv4.pl b/crypto/sha/asm/sha512-armv4.pl index 7faf37b..c032afd 100644 --- a/crypto/sha/asm/sha512-armv4.pl +++ b/crypto/sha/asm/sha512-armv4.pl @@ -38,8 +38,20 @@ $hi="HI"; $lo="LO"; # ==================================================================== -while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} -open STDOUT,">$output"; +$flavour = shift; +if ($flavour=~/^\w[\w\-]*\.\w+$/) { $output=$flavour; undef $flavour; } +else { while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {} } + +if ($flavour && $flavour ne "void") { + $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; + ( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or + ( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or + die "can't locate arm-xlate.pl"; + + open STDOUT,"| \"$^X\" $xlate $flavour $output"; +} else { + open STDOUT,">$output"; +} $ctx="r0"; # parameter block $inp="r1"; @@ -221,17 +233,21 @@ WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a) WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817) .size K512,.-K512 .LOPENSSL_armcap: -.word OPENSSL_armcap_P-sha512_block_data_order +.word OPENSSL_armcap_P-.Lsha512_block_data_order .skip 32-4 .global sha512_block_data_order .type sha512_block_data_order,%function sha512_block_data_order: +.Lsha512_block_data_order: sub r3,pc,#8 @ sha512_block_data_order add $len,$inp,$len,lsl#7 @ len to point at the end of inp #if __ARM_ARCH__>=7 ldr r12,.LOPENSSL_armcap ldr r12,[r3,r12] @ OPENSSL_armcap_P +#ifdef __APPLE__ + ldr r12,[r12] +#endif tst r12,#1 bne .LNEON #endif diff --git a/crypto/sha/asm/sha512-armv8.pl b/crypto/sha/asm/sha512-armv8.pl new file mode 100644 index 0000000..45eb719 --- /dev/null +++ b/crypto/sha/asm/sha512-armv8.pl @@ -0,0 +1,428 @@ +#!/usr/bin/env perl +# +# ==================================================================== +# Written by Andy Polyakov for the OpenSSL +# project. The module is, however, dual licensed under OpenSSL and +# CRYPTOGAMS licenses depending on where you obtain it. For further +# details see http://www.openssl.org/~appro/cryptogams/. +# ==================================================================== +# +# SHA256/512 for ARMv8. +# +# Performance in cycles per processed byte and improvement coefficient +# over code generated with "default" compiler: +# +# SHA256-hw SHA256(*) SHA512 +# Apple A7 1.97 10.5 (+33%) 6.73 (-1%(**)) +# Cortex-A53 2.38 15.6 (+110%) 10.1 (+190%(***)) +# Cortex-A57 2.31 11.6 (+86%) 7.51 (+260%(***)) +# +# (*) Software SHA256 results are of lesser relevance, presented +# mostly for informational purposes. +# (**) The result is a trade-off: it's possible to improve it by +# 10% (or by 1 cycle per round), but at the cost of 20% loss +# on Cortex-A53 (or by 4 cycles per round). +# (***) Super-impressive coefficients over gcc-generated code are +# indication of some compiler "pathology", most notably code +# generated with -mgeneral-regs-only is significanty faster +# and lags behind assembly only by 50-90%. + +$flavour=shift; +$output=shift; + +$0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1; +( $xlate="${dir}arm-xlate.pl" and -f $xlate ) or +( $xlate="${dir}../../perlasm/arm-xlate.pl" and -f $xlate) or +die "can't locate arm-xlate.pl"; + +open OUT,"| \"$^X\" $xlate $flavour $output"; +*STDOUT=*OUT; + +if ($output =~ /512/) { + $BITS=512; + $SZ=8; + @Sigma0=(28,34,39); + @Sigma1=(14,18,41); + @sigma0=(1, 8, 7); + @sigma1=(19,61, 6); + $rounds=80; + $reg_t="x"; +} else { + $BITS=256; + $SZ=4; + @Sigma0=( 2,13,22); + @Sigma1=( 6,11,25); + @sigma0=( 7,18, 3); + @sigma1=(17,19,10); + $rounds=64; + $reg_t="w"; +} + +$func="sha${BITS}_block_data_order"; + +($ctx,$inp,$num,$Ktbl)=map("x$_",(0..2,30)); + + at X=map("$reg_t$_",(3..15,0..2)); + at V=($A,$B,$C,$D,$E,$F,$G,$H)=map("$reg_t$_",(20..27)); +($t0,$t1,$t2,$t3)=map("$reg_t$_",(16,17,19,28)); + +sub BODY_00_xx { +my ($i,$a,$b,$c,$d,$e,$f,$g,$h)=@_; +my $j=($i+1)&15; +my ($T0,$T1,$T2)=(@X[($i-8)&15], at X[($i-9)&15], at X[($i-10)&15]); + $T0=@X[$i+3] if ($i<11); + +$code.=<<___ if ($i<16); +#ifndef __ARMEB__ + rev @X[$i], at X[$i] // $i +#endif +___ +$code.=<<___ if ($i<13 && ($i&1)); + ldp @X[$i+1], at X[$i+2],[$inp],#2*$SZ +___ +$code.=<<___ if ($i==13); + ldp @X[14], at X[15],[$inp] +___ +$code.=<<___ if ($i>=14); + ldr @X[($i-11)&15],[sp,#`$SZ*(($i-11)%4)`] +___ +$code.=<<___ if ($i>0 && $i<16); + add $a,$a,$t1 // h+=Sigma0(a) +___ +$code.=<<___ if ($i>=11); + str @X[($i-8)&15],[sp,#`$SZ*(($i-8)%4)`] +___ +# While ARMv8 specifies merged rotate-n-logical operation such as +# 'eor x,y,z,ror#n', it was found to negatively affect performance +# on Apple A7. The reason seems to be that it requires even 'y' to +# be available earlier. This means that such merged instruction is +# not necessarily best choice on critical path... On the other hand +# Cortex-A5x handles merged instructions much better than disjoint +# rotate and logical... See (**) footnote above. +$code.=<<___ if ($i<15); + ror $t0,$e,#$Sigma1[0] + add $h,$h,$t2 // h+=K[i] + eor $T0,$e,$e,ror#`$Sigma1[2]-$Sigma1[1]` + and $t1,$f,$e + bic $t2,$g,$e + add $h,$h, at X[$i&15] // h+=X[i] + orr $t1,$t1,$t2 // Ch(e,f,g) + eor $t2,$a,$b // a^b, b^c in next round + eor $t0,$t0,$T0,ror#$Sigma1[1] // Sigma1(e) + ror $T0,$a,#$Sigma0[0] + add $h,$h,$t1 // h+=Ch(e,f,g) + eor $t1,$a,$a,ror#`$Sigma0[2]-$Sigma0[1]` + add $h,$h,$t0 // h+=Sigma1(e) + and $t3,$t3,$t2 // (b^c)&=(a^b) + add $d,$d,$h // d+=h + eor $t3,$t3,$b // Maj(a,b,c) + eor $t1,$T0,$t1,ror#$Sigma0[1] // Sigma0(a) + add $h,$h,$t3 // h+=Maj(a,b,c) + ldr $t3,[$Ktbl],#$SZ // *K++, $t2 in next round + //add $h,$h,$t1 // h+=Sigma0(a) +___ +$code.=<<___ if ($i>=15); + ror $t0,$e,#$Sigma1[0] + add $h,$h,$t2 // h+=K[i] + ror $T1, at X[($j+1)&15],#$sigma0[0] + and $t1,$f,$e + ror $T2, at X[($j+14)&15],#$sigma1[0] + bic $t2,$g,$e + ror $T0,$a,#$Sigma0[0] + add $h,$h, at X[$i&15] // h+=X[i] + eor $t0,$t0,$e,ror#$Sigma1[1] + eor $T1,$T1, at X[($j+1)&15],ror#$sigma0[1] + orr $t1,$t1,$t2 // Ch(e,f,g) + eor $t2,$a,$b // a^b, b^c in next round + eor $t0,$t0,$e,ror#$Sigma1[2] // Sigma1(e) + eor $T0,$T0,$a,ror#$Sigma0[1] + add $h,$h,$t1 // h+=Ch(e,f,g) + and $t3,$t3,$t2 // (b^c)&=(a^b) + eor $T2,$T2, at X[($j+14)&15],ror#$sigma1[1] + eor $T1,$T1, at X[($j+1)&15],lsr#$sigma0[2] // sigma0(X[i+1]) + add $h,$h,$t0 // h+=Sigma1(e) + eor $t3,$t3,$b // Maj(a,b,c) + eor $t1,$T0,$a,ror#$Sigma0[2] // Sigma0(a) + eor $T2,$T2, at X[($j+14)&15],lsr#$sigma1[2] // sigma1(X[i+14]) + add @X[$j], at X[$j], at X[($j+9)&15] + add $d,$d,$h // d+=h + add $h,$h,$t3 // h+=Maj(a,b,c) + ldr $t3,[$Ktbl],#$SZ // *K++, $t2 in next round + add @X[$j], at X[$j],$T1 + add $h,$h,$t1 // h+=Sigma0(a) + add @X[$j], at X[$j],$T2 +___ + ($t2,$t3)=($t3,$t2); +} + +$code.=<<___; +#include "arm_arch.h" + +.text + +.extern OPENSSL_armcap_P +.globl $func +.type $func,%function +.align 6 +$func: +___ +$code.=<<___ if ($SZ==4); + ldr x16,.LOPENSSL_armcap_P + adr x17,.LOPENSSL_armcap_P + add x16,x16,x17 + ldr w16,[x16] + tst w16,#ARMV8_SHA256 + b.ne .Lv8_entry +___ +$code.=<<___; + stp x29,x30,[sp,#-128]! + add x29,sp,#0 + + stp x19,x20,[sp,#16] + stp x21,x22,[sp,#32] + stp x23,x24,[sp,#48] + stp x25,x26,[sp,#64] + stp x27,x28,[sp,#80] + sub sp,sp,#4*$SZ + + ldp $A,$B,[$ctx] // load context + ldp $C,$D,[$ctx,#2*$SZ] + ldp $E,$F,[$ctx,#4*$SZ] + add $num,$inp,$num,lsl#`log(16*$SZ)/log(2)` // end of input + ldp $G,$H,[$ctx,#6*$SZ] + adr $Ktbl,.LK$BITS + stp $ctx,$num,[x29,#96] + +.Loop: + ldp @X[0], at X[1],[$inp],#2*$SZ + ldr $t2,[$Ktbl],#$SZ // *K++ + eor $t3,$B,$C // magic seed + str $inp,[x29,#112] +___ +for ($i=0;$i<16;$i++) { &BODY_00_xx($i, at V); unshift(@V,pop(@V)); } +$code.=".Loop_16_xx:\n"; +for (;$i<32;$i++) { &BODY_00_xx($i, at V); unshift(@V,pop(@V)); } +$code.=<<___; + cbnz $t2,.Loop_16_xx + + ldp $ctx,$num,[x29,#96] + ldr $inp,[x29,#112] + sub $Ktbl,$Ktbl,#`$SZ*($rounds+1)` // rewind + + ldp @X[0], at X[1],[$ctx] + ldp @X[2], at X[3],[$ctx,#2*$SZ] + add $inp,$inp,#14*$SZ // advance input pointer + ldp @X[4], at X[5],[$ctx,#4*$SZ] + add $A,$A, at X[0] + ldp @X[6], at X[7],[$ctx,#6*$SZ] + add $B,$B, at X[1] + add $C,$C, at X[2] + add $D,$D, at X[3] + stp $A,$B,[$ctx] + add $E,$E, at X[4] + add $F,$F, at X[5] + stp $C,$D,[$ctx,#2*$SZ] + add $G,$G, at X[6] + add $H,$H, at X[7] + cmp $inp,$num + stp $E,$F,[$ctx,#4*$SZ] + stp $G,$H,[$ctx,#6*$SZ] + b.ne .Loop + + ldp x19,x20,[x29,#16] + add sp,sp,#4*$SZ + ldp x21,x22,[x29,#32] + ldp x23,x24,[x29,#48] + ldp x25,x26,[x29,#64] + ldp x27,x28,[x29,#80] + ldp x29,x30,[sp],#128 + ret +.size $func,.-$func + +.align 6 +.type .LK$BITS,%object +.LK$BITS: +___ +$code.=<<___ if ($SZ==8); + .quad 0x428a2f98d728ae22,0x7137449123ef65cd + .quad 0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc + .quad 0x3956c25bf348b538,0x59f111f1b605d019 + .quad 0x923f82a4af194f9b,0xab1c5ed5da6d8118 + .quad 0xd807aa98a3030242,0x12835b0145706fbe + .quad 0x243185be4ee4b28c,0x550c7dc3d5ffb4e2 + .quad 0x72be5d74f27b896f,0x80deb1fe3b1696b1 + .quad 0x9bdc06a725c71235,0xc19bf174cf692694 + .quad 0xe49b69c19ef14ad2,0xefbe4786384f25e3 + .quad 0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65 + .quad 0x2de92c6f592b0275,0x4a7484aa6ea6e483 + .quad 0x5cb0a9dcbd41fbd4,0x76f988da831153b5 + .quad 0x983e5152ee66dfab,0xa831c66d2db43210 + .quad 0xb00327c898fb213f,0xbf597fc7beef0ee4 + .quad 0xc6e00bf33da88fc2,0xd5a79147930aa725 + .quad 0x06ca6351e003826f,0x142929670a0e6e70 + .quad 0x27b70a8546d22ffc,0x2e1b21385c26c926 + .quad 0x4d2c6dfc5ac42aed,0x53380d139d95b3df + .quad 0x650a73548baf63de,0x766a0abb3c77b2a8 + .quad 0x81c2c92e47edaee6,0x92722c851482353b + .quad 0xa2bfe8a14cf10364,0xa81a664bbc423001 + .quad 0xc24b8b70d0f89791,0xc76c51a30654be30 + .quad 0xd192e819d6ef5218,0xd69906245565a910 + .quad 0xf40e35855771202a,0x106aa07032bbd1b8 + .quad 0x19a4c116b8d2d0c8,0x1e376c085141ab53 + .quad 0x2748774cdf8eeb99,0x34b0bcb5e19b48a8 + .quad 0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb + .quad 0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3 + .quad 0x748f82ee5defb2fc,0x78a5636f43172f60 + .quad 0x84c87814a1f0ab72,0x8cc702081a6439ec + .quad 0x90befffa23631e28,0xa4506cebde82bde9 + .quad 0xbef9a3f7b2c67915,0xc67178f2e372532b + .quad 0xca273eceea26619c,0xd186b8c721c0c207 + .quad 0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178 + .quad 0x06f067aa72176fba,0x0a637dc5a2c898a6 + .quad 0x113f9804bef90dae,0x1b710b35131c471b + .quad 0x28db77f523047d84,0x32caab7b40c72493 + .quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c + .quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a + .quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817 + .quad 0 // terminator +___ +$code.=<<___ if ($SZ==4); + .long 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5 + .long 0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5 + .long 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3 + .long 0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174 + .long 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc + .long 0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da + .long 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7 + .long 0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967 + .long 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13 + .long 0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85 + .long 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3 + .long 0xd192e819,0xd6990624,0xf40e3585,0x106aa070 + .long 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5 + .long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3 + .long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208 + .long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2 + .long 0 //terminator +___ +$code.=<<___; +.size .LK$BITS,.-.LK$BITS +.align 3 +.LOPENSSL_armcap_P: + .quad OPENSSL_armcap_P-. +.asciz "SHA$BITS block transform for ARMv8, CRYPTOGAMS by " +.align 2 +___ + +if ($SZ==4) { +my $Ktbl="x3"; + +my ($ABCD,$EFGH,$abcd)=map("v$_.16b",(0..2)); +my @MSG=map("v$_.16b",(4..7)); +my ($W0,$W1)=("v16.4s","v17.4s"); +my ($ABCD_SAVE,$EFGH_SAVE)=("v18.16b","v19.16b"); + +$code.=<<___; +.type sha256_block_armv8,%function +.align 6 +sha256_block_armv8: +.Lv8_entry: + stp x29,x30,[sp,#-16]! + add x29,sp,#0 + + ld1.32 {$ABCD,$EFGH},[$ctx] + adr $Ktbl,.LK256 + +.Loop_hw: + ld1 {@MSG[0]- at MSG[3]},[$inp],#64 + sub $num,$num,#1 + ld1.32 {$W0},[$Ktbl],#16 + rev32 @MSG[0], at MSG[0] + rev32 @MSG[1], at MSG[1] + rev32 @MSG[2], at MSG[2] + rev32 @MSG[3], at MSG[3] + orr $ABCD_SAVE,$ABCD,$ABCD // offload + orr $EFGH_SAVE,$EFGH,$EFGH +___ +for($i=0;$i<12;$i++) { +$code.=<<___; + ld1.32 {$W1},[$Ktbl],#16 + add.i32 $W0,$W0, at MSG[0] + sha256su0 @MSG[0], at MSG[1] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W0 + sha256h2 $EFGH,$abcd,$W0 + sha256su1 @MSG[0], at MSG[2], at MSG[3] +___ + ($W0,$W1)=($W1,$W0); push(@MSG,shift(@MSG)); +} +$code.=<<___; + ld1.32 {$W1},[$Ktbl],#16 + add.i32 $W0,$W0, at MSG[0] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W0 + sha256h2 $EFGH,$abcd,$W0 + + ld1.32 {$W0},[$Ktbl],#16 + add.i32 $W1,$W1, at MSG[1] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W1 + sha256h2 $EFGH,$abcd,$W1 + + ld1.32 {$W1},[$Ktbl] + add.i32 $W0,$W0, at MSG[2] + sub $Ktbl,$Ktbl,#$rounds*$SZ-16 // rewind + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W0 + sha256h2 $EFGH,$abcd,$W0 + + add.i32 $W1,$W1, at MSG[3] + orr $abcd,$ABCD,$ABCD + sha256h $ABCD,$EFGH,$W1 + sha256h2 $EFGH,$abcd,$W1 + + add.i32 $ABCD,$ABCD,$ABCD_SAVE + add.i32 $EFGH,$EFGH,$EFGH_SAVE + + cbnz $num,.Loop_hw + + st1.32 {$ABCD,$EFGH},[$ctx] + + ldr x29,[sp],#16 + ret +.size sha256_block_armv8,.-sha256_block_armv8 +___ +} + +$code.=<<___; +.comm OPENSSL_armcap_P,4,4 +___ + +{ my %opcode = ( + "sha256h" => 0x5e004000, "sha256h2" => 0x5e005000, + "sha256su0" => 0x5e282800, "sha256su1" => 0x5e006000 ); + + sub unsha256 { + my ($mnemonic,$arg)=@_; + + $arg =~ m/[qv]([0-9]+)[^,]*,\s*[qv]([0-9]+)[^,]*(?:,\s*[qv]([0-9]+))?/o + && + sprintf ".inst\t0x%08x\t//%s %s", + $opcode{$mnemonic}|$1|($2<<5)|($3<<16), + $mnemonic,$arg; + } +} + +foreach(split("\n",$code)) { + + s/\`([^\`]*)\`/eval($1)/geo; + + s/\b(sha256\w+)\s+([qv].*)/unsha256($1,$2)/geo; + + s/\.\w?32\b//o and s/\.16b/\.4s/go; + m/(ld|st)1[^\[]+\[0\]/o and s/\.4s/\.s/go; + + print $_,"\n"; +} + +close STDOUT; diff --git a/fips/fips.c b/fips/fips.c index 8c9e187..0269609 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -151,7 +151,7 @@ extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[]; #ifdef _TMS320C6X const #endif -unsigned char FIPS_signature [20] = { 0 }; +unsigned char FIPS_signature [20] = { 0, 0xff }; __fips_constseg static const char FIPS_hmac_key[]="etaonrishdlcupfm"; diff --git a/fips/fips_canister.c b/fips/fips_canister.c index 016d94c..daf53cb 100644 --- a/fips/fips_canister.c +++ b/fips/fips_canister.c @@ -29,6 +29,7 @@ const void *FIPS_text_end(void); #if !defined(FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE) # if (defined(__ANDROID__) && (defined(__arm__) || defined(__arm) || \ + defined(__aarch64__) || \ defined(__i386__)|| defined(__i386))) || \ (defined(__vxworks) && (defined(__ppc__) || defined(__ppc) || \ defined(__mips__)|| defined(__mips))) || \ diff --git a/fips/fips_test_suite.c b/fips/fips_test_suite.c index c7054db..cd4aafb 100644 --- a/fips/fips_test_suite.c +++ b/fips/fips_test_suite.c @@ -1611,6 +1611,12 @@ int main(int argc, char **argv) FIPS_post_set_callback(post_cb); +#if (defined(__arm__) || defined(__aarch64__)) + extern unsigned int OPENSSL_armcap_P; + if (0 == OPENSSL_armcap_P) + fprintf(stderr, "Optimizations disabled\n"); +#endif + printf("\tFIPS-mode test application\n"); printf("\t%s\n\n", FIPS_module_version_text()); diff --git a/fips/fipssyms.h b/fips/fipssyms.h index 5719aea..76db619 100644 --- a/fips/fipssyms.h +++ b/fips/fipssyms.h @@ -668,6 +668,50 @@ #define bn_mul_mont_gather5 fips_bn_mul_mont_gather5 #define bn_scatter5 fips_bn_scatter5 #define bn_gather5 fips_bn_gather5 +#define _armv8_aes_probe _fips_armv8_aes_probe +#define _armv8_pmull_probe _fips_armv8_pmull_probe +#define _armv8_sha1_probe _fips_armv8_sha1_probe +#define _armv8_sha256_probe _fips_armv8_sha256_probe +#define aes_v8_encrypt fips_aes_v8_encrypt +#define aes_v8_decrypt fips_aes_v8_decrypt +#define aes_v8_set_encrypt_key fips_aes_v8_set_encrypt_key +#define aes_v8_set_decrypt_key fips_aes_v8_set_decrypt_key +#define aes_v8_cbc_encrypt fips_aes_v8_cbc_encrypt +#define aes_v8_ctr32_encrypt_blocks fips_aes_v8_ctr32_encrypt_blocks +#define gcm_init_v8 fips_gcm_init_v8 +#define gcm_gmult_v8 fips_gcm_gmult_v8 +#define gcm_ghash_v8 fips_gcm_ghash_v8 +#if defined(__APPLE__) && __ASSEMBLER__ +#define _OPENSSL_armcap_P _fips_openssl_armcap_P +#define __armv7_neon_probe __fips_armv7_neon_probe +#define __armv7_tick __fips_armv7_tick +#define __armv8_aes_probe __fips_armv8_aes_probe +#define __armv8_pmull_probe __fips_armv8_pmull_probe +#define __armv8_sha1_probe __fips_armv8_sha1_probe +#define __armv8_sha256_probe __fips_armv8_sha256_probe +#define _aes_v8_encrypt _fips_aes_v8_encrypt +#define _aes_v8_decrypt _fips_aes_v8_decrypt +#define _aes_v8_set_encrypt_key _fips_aes_v8_set_encrypt_key +#define _aes_v8_set_decrypt_key _fips_aes_v8_set_decrypt_key +#define _aes_v8_cbc_encrypt _fips_aes_v8_cbc_encrypt +#define _aes_v8_ctr32_encrypt_blocks _fips_aes_v8_ctr32_encrypt_blocks +#define _gcm_init_v8 _fips_gcm_init_v8 +#define _gcm_gmult_v8 _fips_gcm_gmult_v8 +#define _gcm_ghash_v8 _fips_gcm_ghash_v8 +#define _sha1_block_data_order _fips_sha1_block_data_order +#define _sha256_block_data_order _fips_sha256_block_data_order +#define _sha512_block_data_order _fips_sha512_block_data_order +#define _AES_decrypt _fips_aes_decrypt +#define _AES_encrypt _fips_aes_encrypt +#define _AES_set_decrypt_key _fips_aes_set_decrypt_key +#define _AES_set_encrypt_key _fips_aes_set_encrypt_key +#define _gcm_gmult_4bit _fips_gcm_gmult_4bit +#define _gcm_ghash_4bit _fips_gcm_ghash_4bit +#define _gcm_gmult_neon _fips_gcm_gmult_neon +#define _gcm_ghash_neon _fips_gcm_ghash_neon +#define _bn_GF2m_mul_2x2 _fips_bn_GF2m_mul_2x2 +#define _OPENSSL_cleanse _FIPS_openssl_cleanse +#endif #if defined(_MSC_VER) # pragma const_seg("fipsro$b") diff --git a/test/fips_algvs.c b/test/fips_algvs.c index ed03507..8ff75dc 100644 --- a/test/fips_algvs.c +++ b/test/fips_algvs.c @@ -70,6 +70,67 @@ int main(int argc, char **argv) } #else +#if defined(__vxworks) + +#include +#include + +int fips_algvs_main(int argc, char **argv); +#define main fips_algvs_main + +static int fips_algvs_argv(char *a0) +{ + char *argv[32] = { "fips_algvs" }; + int argc = 1; + int main_ret; + + if (a0) { + char *scan = a0, *arg = a0; + + while (*scan) { + if (*scan++ == ' ') { + scan[-1] = '\0'; + argv[argc++] = arg; + if (argc == (sizeof(argv)/sizeof(argv[0])-1)) + break; + + while (*scan == ' ') scan++; + arg = scan; + } + } + if (*scan == '\0') argv[argc++] = arg; + } + + argv[argc] = NULL; + + main_ret = fips_algvs_main(argc, argv); + + if (a0) free(a0); + + return main_ret; +} + +int fips_algvs(int a0) +{ + return taskSpawn("fips_algvs", 100, (VX_FP_TASK | VX_SPE_TASK), 100000, + (FUNCPTR)fips_algvs_argv, + a0 ? strdup(a0) : 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); +} + +static FILE *fips_fopen(const char *path, const char *mode) +{ + char fips_path [256]; + + if (path[0] != '/' && strlen(path) < (sizeof(fips_path)-8)) { + strcpy(fips_path,"/fips0/"); + strcat(fips_path,path); + return fopen(fips_path,mode); + } + return fopen(path,mode); +} +#define fopen fips_fopen +#endif + #define FIPS_ALGVS extern int fips_aesavs_main(int argc, char **argv); @@ -265,6 +326,16 @@ int main(int argc, char **argv) SysInit(); #endif +#if (defined(__arm__) || defined(__aarch64__)) + if (*args && !strcmp(*args, "-noaccel")) + { + extern unsigned int OPENSSL_armcap_P; + + OPENSSL_armcap_P=0; + args++; + argc--; + } +#endif if (*args && *args[0] != '-') { rv = run_prg(argc - 1, args); diff --git a/util/incore b/util/incore index e6e6ecf..bb765b1 100755 --- a/util/incore +++ b/util/incore @@ -382,7 +382,7 @@ if (!$legacy_mode) { } $FINGERPRINT_ascii_value - = $exe->Lookup("FINGERPRINT_ascii_value") or die; + = $exe->Lookup("FINGERPRINT_ascii_value"); } if ($FIPS_text_startX && $FIPS_text_endX) { @@ -439,9 +439,12 @@ $fingerprint = FIPS_incore_fingerprint(); if ($legacy_mode) { print unpack("H*",$fingerprint); -} else { +} elsif (defined($FINGERPRINT_ascii_value)) { seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!"; print FD unpack("H*",$fingerprint) or die "$!"; +} else { + seek(FD,$FIPS_signature->{st_offset},0) or die "$!"; + print FD $fingerprint or die "$!"; } close (FD); From rsalz at openssl.org Wed May 13 16:52:20 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 16:52:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431535940.099222.9363.nullmailer@dev.openssl.org> The branch master has been updated via addaf977e2ddc7c8e8df8931a3091035cdf70052 (commit) from bd576049a9db8c6caca99c8f965663422658a464 (commit) - Log ----------------------------------------------------------------- commit addaf977e2ddc7c8e8df8931a3091035cdf70052 Author: Rich Salz Date: Tue May 12 14:13:01 2015 -0400 Remove some outdated #defines. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/bio.h | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/include/openssl/bio.h b/include/openssl/bio.h index 76b6662..ab37c87 100644 --- a/include/openssl/bio.h +++ b/include/openssl/bio.h @@ -212,21 +212,6 @@ extern "C" { # define BIO_FLAGS_UPLINK 0 # endif -/* Used in BIO_gethostbyname() */ -# define BIO_GHBN_CTRL_HITS 1 -# define BIO_GHBN_CTRL_MISSES 2 -# define BIO_GHBN_CTRL_CACHE_SIZE 3 -# define BIO_GHBN_CTRL_GET_ENTRY 4 -# define BIO_GHBN_CTRL_FLUSH 5 - -/* Mostly used in the SSL BIO */ -/*- - * Not used anymore - * #define BIO_FLAGS_PROTOCOL_DELAYED_READ 0x10 - * #define BIO_FLAGS_PROTOCOL_DELAYED_WRITE 0x20 - * #define BIO_FLAGS_PROTOCOL_STARTUP 0x40 - */ - # define BIO_FLAGS_BASE64_NO_NL 0x100 /* From rsalz at openssl.org Wed May 13 16:55:30 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 16:55:30 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431536130.176892.10419.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 76b49a8ad7759c2b702376d1ebc90008bdc26373 (commit) from 5e0ec9012bae4cc261ec300a0bf1432fbb13ee2a (commit) - Log ----------------------------------------------------------------- commit 76b49a8ad7759c2b702376d1ebc90008bdc26373 Author: Rich Salz Date: Tue May 12 11:49:32 2015 -0400 Add NULL checks from master The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell (cherry picked from commit f34b095fab1569d093b639bfcc9a77d6020148ff) ----------------------------------------------------------------------- Summary of changes: crypto/cmac/cmac.c | 2 ++ crypto/x509/x509_lu.c | 2 ++ crypto/x509/x509_vfy.c | 2 ++ 3 files changed, 6 insertions(+) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index c5597a3..774e6dc 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) void CMAC_CTX_free(CMAC_CTX *ctx) { + if (!ctx) + return; CMAC_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index a910636..8415d1d 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -216,6 +216,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 136bfbd..559b5cd 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1921,6 +1921,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } From rsalz at openssl.org Wed May 13 16:56:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 16:56:12 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1431536172.699281.10677.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 690d040b2e9df9c6ac19e1aab8f0cd79a84a2ee4 (commit) from 6c63867178c45f28a30b3c59f0bfadc5456a61b1 (commit) - Log ----------------------------------------------------------------- commit 690d040b2e9df9c6ac19e1aab8f0cd79a84a2ee4 Author: Rich Salz Date: Tue May 12 11:49:32 2015 -0400 Add NULL checks from master The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell (cherry picked from commit f34b095fab1569d093b639bfcc9a77d6020148ff) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 2 ++ crypto/x509/x509_vfy.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index a910636..8415d1d 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -216,6 +216,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 136bfbd..559b5cd 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1921,6 +1921,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } From rsalz at openssl.org Wed May 13 16:56:44 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 16:56:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1431536204.028290.10921.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via 155ca14ea9fa64808782eca2b29583cfd9ff4d7f (commit) from 303845a3b5ee7b999bf79e2e42c1489c2cc9f371 (commit) - Log ----------------------------------------------------------------- commit 155ca14ea9fa64808782eca2b29583cfd9ff4d7f Author: Rich Salz Date: Tue May 12 11:49:32 2015 -0400 Add NULL checks from master The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell (cherry picked from commit f34b095fab1569d093b639bfcc9a77d6020148ff) (cherry picked from commit 690d040b2e9df9c6ac19e1aab8f0cd79a84a2ee4) ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509_lu.c | 2 ++ crypto/x509/x509_vfy.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 684ef5f..a1afb6c 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -214,6 +214,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index e11cd5d..4fa493c 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1304,6 +1304,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } From rsalz at openssl.org Wed May 13 16:56:51 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 16:56:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431536211.627496.11159.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f34b095fab1569d093b639bfcc9a77d6020148ff (commit) from d3bb25e30ac1e07ce3b163655d8d33bc9f1186e3 (commit) - Log ----------------------------------------------------------------- commit f34b095fab1569d093b639bfcc9a77d6020148ff Author: Rich Salz Date: Tue May 12 11:49:32 2015 -0400 Add NULL checks from master The big "don't check for NULL" cleanup requires backporting some of the lowest-level functions to actually do nothing if NULL is given. This will make it easier to backport fixes to release branches, where master assumes those lower-level functions are "safe" This commit addresses those tickets: 3798 3799 3801. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/cmac/cmac.c | 2 ++ crypto/x509/x509_lu.c | 2 ++ crypto/x509/x509_vfy.c | 2 ++ 3 files changed, 6 insertions(+) diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index c5597a3..774e6dc 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -126,6 +126,8 @@ EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx) void CMAC_CTX_free(CMAC_CTX *ctx) { + if (!ctx) + return; CMAC_CTX_cleanup(ctx); OPENSSL_free(ctx); } diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index ff1fa97..b0d6539 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -216,6 +216,8 @@ X509_STORE *X509_STORE_new(void) static void cleanup(X509_OBJECT *a) { + if (!a) + return; if (a->type == X509_LU_X509) { X509_free(a->data.x509); } else if (a->type == X509_LU_CRL) { diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index f3e9c56..b4e7983 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -2206,6 +2206,8 @@ X509_STORE_CTX *X509_STORE_CTX_new(void) void X509_STORE_CTX_free(X509_STORE_CTX *ctx) { + if (!ctx) + return; X509_STORE_CTX_cleanup(ctx); OPENSSL_free(ctx); } From rsalz at openssl.org Wed May 13 17:00:45 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 17:00:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431536445.966682.11831.nullmailer@dev.openssl.org> The branch master has been updated via c490a5512e988559a830c15b8efb1d0376f2e282 (commit) from addaf977e2ddc7c8e8df8931a3091035cdf70052 (commit) - Log ----------------------------------------------------------------- commit c490a5512e988559a830c15b8efb1d0376f2e282 Author: Rich Salz Date: Fri May 8 16:06:50 2015 -0400 RT1207: document SSL_COMP_free_compression_methods. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_COMP_add_compression_method.pod | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index f4d191c..2bb4403 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods +SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods - handle SSL/TLS integrated compression methods =head1 SYNOPSIS @@ -10,6 +10,8 @@ SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +void SSL_COMP_free_compression_methods(void); + =head1 DESCRIPTION SSL_COMP_add_compression_method() adds the compression method B with @@ -17,6 +19,10 @@ the identifier B to the list of available compression methods. This list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects. +SSL_COMP_free_compression_methods() frees the internal table of +compression methods that were built internally, and possibly +augmented by adding SSL_COMP_add_compression_method(). + =head1 NOTES The TLS standard (or SSLv3) allows the integration of compression methods @@ -38,8 +44,8 @@ its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. -The OpenSSL library has the compression methods B and (when -especially enabled during compilation) B available. +If enabled during compilation, the OpenSSL library will have the +COMP_zlib() compression method available. =head1 WARNINGS From rsalz at openssl.org Wed May 13 17:03:42 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 17:03:42 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431536622.685178.19530.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c59bd61b2efe023775fdc85b8452399fe551fb58 (commit) from f34b095fab1569d093b639bfcc9a77d6020148ff (commit) - Log ----------------------------------------------------------------- commit c59bd61b2efe023775fdc85b8452399fe551fb58 Author: Rich Salz Date: Fri May 8 16:06:50 2015 -0400 RT1207: document SSL_COMP_free_compression_methods. Reviewed-by: Matt Caswell (cherry picked from commit c490a5512e988559a830c15b8efb1d0376f2e282) ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_COMP_add_compression_method.pod | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/doc/ssl/SSL_COMP_add_compression_method.pod b/doc/ssl/SSL_COMP_add_compression_method.pod index f4d191c..2bb4403 100644 --- a/doc/ssl/SSL_COMP_add_compression_method.pod +++ b/doc/ssl/SSL_COMP_add_compression_method.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods +SSL_COMP_add_compression_method, SSL_COMP_free_compression_methods - handle SSL/TLS integrated compression methods =head1 SYNOPSIS @@ -10,6 +10,8 @@ SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm); + +void SSL_COMP_free_compression_methods(void); + =head1 DESCRIPTION SSL_COMP_add_compression_method() adds the compression method B with @@ -17,6 +19,10 @@ the identifier B to the list of available compression methods. This list is globally maintained for all SSL operations within this application. It cannot be set for specific SSL_CTX or SSL objects. +SSL_COMP_free_compression_methods() frees the internal table of +compression methods that were built internally, and possibly +augmented by adding SSL_COMP_add_compression_method(). + =head1 NOTES The TLS standard (or SSLv3) allows the integration of compression methods @@ -38,8 +44,8 @@ its own compression methods and will unconditionally activate compression when a matching identifier is found. There is no way to restrict the list of compression methods supported on a per connection basis. -The OpenSSL library has the compression methods B and (when -especially enabled during compilation) B available. +If enabled during compilation, the OpenSSL library will have the +COMP_zlib() compression method available. =head1 WARNINGS From rsalz at openssl.org Wed May 13 17:05:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 17:05:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431536719.391260.19829.nullmailer@dev.openssl.org> The branch master has been updated via 580139bd5b46c856b4c613fac6c27b011ec2e949 (commit) from c490a5512e988559a830c15b8efb1d0376f2e282 (commit) - Log ----------------------------------------------------------------- commit 580139bd5b46c856b4c613fac6c27b011ec2e949 Author: Rich Salz Date: Fri May 8 12:23:56 2015 -0400 RT3841: memset() cipher_data when allocated If an EVP implementation (such as an engine) fails out early, it's possible to call EVP_CIPHER_CTX_cleanup() which will call ctx->cipher->cleanup() before the cipher_data has been initialized via ctx->cipher->init(). Guarantee it's all-bytes-zero as soon as it is allocated. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index 242874c..aea7acc 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -165,6 +165,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE); return 0; } + memset(ctx->cipher_data, 0, ctx->cipher->ctx_size); } else { ctx->cipher_data = NULL; } From rsalz at openssl.org Wed May 13 17:19:51 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 17:19:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431537591.625231.21786.nullmailer@dev.openssl.org> The branch master has been updated via fc3cec53501ec226a493b0b04b9dd0a6f7944b0f (commit) from 580139bd5b46c856b4c613fac6c27b011ec2e949 (commit) - Log ----------------------------------------------------------------- commit fc3cec53501ec226a493b0b04b9dd0a6f7944b0f Author: Rich Salz Date: Fri May 1 23:36:11 2015 -0400 Fix ocsp bugs Various bugs found by Viktor, Emilia, Matt, etc. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 58 +++++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/apps/ocsp.c b/apps/ocsp.c index d4538a8..4d44da8 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1035,21 +1035,26 @@ static BIO *init_responder(const char *port) } -static char *urldecode(char *p) +/* + * Decode %xx URL-decoding in-place. Ignores mal-formed sequences. + */ +static int urldecode(char *p) { unsigned char *out = (unsigned char *)p; - char *save = p; + unsigned char *save = out; for (; *p; p++) { if (*p != '%') *out++ = *p; - else if (p[1] && p[2]) { + else if (isxdigit(p[1]) && isxdigit(p[2])) { *out++ = (app_hex(p[1]) << 4) | app_hex(p[2]); p += 2; } + else + return -1; } - *p = '\0'; - return save; + *out = '\0'; + return (int)(out - save); } static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, @@ -1057,7 +1062,7 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, { int len; OCSP_REQUEST *req = NULL; - char inbuf[2048]; + char inbuf[2048], reqbuf[2048]; char *p, *q; BIO *cbio = NULL, *getbio = NULL, *b64 = NULL; @@ -1071,40 +1076,51 @@ static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, *pcbio = cbio; /* Read the request line. */ - len = BIO_gets(cbio, inbuf, sizeof inbuf); + len = BIO_gets(cbio, reqbuf, sizeof reqbuf); if (len <= 0) return 1; - if (strncmp(inbuf, "GET", 3) == 0) { + if (strncmp(reqbuf, "GET ", 4) == 0) { /* Expecting GET {sp} /URL {sp} HTTP/1.x */ - for (p = inbuf + 3; *p == ' ' || *p == '\t'; ++p) + for (p = reqbuf + 4; *p == ' '; ++p) continue; - if (*p) { - /* Move past the slash before the URL part. */ - p++; + if (*p != '/') { + BIO_printf(bio_err, "Invalid request -- bad URL\n"); + return 1; } + p++; + /* Splice off the HTTP version identifier. */ for (q = p; *q; q++) - if (*q == ' ' || *q == '\t') + if (*q == ' ') break; - if (*q == '\0') { - BIO_printf(bio_err, "Invalid request\n"); + if (strncmp(q, " HTTP/1.", 8) != 0) { + BIO_printf(bio_err, "Invalid request -- bad HTTP vesion\n"); return 1; } *q = '\0'; - p = urldecode(p); - getbio = BIO_new_mem_buf(p, strlen(p)); - b64 = BIO_new(BIO_f_base64()); + len = urldecode(p); + if (len <= 0) { + BIO_printf(bio_err, "Invalid request -- bad URL encoding\n"); + return 1; + } + if ((getbio = BIO_new_mem_buf(p, len)) == NULL + || (b64 = BIO_new(BIO_f_base64())) == NULL) { + BIO_printf(bio_err, "Could not allocate memory\n"); + ERR_print_errors(bio_err); + return 1; + } BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); getbio = BIO_push(b64, getbio); - } else if (strncmp(inbuf, "POST", 4) != 0) { - BIO_printf(bio_err, "Invalid request\n"); + } else if (strncmp(reqbuf, "POST ", 5) != 0) { + BIO_printf(bio_err, "Invalid request -- bad HTTP verb\n"); return 1; } + + /* Read and skip past the headers. */ for (;;) { len = BIO_gets(cbio, inbuf, sizeof inbuf); if (len <= 0) return 1; - /* Look for end of headers */ if ((inbuf[0] == '\r') || (inbuf[0] == '\n')) break; } From rsalz at openssl.org Wed May 13 18:42:19 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 13 May 2015 18:42:19 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431542539.692797.30935.nullmailer@dev.openssl.org> The branch master has been updated via 98cd49db1df8091ac10459f75d07f7eb53e82d6c (commit) from fc3cec53501ec226a493b0b04b9dd0a6f7944b0f (commit) - Log ----------------------------------------------------------------- commit 98cd49db1df8091ac10459f75d07f7eb53e82d6c Author: Rich Salz Date: Wed May 13 14:41:53 2015 -0400 Add missing ctype.h Had old patch, forgot to push/patch this to master Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/ocsp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/ocsp.c b/apps/ocsp.c index 4d44da8..d52da18 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -68,6 +68,7 @@ # include # include # include +# include # include "apps.h" /* needs to be included before the openssl * headers! */ # include From steve at openssl.org Thu May 14 01:07:27 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 14 May 2015 01:07:27 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431565647.197450.7431.nullmailer@dev.openssl.org> The branch master has been updated via 1c7b2c0ed5d02d0d60179e0df0c49ef3f659fa77 (commit) via c1a623c55ad4b9e184438653d55f7853ee48ba29 (commit) from 98cd49db1df8091ac10459f75d07f7eb53e82d6c (commit) - Log ----------------------------------------------------------------- commit 1c7b2c0ed5d02d0d60179e0df0c49ef3f659fa77 Author: Dr. Stephen Henson Date: Wed May 13 17:47:13 2015 +0100 use unit64_t for CPUID and timestamp code Reviewed-by: Matt Caswell commit c1a623c55ad4b9e184438653d55f7853ee48ba29 Author: Dr. Stephen Henson Date: Wed May 13 17:34:53 2015 +0100 Allow use of standard integer types. Include appropriate headers for standard integer types in e_os2.h This should use stdint.h, inttypes.h or a workaround for systems which have neither. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/cryptlib.c | 6 +----- crypto/x509v3/v3_scts.c | 28 ++++++++++------------------ include/openssl/e_os2.h | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 23 deletions(-) diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 3742ff2..69883ab 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -134,11 +134,7 @@ unsigned int *OPENSSL_ia32cap_loc(void) # if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) # define OPENSSL_CPUID_SETUP -# if defined(_WIN32) -typedef unsigned __int64 IA32CAP; -# else -typedef unsigned long long IA32CAP; -# endif +typedef uint64_t IA32CAP; void OPENSSL_cpuid_setup(void) { static int trigger = 0; diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index a9e1a97..e9ee668 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -71,22 +71,14 @@ #define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ (((unsigned int)(c[1])) )),c+=2) -#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__) -# define SCT_TIMESTAMP unsigned __int64 -#elif defined(__arch64__) -# define SCT_TIMESTAMP unsigned long -#else -# define SCT_TIMESTAMP unsigned long long -#endif - -#define n2l8(c,l) (l =((SCT_TIMESTAMP)(*((c)++)))<<56, \ - l|=((SCT_TIMESTAMP)(*((c)++)))<<48, \ - l|=((SCT_TIMESTAMP)(*((c)++)))<<40, \ - l|=((SCT_TIMESTAMP)(*((c)++)))<<32, \ - l|=((SCT_TIMESTAMP)(*((c)++)))<<24, \ - l|=((SCT_TIMESTAMP)(*((c)++)))<<16, \ - l|=((SCT_TIMESTAMP)(*((c)++)))<< 8, \ - l|=((SCT_TIMESTAMP)(*((c)++)))) +#define n2l8(c,l) (l =((uint64_t)(*((c)++)))<<56, \ + l|=((uint64_t)(*((c)++)))<<48, \ + l|=((uint64_t)(*((c)++)))<<40, \ + l|=((uint64_t)(*((c)++)))<<32, \ + l|=((uint64_t)(*((c)++)))<<24, \ + l|=((uint64_t)(*((c)++)))<<16, \ + l|=((uint64_t)(*((c)++)))<< 8, \ + l|=((uint64_t)(*((c)++)))) typedef struct SCT_st { /* The encoded SCT */ @@ -99,7 +91,7 @@ typedef struct SCT_st { unsigned char version; unsigned char *logid; unsigned short logidlen; - SCT_TIMESTAMP timestamp; + uint64_t timestamp; unsigned char *ext; unsigned short extlen; unsigned char hash_alg; @@ -149,7 +141,7 @@ static void tls12_signature_print(BIO *out, const unsigned char hash_alg, BIO_printf(out, "%s", OBJ_nid2ln(nid)); } -static void timestamp_print(BIO *out, SCT_TIMESTAMP timestamp) +static void timestamp_print(BIO *out, uint64_t timestamp) { ASN1_GENERALIZEDTIME *gen; char genstr[20]; diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 12bad8a..9df7d53 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -268,6 +268,45 @@ extern "C" { # define __owur # endif +/* Standard integer types */ +# if defined(__osf__) || defined(__sgi) || defined(__hpux) || defined(OPENSSL_SYS_VMS) +# include +# elif defined(_MSC_VER) && _MSC_VER<=1500 +/* + * minimally required typdefs for systems not supporting inttypes.h or + * stdint.h: currently just older VC++ + */ +typedef signed char int8_t; +typedef unsigned char uint8_t; +typedef short int16_t; +typedef unsigned short uint16_t; +typedef int int32_t; +typedef unsigned int uint32_t; +typedef __int64 int64_t; +typedef unsigned __int64 uint64_t; + +# include + +# define INT8_MAX SCHAR_MAX +# define INT8_MIN SCHAR_MIN +# define UINT8_MAX UCHAR_MAX + +# define INT16_MAX SHRT_MAX +# define INT16_MIN SHRT_MIN +# define UINT16_MAX USHRT_MAX + +# define INT32_MAX INT_MAX +# define INT32_MIN INT_MIN +# define UINT32_MAX UINT_MAX + +# define INT64_MAX _I64_MAX +# define INT64_MIN _I64_MIN +# define UINT64_MAX _UI64_MAX + +# else +# include +# endif + #ifdef __cplusplus } #endif From levitte at openssl.org Thu May 14 10:24:02 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2015 10:24:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431599042.622757.5732.nullmailer@dev.openssl.org> The branch master has been updated via 167f6c93b00e1184b89d6a5c7a1ed22dbab03c68 (commit) from 1c7b2c0ed5d02d0d60179e0df0c49ef3f659fa77 (commit) - Log ----------------------------------------------------------------- commit 167f6c93b00e1184b89d6a5c7a1ed22dbab03c68 Author: Richard Levitte Date: Thu May 14 08:44:06 2015 +0200 Move definition of INTxx_MIN et al to internal header Having the INTxx_MIN et al macros defined in a public header is unnecessary and risky. Also, it wasn't done for all platforms that might need it. So we move those numbers to an internal header file, do the math ourselves and make sure to account for the integer representations we know of. This introduces include/internal, which is unproblematic since we already use -I$(TOP)/include everywhere. This directory is different from crypto/include/internal, as the former is more general internal headers for all of OpenSSL, while the latter is for libcrypto only. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: .../rsa/rsa_depr.c => include/internal/numbers.h | 106 +++++++++++---------- include/openssl/e_os2.h | 19 ---- 2 files changed, 54 insertions(+), 71 deletions(-) copy crypto/rsa/rsa_depr.c => include/internal/numbers.h (62%) diff --git a/crypto/rsa/rsa_depr.c b/include/internal/numbers.h similarity index 62% copy from crypto/rsa/rsa_depr.c copy to include/internal/numbers.h index 042b2b7..1f79ef7 100644 --- a/crypto/rsa/rsa_depr.c +++ b/include/internal/numbers.h @@ -1,6 +1,5 @@ -/* crypto/rsa/rsa_depr.c */ /* ==================================================================== - * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -53,55 +52,58 @@ * */ -/* - * NB: This file contains deprecated functions (compatibility wrappers to the - * "new" versions). - */ +#ifndef HEADER_NUMBERS_H +# define HEADER_NUMBERS_H + +# include + +# if (-1 & 3) == 0x03 /* Two's complement */ + +# define __MAXUINT__(T) ((T) -1) +# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +# define __MININT__(T) (-__MAXINT__(T) - 1) + +# elif (-1 & 3) == 0x02 /* One's complement */ + +# define __MAXUINT__(T) (((T) -1) + 1) +# define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) +# define __MININT__(T) (-__MAXINT__(T)) + +# elif (-1 & 3) == 0x01 /* Sign/magnitude */ + +# define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) +# define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) +# define __MININT__(T) (-__MAXINT__(T)) + +# else + +# error "do not know the integer encoding on this architecture" + +# endif + +# ifndef INT8_MAX +# define INT8_MIN __MININT__(int8_t) +# define INT8_MAX __MAXINT__(int8_t) +# define UINT8_MAX __MAXUINT__(uint8_t) +# endif + +# ifndef INT16_MAX +# define INT16_MIN __MININT__(int16_t) +# define INT16_MAX __MAXINT__(int16_t) +# define UINT16_MAX __MAXUINT__(uint16_t) +# endif + +# ifndef INT32_MAX +# define INT32_MIN __MININT__(int32_t) +# define INT32_MAX __MAXINT__(int32_t) +# define UINT32_MAX __MAXUINT__(uint32_t) +# endif + +# ifndef INT64_MAX +# define INT64_MIN __MININT__(int64_t) +# define INT64_MAX __MAXINT__(int64_t) +# define UINT64_MAX __MAXUINT__(uint64_t) +# endif -#include -#include -#include "cryptlib.h" -#include -#include - -#ifdef OPENSSL_NO_DEPRECATED - -static void *dummy = &dummy; - -#else - -RSA *RSA_generate_key(int bits, unsigned long e_value, - void (*callback) (int, int, void *), void *cb_arg) -{ - int i; - BN_GENCB *cb = BN_GENCB_new(); - RSA *rsa = RSA_new(); - BIGNUM *e = BN_new(); - - if (!cb || !rsa || !e) - goto err; - - /* - * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long - * can be larger - */ - for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) { - if (e_value & (1UL << i)) - if (BN_set_bit(e, i) == 0) - goto err; - } - - BN_GENCB_set_old(cb, callback, cb_arg); - - if (RSA_generate_key_ex(rsa, bits, e, cb)) { - BN_free(e); - BN_GENCB_free(cb); - return rsa; - } - err: - BN_free(e); - RSA_free(rsa); - BN_GENCB_free(cb); - return 0; -} #endif + diff --git a/include/openssl/e_os2.h b/include/openssl/e_os2.h index 9df7d53..eef2a0b 100644 --- a/include/openssl/e_os2.h +++ b/include/openssl/e_os2.h @@ -284,25 +284,6 @@ typedef int int32_t; typedef unsigned int uint32_t; typedef __int64 int64_t; typedef unsigned __int64 uint64_t; - -# include - -# define INT8_MAX SCHAR_MAX -# define INT8_MIN SCHAR_MIN -# define UINT8_MAX UCHAR_MAX - -# define INT16_MAX SHRT_MAX -# define INT16_MIN SHRT_MIN -# define UINT16_MAX USHRT_MAX - -# define INT32_MAX INT_MAX -# define INT32_MIN INT_MIN -# define UINT32_MAX UINT_MAX - -# define INT64_MAX _I64_MAX -# define INT64_MIN _I64_MIN -# define UINT64_MAX _UI64_MAX - # else # include # endif From levitte at openssl.org Thu May 14 13:28:31 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2015 13:28:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431610111.784858.24334.nullmailer@dev.openssl.org> The branch master has been updated via c40dba984a626fb622bb4264bd8e297236bbfd2b (commit) via 685707979100dcb344f3d5f29940afcb1e7a92c2 (commit) from 167f6c93b00e1184b89d6a5c7a1ed22dbab03c68 (commit) - Log ----------------------------------------------------------------- commit c40dba984a626fb622bb4264bd8e297236bbfd2b Author: Richard Levitte Date: Thu May 14 14:58:15 2015 +0200 make depend Reviewed-by: Matt Caswell commit 685707979100dcb344f3d5f29940afcb1e7a92c2 Author: Richard Levitte Date: Thu May 14 14:54:49 2015 +0200 Identify and move OpenSSL internal header files There are header files in crypto/ that are used by the rest of OpenSSL. Move those to include/internal and adapt the affected source code, Makefiles and scripts. The header files that got moved are: crypto/constant_time_locl.h crypto/o_dir.h crypto/o_str.h Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 11 ++- crypto/o_dir.c | 2 +- crypto/o_dir_test.c | 2 +- crypto/o_str.c | 2 +- crypto/rsa/Makefile | 34 ++++----- crypto/rsa/rsa_oaep.c | 2 +- crypto/rsa/rsa_pk1.c | 2 +- e_os.h | 4 +- {crypto => include/internal}/constant_time_locl.h | 0 {crypto => include/internal}/o_dir.h | 0 {crypto => include/internal}/o_str.h | 0 ssl/Makefile | 93 ++++++++++++----------- ssl/record/ssl3_record.c | 2 +- ssl/s3_cbc.c | 2 +- ssl/s3_srvr.c | 2 +- ssl/ssl_cert.c | 2 +- test/Makefile | 2 +- test/constant_time_test.c | 2 +- util/mkdef.pl | 4 +- 19 files changed, 84 insertions(+), 84 deletions(-) rename {crypto => include/internal}/constant_time_locl.h (100%) rename {crypto => include/internal}/o_dir.h (100%) rename {crypto => include/internal}/o_str.h (100%) diff --git a/crypto/Makefile b/crypto/Makefile index 5270d75..33ec1b8 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -43,8 +43,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \ SRC= $(LIBSRC) -HEADER= cryptlib.h buildinf.h md32_common.h o_str.h o_dir.h \ - constant_time_locl.h +HEADER= cryptlib.h buildinf.h md32_common.h ALL= $(GENERAL) $(SRC) $(HEADER) @@ -183,8 +182,8 @@ mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h mem_dbg.o: mem_dbg.c -o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h -o_dir.o: LPdir_unix.c o_dir.c o_dir.h +o_dir.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/e_os2.h +o_dir.o: ../include/openssl/opensslconf.h LPdir_unix.c o_dir.c o_fips.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h o_fips.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h o_fips.o: ../include/openssl/err.h ../include/openssl/lhash.h @@ -198,8 +197,8 @@ o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h o_init.o: ../include/openssl/symhacks.h o_init.c -o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h -o_str.o: o_str.c o_str.h +o_str.o: ../e_os.h ../include/internal/o_str.h ../include/openssl/e_os2.h +o_str.o: ../include/openssl/opensslconf.h o_str.c o_time.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h o_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h o_time.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/crypto/o_dir.c b/crypto/o_dir.c index 2624244..7bff74e 100644 --- a/crypto/o_dir.c +++ b/crypto/o_dir.c @@ -70,7 +70,7 @@ #define LP_find_file OPENSSL_DIR_read #define LP_find_file_end OPENSSL_DIR_end -#include "o_dir.h" +#include "internal/o_dir.h" #define LPDIR_H #if defined OPENSSL_SYS_UNIX || defined DJGPP diff --git a/crypto/o_dir_test.c b/crypto/o_dir_test.c index 7cdbbbc..733ffec 100644 --- a/crypto/o_dir_test.c +++ b/crypto/o_dir_test.c @@ -36,7 +36,7 @@ #include #include #include "e_os2.h" -#include "o_dir.h" +#include "internal/o_dir.h" #if defined OPENSSL_SYS_UNIX || defined OPENSSL_SYS_WIN32 || defined OPENSSL_SYS_WINCE # define CURRDIR "." diff --git a/crypto/o_str.c b/crypto/o_str.c index 16fd4e4..f2f9404 100644 --- a/crypto/o_str.c +++ b/crypto/o_str.c @@ -59,7 +59,7 @@ #include #include -#include "o_str.h" +#include "internal/o_str.h" #if !defined(OPENSSL_IMPLEMENTS_strncasecmp) && \ !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_WINCE) && \ diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index be8dc75..b075f6a 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -181,27 +181,27 @@ rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c -rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -rsa_oaep.o: ../../include/openssl/opensslconf.h +rsa_oaep.o: ../../e_os.h ../../include/internal/constant_time_locl.h +rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_oaep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../constant_time_locl.h ../cryptlib.h rsa_oaep.c -rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h -rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h -rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h -rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_pk1.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +rsa_oaep.o: ../cryptlib.h rsa_oaep.c +rsa_pk1.o: ../../e_os.h ../../include/internal/constant_time_locl.h +rsa_pk1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_pk1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +rsa_pk1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h +rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rsa_pk1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_pk1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h +rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_pk1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_pk1.o: ../cryptlib.h rsa_pk1.c rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index d988d6c..6edfb41 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -17,7 +17,7 @@ * one-wayness. For the RSA function, this is an equivalent notion. */ -#include "constant_time_locl.h" +#include "internal/constant_time_locl.h" #include #include "cryptlib.h" diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 1bda998..e32a1d5 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "constant_time_locl.h" +#include "internal/constant_time_locl.h" #include #include "cryptlib.h" diff --git a/e_os.h b/e_os.h index 7f94bfc..4c1b4aa 100644 --- a/e_os.h +++ b/e_os.h @@ -605,7 +605,7 @@ extern int sys_nerr; # define strerror(errnum) \ (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) /* Being signed SunOS 4.x memcpy breaks ASN1_OBJECT table lookup */ -# include "crypto/o_str.h" +# include "internal/o_str.h" # define memcmp OPENSSL_memcmp # endif @@ -624,7 +624,7 @@ extern int sys_nerr; # define strncasecmp _strnicmp # elif defined(OPENSSL_SYS_VMS) /* VMS below version 7.0 doesn't have strcasecmp() */ -# include "o_str.h" +# include "internal/o_str.h" # define strcasecmp OPENSSL_strcasecmp # define strncasecmp OPENSSL_strncasecmp # define OPENSSL_IMPLEMENTS_strncasecmp diff --git a/crypto/constant_time_locl.h b/include/internal/constant_time_locl.h similarity index 100% rename from crypto/constant_time_locl.h rename to include/internal/constant_time_locl.h diff --git a/crypto/o_dir.h b/include/internal/o_dir.h similarity index 100% rename from crypto/o_dir.h rename to include/internal/o_dir.h diff --git a/crypto/o_str.h b/include/internal/o_str.h similarity index 100% rename from crypto/o_str.h rename to include/internal/o_str.h diff --git a/ssl/Makefile b/ssl/Makefile index 18b17d2..bb00516 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -5,7 +5,7 @@ DIR= ssl TOP= .. CC= cc -INCLUDES= -I../crypto -I$(TOP) -I../include +INCLUDES= -I$(TOP) -I../include CFLAG=-g MAKEFILE= Makefile AR= ar r @@ -430,26 +430,27 @@ s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.o: record/record.h s3_both.c ssl_locl.h -s3_cbc.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h -s3_cbc.o: ../include/openssl/bio.h ../include/openssl/buffer.h -s3_cbc.o: ../include/openssl/comp.h ../include/openssl/crypto.h -s3_cbc.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -s3_cbc.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s3_cbc.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -s3_cbc.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_cbc.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_cbc.o: ../include/openssl/x509_vfy.h record/record.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../e_os.h ../include/internal/constant_time_locl.h +s3_cbc.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h +s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h +s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s3_cbc.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s3_cbc.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_cbc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_cbc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_cbc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h +s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h +s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -550,28 +551,28 @@ s3_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_msg.o: ../include/openssl/x509_vfy.h record/record.h s3_msg.c ssl_locl.h -s3_srvr.o: ../crypto/constant_time_locl.h ../e_os.h ../include/openssl/asn1.h -s3_srvr.o: ../include/openssl/bio.h ../include/openssl/bn.h -s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/dh.h -s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h -s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/ec.h -s3_srvr.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h -s3_srvr.o: ../include/openssl/err.h ../include/openssl/evp.h -s3_srvr.o: ../include/openssl/hmac.h ../include/openssl/lhash.h -s3_srvr.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s3_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_srvr.o: record/record.h s3_srvr.c ssl_locl.h +s3_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h +s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h +s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h +s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h +s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h +s3_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h +s3_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h +s3_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h +s3_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h +s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md5.h +s3_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h +s3_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h +s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h +s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h +s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h +s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h +s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h +s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h +s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_srvr.o: ../include/openssl/x509_vfy.h record/record.h s3_srvr.c ssl_locl.h ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl3_buffer.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -593,7 +594,8 @@ ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../record/record.h ssl3_buffer.o: record/../ssl_locl.h record/record_locl.h record/ssl3_buffer.c ssl3_buffer.o: ssl3_buffer.c -ssl3_record.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h +ssl3_record.o: ../e_os.h ../include/internal/constant_time_locl.h +ssl3_record.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_record.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl3_record.o: ../include/openssl/crypto.h ../include/openssl/dsa.h ssl3_record.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h @@ -612,7 +614,6 @@ ssl3_record.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl3_record.o: record/../../crypto/constant_time_locl.h ssl3_record.o: record/../record/record.h record/../ssl_locl.h ssl3_record.o: record/record_locl.h record/ssl3_record.c ssl3_record.c ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h @@ -654,7 +655,7 @@ ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.o: record/record.h ssl_asn1.c ssl_locl.h -ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h +ssl_cert.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_cert.o: ../include/openssl/conf.h ../include/openssl/crypto.h diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index db6d4e7..0328127 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -110,7 +110,7 @@ */ #include "../ssl_locl.h" -#include "../../crypto/constant_time_locl.h" +#include "internal/constant_time_locl.h" #include #include "record_locl.h" diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c index ac0c5f3..f7997ea 100644 --- a/ssl/s3_cbc.c +++ b/ssl/s3_cbc.c @@ -53,7 +53,7 @@ * */ -#include "../crypto/constant_time_locl.h" +#include "internal/constant_time_locl.h" #include "ssl_locl.h" #include diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 04dbb7a..4ee45eb 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -151,7 +151,7 @@ #include #include "ssl_locl.h" -#include "../crypto/constant_time_locl.h" +#include "internal/constant_time_locl.h" #include #include #include diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 38e7b82..d8b47e6 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -123,7 +123,7 @@ # include #endif -#include "o_dir.h" +#include "internal/o_dir.h" #include #include #include diff --git a/test/Makefile b/test/Makefile index 4c1d9d0..01724aa 100644 --- a/test/Makefile +++ b/test/Makefile @@ -608,7 +608,7 @@ bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h bntest.o: ../include/openssl/x509_vfy.h bntest.c casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h casttest.o: ../include/openssl/opensslconf.h casttest.c -constant_time_test.o: ../crypto/constant_time_locl.h ../e_os.h +constant_time_test.o: ../e_os.h ../include/internal/constant_time_locl.h constant_time_test.o: ../include/openssl/e_os2.h constant_time_test.o: ../include/openssl/opensslconf.h constant_time_test.c destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h diff --git a/test/constant_time_test.c b/test/constant_time_test.c index bdb2702..ed3d7ea 100644 --- a/test/constant_time_test.c +++ b/test/constant_time_test.c @@ -44,7 +44,7 @@ * [including the GNU Public Licence.] */ -#include "../crypto/constant_time_locl.h" +#include "internal/constant_time_locl.h" #include #include diff --git a/util/mkdef.pl b/util/mkdef.pl index 6c4ce3f..18bc1ab 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -262,8 +262,8 @@ $ssl.=" include/openssl/srtp.h"; my $crypto ="include/openssl/crypto.h"; $crypto.=" crypto/cryptlib.h"; -$crypto.=" crypto/o_dir.h"; -$crypto.=" crypto/o_str.h"; +$crypto.=" include/internal/o_dir.h"; +$crypto.=" include/internal/o_str.h"; $crypto.=" include/openssl/des.h" ; # unless $no_des; $crypto.=" include/openssl/idea.h" ; # unless $no_idea; $crypto.=" include/openssl/rc4.h" ; # unless $no_rc4; From levitte at openssl.org Thu May 14 15:03:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2015 15:03:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431615822.283788.2854.nullmailer@dev.openssl.org> The branch master has been updated via 7a05eaac5e15e327b7c51258bf892c8ae5b1d956 (commit) from c40dba984a626fb622bb4264bd8e297236bbfd2b (commit) - Log ----------------------------------------------------------------- commit 7a05eaac5e15e327b7c51258bf892c8ae5b1d956 Author: Richard Levitte Date: Thu May 14 15:55:59 2015 +0200 Adjust unixly mk1mf after introduction of tkey Added depencies on the public variants of some keys in test to Makefile. Added the newly introduced key files from test/ in the list of files to copy in util/pl/unix.pl. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: test/Makefile | 6 +++--- util/pl/unix.pl | 6 ++++++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/test/Makefile b/test/Makefile index 01724aa..6c973ad 100644 --- a/test/Makefile +++ b/test/Makefile @@ -245,7 +245,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx509 testx509.pem v3-cert1.pem v3-cert2.pe @echo $(START) $@ -- second x509v3 certificate sh ./tx509 v3-cert2.pem -test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) tkey testrsa.pem +test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) tkey testrsa.pem testrsapub.pem @echo $(START) $@ ../util/shlib_wrap.sh ./$(RSATEST) @echo $(START) $@ -- private key @@ -282,7 +282,7 @@ test_bn: $(BNTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) bctest @echo $(START) $@ -- $(EXPTEST) ../util/shlib_wrap.sh ./$(EXPTEST) -test_ec: $(ECTEST)$(EXE_EXT) tkey testec-p256.pem +test_ec: $(ECTEST)$(EXE_EXT) tkey testec-p256.pem testecpub-p256.pem @echo $(START) $@ ../util/shlib_wrap.sh ./$(ECTEST) @echo $(START) $@ -- private @@ -306,7 +306,7 @@ test_dh: $(DHTEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(DHTEST) -test_dsa: $(DSATEST)$(EXE_EXT) tkey testdsa.pem +test_dsa: $(DSATEST)$(EXE_EXT) tkey testdsa.pem testdsapub.pem @echo $(START) $@ ../util/shlib_wrap.sh ./$(DSATEST) @echo $(START) $@ -- app2_1 diff --git a/util/pl/unix.pl b/util/pl/unix.pl index 652e7ee..40bbe0d 100644 --- a/util/pl/unix.pl +++ b/util/pl/unix.pl @@ -393,6 +393,7 @@ sub get_tests 'treq', 'tpkcs7', 'tpkcs7d', + 'tkey', 'testcrl.pem', 'testx509.pem', 'v3-cert1.pem', @@ -401,7 +402,12 @@ sub get_tests 'testp7.pem', 'pkcs7-1.pem', 'trsa', + 'testdsa.pem', + 'testdsapub.pem', + 'testec-p256.pem', + 'testecpub-p256.pem', 'testrsa.pem', + 'testrsapub.pem', 'testsid.pem', 'testss', 'testssl', From levitte at openssl.org Thu May 14 15:22:55 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2015 15:22:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431616975.389884.5866.nullmailer@dev.openssl.org> The branch master has been updated via b39fc560612984e65ec30d7f37487303bf514fb3 (commit) from 7a05eaac5e15e327b7c51258bf892c8ae5b1d956 (commit) - Log ----------------------------------------------------------------- commit b39fc560612984e65ec30d7f37487303bf514fb3 Author: Richard Levitte Date: Thu May 14 16:56:48 2015 +0200 Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 2 +- crypto/aes/aes_ige.c | 2 +- crypto/aes/aes_wrap.c | 2 +- crypto/asn1/a_bitstr.c | 2 +- crypto/asn1/a_d2i_fp.c | 2 +- crypto/asn1/a_digest.c | 2 +- crypto/asn1/a_dup.c | 2 +- crypto/asn1/a_enum.c | 2 +- crypto/asn1/a_gentm.c | 2 +- crypto/asn1/a_i2d_fp.c | 2 +- crypto/asn1/a_int.c | 2 +- crypto/asn1/a_mbstr.c | 2 +- crypto/asn1/a_object.c | 2 +- crypto/asn1/a_octet.c | 2 +- crypto/asn1/a_print.c | 2 +- crypto/asn1/a_sign.c | 2 +- crypto/asn1/a_strex.c | 2 +- crypto/asn1/a_strnid.c | 2 +- crypto/asn1/a_time.c | 2 +- crypto/asn1/a_type.c | 2 +- crypto/asn1/a_utctm.c | 2 +- crypto/asn1/a_utf8.c | 2 +- crypto/asn1/a_verify.c | 2 +- crypto/asn1/ameth_lib.c | 2 +- crypto/asn1/asn1_gen.c | 2 +- crypto/asn1/asn1_lib.c | 2 +- crypto/asn1/asn1_par.c | 2 +- crypto/asn1/asn_mime.c | 2 +- crypto/asn1/asn_moid.c | 2 +- crypto/asn1/asn_mstbl.c | 2 +- crypto/asn1/asn_pack.c | 2 +- crypto/asn1/d2i_pr.c | 2 +- crypto/asn1/d2i_pu.c | 2 +- crypto/asn1/evp_asn1.c | 2 +- crypto/asn1/f_enum.c | 2 +- crypto/asn1/f_int.c | 2 +- crypto/asn1/f_string.c | 2 +- crypto/asn1/i2d_pr.c | 2 +- crypto/asn1/i2d_pu.c | 2 +- crypto/asn1/n_pkey.c | 2 +- crypto/asn1/p5_pbe.c | 2 +- crypto/asn1/p5_pbev2.c | 2 +- crypto/asn1/p8_pkey.c | 2 +- crypto/asn1/t_bitst.c | 2 +- crypto/asn1/t_crl.c | 2 +- crypto/asn1/t_pkey.c | 2 +- crypto/asn1/t_req.c | 2 +- crypto/asn1/t_spki.c | 2 +- crypto/asn1/t_x509.c | 2 +- crypto/asn1/t_x509a.c | 2 +- crypto/asn1/tasn_enc.c | 2 +- crypto/asn1/tasn_prn.c | 2 +- crypto/asn1/tasn_scn.c | 2 +- crypto/asn1/x_bignum.c | 2 +- crypto/asn1/x_crl.c | 2 +- crypto/asn1/x_info.c | 2 +- crypto/asn1/x_long.c | 2 +- crypto/asn1/x_pkey.c | 2 +- crypto/asn1/x_pubkey.c | 2 +- crypto/asn1/x_req.c | 2 +- crypto/asn1/x_sig.c | 2 +- crypto/asn1/x_spki.c | 2 +- crypto/asn1/x_val.c | 2 +- crypto/asn1/x_x509.c | 2 +- crypto/asn1/x_x509a.c | 2 +- crypto/bio/b_dump.c | 2 +- crypto/bio/b_print.c | 2 +- crypto/bio/b_sock.c | 2 +- crypto/bio/bf_buff.c | 2 +- crypto/bio/bf_lbuf.c | 2 +- crypto/bio/bf_nbio.c | 2 +- crypto/bio/bf_null.c | 2 +- crypto/bio/bio_cb.c | 2 +- crypto/bio/bio_lib.c | 2 +- crypto/bio/bss_acpt.c | 2 +- crypto/bio/bss_conn.c | 2 +- crypto/bio/bss_dgram.c | 2 +- crypto/bio/bss_fd.c | 2 +- crypto/bio/bss_file.c | 2 +- crypto/bio/bss_log.c | 2 +- crypto/bio/bss_mem.c | 2 +- crypto/bio/bss_null.c | 2 +- crypto/bio/bss_sock.c | 2 +- crypto/bn/bn_add.c | 2 +- crypto/bn/bn_asm.c | 2 +- crypto/bn/bn_blind.c | 2 +- crypto/bn/bn_ctx.c | 2 +- crypto/bn/bn_depr.c | 2 +- crypto/bn/bn_div.c | 2 +- crypto/bn/bn_exp.c | 2 +- crypto/bn/bn_exp2.c | 2 +- crypto/bn/bn_gcd.c | 2 +- crypto/bn/bn_gf2m.c | 2 +- crypto/bn/bn_intern.c | 2 +- crypto/bn/bn_kron.c | 2 +- crypto/bn/bn_lib.c | 2 +- crypto/bn/bn_mod.c | 2 +- crypto/bn/bn_mont.c | 2 +- crypto/bn/bn_mpi.c | 2 +- crypto/bn/bn_mul.c | 2 +- crypto/bn/bn_nist.c | 2 +- crypto/bn/bn_prime.c | 2 +- crypto/bn/bn_print.c | 2 +- crypto/bn/bn_rand.c | 2 +- crypto/bn/bn_recp.c | 2 +- crypto/bn/bn_shift.c | 2 +- crypto/bn/bn_sqr.c | 2 +- crypto/bn/bn_sqrt.c | 2 +- crypto/bn/bn_word.c | 2 +- crypto/bn/vms-helper.c | 2 +- crypto/buffer/buf_str.c | 2 +- crypto/buffer/buffer.c | 2 +- crypto/cmac/cm_ameth.c | 2 +- crypto/cmac/cm_pmeth.c | 2 +- crypto/cmac/cmac.c | 2 +- crypto/cms/cms_cd.c | 2 +- crypto/cms/cms_dd.c | 2 +- crypto/cms/cms_enc.c | 2 +- crypto/cms/cms_env.c | 2 +- crypto/cms/cms_ess.c | 2 +- crypto/cms/cms_kari.c | 2 +- crypto/cms/cms_pwri.c | 2 +- crypto/cms/cms_sd.c | 2 +- crypto/cms/cms_smime.c | 2 +- crypto/conf/conf_def.c | 2 +- crypto/conf/conf_mall.c | 2 +- crypto/conf/conf_mod.c | 2 +- crypto/conf/conf_sap.c | 2 +- crypto/cryptlib.c | 2 +- crypto/cversion.c | 2 +- crypto/des/enc_read.c | 2 +- crypto/des/enc_writ.c | 2 +- crypto/dh/dh_ameth.c | 2 +- crypto/dh/dh_asn1.c | 2 +- crypto/dh/dh_check.c | 2 +- crypto/dh/dh_depr.c | 2 +- crypto/dh/dh_gen.c | 2 +- crypto/dh/dh_key.c | 2 +- crypto/dh/dh_lib.c | 2 +- crypto/dh/dh_pmeth.c | 2 +- crypto/dh/dh_prn.c | 2 +- crypto/dh/dh_rfc5114.c | 2 +- crypto/dsa/dsa_ameth.c | 2 +- crypto/dsa/dsa_asn1.c | 2 +- crypto/dsa/dsa_depr.c | 2 +- crypto/dsa/dsa_gen.c | 2 +- crypto/dsa/dsa_key.c | 2 +- crypto/dsa/dsa_lib.c | 2 +- crypto/dsa/dsa_ossl.c | 2 +- crypto/dsa/dsa_pmeth.c | 2 +- crypto/dsa/dsa_prn.c | 2 +- crypto/dsa/dsa_sign.c | 2 +- crypto/dsa/dsa_vrf.c | 2 +- crypto/dso/dso_dl.c | 2 +- crypto/dso/dso_dlfcn.c | 2 +- crypto/dso/dso_lib.c | 2 +- crypto/dso/dso_null.c | 2 +- crypto/dso/dso_openssl.c | 2 +- crypto/dso/dso_vms.c | 2 +- crypto/dso/dso_win32.c | 2 +- crypto/ec/ec_ameth.c | 2 +- crypto/ec/ec_pmeth.c | 2 +- crypto/ec/eck_prn.c | 2 +- crypto/ec/ecp_nistz256.c | 2 +- crypto/ecdh/ech_ossl.c | 2 +- crypto/engine/eng_all.c | 2 +- crypto/engine/eng_int.h | 2 +- crypto/engine/eng_openssl.c | 2 +- crypto/engine/eng_table.c | 2 +- crypto/err/err.c | 2 +- crypto/err/err_prn.c | 2 +- crypto/evp/bio_b64.c | 2 +- crypto/evp/bio_enc.c | 2 +- crypto/evp/bio_md.c | 2 +- crypto/evp/bio_ok.c | 2 +- crypto/evp/c_all.c | 2 +- crypto/evp/c_allc.c | 2 +- crypto/evp/c_alld.c | 2 +- crypto/evp/digest.c | 2 +- crypto/evp/e_bf.c | 2 +- crypto/evp/e_cast.c | 2 +- crypto/evp/e_des.c | 2 +- crypto/evp/e_des3.c | 2 +- crypto/evp/e_dsa.c | 2 +- crypto/evp/e_idea.c | 2 +- crypto/evp/e_null.c | 2 +- crypto/evp/e_rc2.c | 2 +- crypto/evp/e_rc4.c | 2 +- crypto/evp/e_rc5.c | 2 +- crypto/evp/e_xcbc_d.c | 2 +- crypto/evp/encode.c | 2 +- crypto/evp/evp_acnf.c | 2 +- crypto/evp/evp_cnf.c | 2 +- crypto/evp/evp_enc.c | 2 +- crypto/evp/evp_key.c | 2 +- crypto/evp/evp_lib.c | 2 +- crypto/evp/evp_pbe.c | 2 +- crypto/evp/evp_pkey.c | 2 +- crypto/evp/m_dss1.c | 2 +- crypto/evp/m_ecdsa.c | 2 +- crypto/evp/m_md2.c | 2 +- crypto/evp/m_md4.c | 2 +- crypto/evp/m_md5.c | 2 +- crypto/evp/m_mdc2.c | 2 +- crypto/evp/m_null.c | 2 +- crypto/evp/m_ripemd.c | 2 +- crypto/evp/m_sha1.c | 2 +- crypto/evp/m_sigver.c | 2 +- crypto/evp/m_wp.c | 2 +- crypto/evp/names.c | 2 +- crypto/evp/p5_crpt.c | 2 +- crypto/evp/p5_crpt2.c | 2 +- crypto/evp/p_dec.c | 2 +- crypto/evp/p_enc.c | 2 +- crypto/evp/p_lib.c | 2 +- crypto/evp/p_open.c | 2 +- crypto/evp/p_seal.c | 2 +- crypto/evp/p_sign.c | 2 +- crypto/evp/p_verify.c | 2 +- crypto/evp/pmeth_fn.c | 2 +- crypto/evp/pmeth_gn.c | 2 +- crypto/evp/pmeth_lib.c | 2 +- crypto/ex_data.c | 2 +- crypto/hmac/hm_ameth.c | 2 +- crypto/hmac/hm_pmeth.c | 2 +- crypto/hmac/hmac.c | 2 +- crypto/{ => include/internal}/cryptlib.h | 0 crypto/{ => include/internal}/md32_common.h | 0 crypto/lhash/lh_stats.c | 2 +- crypto/lock.c | 2 +- crypto/md2/md2_one.c | 2 +- crypto/md4/md4_locl.h | 2 +- crypto/md5/md5_locl.h | 2 +- crypto/mdc2/mdc2_one.c | 2 +- crypto/mem.c | 2 +- crypto/mem_dbg.c | 2 +- crypto/modes/wrap128.c | 2 +- crypto/o_fips.c | 2 +- crypto/objects/obj_dat.c | 2 +- crypto/objects/obj_lib.c | 2 +- crypto/ocsp/ocsp_cl.c | 2 +- crypto/ocsp/ocsp_ext.c | 2 +- crypto/ocsp/ocsp_lib.c | 2 +- crypto/ocsp/ocsp_srv.c | 2 +- crypto/ocsp/v3_ocsp.c | 2 +- crypto/pem/pem_all.c | 2 +- crypto/pem/pem_info.c | 2 +- crypto/pem/pem_lib.c | 2 +- crypto/pem/pem_oth.c | 2 +- crypto/pem/pem_pk8.c | 2 +- crypto/pem/pem_pkey.c | 2 +- crypto/pem/pem_seal.c | 2 +- crypto/pem/pem_sign.c | 2 +- crypto/pem/pem_x509.c | 2 +- crypto/pem/pem_xaux.c | 2 +- crypto/pem/pvkfmt.c | 2 +- crypto/pkcs12/p12_add.c | 2 +- crypto/pkcs12/p12_asn.c | 2 +- crypto/pkcs12/p12_attr.c | 2 +- crypto/pkcs12/p12_crpt.c | 2 +- crypto/pkcs12/p12_crt.c | 2 +- crypto/pkcs12/p12_decr.c | 2 +- crypto/pkcs12/p12_init.c | 2 +- crypto/pkcs12/p12_key.c | 2 +- crypto/pkcs12/p12_kiss.c | 2 +- crypto/pkcs12/p12_mutl.c | 2 +- crypto/pkcs12/p12_p8d.c | 2 +- crypto/pkcs12/p12_p8e.c | 2 +- crypto/pkcs12/p12_utl.c | 2 +- crypto/pkcs7/pk7_asn1.c | 2 +- crypto/pkcs7/pk7_dgst.c | 2 +- crypto/pkcs7/pk7_doit.c | 2 +- crypto/pkcs7/pk7_enc.c | 2 +- crypto/pkcs7/pk7_lib.c | 2 +- crypto/pkcs7/pk7_mime.c | 2 +- crypto/pkcs7/pk7_smime.c | 2 +- crypto/pqueue/pqueue.c | 2 +- crypto/rand/rand_lib.c | 2 +- crypto/rand/rand_nw.c | 2 +- crypto/rand/rand_os2.c | 2 +- crypto/rand/rand_unix.c | 2 +- crypto/rand/rand_win.c | 2 +- crypto/rc4/rc4_locl.h | 2 +- crypto/ripemd/rmd_locl.h | 2 +- crypto/rsa/rsa_ameth.c | 2 +- crypto/rsa/rsa_asn1.c | 2 +- crypto/rsa/rsa_crpt.c | 2 +- crypto/rsa/rsa_depr.c | 2 +- crypto/rsa/rsa_eay.c | 2 +- crypto/rsa/rsa_gen.c | 2 +- crypto/rsa/rsa_lib.c | 2 +- crypto/rsa/rsa_none.c | 2 +- crypto/rsa/rsa_null.c | 2 +- crypto/rsa/rsa_oaep.c | 2 +- crypto/rsa/rsa_pk1.c | 2 +- crypto/rsa/rsa_pmeth.c | 2 +- crypto/rsa/rsa_prn.c | 2 +- crypto/rsa/rsa_pss.c | 2 +- crypto/rsa/rsa_saos.c | 2 +- crypto/rsa/rsa_sign.c | 2 +- crypto/rsa/rsa_ssl.c | 2 +- crypto/rsa/rsa_x931.c | 2 +- crypto/sha/sha256.c | 2 +- crypto/sha/sha512.c | 2 +- crypto/sha/sha_locl.h | 2 +- crypto/srp/srp_lib.c | 2 +- crypto/srp/srp_vfy.c | 2 +- crypto/stack/stack.c | 2 +- crypto/thr_id.c | 2 +- crypto/ts/ts_conf.c | 2 +- crypto/ts/ts_lib.c | 2 +- crypto/ts/ts_req_print.c | 2 +- crypto/ts/ts_req_utils.c | 2 +- crypto/ts/ts_rsp_print.c | 2 +- crypto/ts/ts_rsp_sign.c | 2 +- crypto/ts/ts_rsp_utils.c | 2 +- crypto/ts/ts_rsp_verify.c | 2 +- crypto/ts/ts_verify_ctx.c | 2 +- crypto/txt_db/txt_db.c | 2 +- crypto/ui/ui_lib.c | 2 +- crypto/ui/ui_openssl.c | 2 +- crypto/x509/by_dir.c | 2 +- crypto/x509/by_file.c | 2 +- crypto/x509/x509_att.c | 2 +- crypto/x509/x509_cmp.c | 2 +- crypto/x509/x509_d2.c | 2 +- crypto/x509/x509_def.c | 2 +- crypto/x509/x509_ext.c | 2 +- crypto/x509/x509_lu.c | 2 +- crypto/x509/x509_obj.c | 2 +- crypto/x509/x509_r2x.c | 2 +- crypto/x509/x509_req.c | 2 +- crypto/x509/x509_set.c | 2 +- crypto/x509/x509_trs.c | 2 +- crypto/x509/x509_txt.c | 2 +- crypto/x509/x509_v3.c | 2 +- crypto/x509/x509_vfy.c | 2 +- crypto/x509/x509_vpm.c | 2 +- crypto/x509/x509cset.c | 2 +- crypto/x509/x509name.c | 2 +- crypto/x509/x509rset.c | 2 +- crypto/x509/x509spki.c | 2 +- crypto/x509/x509type.c | 2 +- crypto/x509/x_all.c | 2 +- crypto/x509/x_attrib.c | 2 +- crypto/x509/x_name.c | 2 +- crypto/x509v3/pcy_cache.c | 2 +- crypto/x509v3/pcy_data.c | 2 +- crypto/x509v3/pcy_lib.c | 2 +- crypto/x509v3/pcy_map.c | 2 +- crypto/x509v3/pcy_tree.c | 2 +- crypto/x509v3/v3_addr.c | 2 +- crypto/x509v3/v3_akey.c | 2 +- crypto/x509v3/v3_akeya.c | 2 +- crypto/x509v3/v3_alt.c | 2 +- crypto/x509v3/v3_asid.c | 2 +- crypto/x509v3/v3_bcons.c | 2 +- crypto/x509v3/v3_bitst.c | 2 +- crypto/x509v3/v3_conf.c | 2 +- crypto/x509v3/v3_cpols.c | 2 +- crypto/x509v3/v3_crld.c | 2 +- crypto/x509v3/v3_enum.c | 2 +- crypto/x509v3/v3_extku.c | 2 +- crypto/x509v3/v3_genn.c | 2 +- crypto/x509v3/v3_ia5.c | 2 +- crypto/x509v3/v3_info.c | 2 +- crypto/x509v3/v3_int.c | 2 +- crypto/x509v3/v3_lib.c | 2 +- crypto/x509v3/v3_ncons.c | 2 +- crypto/x509v3/v3_pci.c | 2 +- crypto/x509v3/v3_pcons.c | 2 +- crypto/x509v3/v3_pku.c | 2 +- crypto/x509v3/v3_pmaps.c | 2 +- crypto/x509v3/v3_prn.c | 2 +- crypto/x509v3/v3_purp.c | 2 +- crypto/x509v3/v3_scts.c | 2 +- crypto/x509v3/v3_skey.c | 2 +- crypto/x509v3/v3_sxnet.c | 2 +- crypto/x509v3/v3_utl.c | 2 +- crypto/x509v3/v3conf.c | 2 +- 380 files changed, 378 insertions(+), 378 deletions(-) rename crypto/{ => include/internal}/cryptlib.h (100%) rename crypto/{ => include/internal}/md32_common.h (100%) diff --git a/crypto/Makefile b/crypto/Makefile index 33ec1b8..caffc77 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -43,7 +43,7 @@ LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o \ SRC= $(LIBSRC) -HEADER= cryptlib.h buildinf.h md32_common.h +HEADER= buildinf.h arm_arch.h ppc_arch.h sparc_arch.h ALL= $(GENERAL) $(SRC) $(HEADER) diff --git a/crypto/aes/aes_ige.c b/crypto/aes/aes_ige.c index cf31c9b..c789cc0 100644 --- a/crypto/aes/aes_ige.c +++ b/crypto/aes/aes_ige.c @@ -49,7 +49,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "aes_locl.h" diff --git a/crypto/aes/aes_wrap.c b/crypto/aes/aes_wrap.c index b7b64d5..b370a4f 100644 --- a/crypto/aes/aes_wrap.c +++ b/crypto/aes/aes_wrap.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index 60b6e6d..5f7ae6a 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "asn1_locl.h" diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index 13e47fd..2e61029 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index 8fac13b..57adccc 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef NO_SYS_TYPES_H # include diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c index 349ab56..60d3544 100644 --- a/crypto/asn1/a_dup.c +++ b/crypto/asn1/a_dup.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef NO_OLD_ASN1 diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c index aed3de5..81c0f3a 100644 --- a/crypto/asn1/a_enum.c +++ b/crypto/asn1/a_enum.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index 324496e..209880c 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -62,7 +62,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "asn1_locl.h" diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c index e0f236e..353c2c5 100644 --- a/crypto/asn1/a_i2d_fp.c +++ b/crypto/asn1/a_i2d_fp.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 2282978..56a72fb 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "asn1_locl.h" diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index ddb2798..241eb60 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int traverse_string(const unsigned char *p, int len, int inform, diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 7cedce8..ab37fa3 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c index f6fd622..430f00f 100644 --- a/crypto/asn1/a_octet.c +++ b/crypto/asn1/a_octet.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x) diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 0e129cb..05d12a5 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include int ASN1_PRINTABLE_type(const unsigned char *s, int len) diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index e189958..ab1959e 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -112,7 +112,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef NO_SYS_TYPES_H # include diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 243e29a..2f233a2 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 92d4134..7bfc768 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 6114c52..c2b5565 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -63,7 +63,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "asn1_locl.h" diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 283baaa..474aeca 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "asn1_locl.h" diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 5fd1a6a..9144922 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "asn1_locl.h" diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c index 23dc2e8..8697c66 100644 --- a/crypto/asn1/a_utf8.c +++ b/crypto/asn1/a_utf8.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* UTF8 utilities */ diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 5b908f1..540b71c 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef NO_SYS_TYPES_H # include diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index ce4c0dc..1a61543 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 3ff1db8..5f01b8d 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index bda6ab0..b611f35 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_par.c index 574e8de..9a370cd 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_par.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 9ce4013..2a227be 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -55,7 +55,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 9459bb2..bb334d0 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -60,7 +60,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index a2e80b1..b537157 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -56,7 +56,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c index b80016b..d8655ba 100644 --- a/crypto/asn1/asn_pack.c +++ b/crypto/asn1/asn_pack.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* ASN1 packing and unpacking functions */ diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 793532f..b92af8b 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 189cfdd..11176f0 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index bf131a4..4c3f3e0 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c index eabfd37..4b85be9 100644 --- a/crypto/asn1/f_enum.c +++ b/crypto/asn1/f_enum.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 880c284..61029fa 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index c82f2a1..cecbb4a 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c index 2a6aa19..54a3d7b 100644 --- a/crypto/asn1/i2d_pr.c +++ b/crypto/asn1/i2d_pr.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/asn1_int.h" diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c index b8ed355..e1f702a 100644 --- a/crypto/asn1/i2d_pu.c +++ b/crypto/asn1/i2d_pu.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index 0d8480b..1b8c4c0 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RSA # include # include diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index ec738de..cc91fad 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index c7a1240..23ed232 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index 0a425cd..ff55a5b 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c index 83c5af7..daee7f5 100644 --- a/crypto/asn1/t_bitst.c +++ b/crypto/asn1/t_bitst.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index 7becb4c..96c5226 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index f31e5e1..b137da7 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/bn_int.h" diff --git a/crypto/asn1/t_req.c b/crypto/asn1/t_req.c index 01eabfa..fd83023 100644 --- a/crypto/asn1/t_req.c +++ b/crypto/asn1/t_req.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 3bf48db..46914f9 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #ifndef OPENSSL_NO_RSA diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 76c6c1e..377be39 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #ifndef OPENSSL_NO_RSA diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c index f4b8f94..12fedb8 100644 --- a/crypto/asn1/t_x509a.c +++ b/crypto/asn1/t_x509a.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index 74f3eda..35860e4 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index e080e72..716db8f 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index 43a125c..f0d37d1 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index a5a403c..8307a2d 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 0d759be..d264ec7 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "asn1_locl.h" #include diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c index 856bcf5..5be934c 100644 --- a/crypto/asn1/x_info.c +++ b/crypto/asn1/x_info.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index 3aed44a..d4b75e6 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index b01616f..afd3aab 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/x_pubkey.c b/crypto/asn1/x_pubkey.c index 2605f07..d20afb9 100644 --- a/crypto/asn1/x_pubkey.c +++ b/crypto/asn1/x_pubkey.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/asn1_int.h" diff --git a/crypto/asn1/x_req.c b/crypto/asn1/x_req.c index ae293aa..1679a56 100644 --- a/crypto/asn1/x_req.c +++ b/crypto/asn1/x_req.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index dd33720..472174b 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c index 1df6b87..8862565 100644 --- a/crypto/asn1/x_spki.c +++ b/crypto/asn1/x_spki.c @@ -62,7 +62,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c index ee75a1e..845a7c3 100644 --- a/crypto/asn1/x_val.c +++ b/crypto/asn1/x_val.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 1b353af..17bbb91 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c index b0a6b4a..d81ccfb 100644 --- a/crypto/asn1/x_x509a.c +++ b/crypto/asn1/x_x509a.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/bio/b_dump.c b/crypto/bio/b_dump.c index 622a261..33191c1 100644 --- a/crypto/bio/b_dump.c +++ b/crypto/bio/b_dump.c @@ -61,7 +61,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bio_lcl.h" #define TRUNCATE diff --git a/crypto/bio/b_print.c b/crypto/bio/b_print.c index 7c81e25..06cadc8 100644 --- a/crypto/bio/b_print.c +++ b/crypto/bio/b_print.c @@ -72,7 +72,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef NO_SYS_TYPES_H # include #endif diff --git a/crypto/bio/b_sock.c b/crypto/bio/b_sock.c index e3a1ee9..48e4036 100644 --- a/crypto/bio/b_sock.c +++ b/crypto/bio/b_sock.c @@ -60,7 +60,7 @@ #include #include #define USE_SOCKETS -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_BSDSOCK) # include diff --git a/crypto/bio/bf_buff.c b/crypto/bio/bf_buff.c index 6487f43..4fd8d15 100644 --- a/crypto/bio/bf_buff.c +++ b/crypto/bio/bf_buff.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int buffer_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c index e948e92..cc42981 100644 --- a/crypto/bio/bf_lbuf.c +++ b/crypto/bio/bf_lbuf.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/bio/bf_nbio.c b/crypto/bio/bf_nbio.c index dc98c4f..7980711 100644 --- a/crypto/bio/bf_nbio.c +++ b/crypto/bio/bf_nbio.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/bio/bf_null.c b/crypto/bio/bf_null.c index e0c79e8..0d55b15 100644 --- a/crypto/bio/bf_null.c +++ b/crypto/bio/bf_null.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* diff --git a/crypto/bio/bio_cb.c b/crypto/bio/bio_cb.c index dcb428b..f0dfe82 100644 --- a/crypto/bio/bio_cb.c +++ b/crypto/bio/bio_cb.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/bio/bio_lib.c b/crypto/bio/bio_lib.c index 7542d1c..19cd069 100644 --- a/crypto/bio/bio_lib.c +++ b/crypto/bio/bio_lib.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/bio/bss_acpt.c b/crypto/bio/bss_acpt.c index 48435b0..16a6608 100644 --- a/crypto/bio/bss_acpt.c +++ b/crypto/bio/bss_acpt.c @@ -59,7 +59,7 @@ #include #include #define USE_SOCKETS -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_SOCK diff --git a/crypto/bio/bss_conn.c b/crypto/bio/bss_conn.c index 9b2cee4..f23adb2 100644 --- a/crypto/bio/bss_conn.c +++ b/crypto/bio/bss_conn.c @@ -59,7 +59,7 @@ #include #include #define USE_SOCKETS -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_SOCK diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 268481c..58725a1 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -60,7 +60,7 @@ #include #include #define USE_SOCKETS -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_DGRAM diff --git a/crypto/bio/bss_fd.c b/crypto/bio/bss_fd.c index 5f4e344..5bade20 100644 --- a/crypto/bio/bss_fd.c +++ b/crypto/bio/bss_fd.c @@ -59,7 +59,7 @@ #include #include #define USE_SOCKETS -#include "cryptlib.h" +#include "internal/cryptlib.h" #if defined(OPENSSL_NO_POSIX_IO) /* diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c index 1da6b86..cebad75 100644 --- a/crypto/bio/bss_file.c +++ b/crypto/bio/bss_file.c @@ -85,7 +85,7 @@ # include # include -# include "cryptlib.h" +# include "internal/cryptlib.h" # include "bio_lcl.h" # include diff --git a/crypto/bio/bss_log.c b/crypto/bio/bss_log.c index 2399ff8..f59ec7c 100644 --- a/crypto/bio/bss_log.c +++ b/crypto/bio/bss_log.c @@ -65,7 +65,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #if defined(OPENSSL_SYS_WINCE) #elif defined(OPENSSL_SYS_WIN32) diff --git a/crypto/bio/bss_mem.c b/crypto/bio/bss_mem.c index c55344d..a1f5e8d 100644 --- a/crypto/bio/bss_mem.c +++ b/crypto/bio/bss_mem.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int mem_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_null.c b/crypto/bio/bss_null.c index 6a03fa2..ba39c4c 100644 --- a/crypto/bio/bss_null.c +++ b/crypto/bio/bss_null.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int null_write(BIO *h, const char *buf, int num); diff --git a/crypto/bio/bss_sock.c b/crypto/bio/bss_sock.c index 5a73e81..1673b32 100644 --- a/crypto/bio/bss_sock.c +++ b/crypto/bio/bss_sock.c @@ -59,7 +59,7 @@ #include #include #define USE_SOCKETS -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_SOCK diff --git a/crypto/bn/bn_add.c b/crypto/bn/bn_add.c index 57e1cda..a446686 100644 --- a/crypto/bn/bn_add.c +++ b/crypto/bn/bn_add.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* r can == a or b */ diff --git a/crypto/bn/bn_asm.c b/crypto/bn/bn_asm.c index cb5a803..38c10e1 100644 --- a/crypto/bn/bn_asm.c +++ b/crypto/bn/bn_asm.c @@ -63,7 +63,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index 52f74d1..4ae6b09 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -109,7 +109,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #define BN_BLINDING_COUNTER 32 diff --git a/crypto/bn/bn_ctx.c b/crypto/bn/bn_ctx.c index 481c9d2..c023303 100644 --- a/crypto/bn/bn_ctx.c +++ b/crypto/bn/bn_ctx.c @@ -62,7 +62,7 @@ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /*- diff --git a/crypto/bn/bn_depr.c b/crypto/bn/bn_depr.c index bc15f83..c4a5c82 100644 --- a/crypto/bn/bn_depr.c +++ b/crypto/bn/bn_depr.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #include diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c index 1dead86..cbf27d3 100644 --- a/crypto/bn/bn_div.c +++ b/crypto/bn/bn_div.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* The old slow way */ diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c index 17aa2ba..6ce6f8d 100644 --- a/crypto/bn/bn_exp.c +++ b/crypto/bn/bn_exp.c @@ -109,7 +109,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #include diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index e36c23b..517b961 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -110,7 +110,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #define TABLE_SIZE 32 diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c index 9902e4e..17c6cf5 100644 --- a/crypto/bn/bn_gcd.c +++ b/crypto/bn/bn_gcd.c @@ -109,7 +109,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index 50d7c74..caad2d0 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -92,7 +92,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #ifndef OPENSSL_NO_EC2M diff --git a/crypto/bn/bn_intern.c b/crypto/bn/bn_intern.c index c3ea561..0b22251 100644 --- a/crypto/bn/bn_intern.c +++ b/crypto/bn/bn_intern.c @@ -52,7 +52,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* diff --git a/crypto/bn/bn_kron.c b/crypto/bn/bn_kron.c index 88d731a..5a0eb7d 100644 --- a/crypto/bn/bn_kron.c +++ b/crypto/bn/bn_kron.c @@ -53,7 +53,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* least significant word */ diff --git a/crypto/bn/bn_lib.c b/crypto/bn/bn_lib.c index fec70a5..4dabe26 100644 --- a/crypto/bn/bn_lib.c +++ b/crypto/bn/bn_lib.c @@ -63,7 +63,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT; diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c index e4763ff..d7e4f9a 100644 --- a/crypto/bn/bn_mod.c +++ b/crypto/bn/bn_mod.c @@ -113,7 +113,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c index 613a384..c869101 100644 --- a/crypto/bn/bn_mont.c +++ b/crypto/bn/bn_mont.c @@ -116,7 +116,7 @@ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #define MONT_WORD /* use the faster word-based algorithm */ diff --git a/crypto/bn/bn_mpi.c b/crypto/bn/bn_mpi.c index 3bd40bb..c4c0adf 100644 --- a/crypto/bn/bn_mpi.c +++ b/crypto/bn/bn_mpi.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" int BN_bn2mpi(const BIGNUM *a, unsigned char *d) diff --git a/crypto/bn/bn_mul.c b/crypto/bn/bn_mul.c index f3b4859..b601923 100644 --- a/crypto/bn/bn_mul.c +++ b/crypto/bn/bn_mul.c @@ -62,7 +62,7 @@ #endif #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS) diff --git a/crypto/bn/bn_nist.c b/crypto/bn/bn_nist.c index af048d3..621b142 100644 --- a/crypto/bn/bn_nist.c +++ b/crypto/bn/bn_nist.c @@ -57,7 +57,7 @@ */ #include "bn_lcl.h" -#include "cryptlib.h" +#include "internal/cryptlib.h" #define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2 #define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2 diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c index ebfcd97..c83820c 100644 --- a/crypto/bn/bn_prime.c +++ b/crypto/bn/bn_prime.c @@ -111,7 +111,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #include diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 1ef5a87..b0b70b5 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "bn_lcl.h" diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index ed3c3c5..4dd3f92 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -111,7 +111,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" #include #include diff --git a/crypto/bn/bn_recp.c b/crypto/bn/bn_recp.c index 3ab486b..3dc2166 100644 --- a/crypto/bn/bn_recp.c +++ b/crypto/bn/bn_recp.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" void BN_RECP_CTX_init(BN_RECP_CTX *recp) diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 9895646..1b38bd8 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" int BN_lshift1(BIGNUM *r, const BIGNUM *a) diff --git a/crypto/bn/bn_sqr.c b/crypto/bn/bn_sqr.c index aa31f6e..9f5a5dc 100644 --- a/crypto/bn/bn_sqr.c +++ b/crypto/bn/bn_sqr.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" /* r must not be a */ diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index ab691b7..ec18641 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) diff --git a/crypto/bn/bn_word.c b/crypto/bn/bn_word.c index a17e702..57f0dcd 100644 --- a/crypto/bn/bn_word.c +++ b/crypto/bn/bn_word.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) diff --git a/crypto/bn/vms-helper.c b/crypto/bn/vms-helper.c index b226af3..c5cf468 100644 --- a/crypto/bn/vms-helper.c +++ b/crypto/bn/vms-helper.c @@ -54,7 +54,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "bn_lcl.h" bn_div_words_abort(int i) diff --git a/crypto/buffer/buf_str.c b/crypto/buffer/buf_str.c index ebc5ab4..1e8d7f6 100644 --- a/crypto/buffer/buf_str.c +++ b/crypto/buffer/buf_str.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include size_t BUF_strnlen(const char *str, size_t maxlen) diff --git a/crypto/buffer/buffer.c b/crypto/buffer/buffer.c index b41b8f2..37e5484 100644 --- a/crypto/buffer/buffer.c +++ b/crypto/buffer/buffer.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* diff --git a/crypto/cmac/cm_ameth.c b/crypto/cmac/cm_ameth.c index 07853a6..223631c 100644 --- a/crypto/cmac/cm_ameth.c +++ b/crypto/cmac/cm_ameth.c @@ -52,7 +52,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/asn1_int.h" diff --git a/crypto/cmac/cm_pmeth.c b/crypto/cmac/cm_pmeth.c index 013ac57..22c7dbe 100644 --- a/crypto/cmac/cm_pmeth.c +++ b/crypto/cmac/cm_pmeth.c @@ -52,7 +52,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c index e7db320..0711bff 100644 --- a/crypto/cmac/cmac.c +++ b/crypto/cmac/cmac.c @@ -55,7 +55,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include struct CMAC_CTX_st { diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c index 8673e00..889133e 100644 --- a/crypto/cms/cms_cd.c +++ b/crypto/cms/cms_cd.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c index 09ad319..d406785 100644 --- a/crypto/cms/cms_dd.c +++ b/crypto/cms/cms_dd.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c index ed20c53..f9556ac 100644 --- a/crypto/cms/cms_enc.c +++ b/crypto/cms/cms_enc.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c index 7fefd24..5c86dd9 100644 --- a/crypto/cms/cms_env.c +++ b/crypto/cms/cms_env.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c index 9dfbd67..d75ea16 100644 --- a/crypto/cms/cms_ess.c +++ b/crypto/cms/cms_ess.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c index d860f09..d56dd9b 100644 --- a/crypto/cms/cms_kari.c +++ b/crypto/cms/cms_kari.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c index 1d505e9..f722d9a 100644 --- a/crypto/cms/cms_pwri.c +++ b/crypto/cms/cms_pwri.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c index 7fb4385..ab574fc 100644 --- a/crypto/cms/cms_sd.c +++ b/crypto/cms/cms_sd.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c index c161973..0d97d3e 100644 --- a/crypto/cms/cms_smime.c +++ b/crypto/cms/cms_smime.c @@ -52,7 +52,7 @@ * ==================================================================== */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index ee71f48..098fc8e 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index 8e16342..5db7da0 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index b01319f..7fbb4ad 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -60,7 +60,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index 544fe97..e99a38e 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index 69883ab..6d050ff 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -114,7 +114,7 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #if defined(OPENSSL_SYS_WIN32) diff --git a/crypto/cversion.c b/crypto/cversion.c index bfff699..6111b65 100644 --- a/crypto/cversion.c +++ b/crypto/cversion.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef NO_WINDOWS_BRAINDEATH # include "buildinf.h" diff --git a/crypto/des/enc_read.c b/crypto/des/enc_read.c index fcb6654..e904454 100644 --- a/crypto/des/enc_read.c +++ b/crypto/des/enc_read.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "des_locl.h" /* This has some uglies in it but it works - even over sockets. */ diff --git a/crypto/des/enc_writ.c b/crypto/des/enc_writ.c index 9ea7c5a..0fbef13 100644 --- a/crypto/des/enc_writ.c +++ b/crypto/des/enc_writ.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "des_locl.h" #include diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c index 065f8b9..98f8570 100644 --- a/crypto/dh/dh_ameth.c +++ b/crypto/dh/dh_ameth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c index 7066caf..0c6a1de 100644 --- a/crypto/dh/dh_asn1.c +++ b/crypto/dh/dh_asn1.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c index b8b3890..7521180 100644 --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/dh/dh_depr.c b/crypto/dh/dh_depr.c index 7220d07..7be6041 100644 --- a/crypto/dh/dh_depr.c +++ b/crypto/dh/dh_depr.c @@ -56,7 +56,7 @@ /* This file contains deprecated functions as wrappers to the new ones */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c index 99ccae3..778f8a9 100644 --- a/crypto/dh/dh_gen.c +++ b/crypto/dh/dh_gen.c @@ -62,7 +62,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index e2f48b1..ff91d41 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/bn_int.h" diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index 1ae081c..4a37adc 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c index 07d74dc..763e42f 100644 --- a/crypto/dh/dh_pmeth.c +++ b/crypto/dh/dh_pmeth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dh/dh_prn.c b/crypto/dh/dh_prn.c index fef19e3..7dc7101 100644 --- a/crypto/dh/dh_prn.c +++ b/crypto/dh/dh_prn.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c index 4a84ced..752bf2c 100644 --- a/crypto/dh/dh_rfc5114.c +++ b/crypto/dh/dh_rfc5114.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c index bc8fcc4..01b3497 100644 --- a/crypto/dsa/dsa_ameth.c +++ b/crypto/dsa/dsa_ameth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c index 0f0c515..bb2434e 100644 --- a/crypto/dsa/dsa_asn1.c +++ b/crypto/dsa/dsa_asn1.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_depr.c b/crypto/dsa/dsa_depr.c index 10f0314..f14e587 100644 --- a/crypto/dsa/dsa_depr.c +++ b/crypto/dsa/dsa_depr.c @@ -69,7 +69,7 @@ static void *dummy = &dummy; #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_gen.c b/crypto/dsa/dsa_gen.c index 59946f6..e030cfa 100644 --- a/crypto/dsa/dsa_gen.c +++ b/crypto/dsa/dsa_gen.c @@ -66,7 +66,7 @@ #include /* To see if OPENSSL_NO_SHA is defined */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index ff01dec..01a83e0 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 2a193c8..cb59e7e 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -59,7 +59,7 @@ /* Original version from Steven Schoch */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index cd63211..19a7583 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -59,7 +59,7 @@ /* Original version from Steven Schoch */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_pmeth.c b/crypto/dsa/dsa_pmeth.c index 1bb3683..594583f 100644 --- a/crypto/dsa/dsa_pmeth.c +++ b/crypto/dsa/dsa_pmeth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_prn.c b/crypto/dsa/dsa_prn.c index 1d44650..64c51fc 100644 --- a/crypto/dsa/dsa_prn.c +++ b/crypto/dsa/dsa_prn.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/dsa/dsa_sign.c b/crypto/dsa/dsa_sign.c index 43b7a9e..e7c8b0c 100644 --- a/crypto/dsa/dsa_sign.c +++ b/crypto/dsa/dsa_sign.c @@ -58,7 +58,7 @@ /* Original version from Steven Schoch */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/dsa/dsa_vrf.c b/crypto/dsa/dsa_vrf.c index c458916..9f45efa 100644 --- a/crypto/dsa/dsa_vrf.c +++ b/crypto/dsa/dsa_vrf.c @@ -58,7 +58,7 @@ /* Original version from Steven Schoch */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c index 5d5ede0..2b95f92 100644 --- a/crypto/dso/dso_dl.c +++ b/crypto/dso/dso_dl.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef DSO_DL diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c index 92d951f..1738f3c 100644 --- a/crypto/dso/dso_dlfcn.c +++ b/crypto/dso/dso_dlfcn.c @@ -67,7 +67,7 @@ #endif #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef DSO_DLFCN diff --git a/crypto/dso/dso_lib.c b/crypto/dso/dso_lib.c index c555398..12544b3 100644 --- a/crypto/dso/dso_lib.c +++ b/crypto/dso/dso_lib.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static DSO_METHOD *default_DSO_meth = NULL; diff --git a/crypto/dso/dso_null.c b/crypto/dso/dso_null.c index ab2125c..e27f98e 100644 --- a/crypto/dso/dso_null.c +++ b/crypto/dso/dso_null.c @@ -63,7 +63,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static DSO_METHOD dso_meth_null = { diff --git a/crypto/dso/dso_openssl.c b/crypto/dso/dso_openssl.c index 27b7d55..191cb6a 100644 --- a/crypto/dso/dso_openssl.c +++ b/crypto/dso/dso_openssl.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* We just pinch the method from an appropriate "default" method. */ diff --git a/crypto/dso/dso_vms.c b/crypto/dso/dso_vms.c index 07ec1cd..ffdc57f 100644 --- a/crypto/dso/dso_vms.c +++ b/crypto/dso/dso_vms.c @@ -60,7 +60,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_SYS_VMS diff --git a/crypto/dso/dso_win32.c b/crypto/dso/dso_win32.c index 81c983c..2da318f 100644 --- a/crypto/dso/dso_win32.c +++ b/crypto/dso/dso_win32.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #if !defined(DSO_WIN32) diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c index 268eff0..edb68d1 100644 --- a/crypto/ec/ec_ameth.c +++ b/crypto/ec/ec_ameth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ec/ec_pmeth.c b/crypto/ec/ec_pmeth.c index 42e3d3a..5ca8ed9 100644 --- a/crypto/ec/ec_pmeth.c +++ b/crypto/ec/ec_pmeth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ec/eck_prn.c b/crypto/ec/eck_prn.c index 7cdc485..f1248b8 100644 --- a/crypto/ec/eck_prn.c +++ b/crypto/ec/eck_prn.c @@ -62,7 +62,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c index 83f0c6f..5036060 100644 --- a/crypto/ec/ecp_nistz256.c +++ b/crypto/ec/ecp_nistz256.c @@ -28,7 +28,7 @@ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "internal/bn_int.h" #include "ec_lcl.h" diff --git a/crypto/ecdh/ech_ossl.c b/crypto/ecdh/ech_ossl.c index ad3482f..ba66bd5 100644 --- a/crypto/ecdh/ech_ossl.c +++ b/crypto/ecdh/ech_ossl.c @@ -70,7 +70,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "ech_locl.h" #include diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index b7d2529..5ab498e 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "eng_int.h" void ENGINE_load_builtin_engines(void) diff --git a/crypto/engine/eng_int.h b/crypto/engine/eng_int.h index 46f163b..42674e1 100644 --- a/crypto/engine/eng_int.h +++ b/crypto/engine/eng_int.h @@ -65,7 +65,7 @@ #ifndef HEADER_ENGINE_INT_H # define HEADER_ENGINE_INT_H -# include "cryptlib.h" +# include "internal/cryptlib.h" /* Take public definitions from engine.h */ # include diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c index 560c9b3..eaf0618 100644 --- a/crypto/engine/eng_openssl.c +++ b/crypto/engine/eng_openssl.c @@ -64,7 +64,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index f0f4dbb..26b9230 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -52,7 +52,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "eng_int.h" diff --git a/crypto/err/err.c b/crypto/err/err.c index 78e8817..1b94ce5 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -112,7 +112,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/err/err_prn.c b/crypto/err/err_prn.c index 17c0a92..7a74fea 100644 --- a/crypto/err/err_prn.c +++ b/crypto/err/err_prn.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c index 6dc3bb1..dcb9695 100644 --- a/crypto/evp/bio_b64.c +++ b/crypto/evp/bio_b64.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/bio_enc.c b/crypto/evp/bio_enc.c index 86a2dc5..bf74a0a 100644 --- a/crypto/evp/bio_enc.c +++ b/crypto/evp/bio_enc.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/bio_md.c b/crypto/evp/bio_md.c index f0b0c0c..6afaf9a 100644 --- a/crypto/evp/bio_md.c +++ b/crypto/evp/bio_md.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/bio_ok.c b/crypto/evp/bio_ok.c index 7a38cd9..9fdf6bc 100644 --- a/crypto/evp/bio_ok.c +++ b/crypto/evp/bio_ok.c @@ -120,7 +120,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index cc2f8f6..e56f5ad 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_ENGINE # include diff --git a/crypto/evp/c_allc.c b/crypto/evp/c_allc.c index 0a889ef..ff4cffc 100644 --- a/crypto/evp/c_allc.c +++ b/crypto/evp/c_allc.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 94039ef..e89173a 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index c7856c6..1d25d97 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -110,7 +110,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/evp/e_bf.c b/crypto/evp/e_bf.c index d6a0178..3d18293 100644 --- a/crypto/evp/e_bf.c +++ b/crypto/evp/e_bf.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_BF # include # include "evp_locl.h" diff --git a/crypto/evp/e_cast.c b/crypto/evp/e_cast.c index 3f74548..ee1b2fd 100644 --- a/crypto/evp/e_cast.c +++ b/crypto/evp/e_cast.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_CAST # include diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c index aae13a6..0506973 100644 --- a/crypto/evp/e_des.c +++ b/crypto/evp/e_des.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES # include # include diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c index 3340308..7156863 100644 --- a/crypto/evp/e_des3.c +++ b/crypto/evp/e_des3.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES # include # include diff --git a/crypto/evp/e_dsa.c b/crypto/evp/e_dsa.c index 523993f..2217e37 100644 --- a/crypto/evp/e_dsa.c +++ b/crypto/evp/e_dsa.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c index cac72b3..233eec8 100644 --- a/crypto/evp/e_idea.c +++ b/crypto/evp/e_idea.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_IDEA # include diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c index a585128..b9502eb 100644 --- a/crypto/evp/e_null.c +++ b/crypto/evp/e_null.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/e_rc2.c b/crypto/evp/e_rc2.c index 718cc86..3e826fc 100644 --- a/crypto/evp/e_rc2.c +++ b/crypto/evp/e_rc2.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RC2 diff --git a/crypto/evp/e_rc4.c b/crypto/evp/e_rc4.c index db3f219..ab84a66 100644 --- a/crypto/evp/e_rc4.c +++ b/crypto/evp/e_rc4.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RC4 diff --git a/crypto/evp/e_rc5.c b/crypto/evp/e_rc5.c index f17e99d..017a7ab 100644 --- a/crypto/evp/e_rc5.c +++ b/crypto/evp/e_rc5.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RC5 diff --git a/crypto/evp/e_xcbc_d.c b/crypto/evp/e_xcbc_d.c index 3430df9..31a944e 100644 --- a/crypto/evp/e_xcbc_d.c +++ b/crypto/evp/e_xcbc_d.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DES diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 053c1d8..4d3c5c8 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef CHARSET_EBCDIC diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c index 9703116..44070bc 100644 --- a/crypto/evp/evp_acnf.c +++ b/crypto/evp/evp_acnf.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 11ee56a..03f34a0 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -60,7 +60,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index aea7acc..125556e 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/evp_key.c b/crypto/evp/evp_key.c index 71fa627..9c34a03 100644 --- a/crypto/evp/evp_key.c +++ b/crypto/evp/evp_key.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 8d00029..1fdde9a 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index 63b3ad1..e4ad16b 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/evp_pkey.c b/crypto/evp/evp_pkey.c index e987c4c..e0c689f 100644 --- a/crypto/evp/evp_pkey.c +++ b/crypto/evp/evp_pkey.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/asn1_int.h" diff --git a/crypto/evp/m_dss1.c b/crypto/evp/m_dss1.c index 41b837c..77a10cf 100644 --- a/crypto/evp/m_dss1.c +++ b/crypto/evp/m_dss1.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/m_ecdsa.c b/crypto/evp/m_ecdsa.c index 181f19f..745752d 100644 --- a/crypto/evp/m_ecdsa.c +++ b/crypto/evp/m_ecdsa.c @@ -110,7 +110,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/m_md2.c b/crypto/evp/m_md2.c index 3c4cd7b..91b5e18 100644 --- a/crypto/evp/m_md2.c +++ b/crypto/evp/m_md2.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MD2 diff --git a/crypto/evp/m_md4.c b/crypto/evp/m_md4.c index 440b5fa..2ef3023 100644 --- a/crypto/evp/m_md4.c +++ b/crypto/evp/m_md4.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MD4 diff --git a/crypto/evp/m_md5.c b/crypto/evp/m_md5.c index 784425a..cd021f5 100644 --- a/crypto/evp/m_md5.c +++ b/crypto/evp/m_md5.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MD5 diff --git a/crypto/evp/m_mdc2.c b/crypto/evp/m_mdc2.c index 2081d71..272d9cb 100644 --- a/crypto/evp/m_mdc2.c +++ b/crypto/evp/m_mdc2.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_MDC2 diff --git a/crypto/evp/m_null.c b/crypto/evp/m_null.c index 017e1fe..7374e69 100644 --- a/crypto/evp/m_null.c +++ b/crypto/evp/m_null.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/m_ripemd.c b/crypto/evp/m_ripemd.c index fa9be8e..30046c8 100644 --- a/crypto/evp/m_ripemd.c +++ b/crypto/evp/m_ripemd.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RMD160 diff --git a/crypto/evp/m_sha1.c b/crypto/evp/m_sha1.c index 9ab8c90..7deed91 100644 --- a/crypto/evp/m_sha1.c +++ b/crypto/evp/m_sha1.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 288c563..258fd91 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/m_wp.c b/crypto/evp/m_wp.c index b867ebd..76258b6 100644 --- a/crypto/evp/m_wp.c +++ b/crypto/evp/m_wp.c @@ -1,7 +1,7 @@ /* crypto/evp/m_wp.c */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_WHIRLPOOL diff --git a/crypto/evp/names.c b/crypto/evp/names.c index b8a4410..c7c4615 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 921006c..2d37d08 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index ca3fa9c..4986a21 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -58,7 +58,7 @@ */ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" # include # include # include diff --git a/crypto/evp/p_dec.c b/crypto/evp/p_dec.c index 225b8b4..f232934 100644 --- a/crypto/evp/p_dec.c +++ b/crypto/evp/p_dec.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_RSA # include diff --git a/crypto/evp/p_enc.c b/crypto/evp/p_enc.c index f565f33..d4ab14b 100644 --- a/crypto/evp/p_enc.c +++ b/crypto/evp/p_enc.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_RSA # include diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 42ae5ae..daa3d57 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/p_open.c b/crypto/evp/p_open.c index 481c855..02f6106 100644 --- a/crypto/evp/p_open.c +++ b/crypto/evp/p_open.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_RSA diff --git a/crypto/evp/p_seal.c b/crypto/evp/p_seal.c index ba9dfff..ff60bb5 100644 --- a/crypto/evp/p_seal.c +++ b/crypto/evp/p_seal.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_RSA # include diff --git a/crypto/evp/p_sign.c b/crypto/evp/p_sign.c index 07ae252..90a5fc6 100644 --- a/crypto/evp/p_sign.c +++ b/crypto/evp/p_sign.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/p_verify.c b/crypto/evp/p_verify.c index 2277a91..098bf91 100644 --- a/crypto/evp/p_verify.c +++ b/crypto/evp/p_verify.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index abf2160..d86110b 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/evp_int.h" diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index 78467c9..705801f 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/bn_int.h" diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index fef0b8f..210c7fa 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -59,7 +59,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/ex_data.c b/crypto/ex_data.c index 20a2dd7..bf5cf29 100644 --- a/crypto/ex_data.c +++ b/crypto/ex_data.c @@ -138,7 +138,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* What an "implementation of ex_data functionality" looks like */ diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c index 1b0f3b9..cd29c0c 100644 --- a/crypto/hmac/hm_ameth.c +++ b/crypto/hmac/hm_ameth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "internal/asn1_int.h" diff --git a/crypto/hmac/hm_pmeth.c b/crypto/hmac/hm_pmeth.c index 2980254..fcccb58 100644 --- a/crypto/hmac/hm_pmeth.c +++ b/crypto/hmac/hm_pmeth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c index 6362aa8..572393e 100644 --- a/crypto/hmac/hmac.c +++ b/crypto/hmac/hmac.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, diff --git a/crypto/cryptlib.h b/crypto/include/internal/cryptlib.h similarity index 100% rename from crypto/cryptlib.h rename to crypto/include/internal/cryptlib.h diff --git a/crypto/md32_common.h b/crypto/include/internal/md32_common.h similarity index 100% rename from crypto/md32_common.h rename to crypto/include/internal/md32_common.h diff --git a/crypto/lhash/lh_stats.c b/crypto/lhash/lh_stats.c index 0a21399..09e1bff 100644 --- a/crypto/lhash/lh_stats.c +++ b/crypto/lhash/lh_stats.c @@ -63,7 +63,7 @@ * If you wish to build this outside of SSLeay, remove the following lines * and things should work as expected */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/lock.c b/crypto/lock.c index cad9876..d7d672d 100644 --- a/crypto/lock.c +++ b/crypto/lock.c @@ -114,7 +114,7 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #if defined(OPENSSL_SYS_WIN32) diff --git a/crypto/md2/md2_one.c b/crypto/md2/md2_one.c index cd2631b..ff648b5 100644 --- a/crypto/md2/md2_one.c +++ b/crypto/md2/md2_one.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* diff --git a/crypto/md4/md4_locl.h b/crypto/md4/md4_locl.h index 6ed21e1..c6dd348 100644 --- a/crypto/md4/md4_locl.h +++ b/crypto/md4/md4_locl.h @@ -80,7 +80,7 @@ void md4_block_data_order(MD4_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER md4_block_data_order -#include "md32_common.h" +#include "internal/md32_common.h" /*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) diff --git a/crypto/md5/md5_locl.h b/crypto/md5/md5_locl.h index 6c1bf35..22ae9b3 100644 --- a/crypto/md5/md5_locl.h +++ b/crypto/md5/md5_locl.h @@ -91,7 +91,7 @@ void md5_block_data_order(MD5_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER md5_block_data_order -#include "md32_common.h" +#include "internal/md32_common.h" /*- #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) diff --git a/crypto/mdc2/mdc2_one.c b/crypto/mdc2/mdc2_one.c index 790775c..d30305b 100644 --- a/crypto/mdc2/mdc2_one.c +++ b/crypto/mdc2/mdc2_one.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md) diff --git a/crypto/mem.c b/crypto/mem.c index 14f67a4..b98e44f 100644 --- a/crypto/mem.c +++ b/crypto/mem.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" static int allow_customize = 1; /* we provide flexible functions for */ static int allow_customize_debug = 1; /* exchanging memory-related functions diff --git a/crypto/mem_dbg.c b/crypto/mem_dbg.c index 98c17dd..10cc893 100644 --- a/crypto/mem_dbg.c +++ b/crypto/mem_dbg.c @@ -112,7 +112,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/modes/wrap128.c b/crypto/modes/wrap128.c index fe33a98..a3f397e 100644 --- a/crypto/modes/wrap128.c +++ b/crypto/modes/wrap128.c @@ -59,7 +59,7 @@ * allows you to use them for any 128 bit block cipher. */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /** RFC 3394 section 2.2.3.1 Default Initial Value */ diff --git a/crypto/o_fips.c b/crypto/o_fips.c index 105d5fa..1139148 100644 --- a/crypto/o_fips.c +++ b/crypto/o_fips.c @@ -56,7 +56,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifdef OPENSSL_FIPS # include #endif diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 6a068ee..27d61b3 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/objects/obj_lib.c b/crypto/objects/obj_lib.c index 58e9a92..d3c2ed0 100644 --- a/crypto/objects/obj_lib.c +++ b/crypto/objects/obj_lib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index b6ec19a..ef8ff30 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -66,7 +66,7 @@ #include #include -#include +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 63a8332..95c61e6 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -65,7 +65,7 @@ */ #include -#include +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index b0e7122..aa0723c 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -65,7 +65,7 @@ */ #include -#include +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 3b71dd7..740b11c 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -58,7 +58,7 @@ */ #include -#include +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ocsp/v3_ocsp.c b/crypto/ocsp/v3_ocsp.c index 7e502d7..30ed7d5 100644 --- a/crypto/ocsp/v3_ocsp.c +++ b/crypto/ocsp/v3_ocsp.c @@ -58,7 +58,7 @@ */ # include -# include "cryptlib.h" +# include "internal/cryptlib.h" # include # include # include diff --git a/crypto/pem/pem_all.c b/crypto/pem/pem_all.c index 8ef8f18..2f36c25 100644 --- a/crypto/pem/pem_all.c +++ b/crypto/pem/pem_all.c @@ -110,7 +110,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_info.c b/crypto/pem/pem_info.c index 29670ed..045f568 100644 --- a/crypto/pem/pem_info.c +++ b/crypto/pem/pem_info.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c index 088288d..47be640 100644 --- a/crypto/pem/pem_lib.c +++ b/crypto/pem/pem_lib.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_oth.c b/crypto/pem/pem_oth.c index 1dd3bd7..63f42b2 100644 --- a/crypto/pem/pem_oth.c +++ b/crypto/pem/pem_oth.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 52b40fe..4534eb1 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_pkey.c b/crypto/pem/pem_pkey.c index a7dd27f..893675f 100644 --- a/crypto/pem/pem_pkey.c +++ b/crypto/pem/pem_pkey.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_seal.c b/crypto/pem/pem_seal.c index a3812b8..e8ea1b0 100644 --- a/crypto/pem/pem_seal.c +++ b/crypto/pem/pem_seal.c @@ -59,7 +59,7 @@ #include /* for OPENSSL_NO_RSA */ #ifndef OPENSSL_NO_RSA # include -# include "cryptlib.h" +# include "internal/cryptlib.h" # include # include # include diff --git a/crypto/pem/pem_sign.c b/crypto/pem/pem_sign.c index e16be4a..824ff48 100644 --- a/crypto/pem/pem_sign.c +++ b/crypto/pem/pem_sign.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_x509.c b/crypto/pem/pem_x509.c index 3c20ff2..9dbd693 100644 --- a/crypto/pem/pem_x509.c +++ b/crypto/pem/pem_x509.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pem_xaux.c b/crypto/pem/pem_xaux.c index 3263bd6..6f37416 100644 --- a/crypto/pem/pem_xaux.c +++ b/crypto/pem/pem_xaux.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pem/pvkfmt.c b/crypto/pem/pvkfmt.c index 0900ef6..c682fc7 100644 --- a/crypto/pem/pvkfmt.c +++ b/crypto/pem/pvkfmt.c @@ -61,7 +61,7 @@ * and PRIVATEKEYBLOB). */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c index 301fed6..29abe2e 100644 --- a/crypto/pkcs12/p12_add.c +++ b/crypto/pkcs12/p12_add.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* Pack an object into an OCTET STRING and turn into a safebag */ diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c index 370ddbd..ef2e851 100644 --- a/crypto/pkcs12/p12_asn.c +++ b/crypto/pkcs12/p12_asn.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/pkcs12/p12_attr.c b/crypto/pkcs12/p12_attr.c index 365a1cd..80abf66 100644 --- a/crypto/pkcs12/p12_attr.c +++ b/crypto/pkcs12/p12_attr.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* Add a local keyid to a safebag */ diff --git a/crypto/pkcs12/p12_crpt.c b/crypto/pkcs12/p12_crpt.c index e50096b..08be40c 100644 --- a/crypto/pkcs12/p12_crpt.c +++ b/crypto/pkcs12/p12_crpt.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* PKCS#12 PBE algorithms now in static table */ diff --git a/crypto/pkcs12/p12_crt.c b/crypto/pkcs12/p12_crt.c index cc25410..189e7c7 100644 --- a/crypto/pkcs12/p12_crt.c +++ b/crypto/pkcs12/p12_crt.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index 5154e54..f19830c 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* Define this to dump decrypted output to files called DERnnn */ diff --git a/crypto/pkcs12/p12_init.c b/crypto/pkcs12/p12_init.c index 29f9831..3f1a07c 100644 --- a/crypto/pkcs12/p12_init.c +++ b/crypto/pkcs12/p12_init.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* Initialise a PKCS12 structure to take data */ diff --git a/crypto/pkcs12/p12_key.c b/crypto/pkcs12/p12_key.c index 45cac04..879f157 100644 --- a/crypto/pkcs12/p12_key.c +++ b/crypto/pkcs12/p12_key.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c index a2dbc42..a70fe72 100644 --- a/crypto/pkcs12/p12_kiss.c +++ b/crypto/pkcs12/p12_kiss.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* Simplified PKCS#12 routines */ diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c index b193da1..4025e3f 100644 --- a/crypto/pkcs12/p12_mutl.c +++ b/crypto/pkcs12/p12_mutl.c @@ -58,7 +58,7 @@ */ # include -# include "cryptlib.h" +# include "internal/cryptlib.h" # include # include # include diff --git a/crypto/pkcs12/p12_p8d.c b/crypto/pkcs12/p12_p8d.c index 3cc7a9f..983eadf 100644 --- a/crypto/pkcs12/p12_p8d.c +++ b/crypto/pkcs12/p12_p8d.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 9375cbf..46ed78a 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c index c55a4f1..5656cdc 100644 --- a/crypto/pkcs12/p12_utl.c +++ b/crypto/pkcs12/p12_utl.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include /* Cheap and nasty Unicode stuff */ diff --git a/crypto/pkcs7/pk7_asn1.c b/crypto/pkcs7/pk7_asn1.c index 9c0a439..bc107cc 100644 --- a/crypto/pkcs7/pk7_asn1.c +++ b/crypto/pkcs7/pk7_asn1.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pkcs7/pk7_dgst.c b/crypto/pkcs7/pk7_dgst.c index 6b57f97..cb2b293 100644 --- a/crypto/pkcs7/pk7_dgst.c +++ b/crypto/pkcs7/pk7_dgst.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index bdbde21..2c8dd87 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pkcs7/pk7_enc.c b/crypto/pkcs7/pk7_enc.c index 6983e01..10f59c4 100644 --- a/crypto/pkcs7/pk7_enc.c +++ b/crypto/pkcs7/pk7_enc.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c index 30cc98f..5d321f8 100644 --- a/crypto/pkcs7/pk7_lib.c +++ b/crypto/pkcs7/pk7_lib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/asn1_int.h" diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c index 62fb299..7d8b8e7 100644 --- a/crypto/pkcs7/pk7_mime.c +++ b/crypto/pkcs7/pk7_mime.c @@ -55,7 +55,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c index edc5969..e52e746 100644 --- a/crypto/pkcs7/pk7_smime.c +++ b/crypto/pkcs7/pk7_smime.c @@ -60,7 +60,7 @@ /* Simple PKCS#7 processing functions */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c index 1378abc..d10088e 100644 --- a/crypto/pqueue/pqueue.c +++ b/crypto/pqueue/pqueue.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c index acc116b..102ed05 100644 --- a/crypto/rand/rand_lib.c +++ b/crypto/rand/rand_lib.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_ENGINE diff --git a/crypto/rand/rand_nw.c b/crypto/rand/rand_nw.c index 76ef70c..e4c0414 100644 --- a/crypto/rand/rand_nw.c +++ b/crypto/rand/rand_nw.c @@ -109,7 +109,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "rand_lcl.h" diff --git a/crypto/rand/rand_os2.c b/crypto/rand/rand_os2.c index 706ab1e..0397d77 100644 --- a/crypto/rand/rand_os2.c +++ b/crypto/rand/rand_os2.c @@ -53,7 +53,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "rand_lcl.h" diff --git a/crypto/rand/rand_unix.c b/crypto/rand/rand_unix.c index 4332270..72f8617 100644 --- a/crypto/rand/rand_unix.c +++ b/crypto/rand/rand_unix.c @@ -112,7 +112,7 @@ #define USE_SOCKETS #include "e_os.h" -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "rand_lcl.h" diff --git a/crypto/rand/rand_win.c b/crypto/rand/rand_win.c index 1de39bb..e926429 100644 --- a/crypto/rand/rand_win.c +++ b/crypto/rand/rand_win.c @@ -109,7 +109,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "rand_lcl.h" diff --git a/crypto/rc4/rc4_locl.h b/crypto/rc4/rc4_locl.h index faf8742..2f09b7c 100644 --- a/crypto/rc4/rc4_locl.h +++ b/crypto/rc4/rc4_locl.h @@ -1,5 +1,5 @@ #ifndef HEADER_RC4_LOCL_H # define HEADER_RC4_LOCL_H # include -# include +# include "internal/cryptlib.h" #endif diff --git a/crypto/ripemd/rmd_locl.h b/crypto/ripemd/rmd_locl.h index 5a2eed3..d7e5c57 100644 --- a/crypto/ripemd/rmd_locl.h +++ b/crypto/ripemd/rmd_locl.h @@ -92,7 +92,7 @@ void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num); } while (0) #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order -#include "md32_common.h" +#include "internal/md32_common.h" /* * Transformed F2 and F4 are courtesy of Wei Dai diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index 509f203..d409631 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c index aff8b58..0cf1b2a 100644 --- a/crypto/rsa/rsa_asn1.c +++ b/crypto/rsa/rsa_asn1.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_crpt.c b/crypto/rsa/rsa_crpt.c index f5f29e0..5220b7d 100644 --- a/crypto/rsa/rsa_crpt.c +++ b/crypto/rsa/rsa_crpt.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "internal/bn_int.h" #include diff --git a/crypto/rsa/rsa_depr.c b/crypto/rsa/rsa_depr.c index 042b2b7..b76781b 100644 --- a/crypto/rsa/rsa_depr.c +++ b/crypto/rsa/rsa_depr.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 5b8e21b..511ecb8 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -109,7 +109,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include "internal/bn_int.h" #include #include diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index ec2e18e..e81be75 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -64,7 +64,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index f4aaa29..2ec39e7 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include "internal/bn_int.h" #include diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c index 83e5660..9f954b4 100644 --- a/crypto/rsa/rsa_none.c +++ b/crypto/rsa/rsa_none.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_null.c b/crypto/rsa/rsa_null.c index 535660a..ecb2f7c 100644 --- a/crypto/rsa/rsa_null.c +++ b/crypto/rsa/rsa_null.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c index 6edfb41..ff551f2 100644 --- a/crypto/rsa/rsa_oaep.c +++ b/crypto/rsa/rsa_oaep.c @@ -20,7 +20,7 @@ #include "internal/constant_time_locl.h" #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index e32a1d5..9a8145b 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -59,7 +59,7 @@ #include "internal/constant_time_locl.h" #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_pmeth.c b/crypto/rsa/rsa_pmeth.c index 76d5c69..ac83de3 100644 --- a/crypto/rsa/rsa_pmeth.c +++ b/crypto/rsa/rsa_pmeth.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_prn.c b/crypto/rsa/rsa_prn.c index 577f855..3d8c800 100644 --- a/crypto/rsa/rsa_prn.c +++ b/crypto/rsa/rsa_prn.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c index b5055de..03d900c 100644 --- a/crypto/rsa/rsa_pss.c +++ b/crypto/rsa/rsa_pss.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c index c462ae1..6c5f42d 100644 --- a/crypto/rsa/rsa_saos.c +++ b/crypto/rsa/rsa_saos.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 6965797..ff70cd9 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 746e01f..86b40ad 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/rsa/rsa_x931.c b/crypto/rsa/rsa_x931.c index 725ead0..54d925b 100644 --- a/crypto/rsa/rsa_x931.c +++ b/crypto/rsa/rsa_x931.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c index eec0cad..c112b04 100644 --- a/crypto/sha/sha256.c +++ b/crypto/sha/sha256.c @@ -127,7 +127,7 @@ static #endif void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num); -#include "md32_common.h" +#include "internal/md32_common.h" #ifndef SHA256_ASM static const SHA_LONG K256[64] = { diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c index c58cc1b..ebae411 100644 --- a/crypto/sha/sha512.c +++ b/crypto/sha/sha512.c @@ -47,7 +47,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT; diff --git a/crypto/sha/sha_locl.h b/crypto/sha/sha_locl.h index af62d9e..d3c6c37 100644 --- a/crypto/sha/sha_locl.h +++ b/crypto/sha/sha_locl.h @@ -91,7 +91,7 @@ static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num); #endif -#include "md32_common.h" +#include "internal/md32_common.h" #define INIT_DATA_h0 0x67452301UL #define INIT_DATA_h1 0xefcdab89UL diff --git a/crypto/srp/srp_lib.c b/crypto/srp/srp_lib.c index 1b26319..8930473 100644 --- a/crypto/srp/srp_lib.c +++ b/crypto/srp/srp_lib.c @@ -58,7 +58,7 @@ * */ #ifndef OPENSSL_NO_SRP -# include "cryptlib.h" +# include "internal/cryptlib.h" # include # include # include diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c index 79db92a..39c89e8 100644 --- a/crypto/srp/srp_vfy.c +++ b/crypto/srp/srp_vfy.c @@ -58,7 +58,7 @@ * */ #ifndef OPENSSL_NO_SRP -# include "cryptlib.h" +# include "internal/cryptlib.h" # include # include # include diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c index c395d58..a6182df 100644 --- a/crypto/stack/stack.c +++ b/crypto/stack/stack.c @@ -56,7 +56,7 @@ * [including the GNU Public Licence.] */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/thr_id.c b/crypto/thr_id.c index 2be0a54..c391fc4 100644 --- a/crypto/thr_id.c +++ b/crypto/thr_id.c @@ -114,7 +114,7 @@ * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project. */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef OPENSSL_NO_DEPRECATED static unsigned long (*id_callback) (void) = 0; diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 121b60b..1e511be 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #ifndef OPENSSL_NO_ENGINE # include diff --git a/crypto/ts/ts_lib.c b/crypto/ts/ts_lib.c index cac9aa4..2bf7c50 100644 --- a/crypto/ts/ts_lib.c +++ b/crypto/ts/ts_lib.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ts/ts_req_print.c b/crypto/ts/ts_req_print.c index 31940ee..eef1b8a 100644 --- a/crypto/ts/ts_req_print.c +++ b/crypto/ts/ts_req_print.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ts/ts_req_utils.c b/crypto/ts/ts_req_utils.c index 362e5e5..7f3a4a4 100644 --- a/crypto/ts/ts_req_utils.c +++ b/crypto/ts/ts_req_utils.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ts/ts_rsp_print.c b/crypto/ts/ts_rsp_print.c index 0a3e497..108cd2f 100644 --- a/crypto/ts/ts_rsp_print.c +++ b/crypto/ts/ts_rsp_print.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index b16cf91..c28d936 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #if defined(OPENSSL_SYS_UNIX) # include diff --git a/crypto/ts/ts_rsp_utils.c b/crypto/ts/ts_rsp_utils.c index 72d9f63..8c66c5f 100644 --- a/crypto/ts/ts_rsp_utils.c +++ b/crypto/ts/ts_rsp_utils.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c index 939c65f..116e116 100644 --- a/crypto/ts/ts_rsp_verify.c +++ b/crypto/ts/ts_rsp_verify.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ts/ts_verify_ctx.c b/crypto/ts/ts_verify_ctx.c index 3c15e66..7465e04 100644 --- a/crypto/ts/ts_verify_ctx.c +++ b/crypto/ts/ts_verify_ctx.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/txt_db/txt_db.c b/crypto/txt_db/txt_db.c index 5134855..2384917 100644 --- a/crypto/txt_db/txt_db.c +++ b/crypto/txt_db/txt_db.c @@ -59,7 +59,7 @@ #include #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index e090b88..9ba844e 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 0696341..de17638 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -160,7 +160,7 @@ /* 06-Apr-92 Luke Brennan Support for VMS */ #include "ui_locl.h" -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifdef OPENSSL_SYS_VMS /* prototypes for sys$whatever */ # include diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index 1be5309..ffd101c 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #ifndef NO_SYS_TYPES_H # include diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c index d82a0db..9b06b34 100644 --- a/crypto/x509/by_file.c +++ b/crypto/x509/by_file.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_att.c b/crypto/x509/x509_att.c index 67f6b8f..a102435 100644 --- a/crypto/x509/x509_att.c +++ b/crypto/x509/x509_att.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c index c7b0fe1..9308249 100644 --- a/crypto/x509/x509_cmp.c +++ b/crypto/x509/x509_cmp.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_d2.c b/crypto/x509/x509_d2.c index 50ca2a6..29bbf50 100644 --- a/crypto/x509/x509_d2.c +++ b/crypto/x509/x509_d2.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c index 25c5537..062b915 100644 --- a/crypto/x509/x509_def.c +++ b/crypto/x509/x509_def.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509/x509_ext.c b/crypto/x509/x509_ext.c index c5a3ad9..6bba5bb 100644 --- a/crypto/x509/x509_ext.c +++ b/crypto/x509/x509_ext.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 5017f02..2086225 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c index ca6ff5d..93032d1 100644 --- a/crypto/x509/x509_obj.c +++ b/crypto/x509/x509_obj.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_r2x.c b/crypto/x509/x509_r2x.c index e715904..d9c3cfd 100644 --- a/crypto/x509/x509_r2x.c +++ b/crypto/x509/x509_r2x.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c index e01fc79..b6c4698 100644 --- a/crypto/x509/x509_req.c +++ b/crypto/x509/x509_req.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_set.c b/crypto/x509/x509_set.c index 6ddbabf..486e90a 100644 --- a/crypto/x509/x509_set.c +++ b/crypto/x509/x509_set.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_trs.c b/crypto/x509/x509_trs.c index 7a16542..1912c96 100644 --- a/crypto/x509/x509_trs.c +++ b/crypto/x509/x509_trs.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b); diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c index 5ac72d0..6e8cdaa 100644 --- a/crypto/x509/x509_txt.c +++ b/crypto/x509/x509_txt.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_v3.c b/crypto/x509/x509_v3.c index ad33be6..4e9c8f5 100644 --- a/crypto/x509/x509_v3.c +++ b/crypto/x509/x509_v3.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 4538b8b..7e00436 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c index 4b6ec63..5d8c5f8 100644 --- a/crypto/x509/x509_vpm.c +++ b/crypto/x509/x509_vpm.c @@ -59,7 +59,7 @@ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509cset.c b/crypto/x509/x509cset.c index 042c90d..925ba69 100644 --- a/crypto/x509/x509cset.c +++ b/crypto/x509/x509cset.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c index 5a70845..234ddfe 100644 --- a/crypto/x509/x509name.c +++ b/crypto/x509/x509name.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509rset.c b/crypto/x509/x509rset.c index 80e273e..cafaf75 100644 --- a/crypto/x509/x509rset.c +++ b/crypto/x509/x509rset.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index 482741a..116f788 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 0331752..bc93697 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 9c3c129..a7ad148 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x_attrib.c b/crypto/x509/x_attrib.c index 9782fda..65fd6e5 100644 --- a/crypto/x509/x_attrib.c +++ b/crypto/x509/x_attrib.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c index e61dfb2..f8fd337 100644 --- a/crypto/x509/x_name.c +++ b/crypto/x509/x_name.c @@ -58,7 +58,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include "internal/x509_int.h" diff --git a/crypto/x509v3/pcy_cache.c b/crypto/x509v3/pcy_cache.c index 8e78011..61065aa 100644 --- a/crypto/x509v3/pcy_cache.c +++ b/crypto/x509v3/pcy_cache.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c index ef6edb1..c29641f 100644 --- a/crypto/x509v3/pcy_data.c +++ b/crypto/x509v3/pcy_data.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/pcy_lib.c b/crypto/x509v3/pcy_lib.c index 58ce8a0..b048f91 100644 --- a/crypto/x509v3/pcy_lib.c +++ b/crypto/x509v3/pcy_lib.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/pcy_map.c b/crypto/x509v3/pcy_map.c index b99eb91..a4ff30c 100644 --- a/crypto/x509v3/pcy_map.c +++ b/crypto/x509v3/pcy_map.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 7b54e5c..e7ab7cd 100644 --- a/crypto/x509v3/pcy_tree.c +++ b/crypto/x509v3/pcy_tree.c @@ -57,7 +57,7 @@ * */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c index 2029475..5c22c6d 100644 --- a/crypto/x509v3/v3_addr.c +++ b/crypto/x509v3/v3_addr.c @@ -62,7 +62,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 61bc7b3..abad217 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_akeya.c b/crypto/x509v3/v3_akeya.c index 2cc85b7..9914472 100644 --- a/crypto/x509v3/v3_akeya.c +++ b/crypto/x509v3/v3_akeya.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c index 20f9490..b3c3644 100644 --- a/crypto/x509v3/v3_alt.c +++ b/crypto/x509v3/v3_alt.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c index c5e5694..f390c2d 100644 --- a/crypto/x509v3/v3_asid.c +++ b/crypto/x509v3/v3_asid.c @@ -61,7 +61,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_bcons.c b/crypto/x509v3/v3_bcons.c index 3b89efb..d49a010 100644 --- a/crypto/x509v3/v3_bcons.c +++ b/crypto/x509v3/v3_bcons.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_bitst.c b/crypto/x509v3/v3_bitst.c index 9072b42..b2f6392 100644 --- a/crypto/x509v3/v3_bitst.c +++ b/crypto/x509v3/v3_bitst.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_conf.c b/crypto/x509v3/v3_conf.c index 51f39f5..38f198e 100644 --- a/crypto/x509v3/v3_conf.c +++ b/crypto/x509v3/v3_conf.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index cac91b9..a326876 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c index 67d019a..9b0d21f 100644 --- a/crypto/x509v3/v3_crld.c +++ b/crypto/x509v3/v3_crld.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c index 7678664..774eb34 100644 --- a/crypto/x509v3/v3_enum.c +++ b/crypto/x509v3/v3_enum.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static ENUMERATED_NAMES crl_reasons[] = { diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c index 70d3554..d5da551 100644 --- a/crypto/x509v3/v3_extku.c +++ b/crypto/x509v3/v3_extku.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c index 7f40bfa..b4b8de7 100644 --- a/crypto/x509v3/v3_genn.c +++ b/crypto/x509v3/v3_genn.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c index 7cae1b6..ca15447 100644 --- a/crypto/x509v3/v3_ia5.c +++ b/crypto/x509v3/v3_ia5.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c index 872d5c7..277609e 100644 --- a/crypto/x509v3/v3_info.c +++ b/crypto/x509v3/v3_info.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c index 8bfdb37..9895ac5 100644 --- a/crypto/x509v3/v3_int.c +++ b/crypto/x509v3/v3_int.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include const X509V3_EXT_METHOD v3_crl_num = { diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 4bec817..93af571 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -59,7 +59,7 @@ /* X509 v3 extension utilities */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c index 9d48fb9..315bd3c 100644 --- a/crypto/x509v3/v3_ncons.c +++ b/crypto/x509v3/v3_ncons.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c index c795db7..c39acd7 100644 --- a/crypto/x509v3/v3_pci.c +++ b/crypto/x509v3/v3_pci.c @@ -36,7 +36,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_pcons.c b/crypto/x509v3/v3_pcons.c index a1b27d6..e170b80 100644 --- a/crypto/x509v3/v3_pcons.c +++ b/crypto/x509v3/v3_pcons.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c index dd01c44..5056fb3 100644 --- a/crypto/x509v3/v3_pku.c +++ b/crypto/x509v3/v3_pku.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_pmaps.c b/crypto/x509v3/v3_pmaps.c index 14253aa..b862e3e 100644 --- a/crypto/x509v3/v3_pmaps.c +++ b/crypto/x509v3/v3_pmaps.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index 2d51674..ef21948 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -59,7 +59,7 @@ /* X509 v3 extension utilities */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index dc72795..1f9296a 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_scts.c b/crypto/x509v3/v3_scts.c index e9ee668..61e5a83 100644 --- a/crypto/x509v3/v3_scts.c +++ b/crypto/x509v3/v3_scts.c @@ -57,7 +57,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include diff --git a/crypto/x509v3/v3_skey.c b/crypto/x509v3/v3_skey.c index 977844b..c0c71c0 100644 --- a/crypto/x509v3/v3_skey.c +++ b/crypto/x509v3/v3_skey.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c index fff3b00..13d7286 100644 --- a/crypto/x509v3/v3_sxnet.c +++ b/crypto/x509v3/v3_sxnet.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index d50c2fa..cd8aff2 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -60,7 +60,7 @@ #include #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include diff --git a/crypto/x509v3/v3conf.c b/crypto/x509v3/v3conf.c index 41aa266..6d2cd6d 100644 --- a/crypto/x509v3/v3conf.c +++ b/crypto/x509v3/v3conf.c @@ -58,7 +58,7 @@ */ #include -#include "cryptlib.h" +#include "internal/cryptlib.h" #include #include #include From steve at openssl.org Thu May 14 15:26:36 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 14 May 2015 15:26:36 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0_9 create Message-ID: <1431617196.925901.6937.nullmailer@dev.openssl.org> The annotated tag OpenSSL-fips-2_0_9 has been created at 2119fdfc34ed4e030f6fb977aeec2014a84ae0c5 (tag) tagging 7447e65fccc95fa2ee97b40e43dc46f97e7b958b (commit) replaces OpenSSL-fips-2_0_8 tagged by Dr. Stephen Henson on Thu May 14 16:24:48 2015 +0100 - Log ----------------------------------------------------------------- OpenSSL FIPS 2.0.9 release tag Dr. Stephen Henson (2): Update fipsalgtest.pl to cope with changes in file names and format support for iOS 7.x/ARMv8 ----------------------------------------------------------------------- From levitte at openssl.org Thu May 14 15:42:01 2015 From: levitte at openssl.org (Richard Levitte) Date: Thu, 14 May 2015 15:42:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431618121.499914.8937.nullmailer@dev.openssl.org> The branch master has been updated via a3aadb2d9c85bc958a428a17ef5d6c9de5ef87b8 (commit) via a120ed39a6ef1c2085deab490092b83d819e2546 (commit) from b39fc560612984e65ec30d7f37487303bf514fb3 (commit) - Log ----------------------------------------------------------------- commit a3aadb2d9c85bc958a428a17ef5d6c9de5ef87b8 Author: Richard Levitte Date: Thu May 14 17:38:31 2015 +0200 make depend Reviewed-by: Rich Salz commit a120ed39a6ef1c2085deab490092b83d819e2546 Author: Richard Levitte Date: Thu May 14 17:36:13 2015 +0200 Add -Iinclude to crypto/ compiles The move of headers from crypto/ to crypto/include/internal/ needs this extra inclusion directory or the build fails. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/Makefile | 30 ++++----- crypto/aes/Makefile | 6 +- crypto/asn1/Makefile | 170 ++++++++++++++++++++++++++++-------------------- crypto/bio/Makefile | 49 +++++++++----- crypto/bn/Makefile | 103 ++++++++++++++--------------- crypto/buffer/Makefile | 6 +- crypto/cmac/Makefile | 9 +-- crypto/cms/Makefile | 28 ++++---- crypto/conf/Makefile | 13 ++-- crypto/des/Makefile | 6 +- crypto/dh/Makefile | 28 ++++---- crypto/dsa/Makefile | 28 ++++---- crypto/dso/Makefile | 18 +++-- crypto/ec/Makefile | 9 +-- crypto/ecdh/Makefile | 2 +- crypto/engine/Makefile | 63 ++++++++++-------- crypto/err/Makefile | 5 +- crypto/evp/Makefile | 135 +++++++++++++++++++++++--------------- crypto/hmac/Makefile | 9 +-- crypto/lhash/Makefile | 3 +- crypto/md4/Makefile | 4 +- crypto/md5/Makefile | 4 +- crypto/mdc2/Makefile | 3 +- crypto/modes/Makefile | 2 +- crypto/objects/Makefile | 7 +- crypto/ocsp/Makefile | 14 ++-- crypto/pem/Makefile | 31 +++++---- crypto/pkcs12/Makefile | 32 +++++---- crypto/pkcs7/Makefile | 13 ++-- crypto/pqueue/Makefile | 2 +- crypto/rand/Makefile | 17 ++--- crypto/rc4/Makefile | 4 +- crypto/ripemd/Makefile | 2 +- crypto/rsa/Makefile | 47 +++++++------ crypto/sha/Makefile | 7 +- crypto/srp/Makefile | 5 +- crypto/stack/Makefile | 3 +- crypto/ts/Makefile | 26 +++++--- crypto/txt_db/Makefile | 2 +- crypto/ui/Makefile | 4 +- crypto/x509/Makefile | 65 ++++++++++-------- crypto/x509v3/Makefile | 78 ++++++++++++---------- 42 files changed, 634 insertions(+), 458 deletions(-) diff --git a/crypto/Makefile b/crypto/Makefile index caffc77..b0645fc 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -5,7 +5,7 @@ DIR= crypto TOP= .. CC= cc -INCLUDE= -I. -I$(TOP) -I../include $(ZLIB_INCLUDE) +INCLUDE= -I. -I$(TOP) -I../include -Iinclude $(ZLIB_INCLUDE) # INCLUDES targets sudbirs! INCLUDES= -I.. -I../.. -I../modes -I../include -I../../include $(ZLIB_INCLUDE) CFLAG= -g @@ -140,37 +140,37 @@ cryptlib.o: ../include/openssl/err.h ../include/openssl/lhash.h cryptlib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h cryptlib.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.c -cryptlib.o: cryptlib.h +cryptlib.o: include/internal/cryptlib.h cversion.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h cversion.o: ../include/openssl/err.h ../include/openssl/lhash.h cversion.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h cversion.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h -cversion.o: cryptlib.h cversion.c +cversion.o: cversion.c include/internal/cryptlib.h ebcdic.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h ebcdic.c ex_data.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h ex_data.o: ../include/openssl/err.h ../include/openssl/lhash.h ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -ex_data.o: ex_data.c +ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h ex_data.c +ex_data.o: include/internal/cryptlib.h fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c lock.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h lock.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h lock.o: ../include/openssl/err.h ../include/openssl/lhash.h lock.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h lock.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -lock.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -lock.o: lock.c +lock.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +lock.o: include/internal/cryptlib.h lock.c mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem.o: ../include/openssl/err.h ../include/openssl/lhash.h mem.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -mem.o: mem.c +mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +mem.o: include/internal/cryptlib.h mem.c mem_clr.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem_clr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem_clr.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h @@ -180,8 +180,8 @@ mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h mem_dbg.o: ../include/openssl/err.h ../include/openssl/lhash.h mem_dbg.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h mem_dbg.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -mem_dbg.o: mem_dbg.c +mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +mem_dbg.o: include/internal/cryptlib.h mem_dbg.c o_dir.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/e_os2.h o_dir.o: ../include/openssl/opensslconf.h LPdir_unix.c o_dir.c o_fips.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h @@ -189,8 +189,8 @@ o_fips.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h o_fips.o: ../include/openssl/err.h ../include/openssl/lhash.h o_fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h o_fips.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -o_fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -o_fips.o: o_fips.c +o_fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +o_fips.o: include/internal/cryptlib.h o_fips.c o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h @@ -208,8 +208,8 @@ thr_id.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h thr_id.o: ../include/openssl/err.h ../include/openssl/lhash.h thr_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h thr_id.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h -thr_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h -thr_id.o: thr_id.c +thr_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +thr_id.o: include/internal/cryptlib.h thr_id.c uid.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h uid.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h uid.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 5c3b2d3..d3ce809 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -138,7 +138,8 @@ aes_ige.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h +aes_ige.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +aes_ige.o: aes_ige.c aes_locl.h aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h aes_misc.o: ../../include/openssl/opensslconf.h aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c @@ -151,4 +152,5 @@ aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h aes_wrap.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c +aes_wrap.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +aes_wrap.o: aes_wrap.c diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 7f3dd0d..4283145 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -100,8 +100,8 @@ a_bitstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_bitstr.o: ../../include/openssl/opensslconf.h a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_bitstr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_bitstr.o: ../../include/openssl/symhacks.h ../cryptlib.h a_bitstr.c -a_bitstr.o: asn1_locl.h +a_bitstr.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_bitstr.o: a_bitstr.c asn1_locl.h a_d2i_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_d2i_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -109,7 +109,8 @@ a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_d2i_fp.o: ../../include/openssl/opensslconf.h a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_d2i_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_d2i_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_d2i_fp.c +a_d2i_fp.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_d2i_fp.o: a_d2i_fp.c a_digest.o: ../../e_os.h ../../include/openssl/asn1.h a_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -122,14 +123,16 @@ a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h a_digest.c +a_digest.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +a_digest.o: a_digest.c a_dup.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_dup.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h a_dup.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h a_dup.c +a_dup.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_dup.o: a_dup.c a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -137,7 +140,7 @@ a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_enum.o: ../cryptlib.h a_enum.c +a_enum.o: ../include/internal/cryptlib.h a_enum.c a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -145,7 +148,7 @@ a_gentm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_gentm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_gentm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_gentm.o: ../cryptlib.h a_gentm.c asn1_locl.h +a_gentm.o: ../include/internal/cryptlib.h a_gentm.c asn1_locl.h a_i2d_fp.o: ../../e_os.h ../../include/openssl/asn1.h a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_i2d_fp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -153,7 +156,8 @@ a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_i2d_fp.o: ../../include/openssl/opensslconf.h a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_i2d_fp.o: ../../include/openssl/symhacks.h ../cryptlib.h a_i2d_fp.c +a_i2d_fp.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_i2d_fp.o: a_i2d_fp.c a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -161,7 +165,7 @@ a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_int.o: ../cryptlib.h a_int.c asn1_locl.h +a_int.o: ../include/internal/cryptlib.h a_int.c asn1_locl.h a_mbstr.o: ../../e_os.h ../../include/openssl/asn1.h a_mbstr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -169,7 +173,7 @@ a_mbstr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_mbstr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_mbstr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_mbstr.o: ../cryptlib.h a_mbstr.c +a_mbstr.o: ../include/internal/cryptlib.h a_mbstr.c a_object.o: ../../e_os.h ../../include/openssl/asn1.h a_object.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_object.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -178,8 +182,8 @@ a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_object.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_object.o: ../../include/openssl/symhacks.h ../cryptlib.h -a_object.o: ../include/internal/asn1_int.h a_object.c asn1_locl.h +a_object.o: ../../include/openssl/symhacks.h ../include/internal/asn1_int.h +a_object.o: ../include/internal/cryptlib.h a_object.c asn1_locl.h a_octet.o: ../../e_os.h ../../include/openssl/asn1.h a_octet.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -187,7 +191,7 @@ a_octet.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_octet.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_octet.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_octet.o: ../cryptlib.h a_octet.c +a_octet.o: ../include/internal/cryptlib.h a_octet.c a_print.o: ../../e_os.h ../../include/openssl/asn1.h a_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -195,7 +199,7 @@ a_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_print.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_print.o: ../cryptlib.h a_print.c +a_print.o: ../include/internal/cryptlib.h a_print.c a_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -208,7 +212,8 @@ a_sign.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_sign.o: ../cryptlib.h ../include/internal/asn1_int.h a_sign.c +a_sign.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +a_sign.o: a_sign.c a_strex.o: ../../e_os.h ../../include/openssl/asn1.h a_strex.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -221,7 +226,7 @@ a_strex.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -a_strex.o: ../cryptlib.h a_strex.c charmap.h +a_strex.o: ../include/internal/cryptlib.h a_strex.c charmap.h a_strnid.o: ../../e_os.h ../../include/openssl/asn1.h a_strnid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -230,7 +235,8 @@ a_strnid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h a_strnid.o: ../../include/openssl/opensslconf.h a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_strnid.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_strnid.o: ../../include/openssl/symhacks.h ../cryptlib.h a_strnid.c +a_strnid.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_strnid.o: a_strnid.c a_time.o: ../../e_os.h ../../include/openssl/asn1.h a_time.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h a_time.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -238,7 +244,8 @@ a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_time.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_time.o: ../../include/openssl/symhacks.h ../cryptlib.h a_time.c asn1_locl.h +a_time.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_time.o: a_time.c asn1_locl.h a_type.o: ../../e_os.h ../../include/openssl/asn1.h a_type.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -247,7 +254,8 @@ a_type.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h a_type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h a_type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h a_type.c asn1_locl.h +a_type.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_type.o: a_type.c asn1_locl.h a_utctm.o: ../../e_os.h ../../include/openssl/asn1.h a_utctm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -255,14 +263,15 @@ a_utctm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h a_utctm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h a_utctm.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_utctm.o: ../cryptlib.h a_utctm.c asn1_locl.h +a_utctm.o: ../include/internal/cryptlib.h a_utctm.c asn1_locl.h a_utf8.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h a_utf8.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_utf8.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -a_utf8.o: ../../include/openssl/symhacks.h ../cryptlib.h a_utf8.c +a_utf8.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +a_utf8.o: a_utf8.c a_verify.o: ../../e_os.h ../../include/openssl/asn1.h a_verify.o: ../../include/openssl/bio.h ../../include/openssl/bn.h a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -275,8 +284,8 @@ a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -a_verify.o: ../include/internal/asn1_int.h a_verify.c +a_verify.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +a_verify.o: ../include/internal/cryptlib.h a_verify.c ameth_lib.o: ../../e_os.h ../../include/openssl/asn1.h ameth_lib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h ameth_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -290,8 +299,8 @@ ameth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ameth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ameth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ameth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ameth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -ameth_lib.o: ../include/internal/asn1_int.h ameth_lib.c +ameth_lib.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +ameth_lib.o: ../include/internal/cryptlib.h ameth_lib.c asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h asn1_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -312,7 +321,7 @@ asn1_gen.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn1_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h asn1_gen.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h asn1_gen.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -asn1_gen.o: ../cryptlib.h asn1_gen.c +asn1_gen.o: ../include/internal/cryptlib.h asn1_gen.c asn1_lib.o: ../../e_os.h ../../include/openssl/asn1.h asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn1_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -320,7 +329,8 @@ asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h asn1_lib.o: ../../include/openssl/opensslconf.h asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn1_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_lib.c +asn1_lib.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +asn1_lib.o: asn1_lib.c asn1_par.o: ../../e_os.h ../../include/openssl/asn1.h asn1_par.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -329,7 +339,8 @@ asn1_par.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h asn1_par.o: ../../include/openssl/opensslconf.h asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn1_par.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn1_par.o: ../../include/openssl/symhacks.h ../cryptlib.h asn1_par.c +asn1_par.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +asn1_par.o: asn1_par.c asn_mime.o: ../../e_os.h ../../include/openssl/asn1.h asn_mime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h asn_mime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -343,7 +354,7 @@ asn_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h asn_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h asn_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h asn_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -asn_mime.o: ../cryptlib.h asn1_locl.h asn_mime.c +asn_mime.o: ../include/internal/cryptlib.h asn1_locl.h asn_mime.c asn_moid.o: ../../e_os.h ../../include/openssl/asn1.h asn_moid.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_moid.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -357,8 +368,8 @@ asn_moid.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_moid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn_moid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h asn_moid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -asn_moid.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -asn_moid.o: ../include/internal/asn1_int.h asn_moid.c +asn_moid.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +asn_moid.o: ../include/internal/cryptlib.h asn_moid.c asn_mstbl.o: ../../e_os.h ../../include/openssl/asn1.h asn_mstbl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_mstbl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -373,7 +384,7 @@ asn_mstbl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h asn_mstbl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h asn_mstbl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h asn_mstbl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -asn_mstbl.o: ../cryptlib.h asn_mstbl.c +asn_mstbl.o: ../include/internal/cryptlib.h asn_mstbl.c asn_pack.o: ../../e_os.h ../../include/openssl/asn1.h asn_pack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -381,7 +392,8 @@ asn_pack.o: ../../include/openssl/err.h ../../include/openssl/lhash.h asn_pack.o: ../../include/openssl/opensslconf.h asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h asn_pack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -asn_pack.o: ../../include/openssl/symhacks.h ../cryptlib.h asn_pack.c +asn_pack.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +asn_pack.o: asn_pack.c bio_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bio_asn1.o: ../../include/openssl/opensslconf.h @@ -407,8 +419,8 @@ d2i_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h d2i_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h d2i_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -d2i_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -d2i_pr.o: ../include/internal/asn1_int.h d2i_pr.c +d2i_pr.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +d2i_pr.o: ../include/internal/cryptlib.h d2i_pr.c d2i_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h d2i_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h @@ -419,7 +431,7 @@ d2i_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h d2i_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h d2i_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -d2i_pu.o: ../cryptlib.h d2i_pu.c +d2i_pu.o: ../include/internal/cryptlib.h d2i_pu.c evp_asn1.o: ../../e_os.h ../../include/openssl/asn1.h evp_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -427,21 +439,24 @@ evp_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h evp_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_asn1.c +evp_asn1.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +evp_asn1.o: evp_asn1.c f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -f_enum.o: ../../include/openssl/symhacks.h ../cryptlib.h f_enum.c +f_enum.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +f_enum.o: f_enum.c f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_int.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -f_int.o: ../../include/openssl/symhacks.h ../cryptlib.h f_int.c +f_int.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +f_int.o: f_int.c f_string.o: ../../e_os.h ../../include/openssl/asn1.h f_string.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -449,7 +464,8 @@ f_string.o: ../../include/openssl/err.h ../../include/openssl/lhash.h f_string.o: ../../include/openssl/opensslconf.h f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h f_string.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -f_string.o: ../../include/openssl/symhacks.h ../cryptlib.h f_string.c +f_string.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +f_string.o: f_string.c i2d_pr.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h i2d_pr.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -461,8 +477,8 @@ i2d_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h i2d_pr.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h i2d_pr.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -i2d_pr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -i2d_pr.o: ../include/internal/asn1_int.h i2d_pr.c +i2d_pr.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +i2d_pr.o: ../include/internal/cryptlib.h i2d_pr.c i2d_pu.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h i2d_pu.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h @@ -473,7 +489,7 @@ i2d_pu.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h i2d_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h i2d_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -i2d_pu.o: ../cryptlib.h i2d_pu.c +i2d_pu.o: ../include/internal/cryptlib.h i2d_pu.c n_pkey.o: ../../e_os.h ../../include/openssl/asn1.h n_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h n_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -487,7 +503,7 @@ n_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h n_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h n_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h n_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -n_pkey.o: ../cryptlib.h n_pkey.c +n_pkey.o: ../include/internal/cryptlib.h n_pkey.c nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h nsseq.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h nsseq.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -513,7 +529,7 @@ p5_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_pbe.o: ../cryptlib.h p5_pbe.c +p5_pbe.o: ../include/internal/cryptlib.h p5_pbe.c p5_pbev2.o: ../../e_os.h ../../include/openssl/asn1.h p5_pbev2.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p5_pbev2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -527,7 +543,7 @@ p5_pbev2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_pbev2.o: ../cryptlib.h p5_pbev2.c +p5_pbev2.o: ../include/internal/cryptlib.h p5_pbev2.c p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -540,7 +556,8 @@ p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p8_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p8_pkey.c +p8_pkey.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p8_pkey.o: p8_pkey.c t_bitst.o: ../../e_os.h ../../include/openssl/asn1.h t_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -554,7 +571,7 @@ t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_bitst.o: ../cryptlib.h t_bitst.c +t_bitst.o: ../include/internal/cryptlib.h t_bitst.c t_crl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -568,7 +585,7 @@ t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_crl.o: ../cryptlib.h t_crl.c +t_crl.o: ../include/internal/cryptlib.h t_crl.c t_pkey.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -577,7 +594,7 @@ t_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h t_pkey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -t_pkey.o: ../cryptlib.h ../include/internal/bn_int.h t_pkey.c +t_pkey.o: ../include/internal/bn_int.h ../include/internal/cryptlib.h t_pkey.c t_req.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -592,7 +609,7 @@ t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_req.o: ../cryptlib.h t_req.c +t_req.o: ../include/internal/cryptlib.h t_req.c t_spki.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_spki.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h @@ -606,7 +623,7 @@ t_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h t_spki.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h t_spki.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h t_spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_spki.o: ../cryptlib.h t_spki.c +t_spki.o: ../include/internal/cryptlib.h t_spki.c t_x509.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h t_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -621,7 +638,8 @@ t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -t_x509.o: ../cryptlib.h ../include/internal/asn1_int.h t_x509.c +t_x509.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +t_x509.o: t_x509.c t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -634,7 +652,7 @@ t_x509a.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h t_x509a.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -t_x509a.o: ../cryptlib.h t_x509a.c +t_x509a.o: ../include/internal/cryptlib.h t_x509a.c tasn_dec.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_dec.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tasn_dec.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -652,8 +670,8 @@ tasn_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h tasn_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h tasn_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tasn_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -tasn_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h -tasn_enc.o: ../include/internal/asn1_int.h asn1_locl.h tasn_enc.c +tasn_enc.o: ../../include/openssl/symhacks.h ../include/internal/asn1_int.h +tasn_enc.o: ../include/internal/cryptlib.h asn1_locl.h tasn_enc.c tasn_fre.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_fre.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_fre.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h @@ -683,7 +701,8 @@ tasn_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tasn_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tasn_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h tasn_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -tasn_prn.o: ../cryptlib.h ../include/internal/asn1_int.h asn1_locl.h tasn_prn.c +tasn_prn.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +tasn_prn.o: asn1_locl.h tasn_prn.c tasn_scn.o: ../../e_os.h ../../include/openssl/asn1.h tasn_scn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h tasn_scn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -698,7 +717,7 @@ tasn_scn.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tasn_scn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tasn_scn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h tasn_scn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -tasn_scn.o: ../cryptlib.h asn1_locl.h tasn_scn.c +tasn_scn.o: ../include/internal/cryptlib.h asn1_locl.h tasn_scn.c tasn_typ.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h tasn_typ.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h tasn_typ.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h @@ -733,7 +752,8 @@ x_bignum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h x_bignum.o: ../../include/openssl/opensslconf.h x_bignum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_bignum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -x_bignum.o: ../../include/openssl/symhacks.h ../cryptlib.h x_bignum.c +x_bignum.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +x_bignum.o: x_bignum.c x_crl.o: ../../e_os.h ../../include/openssl/asn1.h x_crl.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_crl.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -747,7 +767,8 @@ x_crl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h asn1_locl.h x_crl.c +x_crl.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +x_crl.o: asn1_locl.h x_crl.c x_info.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_info.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -759,7 +780,8 @@ x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_info.c +x_info.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_info.o: x_info.c x_long.o: ../../e_os.h ../../include/openssl/asn1.h x_long.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_long.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -768,7 +790,7 @@ x_long.o: ../../include/openssl/err.h ../../include/openssl/lhash.h x_long.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h x_long.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h x_long.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -x_long.o: ../cryptlib.h x_long.c +x_long.o: ../include/internal/cryptlib.h x_long.c x_nx509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_nx509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_nx509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -792,7 +814,8 @@ x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_pkey.c +x_pkey.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_pkey.o: x_pkey.c x_pubkey.o: ../../e_os.h ../../include/openssl/asn1.h x_pubkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_pubkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -807,7 +830,8 @@ x_pubkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h x_pubkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_pubkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_pubkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_pubkey.o: ../cryptlib.h ../include/internal/asn1_int.h x_pubkey.c +x_pubkey.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +x_pubkey.o: x_pubkey.c x_req.o: ../../e_os.h ../../include/openssl/asn1.h x_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_req.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -820,7 +844,8 @@ x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_req.c +x_req.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_req.o: x_req.c x_sig.o: ../../e_os.h ../../include/openssl/asn1.h x_sig.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_sig.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -833,7 +858,8 @@ x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_sig.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_sig.c +x_sig.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_sig.o: x_sig.c x_spki.o: ../../e_os.h ../../include/openssl/asn1.h x_spki.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_spki.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -846,7 +872,8 @@ x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_spki.c +x_spki.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_spki.o: x_spki.c x_val.o: ../../e_os.h ../../include/openssl/asn1.h x_val.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_val.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -859,7 +886,8 @@ x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_val.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_val.c +x_val.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_val.o: x_val.c x_x509.o: ../../e_os.h ../../include/openssl/asn1.h x_x509.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -873,7 +901,8 @@ x_x509.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h x_x509.c +x_x509.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +x_x509.o: x_x509.c x_x509a.o: ../../e_os.h ../../include/openssl/asn1.h x_x509a.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_x509a.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -886,4 +915,5 @@ x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_x509a.c +x_x509a.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_x509a.o: x_x509a.c diff --git a/crypto/bio/Makefile b/crypto/bio/Makefile index 5477ffb..ff00c6e 100644 --- a/crypto/bio/Makefile +++ b/crypto/bio/Makefile @@ -76,14 +76,16 @@ b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h b_dump.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -b_dump.o: ../../include/openssl/symhacks.h ../cryptlib.h b_dump.c bio_lcl.h +b_dump.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +b_dump.o: b_dump.c bio_lcl.h b_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h b_print.c +b_print.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +b_print.o: b_print.c b_sock.o: ../../e_os.h ../../include/openssl/bio.h b_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h b_sock.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h @@ -91,14 +93,15 @@ b_sock.o: ../../include/openssl/err.h ../../include/openssl/lhash.h b_sock.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h b_sock.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -b_sock.o: ../cryptlib.h b_sock.c +b_sock.o: ../include/internal/cryptlib.h b_sock.c bf_buff.o: ../../e_os.h ../../include/openssl/bio.h bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_buff.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bf_buff.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bf_buff.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bf_buff.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_buff.c +bf_buff.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bf_buff.o: bf_buff.c bf_nbio.o: ../../e_os.h ../../include/openssl/bio.h bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_nbio.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -106,21 +109,23 @@ bf_nbio.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bf_nbio.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bf_nbio.o: ../cryptlib.h bf_nbio.c +bf_nbio.o: ../include/internal/cryptlib.h bf_nbio.c bf_null.o: ../../e_os.h ../../include/openssl/bio.h bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bf_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bf_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bf_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bf_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bf_null.c +bf_null.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bf_null.o: bf_null.c bio_cb.o: ../../e_os.h ../../include/openssl/bio.h bio_cb.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bio_cb.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_cb.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_cb.c +bio_cb.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bio_cb.o: bio_cb.c bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h bio_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bio_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h @@ -133,14 +138,16 @@ bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bio_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lib.c +bio_lib.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bio_lib.o: bio_lib.c bss_acpt.o: ../../e_os.h ../../include/openssl/bio.h bss_acpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_acpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_acpt.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_acpt.c +bss_acpt.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_acpt.o: bss_acpt.c bss_bio.o: ../../e_os.h ../../include/openssl/bio.h bss_bio.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -154,53 +161,61 @@ bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_conn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_conn.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_conn.c +bss_conn.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_conn.o: bss_conn.c bss_dgram.o: ../../e_os.h ../../include/openssl/bio.h bss_dgram.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_dgram.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_dgram.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_dgram.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_dgram.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_dgram.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_dgram.c +bss_dgram.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_dgram.o: bss_dgram.c bss_fd.o: ../../e_os.h ../../include/openssl/bio.h bss_fd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_fd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_fd.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_fd.c +bss_fd.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_fd.o: bio_lcl.h bss_fd.c bss_file.o: ../../e_os.h ../../include/openssl/bio.h bss_file.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_file.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_file.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_lcl.h bss_file.c +bss_file.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_file.o: bio_lcl.h bss_file.c bss_log.o: ../../e_os.h ../../include/openssl/bio.h bss_log.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_log.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_log.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_log.c +bss_log.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_log.o: bss_log.c bss_mem.o: ../../e_os.h ../../include/openssl/bio.h bss_mem.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_mem.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_mem.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_mem.c +bss_mem.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_mem.o: bss_mem.c bss_null.o: ../../e_os.h ../../include/openssl/bio.h bss_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_null.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_null.c +bss_null.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_null.o: bss_null.c bss_sock.o: ../../e_os.h ../../include/openssl/bio.h bss_sock.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bss_sock.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bss_sock.o: ../../include/openssl/symhacks.h ../cryptlib.h bss_sock.c +bss_sock.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bss_sock.o: bss_sock.c diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 624f581..c8d3dc2 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -177,24 +177,24 @@ bn_add.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_add.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_add.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_add.o: ../include/internal/bn_int.h bn_add.c bn_lcl.h +bn_add.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_add.o: ../include/internal/cryptlib.h bn_add.c bn_lcl.h bn_asm.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_asm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_asm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_asm.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_asm.o: ../include/internal/bn_int.h bn_asm.c bn_lcl.h +bn_asm.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_asm.o: ../include/internal/cryptlib.h bn_asm.c bn_lcl.h bn_blind.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_blind.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_blind.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_blind.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_blind.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_blind.o: ../include/internal/bn_int.h bn_blind.c bn_lcl.h +bn_blind.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_blind.o: ../include/internal/cryptlib.h bn_blind.c bn_lcl.h bn_const.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h bn_const.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h bn_const.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -206,8 +206,8 @@ bn_ctx.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_ctx.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_ctx.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_ctx.o: ../include/internal/bn_int.h bn_ctx.c bn_lcl.h +bn_ctx.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_ctx.o: ../include/internal/cryptlib.h bn_ctx.c bn_lcl.h bn_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -215,7 +215,8 @@ bn_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_depr.o: ../cryptlib.h ../include/internal/bn_int.h bn_depr.c bn_lcl.h +bn_depr.o: ../include/internal/bn_int.h ../include/internal/cryptlib.h +bn_depr.o: bn_depr.c bn_lcl.h bn_dh.o: ../../e_os.h ../../include/openssl/bn.h ../../include/openssl/crypto.h bn_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h bn_dh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h @@ -228,8 +229,8 @@ bn_div.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_div.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_div.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_div.o: ../include/internal/bn_int.h bn_div.c bn_lcl.h +bn_div.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_div.o: ../include/internal/cryptlib.h bn_div.c bn_lcl.h bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -243,32 +244,32 @@ bn_exp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_exp.o: ../include/internal/bn_int.h bn_exp.c bn_lcl.h rsaz_exp.h +bn_exp.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_exp.o: ../include/internal/cryptlib.h bn_exp.c bn_lcl.h rsaz_exp.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_exp2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_exp2.o: ../include/internal/bn_int.h bn_exp2.c bn_lcl.h +bn_exp2.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_exp2.o: ../include/internal/cryptlib.h bn_exp2.c bn_lcl.h bn_gcd.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gcd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gcd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_gcd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_gcd.o: ../include/internal/bn_int.h bn_gcd.c bn_lcl.h +bn_gcd.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_gcd.o: ../include/internal/cryptlib.h bn_gcd.c bn_lcl.h bn_gf2m.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_gf2m.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_gf2m.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_gf2m.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_gf2m.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_gf2m.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_gf2m.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_gf2m.o: ../include/internal/bn_int.h bn_gf2m.c bn_lcl.h +bn_gf2m.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_gf2m.o: ../include/internal/cryptlib.h bn_gf2m.c bn_lcl.h bn_intern.o: ../../e_os.h ../../include/openssl/bio.h bn_intern.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h bn_intern.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -276,64 +277,64 @@ bn_intern.o: ../../include/openssl/err.h ../../include/openssl/lhash.h bn_intern.o: ../../include/openssl/opensslconf.h bn_intern.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_intern.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_intern.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_intern.o: ../include/internal/bn_int.h bn_intern.c bn_lcl.h +bn_intern.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_intern.o: ../include/internal/cryptlib.h bn_intern.c bn_lcl.h bn_kron.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_kron.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_kron.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_kron.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_kron.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_kron.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_kron.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_kron.o: ../include/internal/bn_int.h bn_kron.c bn_lcl.h +bn_kron.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_kron.o: ../include/internal/cryptlib.h bn_kron.c bn_lcl.h bn_lib.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_lib.o: ../include/internal/bn_int.h bn_lcl.h bn_lib.c +bn_lib.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_lib.o: ../include/internal/cryptlib.h bn_lcl.h bn_lib.c bn_mod.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mod.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mod.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mod.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mod.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mod.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_mod.o: ../include/internal/bn_int.h bn_lcl.h bn_mod.c +bn_mod.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_mod.o: ../include/internal/cryptlib.h bn_lcl.h bn_mod.c bn_mont.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mont.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mont.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_mont.o: ../include/internal/bn_int.h bn_lcl.h bn_mont.c +bn_mont.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_mont.o: ../include/internal/cryptlib.h bn_lcl.h bn_mont.c bn_mpi.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mpi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mpi.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mpi.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_mpi.o: ../include/internal/bn_int.h bn_lcl.h bn_mpi.c +bn_mpi.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_mpi.o: ../include/internal/cryptlib.h bn_lcl.h bn_mpi.c bn_mul.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_mul.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_mul.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_mul.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_mul.o: ../include/internal/bn_int.h bn_lcl.h bn_mul.c +bn_mul.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_mul.o: ../include/internal/cryptlib.h bn_lcl.h bn_mul.c bn_nist.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_nist.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_nist.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_nist.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_nist.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_nist.o: ../include/internal/bn_int.h bn_lcl.h bn_nist.c +bn_nist.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_nist.o: ../include/internal/cryptlib.h bn_lcl.h bn_nist.c bn_prime.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_prime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -341,16 +342,16 @@ bn_prime.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_prime.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_prime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bn_prime.o: ../cryptlib.h ../include/internal/bn_int.h bn_lcl.h bn_prime.c -bn_prime.o: bn_prime.h +bn_prime.o: ../include/internal/bn_int.h ../include/internal/cryptlib.h +bn_prime.o: bn_lcl.h bn_prime.c bn_prime.h bn_print.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_print.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_print.o: ../include/internal/bn_int.h bn_lcl.h bn_print.c +bn_print.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_print.o: ../include/internal/cryptlib.h bn_lcl.h bn_print.c bn_rand.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_rand.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -358,40 +359,40 @@ bn_rand.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h bn_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -bn_rand.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_rand.o: ../include/internal/bn_int.h bn_lcl.h bn_rand.c +bn_rand.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_rand.o: ../include/internal/cryptlib.h bn_lcl.h bn_rand.c bn_recp.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_recp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_recp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_recp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_recp.o: ../include/internal/bn_int.h bn_lcl.h bn_recp.c +bn_recp.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_recp.o: ../include/internal/cryptlib.h bn_lcl.h bn_recp.c bn_shift.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_shift.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_shift.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_shift.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_shift.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_shift.o: ../include/internal/bn_int.h bn_lcl.h bn_shift.c +bn_shift.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_shift.o: ../include/internal/cryptlib.h bn_lcl.h bn_shift.c bn_sqr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_sqr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_sqr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_sqr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_sqr.o: ../include/internal/bn_int.h bn_lcl.h bn_sqr.c +bn_sqr.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_sqr.o: ../include/internal/cryptlib.h bn_lcl.h bn_sqr.c bn_sqrt.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_sqrt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_sqrt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_sqrt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_sqrt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_sqrt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_sqrt.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_sqrt.o: ../include/internal/bn_int.h bn_lcl.h bn_sqrt.c +bn_sqrt.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_sqrt.o: ../include/internal/cryptlib.h bn_lcl.h bn_sqrt.c bn_srp.o: ../../e_os.h ../../include/openssl/bn.h bn_srp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h bn_srp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h @@ -404,8 +405,8 @@ bn_word.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h -bn_word.o: ../include/internal/bn_int.h bn_lcl.h bn_word.c +bn_word.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +bn_word.o: ../include/internal/cryptlib.h bn_lcl.h bn_word.c bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h diff --git a/crypto/buffer/Makefile b/crypto/buffer/Makefile index d87738c..96261f1 100644 --- a/crypto/buffer/Makefile +++ b/crypto/buffer/Makefile @@ -71,11 +71,13 @@ buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c +buf_str.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +buf_str.o: buf_str.c buffer.o: ../../e_os.h ../../include/openssl/bio.h buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h buffer.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -buffer.o: ../../include/openssl/symhacks.h ../cryptlib.h buffer.c +buffer.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +buffer.o: buffer.c diff --git a/crypto/cmac/Makefile b/crypto/cmac/Makefile index 87a20fc..31d50e4 100644 --- a/crypto/cmac/Makefile +++ b/crypto/cmac/Makefile @@ -67,8 +67,8 @@ cm_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h cm_ameth.o: ../../include/openssl/opensslconf.h cm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h cm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cm_ameth.o: ../../include/openssl/symhacks.h ../cryptlib.h -cm_ameth.o: ../include/internal/asn1_int.h cm_ameth.c +cm_ameth.o: ../../include/openssl/symhacks.h ../include/internal/asn1_int.h +cm_ameth.o: ../include/internal/cryptlib.h cm_ameth.c cm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h cm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h cm_pmeth.o: ../../include/openssl/cmac.h ../../include/openssl/conf.h @@ -83,7 +83,8 @@ cm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h cm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cm_pmeth.o: ../cryptlib.h ../include/internal/evp_int.h cm_pmeth.c +cm_pmeth.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h +cm_pmeth.o: cm_pmeth.c cmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h cmac.o: ../../include/openssl/buffer.h ../../include/openssl/cmac.h cmac.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -92,4 +93,4 @@ cmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h cmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h cmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h cmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -cmac.o: ../../include/openssl/symhacks.h ../cryptlib.h cmac.c +cmac.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h cmac.c diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile index 47aec7c..8383fe5 100644 --- a/crypto/cms/Makefile +++ b/crypto/cms/Makefile @@ -109,7 +109,8 @@ cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h +cms_cd.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +cms_cd.o: cms_cd.c cms_lcl.h cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h @@ -125,7 +126,7 @@ cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h +cms_dd.o: ../include/internal/cryptlib.h cms_dd.c cms_lcl.h cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h @@ -141,7 +142,8 @@ cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h +cms_enc.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +cms_enc.o: cms_enc.c cms_lcl.h cms_env.o: ../../e_os.h ../../include/openssl/aes.h cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -158,7 +160,8 @@ cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_env.o: ../cryptlib.h ../include/internal/asn1_int.h cms_env.c cms_lcl.h +cms_env.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +cms_env.o: cms_env.c cms_lcl.h cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -187,7 +190,8 @@ cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h +cms_ess.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +cms_ess.o: cms_ess.c cms_lcl.h cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h cms_io.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h @@ -218,8 +222,8 @@ cms_kari.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h cms_kari.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_kari.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_kari.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_kari.o: ../../include/openssl/x509v3.h ../cryptlib.h -cms_kari.o: ../include/internal/asn1_int.h cms_kari.c cms_lcl.h +cms_kari.o: ../../include/openssl/x509v3.h ../include/internal/asn1_int.h +cms_kari.o: ../include/internal/cryptlib.h cms_kari.c cms_lcl.h cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h cms_lib.o: ../../include/openssl/cms.h ../../include/openssl/conf.h @@ -251,8 +255,8 @@ cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_pwri.o: ../../include/openssl/x509v3.h ../cryptlib.h -cms_pwri.o: ../include/internal/asn1_int.h cms_lcl.h cms_pwri.c +cms_pwri.o: ../../include/openssl/x509v3.h ../include/internal/asn1_int.h +cms_pwri.o: ../include/internal/cryptlib.h cms_lcl.h cms_pwri.c cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h @@ -268,7 +272,8 @@ cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_sd.o: ../cryptlib.h ../include/internal/asn1_int.h cms_lcl.h cms_sd.c +cms_sd.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +cms_sd.o: cms_lcl.h cms_sd.c cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h @@ -284,4 +289,5 @@ cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_smime.o: ../cryptlib.h ../include/internal/asn1_int.h cms_lcl.h cms_smime.c +cms_smime.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +cms_smime.o: cms_lcl.h cms_smime.c diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index 8af03a6..1ad2412 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -75,8 +75,8 @@ conf_def.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_def.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -conf_def.o: ../../include/openssl/symhacks.h ../cryptlib.h conf_def.c -conf_def.o: conf_def.h +conf_def.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +conf_def.o: conf_def.c conf_def.h conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h conf_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -105,7 +105,8 @@ conf_mall.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mall.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mall.o: ../../include/openssl/sha.h ../../include/openssl/stack.h conf_mall.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -conf_mall.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mall.c +conf_mall.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +conf_mall.o: conf_mall.c conf_mod.o: ../../e_os.h ../../include/openssl/asn1.h conf_mod.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h conf_mod.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -119,7 +120,8 @@ conf_mod.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_mod.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_mod.o: ../../include/openssl/sha.h ../../include/openssl/stack.h conf_mod.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -conf_mod.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_mod.c +conf_mod.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +conf_mod.o: conf_mod.c conf_sap.o: ../../e_os.h ../../include/openssl/asn1.h conf_sap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h conf_sap.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -133,4 +135,5 @@ conf_sap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h conf_sap.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h conf_sap.o: ../../include/openssl/sha.h ../../include/openssl/stack.h conf_sap.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -conf_sap.o: ../../include/openssl/x509_vfy.h ../cryptlib.h conf_sap.c +conf_sap.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +conf_sap.o: conf_sap.c diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 2a8f06f..eb8f3bd 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -120,8 +120,8 @@ enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h enc_read.o: ../../include/openssl/opensslconf.h enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h enc_read.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -enc_read.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h -enc_read.o: enc_read.c +enc_read.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +enc_read.o: des_locl.h enc_read.c enc_writ.o: ../../e_os.h ../../include/openssl/bio.h enc_writ.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h enc_writ.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h @@ -130,7 +130,7 @@ enc_writ.o: ../../include/openssl/opensslconf.h enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h enc_writ.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h enc_writ.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -enc_writ.o: ../cryptlib.h des_locl.h enc_writ.c +enc_writ.o: ../include/internal/cryptlib.h des_locl.h enc_writ.c fcrypt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h fcrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h fcrypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index 8f468e3..14f1efa 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -73,8 +73,8 @@ dh_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h dh_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h dh_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dh_ameth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -dh_ameth.o: ../include/internal/asn1_int.h dh_ameth.c +dh_ameth.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +dh_ameth.o: ../include/internal/cryptlib.h dh_ameth.c dh_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dh_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dh_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -84,7 +84,8 @@ dh_asn1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h dh_asn1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dh_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_asn1.c +dh_asn1.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dh_asn1.o: dh_asn1.c dh_check.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h @@ -92,7 +93,8 @@ dh_check.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_check.o: ../../include/openssl/opensslconf.h dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_check.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_check.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_check.c +dh_check.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dh_check.o: dh_check.c dh_depr.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dh_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dh_depr.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h @@ -100,7 +102,7 @@ dh_depr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_depr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_depr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_depr.o: ../cryptlib.h dh_depr.c +dh_depr.o: ../include/internal/cryptlib.h dh_depr.c dh_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h dh_err.o: ../../include/openssl/dh.h ../../include/openssl/e_os2.h dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -115,7 +117,7 @@ dh_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_gen.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dh_gen.o: ../cryptlib.h dh_gen.c +dh_gen.o: ../include/internal/cryptlib.h dh_gen.c dh_kdf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_kdf.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h dh_kdf.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -136,8 +138,8 @@ dh_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dh_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dh_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h -dh_key.o: ../include/internal/bn_int.h dh_key.c +dh_key.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +dh_key.o: ../include/internal/cryptlib.h dh_key.c dh_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dh_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -151,7 +153,7 @@ dh_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h dh_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dh_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dh_lib.o: ../cryptlib.h dh_lib.c +dh_lib.o: ../include/internal/cryptlib.h dh_lib.c dh_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h dh_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dh_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -166,7 +168,7 @@ dh_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h dh_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h dh_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dh_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +dh_pmeth.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h dh_pmeth.o: ../include/internal/evp_int.h dh_pmeth.c dh_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h dh_prn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -176,7 +178,8 @@ dh_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h dh_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dh_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_prn.c +dh_prn.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dh_prn.o: dh_prn.c dh_rfc5114.o: ../../e_os.h ../../include/openssl/bio.h dh_rfc5114.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h dh_rfc5114.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -184,4 +187,5 @@ dh_rfc5114.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h dh_rfc5114.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h dh_rfc5114.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dh_rfc5114.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dh_rfc5114.o: ../../include/openssl/symhacks.h ../cryptlib.h dh_rfc5114.c +dh_rfc5114.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dh_rfc5114.o: dh_rfc5114.c diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 4571b88..0761873 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -74,8 +74,8 @@ dsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h dsa_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h dsa_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dsa_ameth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -dsa_ameth.o: ../include/internal/asn1_int.h dsa_ameth.c +dsa_ameth.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +dsa_ameth.o: ../include/internal/cryptlib.h dsa_ameth.c dsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h dsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -85,7 +85,7 @@ dsa_asn1.o: ../../include/openssl/opensslconf.h dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_asn1.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_asn1.o: ../cryptlib.h dsa_asn1.c +dsa_asn1.o: ../include/internal/cryptlib.h dsa_asn1.c dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -96,7 +96,8 @@ dsa_depr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_depr.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_depr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_depr.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_depr.c +dsa_depr.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dsa_depr.o: dsa_depr.c dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h dsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -114,7 +115,8 @@ dsa_gen.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h dsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_gen.c dsa_locl.h +dsa_gen.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dsa_gen.o: dsa_gen.c dsa_locl.h dsa_key.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_key.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -122,7 +124,8 @@ dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h dsa_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_key.c +dsa_key.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dsa_key.o: dsa_key.c dsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h dsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -137,7 +140,7 @@ dsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h dsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h dsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -dsa_lib.o: ../cryptlib.h dsa_lib.c +dsa_lib.o: ../include/internal/cryptlib.h dsa_lib.c dsa_ossl.o: ../../e_os.h ../../include/openssl/asn1.h dsa_ossl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_ossl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -147,7 +150,8 @@ dsa_ossl.o: ../../include/openssl/opensslconf.h dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_ossl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_ossl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_ossl.c +dsa_ossl.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dsa_ossl.o: dsa_ossl.c dsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h dsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h dsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -162,7 +166,7 @@ dsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h dsa_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h dsa_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +dsa_pmeth.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h dsa_pmeth.o: ../include/internal/evp_int.h dsa_locl.h dsa_pmeth.c dsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h dsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -173,7 +177,7 @@ dsa_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_prn.o: ../cryptlib.h dsa_prn.c +dsa_prn.o: ../include/internal/cryptlib.h dsa_prn.c dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -182,7 +186,7 @@ dsa_sign.o: ../../include/openssl/opensslconf.h dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dsa_sign.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h dsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_sign.o: ../cryptlib.h dsa_sign.c +dsa_sign.o: ../include/internal/cryptlib.h dsa_sign.c dsa_vrf.o: ../../e_os.h ../../include/openssl/bio.h dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dsa_vrf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -190,4 +194,4 @@ dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dsa_vrf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dsa_vrf.o: ../cryptlib.h dsa_vrf.c +dsa_vrf.o: ../include/internal/cryptlib.h dsa_vrf.c diff --git a/crypto/dso/Makefile b/crypto/dso/Makefile index 0471fc4..17af757 100644 --- a/crypto/dso/Makefile +++ b/crypto/dso/Makefile @@ -67,7 +67,7 @@ dso_dl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_dl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dso_dl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dso_dl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_dl.o: ../cryptlib.h dso_dl.c +dso_dl.o: ../include/internal/cryptlib.h dso_dl.c dso_dlfcn.o: ../../e_os.h ../../include/openssl/bio.h dso_dlfcn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_dlfcn.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h @@ -75,7 +75,8 @@ dso_dlfcn.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_dlfcn.o: ../../include/openssl/opensslconf.h dso_dlfcn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dso_dlfcn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_dlfcn.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_dlfcn.c +dso_dlfcn.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dso_dlfcn.o: dso_dlfcn.c dso_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h dso_err.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h dso_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -90,7 +91,7 @@ dso_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dso_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dso_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_lib.o: ../cryptlib.h dso_lib.c +dso_lib.o: ../include/internal/cryptlib.h dso_lib.c dso_null.o: ../../e_os.h ../../include/openssl/bio.h dso_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_null.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h @@ -98,7 +99,8 @@ dso_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_null.o: ../../include/openssl/opensslconf.h dso_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dso_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_null.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_null.c +dso_null.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dso_null.o: dso_null.c dso_openssl.o: ../../e_os.h ../../include/openssl/bio.h dso_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_openssl.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h @@ -107,7 +109,8 @@ dso_openssl.o: ../../include/openssl/opensslconf.h dso_openssl.o: ../../include/openssl/opensslv.h dso_openssl.o: ../../include/openssl/ossl_typ.h dso_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_openssl.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_openssl.c +dso_openssl.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dso_openssl.o: dso_openssl.c dso_vms.o: ../../e_os.h ../../include/openssl/bio.h dso_vms.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_vms.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h @@ -115,7 +118,7 @@ dso_vms.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_vms.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h dso_vms.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h dso_vms.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -dso_vms.o: ../cryptlib.h dso_vms.c +dso_vms.o: ../include/internal/cryptlib.h dso_vms.c dso_win32.o: ../../e_os.h ../../include/openssl/bio.h dso_win32.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h dso_win32.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h @@ -123,4 +126,5 @@ dso_win32.o: ../../include/openssl/err.h ../../include/openssl/lhash.h dso_win32.o: ../../include/openssl/opensslconf.h dso_win32.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h dso_win32.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -dso_win32.o: ../../include/openssl/symhacks.h ../cryptlib.h dso_win32.c +dso_win32.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +dso_win32.o: dso_win32.c diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index ec17b3f..5113faf 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -124,8 +124,8 @@ ec_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ec_ameth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ec_ameth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ec_ameth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -ec_ameth.o: ../include/internal/asn1_int.h ec_ameth.c +ec_ameth.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +ec_ameth.o: ../include/internal/cryptlib.h ec_ameth.c ec_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h ec_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ec_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -213,7 +213,7 @@ ec_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ec_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h ec_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ec_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -ec_pmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +ec_pmeth.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h ec_pmeth.o: ../include/internal/evp_int.h ec_lcl.h ec_pmeth.c ec_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ec_print.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h @@ -231,7 +231,8 @@ eck_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h eck_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h eck_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eck_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -eck_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h eck_prn.c +eck_prn.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +eck_prn.o: eck_prn.c ecp_mont.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ecp_mont.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h ecp_mont.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile index 03c6948..b924e62 100644 --- a/crypto/ecdh/Makefile +++ b/crypto/ecdh/Makefile @@ -105,4 +105,4 @@ ech_ossl.o: ../../include/openssl/opensslconf.h ech_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ech_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ech_ossl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -ech_ossl.o: ../cryptlib.h ech_locl.h ech_ossl.c +ech_ossl.o: ../include/internal/cryptlib.h ech_locl.h ech_ossl.c diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 1739410..bddabe2 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -80,7 +80,8 @@ eng_all.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_all.c eng_int.h +eng_all.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +eng_all.o: eng_all.c eng_int.h eng_cnf.o: ../../e_os.h ../../include/openssl/asn1.h eng_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -94,7 +95,7 @@ eng_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h eng_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_cnf.o: ../cryptlib.h eng_cnf.c eng_int.h +eng_cnf.o: ../include/internal/cryptlib.h eng_cnf.c eng_int.h eng_cryptodev.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_cryptodev.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h eng_cryptodev.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -122,7 +123,8 @@ eng_ctrl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_ctrl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_ctrl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_ctrl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_ctrl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_ctrl.c eng_int.h +eng_ctrl.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +eng_ctrl.o: eng_ctrl.c eng_int.h eng_dyn.o: ../../e_os.h ../../include/openssl/asn1.h eng_dyn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_dyn.o: ../../include/openssl/crypto.h ../../include/openssl/dso.h @@ -136,7 +138,7 @@ eng_dyn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h eng_dyn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_dyn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_dyn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_dyn.o: ../cryptlib.h eng_dyn.c eng_int.h +eng_dyn.o: ../include/internal/cryptlib.h eng_dyn.c eng_int.h eng_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -163,7 +165,7 @@ eng_fat.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h eng_fat.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_fat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_fat.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_fat.o: ../cryptlib.h eng_fat.c eng_int.h +eng_fat.o: ../include/internal/cryptlib.h eng_fat.c eng_int.h eng_init.o: ../../e_os.h ../../include/openssl/asn1.h eng_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -176,7 +178,8 @@ eng_init.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_init.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_init.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_init.c eng_int.h +eng_init.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +eng_init.o: eng_init.c eng_int.h eng_lib.o: ../../e_os.h ../../include/openssl/asn1.h eng_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -190,7 +193,7 @@ eng_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h eng_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h eng_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h eng_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -eng_lib.o: ../cryptlib.h eng_int.h eng_lib.c +eng_lib.o: ../include/internal/cryptlib.h eng_int.h eng_lib.c eng_list.o: ../../e_os.h ../../include/openssl/asn1.h eng_list.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_list.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -203,7 +206,8 @@ eng_list.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_list.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_list.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_list.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_list.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_list.c +eng_list.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +eng_list.o: eng_int.h eng_list.c eng_openssl.o: ../../e_os.h ../../include/openssl/asn1.h eng_openssl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_openssl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -223,7 +227,7 @@ eng_openssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h eng_openssl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h eng_openssl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -eng_openssl.o: ../cryptlib.h eng_openssl.c +eng_openssl.o: ../include/internal/cryptlib.h eng_openssl.c eng_pkey.o: ../../e_os.h ../../include/openssl/asn1.h eng_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h eng_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -236,7 +240,8 @@ eng_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c +eng_pkey.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +eng_pkey.o: eng_int.h eng_pkey.c eng_rdrand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h eng_rdrand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h eng_rdrand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -264,8 +269,8 @@ eng_table.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h eng_table.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h eng_table.o: ../../include/openssl/sha.h ../../include/openssl/stack.h eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h -eng_table.o: eng_table.c +eng_table.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +eng_table.o: eng_int.h eng_table.c tb_asnmth.o: ../../e_os.h ../../include/openssl/asn1.h tb_asnmth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_asnmth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -279,8 +284,8 @@ tb_asnmth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_asnmth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_asnmth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_asnmth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_asnmth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -tb_asnmth.o: ../include/internal/asn1_int.h eng_int.h tb_asnmth.c +tb_asnmth.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +tb_asnmth.o: ../include/internal/cryptlib.h eng_int.h tb_asnmth.c tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -294,8 +299,8 @@ tb_cipher.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_cipher.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_cipher.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_cipher.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_cipher.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h -tb_cipher.o: tb_cipher.c +tb_cipher.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_cipher.o: eng_int.h tb_cipher.c tb_dh.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_dh.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dh.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -308,7 +313,7 @@ tb_dh.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h tb_dh.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dh.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h tb_dh.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_dh.o: ../cryptlib.h eng_int.h tb_dh.c +tb_dh.o: ../include/internal/cryptlib.h eng_int.h tb_dh.c tb_digest.o: ../../e_os.h ../../include/openssl/asn1.h tb_digest.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_digest.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -322,8 +327,8 @@ tb_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_digest.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h -tb_digest.o: tb_digest.c +tb_digest.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_digest.o: eng_int.h tb_digest.c tb_dsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_dsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_dsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -336,7 +341,7 @@ tb_dsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h tb_dsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_dsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h tb_dsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_dsa.o: ../cryptlib.h eng_int.h tb_dsa.c +tb_dsa.o: ../include/internal/cryptlib.h eng_int.h tb_dsa.c tb_ecdh.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdh.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdh.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -349,7 +354,8 @@ tb_ecdh.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_ecdh.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_ecdh.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_ecdh.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_ecdh.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdh.c +tb_ecdh.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_ecdh.o: eng_int.h tb_ecdh.c tb_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h tb_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -362,7 +368,8 @@ tb_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_ecdsa.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_ecdsa.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_ecdsa.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_ecdsa.c +tb_ecdsa.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_ecdsa.o: eng_int.h tb_ecdsa.c tb_pkmeth.o: ../../e_os.h ../../include/openssl/asn1.h tb_pkmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_pkmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -376,8 +383,8 @@ tb_pkmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_pkmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_pkmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_pkmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h -tb_pkmeth.o: tb_pkmeth.c +tb_pkmeth.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_pkmeth.o: eng_int.h tb_pkmeth.c tb_rand.o: ../../e_os.h ../../include/openssl/asn1.h tb_rand.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_rand.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -390,7 +397,8 @@ tb_rand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_rand.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_rand.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_rand.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_rand.c +tb_rand.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_rand.o: eng_int.h tb_rand.c tb_rsa.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h tb_rsa.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h tb_rsa.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -403,7 +411,7 @@ tb_rsa.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h tb_rsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h tb_rsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h tb_rsa.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -tb_rsa.o: ../cryptlib.h eng_int.h tb_rsa.c +tb_rsa.o: ../include/internal/cryptlib.h eng_int.h tb_rsa.c tb_store.o: ../../e_os.h ../../include/openssl/asn1.h tb_store.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h tb_store.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -416,4 +424,5 @@ tb_store.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h tb_store.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h tb_store.o: ../../include/openssl/sha.h ../../include/openssl/stack.h tb_store.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -tb_store.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h tb_store.c +tb_store.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +tb_store.o: eng_int.h tb_store.c diff --git a/crypto/err/Makefile b/crypto/err/Makefile index 0e95d0e..acbb06e 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -64,7 +64,7 @@ err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -err.o: ../cryptlib.h err.c +err.o: ../include/internal/cryptlib.h err.c err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h err_all.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h err_all.o: ../../include/openssl/cms.h ../../include/openssl/comp.h @@ -91,4 +91,5 @@ err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h err_prn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -err_prn.o: ../../include/openssl/symhacks.h ../cryptlib.h err_prn.c +err_prn.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +err_prn.o: err_prn.c diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index d425166..6aa4d75 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -89,7 +89,8 @@ bio_b64.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h bio_b64.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h bio_b64.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bio_b64.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_b64.c +bio_b64.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bio_b64.o: bio_b64.c bio_enc.o: ../../e_os.h ../../include/openssl/asn1.h bio_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -98,7 +99,8 @@ bio_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h bio_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h bio_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bio_enc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_enc.c +bio_enc.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bio_enc.o: bio_enc.c bio_md.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_md.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -107,7 +109,7 @@ bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_md.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h bio_md.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -bio_md.o: ../cryptlib.h bio_md.c +bio_md.o: ../include/internal/cryptlib.h bio_md.c bio_ok.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bio_ok.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -116,7 +118,8 @@ bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h bio_ok.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bio_ok.o: ../../include/openssl/symhacks.h ../cryptlib.h bio_ok.c +bio_ok.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +bio_ok.o: bio_ok.c c_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_all.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_all.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -129,7 +132,7 @@ c_all.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h c_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h c_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_all.o: ../cryptlib.h c_all.c +c_all.o: ../include/internal/cryptlib.h c_all.c c_allc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_allc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -142,7 +145,7 @@ c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h c_allc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h c_allc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_allc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_allc.o: ../cryptlib.h c_allc.c +c_allc.o: ../include/internal/cryptlib.h c_allc.c c_alld.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h c_alld.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -155,7 +158,7 @@ c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h c_alld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h c_alld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h c_alld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -c_alld.o: ../cryptlib.h c_alld.c +c_alld.o: ../include/internal/cryptlib.h c_alld.c digest.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h digest.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h digest.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -168,7 +171,7 @@ digest.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h digest.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h digest.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h digest.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -digest.o: ../cryptlib.h digest.c +digest.o: ../include/internal/cryptlib.h digest.c e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -222,7 +225,8 @@ e_bf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_bf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_bf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_bf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h e_bf.c evp_locl.h +e_bf.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h e_bf.c +e_bf.o: evp_locl.h e_camellia.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_camellia.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h e_camellia.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -242,7 +246,8 @@ e_cast.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h +e_cast.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_cast.o: e_cast.c evp_locl.h e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h @@ -252,7 +257,7 @@ e_des.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_des.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_des.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h e_des.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_des.o: ../cryptlib.h e_des.c evp_locl.h +e_des.o: ../include/internal/cryptlib.h e_des.c evp_locl.h e_des3.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des3.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h @@ -262,7 +267,8 @@ e_des3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_des3.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_des3.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -e_des3.o: ../../include/openssl/symhacks.h ../cryptlib.h e_des3.c evp_locl.h +e_des3.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_des3.o: e_des3.c evp_locl.h e_idea.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_idea.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -271,7 +277,8 @@ e_idea.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h e_idea.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h e_idea.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_idea.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h e_idea.c evp_locl.h +e_idea.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_idea.o: e_idea.c evp_locl.h e_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -280,7 +287,7 @@ e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_null.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h e_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -e_null.o: ../cryptlib.h e_null.c +e_null.o: ../include/internal/cryptlib.h e_null.c e_old.o: e_old.c e_rc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -290,7 +297,8 @@ e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_rc2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc2.h e_rc2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc2.c evp_locl.h +e_rc2.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_rc2.o: e_rc2.c evp_locl.h e_rc4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_rc4.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -299,7 +307,8 @@ e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c +e_rc4.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_rc4.o: e_rc4.c e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h @@ -317,7 +326,8 @@ e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h e_rc5.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h e_rc5.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_rc5.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc5.c +e_rc5.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_rc5.o: e_rc5.c e_seed.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h e_seed.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h e_seed.o: ../../include/openssl/err.h ../../include/openssl/evp.h @@ -336,8 +346,8 @@ e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h e_xcbc_d.o: ../../include/openssl/opensslconf.h e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -e_xcbc_d.o: ../../include/openssl/symhacks.h ../cryptlib.h e_xcbc_d.c -e_xcbc_d.o: evp_locl.h +e_xcbc_d.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +e_xcbc_d.o: e_xcbc_d.c evp_locl.h encode.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h encode.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h encode.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -346,7 +356,7 @@ encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h encode.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h encode.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -encode.o: ../cryptlib.h encode.c +encode.o: ../include/internal/cryptlib.h encode.c evp_acnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_acnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_acnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -356,7 +366,8 @@ evp_acnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h evp_acnf.o: ../../include/openssl/opensslconf.h evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c +evp_acnf.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +evp_acnf.o: evp_acnf.c evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -370,7 +381,8 @@ evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c +evp_cnf.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +evp_cnf.o: evp_cnf.c evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -384,7 +396,7 @@ evp_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h evp_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_enc.o: ../cryptlib.h evp_enc.c evp_locl.h +evp_enc.o: ../include/internal/cryptlib.h evp_enc.c evp_locl.h evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h evp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h @@ -405,7 +417,8 @@ evp_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_key.o: ../../include/openssl/ui.h ../../include/openssl/x509.h -evp_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_key.c +evp_key.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +evp_key.o: evp_key.c evp_lib.o: ../../e_os.h ../../include/openssl/asn1.h evp_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -414,7 +427,8 @@ evp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h evp_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h evp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_lib.c +evp_lib.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +evp_lib.o: evp_lib.c evp_pbe.o: ../../e_os.h ../../include/openssl/asn1.h evp_pbe.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -427,7 +441,8 @@ evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c +evp_pbe.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +evp_pbe.o: evp_locl.h evp_pbe.c evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -441,7 +456,8 @@ evp_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -evp_pkey.o: ../cryptlib.h ../include/internal/asn1_int.h evp_pkey.c +evp_pkey.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +evp_pkey.o: evp_pkey.c m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h @@ -451,7 +467,7 @@ m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_dss1.o: ../cryptlib.h m_dss1.c +m_dss1.o: ../include/internal/cryptlib.h m_dss1.c m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ecdsa.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -461,14 +477,15 @@ m_ecdsa.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h m_ecdsa.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_ecdsa.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_ecdsa.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_ecdsa.o: ../cryptlib.h m_ecdsa.c +m_ecdsa.o: ../include/internal/cryptlib.h m_ecdsa.c m_md2.o: ../../e_os.h ../../include/openssl/bio.h m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h m_md2.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h m_md2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -m_md2.o: ../../include/openssl/symhacks.h ../cryptlib.h m_md2.c +m_md2.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +m_md2.o: m_md2.c m_md4.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md4.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -481,7 +498,8 @@ m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c +m_md4.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +m_md4.o: m_md4.c m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -494,7 +512,8 @@ m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c +m_md5.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +m_md5.o: m_md5.c m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h @@ -508,7 +527,7 @@ m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_mdc2.o: ../cryptlib.h m_mdc2.c +m_mdc2.o: ../include/internal/cryptlib.h m_mdc2.c m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -520,7 +539,8 @@ m_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h m_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_null.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_null.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_null.c +m_null.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +m_null.o: m_null.c m_ripemd.o: ../../e_os.h ../../include/openssl/asn1.h m_ripemd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -534,7 +554,8 @@ m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c +m_ripemd.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +m_ripemd.o: m_ripemd.c m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -544,7 +565,7 @@ m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -m_sha1.o: ../cryptlib.h m_sha1.c +m_sha1.o: ../include/internal/cryptlib.h m_sha1.c m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h m_sigver.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -557,7 +578,7 @@ m_sigver.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h m_sigver.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h m_sigver.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_sigver.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -m_sigver.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +m_sigver.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h m_sigver.o: ../include/internal/evp_int.h m_sigver.c m_wp.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h m_wp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -571,7 +592,7 @@ m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -m_wp.o: ../cryptlib.h m_wp.c +m_wp.o: ../include/internal/cryptlib.h m_wp.c names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -583,7 +604,8 @@ names.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h names.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h names.o: ../../include/openssl/sha.h ../../include/openssl/stack.h names.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -names.o: ../../include/openssl/x509_vfy.h ../cryptlib.h names.c +names.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +names.o: names.c p5_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -596,7 +618,7 @@ p5_crpt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p5_crpt.o: ../cryptlib.h p5_crpt.c +p5_crpt.o: ../include/internal/cryptlib.h p5_crpt.c p5_crpt2.o: ../../e_os.h ../../include/openssl/asn1.h p5_crpt2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -609,8 +631,8 @@ p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h -p5_crpt2.o: p5_crpt2.c +p5_crpt2.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p5_crpt2.o: evp_locl.h p5_crpt2.c p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -623,7 +645,8 @@ p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_dec.c +p_dec.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p_dec.o: p_dec.c p_enc.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -636,7 +659,8 @@ p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_enc.c +p_enc.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p_enc.o: p_enc.c p_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h p_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -651,7 +675,7 @@ p_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h p_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_lib.o: ../cryptlib.h ../include/internal/asn1_int.h p_lib.c +p_lib.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h p_lib.c p_open.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_open.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_open.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -664,7 +688,7 @@ p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p_open.o: ../cryptlib.h p_open.c +p_open.o: ../include/internal/cryptlib.h p_open.c p_seal.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_seal.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -677,7 +701,8 @@ p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_seal.c +p_seal.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p_seal.o: p_seal.c p_sign.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -689,7 +714,8 @@ p_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_sign.c +p_sign.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p_sign.o: p_sign.c p_verify.o: ../../e_os.h ../../include/openssl/asn1.h p_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -702,7 +728,8 @@ p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h p_verify.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p_verify.c +p_verify.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p_verify.o: p_verify.c pmeth_fn.o: ../../e_os.h ../../include/openssl/asn1.h pmeth_fn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pmeth_fn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -711,7 +738,7 @@ pmeth_fn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h pmeth_fn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h pmeth_fn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pmeth_fn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -pmeth_fn.o: ../../include/openssl/symhacks.h ../cryptlib.h +pmeth_fn.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h pmeth_fn.o: ../include/internal/evp_int.h pmeth_fn.c pmeth_gn.o: ../../e_os.h ../../include/openssl/asn1.h pmeth_gn.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -722,8 +749,8 @@ pmeth_gn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h pmeth_gn.o: ../../include/openssl/opensslconf.h pmeth_gn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pmeth_gn.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -pmeth_gn.o: ../../include/openssl/symhacks.h ../cryptlib.h -pmeth_gn.o: ../include/internal/bn_int.h ../include/internal/evp_int.h +pmeth_gn.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +pmeth_gn.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h pmeth_gn.o: pmeth_gn.c pmeth_lib.o: ../../e_os.h ../../include/openssl/asn1.h pmeth_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -738,6 +765,6 @@ pmeth_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pmeth_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pmeth_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pmeth_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -pmeth_lib.o: ../include/internal/asn1_int.h ../include/internal/evp_int.h +pmeth_lib.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +pmeth_lib.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h pmeth_lib.o: pmeth_lib.c diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile index f51612e..1415ebd 100644 --- a/crypto/hmac/Makefile +++ b/crypto/hmac/Makefile @@ -66,8 +66,8 @@ hm_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h hm_ameth.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h hm_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h hm_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hm_ameth.o: ../../include/openssl/symhacks.h ../cryptlib.h -hm_ameth.o: ../include/internal/asn1_int.h hm_ameth.c +hm_ameth.o: ../../include/openssl/symhacks.h ../include/internal/asn1_int.h +hm_ameth.o: ../include/internal/cryptlib.h hm_ameth.c hm_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h hm_pmeth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h hm_pmeth.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -82,7 +82,8 @@ hm_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h hm_pmeth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h hm_pmeth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h hm_pmeth.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -hm_pmeth.o: ../cryptlib.h ../include/internal/evp_int.h hm_pmeth.c +hm_pmeth.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h +hm_pmeth.o: hm_pmeth.c hmac.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h hmac.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h hmac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -91,4 +92,4 @@ hmac.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h hmac.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -hmac.o: ../../include/openssl/symhacks.h ../cryptlib.h hmac.c +hmac.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h hmac.c diff --git a/crypto/lhash/Makefile b/crypto/lhash/Makefile index ca7f373..952f028 100644 --- a/crypto/lhash/Makefile +++ b/crypto/lhash/Makefile @@ -64,7 +64,8 @@ lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h lh_stats.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -lh_stats.o: ../../include/openssl/symhacks.h ../cryptlib.h lh_stats.c +lh_stats.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +lh_stats.o: lh_stats.c lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h lhash.o: ../../include/openssl/e_os2.h ../../include/openssl/lhash.h lhash.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h diff --git a/crypto/md4/Makefile b/crypto/md4/Makefile index 90aec00..b1904c0 100644 --- a/crypto/md4/Makefile +++ b/crypto/md4/Makefile @@ -61,8 +61,8 @@ clean: md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h md4_dgst.o: ../../include/openssl/opensslconf.h -md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c -md4_dgst.o: md4_locl.h +md4_dgst.o: ../../include/openssl/opensslv.h ../include/internal/md32_common.h +md4_dgst.o: md4_dgst.c md4_locl.h md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index 79a14bd..7dd700f 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -78,8 +78,8 @@ clean: md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h md5_dgst.o: ../../include/openssl/opensslconf.h -md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c -md5_dgst.o: md5_locl.h +md5_dgst.o: ../../include/openssl/opensslv.h ../include/internal/md32_common.h +md5_dgst.o: md5_dgst.c md5_locl.h md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 18915c8..33f318f 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -65,7 +65,8 @@ mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/lhash.h mdc2_one.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -mdc2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h mdc2_one.c +mdc2_one.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +mdc2_one.o: mdc2_one.c mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h mdc2dgst.o: ../../include/openssl/opensslconf.h diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index ed2a9e3..69afd89 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -138,7 +138,7 @@ wrap128.o: ../../include/openssl/lhash.h ../../include/openssl/modes.h wrap128.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h wrap128.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h wrap128.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -wrap128.o: ../cryptlib.h wrap128.c +wrap128.o: ../include/internal/cryptlib.h wrap128.c xts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h xts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h xts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index 6e9fa2e..94e1d4e 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -87,8 +87,8 @@ obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h obj_dat.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -obj_dat.o: ../../include/openssl/symhacks.h ../cryptlib.h -obj_dat.o: ../include/internal/asn1_int.h obj_dat.c obj_dat.h +obj_dat.o: ../../include/openssl/symhacks.h ../include/internal/asn1_int.h +obj_dat.o: ../include/internal/cryptlib.h obj_dat.c obj_dat.h obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h obj_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -105,7 +105,8 @@ obj_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h obj_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h obj_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -obj_lib.o: ../cryptlib.h ../include/internal/asn1_int.h obj_lib.c +obj_lib.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +obj_lib.o: obj_lib.c obj_xref.o: ../../e_os.h ../../include/openssl/asn1.h obj_xref.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h obj_xref.o: ../../include/openssl/e_os2.h ../../include/openssl/obj_mac.h diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index 77f015d..497275d 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -90,7 +90,7 @@ ocsp_cl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h ocsp_cl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ocsp_cl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h ocsp_cl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ocsp_cl.o: ../cryptlib.h ocsp_cl.c ocsp_lcl.h +ocsp_cl.o: ../include/internal/cryptlib.h ocsp_cl.c ocsp_lcl.h ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -119,7 +119,8 @@ ocsp_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_ext.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ocsp_ext.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ocsp_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_ext.c ocsp_lcl.h +ocsp_ext.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ocsp_ext.o: ocsp_ext.c ocsp_lcl.h ocsp_ht.o: ../../e_os.h ../../include/openssl/asn1.h ocsp_ht.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ocsp_ht.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -149,7 +150,8 @@ ocsp_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ocsp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ocsp_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lcl.h ocsp_lib.c +ocsp_lib.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ocsp_lib.o: ocsp_lcl.h ocsp_lib.c ocsp_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -180,7 +182,8 @@ ocsp_srv.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h ocsp_srv.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ocsp_srv.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ocsp_srv.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ocsp_srv.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lcl.h ocsp_srv.c +ocsp_srv.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ocsp_srv.o: ocsp_lcl.h ocsp_srv.c ocsp_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ocsp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ocsp_vfy.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -208,4 +211,5 @@ v3_ocsp.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_ocsp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ocsp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ocsp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_ocsp.o: ../../include/openssl/x509v3.h ../cryptlib.h ocsp_lcl.h v3_ocsp.c +v3_ocsp.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_ocsp.o: ocsp_lcl.h v3_ocsp.c diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 09a6cc8..03bb92c 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -75,7 +75,8 @@ pem_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pem_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pem_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_all.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_all.c +pem_all.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pem_all.o: pem_all.c pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -103,7 +104,7 @@ pem_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h pem_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pem_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pem_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_info.o: ../cryptlib.h pem_info.c +pem_info.o: ../include/internal/cryptlib.h pem_info.c pem_lib.o: ../../e_os.h ../../include/openssl/asn1.h pem_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h @@ -119,7 +120,8 @@ pem_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_lib.o: ../cryptlib.h ../include/internal/asn1_int.h pem_lib.c +pem_lib.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +pem_lib.o: pem_lib.c pem_oth.o: ../../e_os.h ../../include/openssl/asn1.h pem_oth.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_oth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -133,7 +135,8 @@ pem_oth.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h pem_oth.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_oth.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_oth.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_oth.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_oth.c +pem_oth.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pem_oth.o: pem_oth.c pem_pk8.o: ../../e_os.h ../../include/openssl/asn1.h pem_pk8.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pk8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -148,7 +151,7 @@ pem_pk8.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pem_pk8.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pem_pk8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pem_pk8.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_pk8.o: ../cryptlib.h pem_pk8.c +pem_pk8.o: ../include/internal/cryptlib.h pem_pk8.c pem_pkey.o: ../../e_os.h ../../include/openssl/asn1.h pem_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -164,8 +167,8 @@ pem_pkey.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h pem_pkey.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h pem_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -pem_pkey.o: ../include/internal/asn1_int.h pem_pkey.c +pem_pkey.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +pem_pkey.o: ../include/internal/cryptlib.h pem_pkey.c pem_seal.o: ../../e_os.h ../../include/openssl/asn1.h pem_seal.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -180,7 +183,8 @@ pem_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pem_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pem_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_seal.c +pem_seal.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pem_seal.o: pem_seal.c pem_sign.o: ../../e_os.h ../../include/openssl/asn1.h pem_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -195,7 +199,7 @@ pem_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pem_sign.o: ../cryptlib.h pem_sign.c +pem_sign.o: ../include/internal/cryptlib.h pem_sign.c pem_x509.o: ../../e_os.h ../../include/openssl/asn1.h pem_x509.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_x509.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -209,7 +213,8 @@ pem_x509.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pem_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_x509.c +pem_x509.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pem_x509.o: pem_x509.c pem_xaux.o: ../../e_os.h ../../include/openssl/asn1.h pem_xaux.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pem_xaux.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -223,7 +228,8 @@ pem_xaux.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h pem_xaux.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pem_xaux.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pem_xaux.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pem_xaux.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pem_xaux.c +pem_xaux.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pem_xaux.o: pem_xaux.c pvkfmt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h pvkfmt.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h pvkfmt.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h @@ -238,4 +244,5 @@ pvkfmt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pvkfmt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h pvkfmt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pvkfmt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pvkfmt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pvkfmt.c +pvkfmt.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pvkfmt.o: pvkfmt.c diff --git a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile index 0746146..4c08faa 100644 --- a/crypto/pkcs12/Makefile +++ b/crypto/pkcs12/Makefile @@ -76,7 +76,8 @@ p12_add.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p12_add.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p12_add.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_add.c +p12_add.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p12_add.o: p12_add.c p12_asn.o: ../../e_os.h ../../include/openssl/asn1.h p12_asn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p12_asn.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -90,7 +91,7 @@ p12_asn.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_asn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_asn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_asn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_asn.o: ../cryptlib.h p12_asn.c +p12_asn.o: ../include/internal/cryptlib.h p12_asn.c p12_attr.o: ../../e_os.h ../../include/openssl/asn1.h p12_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -104,7 +105,7 @@ p12_attr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_attr.o: ../cryptlib.h p12_attr.c +p12_attr.o: ../include/internal/cryptlib.h p12_attr.c p12_crpt.o: ../../e_os.h ../../include/openssl/asn1.h p12_crpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -118,7 +119,7 @@ p12_crpt.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_crpt.o: ../cryptlib.h p12_crpt.c +p12_crpt.o: ../include/internal/cryptlib.h p12_crpt.c p12_crt.o: ../../e_os.h ../../include/openssl/asn1.h p12_crt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -131,7 +132,8 @@ p12_crt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p12_crt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p12_crt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_crt.c +p12_crt.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p12_crt.o: p12_crt.c p12_decr.o: ../../e_os.h ../../include/openssl/asn1.h p12_decr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -145,7 +147,7 @@ p12_decr.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_decr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_decr.o: ../cryptlib.h p12_decr.c +p12_decr.o: ../include/internal/cryptlib.h p12_decr.c p12_init.o: ../../e_os.h ../../include/openssl/asn1.h p12_init.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -159,7 +161,7 @@ p12_init.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_init.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_init.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_init.o: ../cryptlib.h p12_init.c +p12_init.o: ../include/internal/cryptlib.h p12_init.c p12_key.o: ../../e_os.h ../../include/openssl/asn1.h p12_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -173,7 +175,7 @@ p12_key.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_key.o: ../cryptlib.h p12_key.c +p12_key.o: ../include/internal/cryptlib.h p12_key.c p12_kiss.o: ../../e_os.h ../../include/openssl/asn1.h p12_kiss.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -187,7 +189,7 @@ p12_kiss.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p12_kiss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -p12_kiss.o: ../cryptlib.h p12_kiss.c +p12_kiss.o: ../include/internal/cryptlib.h p12_kiss.c p12_mutl.o: ../../e_os.h ../../include/openssl/asn1.h p12_mutl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -201,7 +203,8 @@ p12_mutl.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h p12_mutl.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p12_mutl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_mutl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_mutl.c +p12_mutl.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p12_mutl.o: p12_mutl.c p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h p12_npas.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h p12_npas.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -228,7 +231,8 @@ p12_p8d.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h p12_p8d.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p12_p8d.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p12_p8d.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_p8d.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8d.c +p12_p8d.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p12_p8d.o: p12_p8d.c p12_p8e.o: ../../e_os.h ../../include/openssl/asn1.h p12_p8e.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_p8e.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -241,7 +245,8 @@ p12_p8e.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h p12_p8e.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p12_p8e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p12_p8e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_p8e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_p8e.c +p12_p8e.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p12_p8e.o: p12_p8e.c p12_utl.o: ../../e_os.h ../../include/openssl/asn1.h p12_utl.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -254,7 +259,8 @@ p12_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h p12_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h p12_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p12_utl.c +p12_utl.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +p12_utl.o: p12_utl.c pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pk12err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h pk12err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h diff --git a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile index 4f218e8..f00ff24 100644 --- a/crypto/pkcs7/Makefile +++ b/crypto/pkcs7/Makefile @@ -83,7 +83,8 @@ pk7_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pk7_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pk7_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pk7_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -pk7_asn1.o: ../../include/openssl/x509_vfy.h ../cryptlib.h pk7_asn1.c +pk7_asn1.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +pk7_asn1.o: pk7_asn1.c pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h pk7_attr.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_attr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -111,7 +112,8 @@ pk7_doit.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pk7_doit.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_doit.o: ../../include/openssl/x509v3.h ../cryptlib.h pk7_doit.c +pk7_doit.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +pk7_doit.o: pk7_doit.c pk7_lib.o: ../../e_os.h ../../include/openssl/asn1.h pk7_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -124,7 +126,8 @@ pk7_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h pk7_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pk7_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_lib.o: ../cryptlib.h ../include/internal/asn1_int.h pk7_lib.c +pk7_lib.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +pk7_lib.o: pk7_lib.c pk7_mime.o: ../../e_os.h ../../include/openssl/asn1.h pk7_mime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -138,7 +141,7 @@ pk7_mime.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h pk7_mime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -pk7_mime.o: ../cryptlib.h pk7_mime.c +pk7_mime.o: ../include/internal/cryptlib.h pk7_mime.c pk7_smime.o: ../../e_os.h ../../include/openssl/asn1.h pk7_smime.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -153,7 +156,7 @@ pk7_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pk7_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pk7_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pk7_smime.o: ../cryptlib.h pk7_smime.c +pk7_smime.o: ../include/internal/cryptlib.h pk7_smime.c pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pkcs7err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h diff --git a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile index 503b69c..569c3c9 100644 --- a/crypto/pqueue/Makefile +++ b/crypto/pqueue/Makefile @@ -65,4 +65,4 @@ pqueue.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h pqueue.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h pqueue.o: ../../include/openssl/pqueue.h ../../include/openssl/safestack.h pqueue.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -pqueue.o: ../cryptlib.h pqueue.c +pqueue.o: ../include/internal/cryptlib.h pqueue.c diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index bb9ef9a..3e09b89 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -94,7 +94,7 @@ rand_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h rand_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rand_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rand_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rand_lib.o: ../cryptlib.h rand_lib.c +rand_lib.o: ../include/internal/cryptlib.h rand_lib.c rand_nw.o: ../../e_os.h ../../include/openssl/asn1.h rand_nw.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_nw.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -104,7 +104,8 @@ rand_nw.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_nw.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_nw.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_nw.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_nw.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h rand_nw.c +rand_nw.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rand_nw.o: rand_lcl.h rand_nw.c rand_os2.o: ../../e_os.h ../../include/openssl/asn1.h rand_os2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_os2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -114,8 +115,8 @@ rand_os2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_os2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_os2.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_os2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_os2.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h -rand_os2.o: rand_os2.c +rand_os2.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rand_os2.o: rand_lcl.h rand_os2.c rand_unix.o: ../../e_os.h ../../include/openssl/asn1.h rand_unix.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_unix.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -126,8 +127,8 @@ rand_unix.o: ../../include/openssl/opensslconf.h rand_unix.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_unix.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_unix.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_unix.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h -rand_unix.o: rand_unix.c +rand_unix.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rand_unix.o: rand_lcl.h rand_unix.c rand_win.o: ../../e_os.h ../../include/openssl/asn1.h rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -137,8 +138,8 @@ rand_win.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rand_win.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h rand_win.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rand_win.o: ../../include/openssl/symhacks.h ../cryptlib.h rand_lcl.h -rand_win.o: rand_win.c +rand_win.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rand_win.o: rand_lcl.h rand_win.c randfile.o: ../../e_os.h ../../include/openssl/buffer.h randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h randfile.o: ../../include/openssl/opensslconf.h diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index b09da2d..b8eecef 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -93,7 +93,7 @@ rc4_enc.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rc4_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_enc.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rc4_enc.o: ../cryptlib.h rc4_enc.c rc4_locl.h +rc4_enc.o: ../include/internal/cryptlib.h rc4_enc.c rc4_locl.h rc4_skey.o: ../../e_os.h ../../include/openssl/bio.h rc4_skey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rc4_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -101,4 +101,4 @@ rc4_skey.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c +rc4_skey.o: ../include/internal/cryptlib.h rc4_locl.h rc4_skey.c diff --git a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile index a5aea85..af4824e 100644 --- a/crypto/ripemd/Makefile +++ b/crypto/ripemd/Makefile @@ -68,7 +68,7 @@ clean: rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h -rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h +rmd_dgst.o: ../include/internal/md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rmd_one.o: ../../include/openssl/ossl_typ.h ../../include/openssl/ripemd.h diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index b075f6a..6c33a04 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -79,7 +79,8 @@ rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_ameth.o: ../cryptlib.h ../include/internal/asn1_int.h rsa_ameth.c +rsa_ameth.o: ../include/internal/asn1_int.h ../include/internal/cryptlib.h +rsa_ameth.o: rsa_ameth.c rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -94,7 +95,7 @@ rsa_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_asn1.o: ../cryptlib.h rsa_asn1.c +rsa_asn1.o: ../include/internal/cryptlib.h rsa_asn1.c rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -111,8 +112,8 @@ rsa_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_crpt.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h -rsa_crpt.o: ../include/internal/bn_int.h rsa_crpt.c +rsa_crpt.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +rsa_crpt.o: ../include/internal/cryptlib.h rsa_crpt.c rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -121,7 +122,7 @@ rsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_depr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_depr.o: ../cryptlib.h rsa_depr.c +rsa_depr.o: ../include/internal/cryptlib.h rsa_depr.c rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -130,8 +131,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h -rsa_eay.o: ../include/internal/bn_int.h rsa_eay.c +rsa_eay.o: ../../include/openssl/symhacks.h ../include/internal/bn_int.h +rsa_eay.o: ../include/internal/cryptlib.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -147,7 +148,7 @@ rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_gen.o: ../cryptlib.h rsa_gen.c +rsa_gen.o: ../include/internal/cryptlib.h rsa_gen.c rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -162,7 +163,8 @@ rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_lib.o: ../cryptlib.h ../include/internal/bn_int.h rsa_lib.c +rsa_lib.o: ../include/internal/bn_int.h ../include/internal/cryptlib.h +rsa_lib.o: rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -171,7 +173,8 @@ rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c +rsa_none.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rsa_none.o: rsa_none.c rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -180,7 +183,8 @@ rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c +rsa_null.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rsa_null.o: rsa_null.c rsa_oaep.o: ../../e_os.h ../../include/internal/constant_time_locl.h rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_oaep.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -192,7 +196,7 @@ rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_oaep.o: ../cryptlib.h rsa_oaep.c +rsa_oaep.o: ../include/internal/cryptlib.h rsa_oaep.c rsa_pk1.o: ../../e_os.h ../../include/internal/constant_time_locl.h rsa_pk1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_pk1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -202,7 +206,7 @@ rsa_pk1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rsa_pk1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_pk1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_pk1.o: ../cryptlib.h rsa_pk1.c +rsa_pk1.o: ../include/internal/cryptlib.h rsa_pk1.c rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -218,7 +222,7 @@ rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_pmeth.o: ../../include/openssl/x509v3.h ../cryptlib.h +rsa_pmeth.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h rsa_pmeth.o: ../include/internal/evp_int.h rsa_locl.h rsa_pmeth.c rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -229,7 +233,7 @@ rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -rsa_prn.o: ../cryptlib.h rsa_prn.c +rsa_prn.o: ../include/internal/cryptlib.h rsa_prn.c rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -240,7 +244,8 @@ rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_locl.h rsa_pss.c +rsa_pss.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rsa_pss.o: rsa_locl.h rsa_pss.c rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -254,7 +259,7 @@ rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_saos.o: ../cryptlib.h rsa_saos.c +rsa_saos.o: ../include/internal/cryptlib.h rsa_saos.c rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -268,7 +273,7 @@ rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c +rsa_sign.o: ../include/internal/cryptlib.h rsa_locl.h rsa_sign.c rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -277,7 +282,8 @@ rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c +rsa_ssl.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rsa_ssl.o: rsa_ssl.c rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -287,7 +293,8 @@ rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c +rsa_x931.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +rsa_x931.o: rsa_x931.c rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index 593aa79..f99a6b3 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -132,12 +132,13 @@ sha1dgst.o: ../../include/openssl/opensslconf.h sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha1dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h +sha1dgst.o: ../include/internal/md32_common.h sha1dgst.c sha_locl.h sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h sha256.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h sha256.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -sha256.o: ../../include/openssl/symhacks.h ../md32_common.h sha256.c +sha256.o: ../../include/openssl/symhacks.h ../include/internal/md32_common.h +sha256.o: sha256.c sha512.o: ../../e_os.h ../../include/openssl/bio.h sha512.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h sha512.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -145,4 +146,4 @@ sha512.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -sha512.o: ../cryptlib.h sha512.c +sha512.o: ../include/internal/cryptlib.h sha512.c diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile index 5967ca1..ff6e905 100644 --- a/crypto/srp/Makefile +++ b/crypto/srp/Makefile @@ -66,7 +66,8 @@ srp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h srp_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h srp_lib.o: ../../include/openssl/sha.h ../../include/openssl/srp.h srp_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -srp_lib.o: ../cryptlib.h ../include/internal/bn_srp.h srp_lib.c +srp_lib.o: ../include/internal/bn_srp.h ../include/internal/cryptlib.h +srp_lib.o: srp_lib.c srp_vfy.o: ../../e_os.h ../../include/openssl/asn1.h srp_vfy.o: ../../include/openssl/bio.h ../../include/openssl/bn.h srp_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -78,4 +79,4 @@ srp_vfy.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h srp_vfy.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h srp_vfy.o: ../../include/openssl/srp.h ../../include/openssl/stack.h srp_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h -srp_vfy.o: ../cryptlib.h srp_vfy.c +srp_vfy.o: ../include/internal/cryptlib.h srp_vfy.c diff --git a/crypto/stack/Makefile b/crypto/stack/Makefile index f97b3e8..76f1b2b 100644 --- a/crypto/stack/Makefile +++ b/crypto/stack/Makefile @@ -65,4 +65,5 @@ stack.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h stack.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h stack.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h stack.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -stack.o: ../../include/openssl/symhacks.h ../cryptlib.h stack.c +stack.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h +stack.o: stack.c diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index 9635991..2f56229 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -101,7 +101,8 @@ ts_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_conf.c +ts_conf.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_conf.o: ts_conf.c ts_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h ts_err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h ts_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h @@ -132,7 +133,7 @@ ts_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h ts_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h ts_lib.o: ../../include/openssl/ts.h ../../include/openssl/x509.h ts_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -ts_lib.o: ../cryptlib.h ts_lib.c +ts_lib.o: ../include/internal/cryptlib.h ts_lib.c ts_req_print.o: ../../e_os.h ../../include/openssl/asn1.h ts_req_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ts_req_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -149,7 +150,8 @@ ts_req_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_req_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_req_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_req_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_req_print.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_print.c +ts_req_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_req_print.o: ts_req_print.c ts_req_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_req_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_req_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -166,7 +168,8 @@ ts_req_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_req_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_req_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_req_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_req_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_req_utils.c +ts_req_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_req_utils.o: ts_req_utils.c ts_rsp_print.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h ts_rsp_print.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -183,7 +186,8 @@ ts_rsp_print.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_rsp_print.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_print.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_print.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_rsp_print.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_print.c +ts_rsp_print.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_rsp_print.o: ts_rsp_print.c ts_rsp_sign.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_sign.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_sign.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -200,7 +204,8 @@ ts_rsp_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_rsp_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_rsp_sign.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_sign.c +ts_rsp_sign.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_rsp_sign.o: ts_rsp_sign.c ts_rsp_utils.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_utils.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_utils.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -217,7 +222,8 @@ ts_rsp_utils.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_rsp_utils.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_utils.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_utils.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_rsp_utils.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_utils.c +ts_rsp_utils.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_rsp_utils.o: ts_rsp_utils.c ts_rsp_verify.o: ../../e_os.h ../../include/openssl/asn1.h ts_rsp_verify.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_rsp_verify.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -234,7 +240,8 @@ ts_rsp_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_rsp_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_rsp_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_rsp_verify.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_rsp_verify.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_rsp_verify.c +ts_rsp_verify.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_rsp_verify.o: ts_rsp_verify.c ts_verify_ctx.o: ../../e_os.h ../../include/openssl/asn1.h ts_verify_ctx.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h ts_verify_ctx.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -251,4 +258,5 @@ ts_verify_ctx.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h ts_verify_ctx.o: ../../include/openssl/sha.h ../../include/openssl/stack.h ts_verify_ctx.o: ../../include/openssl/symhacks.h ../../include/openssl/ts.h ts_verify_ctx.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -ts_verify_ctx.o: ../../include/openssl/x509v3.h ../cryptlib.h ts_verify_ctx.c +ts_verify_ctx.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +ts_verify_ctx.o: ts_verify_ctx.c diff --git a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile index 454bda0..ca967ab 100644 --- a/crypto/txt_db/Makefile +++ b/crypto/txt_db/Makefile @@ -65,4 +65,4 @@ txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h txt_db.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h txt_db.o: ../../include/openssl/symhacks.h ../../include/openssl/txt_db.h -txt_db.o: ../cryptlib.h txt_db.c +txt_db.o: ../include/internal/cryptlib.h txt_db.c diff --git a/crypto/ui/Makefile b/crypto/ui/Makefile index 4ab59a1..1346d13 100644 --- a/crypto/ui/Makefile +++ b/crypto/ui/Makefile @@ -71,7 +71,7 @@ ui_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h ui_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ui_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ui_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ui_lib.o: ../cryptlib.h ui_lib.c ui_locl.h +ui_lib.o: ../include/internal/cryptlib.h ui_lib.c ui_locl.h ui_openssl.o: ../../e_os.h ../../include/openssl/bio.h ui_openssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h ui_openssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h @@ -79,7 +79,7 @@ ui_openssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h ui_openssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h ui_openssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h ui_openssl.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h -ui_openssl.o: ../cryptlib.h ui_locl.h ui_openssl.c +ui_openssl.o: ../include/internal/cryptlib.h ui_locl.h ui_openssl.c ui_util.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h ui_util.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h ui_util.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index 914129a..a6b2b7c 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -81,7 +81,8 @@ by_dir.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h by_dir.o: ../../include/openssl/sha.h ../../include/openssl/stack.h by_dir.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h by_dir.c +by_dir.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +by_dir.o: by_dir.c by_file.o: ../../e_os.h ../../include/openssl/asn1.h by_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h by_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -95,7 +96,7 @@ by_file.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h by_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h by_file.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -by_file.o: ../cryptlib.h by_file.c +by_file.o: ../include/internal/cryptlib.h by_file.c x509_att.o: ../../e_os.h ../../include/openssl/asn1.h x509_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -109,7 +110,7 @@ x509_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_att.o: ../cryptlib.h x509_att.c x509_lcl.h +x509_att.o: ../include/internal/cryptlib.h x509_att.c x509_lcl.h x509_cmp.o: ../../e_os.h ../../include/openssl/asn1.h x509_cmp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -123,7 +124,8 @@ x509_cmp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_cmp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_cmp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_cmp.o: ../cryptlib.h ../include/internal/x509_int.h x509_cmp.c +x509_cmp.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h +x509_cmp.o: x509_cmp.c x509_d2.o: ../../e_os.h ../../include/openssl/asn1.h x509_d2.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -136,7 +138,7 @@ x509_d2.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h x509_d2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x509_d2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -x509_d2.o: ../cryptlib.h x509_d2.c +x509_d2.o: ../include/internal/cryptlib.h x509_d2.c x509_def.o: ../../e_os.h ../../include/openssl/asn1.h x509_def.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -149,7 +151,8 @@ x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_def.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_def.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_def.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_def.c +x509_def.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509_def.o: x509_def.c x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h x509_err.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h x509_err.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h @@ -175,7 +178,7 @@ x509_ext.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_ext.o: ../cryptlib.h x509_ext.c +x509_ext.o: ../include/internal/cryptlib.h x509_ext.c x509_lu.o: ../../e_os.h ../../include/openssl/asn1.h x509_lu.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_lu.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -189,7 +192,7 @@ x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_lu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_lu.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_lu.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_lu.o: ../cryptlib.h x509_lcl.h x509_lu.c +x509_lu.o: ../include/internal/cryptlib.h x509_lcl.h x509_lu.c x509_obj.o: ../../e_os.h ../../include/openssl/asn1.h x509_obj.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -202,7 +205,7 @@ x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_obj.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_obj.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_obj.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x509_obj.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h x509_obj.o: ../include/internal/x509_int.h x509_obj.c x509_r2x.o: ../../e_os.h ../../include/openssl/asn1.h x509_r2x.o: ../../include/openssl/bio.h ../../include/openssl/bn.h @@ -216,7 +219,8 @@ x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_r2x.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_r2x.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_r2x.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_r2x.c +x509_r2x.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509_r2x.o: x509_r2x.c x509_req.o: ../../e_os.h ../../include/openssl/asn1.h x509_req.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x509_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -231,7 +235,8 @@ x509_req.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h x509_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_req.c +x509_req.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509_req.o: x509_req.c x509_set.o: ../../e_os.h ../../include/openssl/asn1.h x509_set.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -244,7 +249,8 @@ x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_set.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_set.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_set.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_set.c +x509_set.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509_set.o: x509_set.c x509_trs.o: ../../e_os.h ../../include/openssl/asn1.h x509_trs.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -258,7 +264,7 @@ x509_trs.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_trs.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_trs.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_trs.o: ../cryptlib.h x509_trs.c +x509_trs.o: ../include/internal/cryptlib.h x509_trs.c x509_txt.o: ../../e_os.h ../../include/openssl/asn1.h x509_txt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -271,7 +277,8 @@ x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509_txt.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_txt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509_txt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_txt.c +x509_txt.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509_txt.o: x509_txt.c x509_v3.o: ../../e_os.h ../../include/openssl/asn1.h x509_v3.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -285,7 +292,7 @@ x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_v3.o: ../cryptlib.h x509_lcl.h x509_v3.c +x509_v3.o: ../include/internal/cryptlib.h x509_lcl.h x509_v3.c x509_vfy.o: ../../e_os.h ../../include/openssl/asn1.h x509_vfy.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -299,7 +306,7 @@ x509_vfy.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_vfy.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_vfy.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_vfy.o: ../cryptlib.h x509_lcl.h x509_vfy.c +x509_vfy.o: ../include/internal/cryptlib.h x509_lcl.h x509_vfy.c x509_vpm.o: ../../e_os.h ../../include/openssl/asn1.h x509_vpm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509_vpm.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -313,7 +320,7 @@ x509_vpm.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509_vpm.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509_vpm.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x509_vpm.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x509_vpm.o: ../cryptlib.h x509_lcl.h x509_vpm.c +x509_vpm.o: ../include/internal/cryptlib.h x509_lcl.h x509_vpm.c x509cset.o: ../../e_os.h ../../include/openssl/asn1.h x509cset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509cset.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -326,7 +333,8 @@ x509cset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509cset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509cset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509cset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509cset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509cset.c +x509cset.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509cset.o: x509cset.c x509name.o: ../../e_os.h ../../include/openssl/asn1.h x509name.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509name.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -339,7 +347,7 @@ x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x509name.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h x509name.o: ../include/internal/x509_int.h x509name.c x509rset.o: ../../e_os.h ../../include/openssl/asn1.h x509rset.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -353,7 +361,8 @@ x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509rset.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509rset.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509rset.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509rset.c +x509rset.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509rset.o: x509rset.c x509spki.o: ../../e_os.h ../../include/openssl/asn1.h x509spki.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509spki.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -366,7 +375,8 @@ x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509spki.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509spki.c +x509spki.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509spki.o: x509spki.c x509type.o: ../../e_os.h ../../include/openssl/asn1.h x509type.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x509type.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -379,7 +389,8 @@ x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x509type.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x509type.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x509type.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509type.c +x509type.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x509type.o: x509type.c x_all.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h x_all.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h x_all.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h @@ -394,7 +405,7 @@ x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h x_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -x_all.o: ../cryptlib.h x_all.c +x_all.o: ../include/internal/cryptlib.h x_all.c x_attrib.o: ../../e_os.h ../../include/openssl/asn1.h x_attrib.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h x_attrib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h @@ -407,8 +418,8 @@ x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_attrib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x509_lcl.h -x_attrib.o: x_attrib.c +x_attrib.o: ../../include/openssl/x509_vfy.h ../include/internal/cryptlib.h +x_attrib.o: x509_lcl.h x_attrib.c x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h x_exten.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h x_exten.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -433,6 +444,6 @@ x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h x_name.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h -x_name.o: ../include/internal/asn1_int.h ../include/internal/x509_int.h +x_name.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h +x_name.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h x_name.o: x_name.c diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index 4affc2d..d7be020 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -82,7 +82,7 @@ pcy_cache.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_cache.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pcy_cache.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pcy_cache.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pcy_cache.o: ../cryptlib.h pcy_cache.c pcy_int.h +pcy_cache.o: ../include/internal/cryptlib.h pcy_cache.c pcy_int.h pcy_data.o: ../../e_os.h ../../include/openssl/asn1.h pcy_data.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_data.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -96,7 +96,7 @@ pcy_data.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_data.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pcy_data.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pcy_data.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pcy_data.o: ../cryptlib.h pcy_data.c pcy_int.h +pcy_data.o: ../include/internal/cryptlib.h pcy_data.c pcy_int.h pcy_lib.o: ../../e_os.h ../../include/openssl/asn1.h pcy_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -110,7 +110,7 @@ pcy_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pcy_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pcy_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pcy_lib.o: ../cryptlib.h pcy_int.h pcy_lib.c +pcy_lib.o: ../include/internal/cryptlib.h pcy_int.h pcy_lib.c pcy_map.o: ../../e_os.h ../../include/openssl/asn1.h pcy_map.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h pcy_map.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -124,7 +124,7 @@ pcy_map.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_map.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pcy_map.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pcy_map.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pcy_map.o: ../cryptlib.h pcy_int.h pcy_map.c +pcy_map.o: ../include/internal/cryptlib.h pcy_int.h pcy_map.c pcy_node.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h pcy_node.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h pcy_node.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -151,7 +151,7 @@ pcy_tree.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h pcy_tree.o: ../../include/openssl/sha.h ../../include/openssl/stack.h pcy_tree.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pcy_tree.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -pcy_tree.o: ../cryptlib.h pcy_int.h pcy_tree.c +pcy_tree.o: ../include/internal/cryptlib.h pcy_int.h pcy_tree.c v3_addr.o: ../../e_os.h ../../include/openssl/asn1.h v3_addr.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_addr.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -165,7 +165,8 @@ v3_addr.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_addr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_addr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_addr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_addr.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_addr.c +v3_addr.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_addr.o: v3_addr.c v3_akey.o: ../../e_os.h ../../include/openssl/asn1.h v3_akey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akey.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -179,7 +180,8 @@ v3_akey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_akey.c +v3_akey.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_akey.o: v3_akey.c v3_akeya.o: ../../e_os.h ../../include/openssl/asn1.h v3_akeya.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_akeya.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -194,7 +196,7 @@ v3_akeya.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_akeya.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_akeya.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_akeya.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_akeya.o: ../cryptlib.h v3_akeya.c +v3_akeya.o: ../include/internal/cryptlib.h v3_akeya.c v3_alt.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_alt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -207,7 +209,8 @@ v3_alt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_alt.c +v3_alt.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_alt.o: v3_alt.c v3_asid.o: ../../e_os.h ../../include/openssl/asn1.h v3_asid.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_asid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -222,7 +225,7 @@ v3_asid.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_asid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_asid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_asid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_asid.o: ../cryptlib.h v3_asid.c +v3_asid.o: ../include/internal/cryptlib.h v3_asid.c v3_bcons.o: ../../e_os.h ../../include/openssl/asn1.h v3_bcons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_bcons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -237,7 +240,7 @@ v3_bcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_bcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_bcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_bcons.o: ../cryptlib.h v3_bcons.c +v3_bcons.o: ../include/internal/cryptlib.h v3_bcons.c v3_bitst.o: ../../e_os.h ../../include/openssl/asn1.h v3_bitst.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -251,7 +254,7 @@ v3_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_bitst.o: ../cryptlib.h v3_bitst.c +v3_bitst.o: ../include/internal/cryptlib.h v3_bitst.c v3_conf.o: ../../e_os.h ../../include/openssl/asn1.h v3_conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -265,7 +268,7 @@ v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_conf.o: ../cryptlib.h v3_conf.c +v3_conf.o: ../include/internal/cryptlib.h v3_conf.c v3_cpols.o: ../../e_os.h ../../include/openssl/asn1.h v3_cpols.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_cpols.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -280,7 +283,7 @@ v3_cpols.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_cpols.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_cpols.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_cpols.o: ../cryptlib.h pcy_int.h v3_cpols.c +v3_cpols.o: ../include/internal/cryptlib.h pcy_int.h v3_cpols.c v3_crld.o: ../../e_os.h ../../include/openssl/asn1.h v3_crld.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_crld.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -294,7 +297,7 @@ v3_crld.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_crld.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h v3_crld.o: ../include/internal/x509_int.h v3_crld.c v3_enum.o: ../../e_os.h ../../include/openssl/asn1.h v3_enum.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h @@ -309,7 +312,7 @@ v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_enum.o: ../cryptlib.h v3_enum.c +v3_enum.o: ../include/internal/cryptlib.h v3_enum.c v3_extku.o: ../../e_os.h ../../include/openssl/asn1.h v3_extku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -324,7 +327,7 @@ v3_extku.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_extku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_extku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_extku.o: ../cryptlib.h v3_extku.c +v3_extku.o: ../include/internal/cryptlib.h v3_extku.c v3_genn.o: ../../e_os.h ../../include/openssl/asn1.h v3_genn.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_genn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -338,7 +341,8 @@ v3_genn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_genn.c +v3_genn.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_genn.o: v3_genn.c v3_ia5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_ia5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -351,7 +355,8 @@ v3_ia5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_ia5.c +v3_ia5.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_ia5.o: v3_ia5.c v3_info.o: ../../e_os.h ../../include/openssl/asn1.h v3_info.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_info.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -365,7 +370,8 @@ v3_info.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_info.c +v3_info.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_info.o: v3_info.c v3_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -378,7 +384,8 @@ v3_int.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_int.c +v3_int.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_int.o: v3_int.c v3_lib.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -391,7 +398,8 @@ v3_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h v3_lib.c +v3_lib.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_lib.o: ext_dat.h v3_lib.c v3_ncons.o: ../../e_os.h ../../include/openssl/asn1.h v3_ncons.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_ncons.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -406,7 +414,8 @@ v3_ncons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_ncons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_ncons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_ncons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_ncons.o: ../cryptlib.h ../include/internal/x509_int.h v3_ncons.c +v3_ncons.o: ../include/internal/cryptlib.h ../include/internal/x509_int.h +v3_ncons.o: v3_ncons.c v3_pci.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_pci.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_pci.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -419,7 +428,8 @@ v3_pci.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_pci.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pci.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pci.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_pci.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pci.c +v3_pci.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_pci.o: v3_pci.c v3_pcia.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h v3_pcia.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_pcia.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -447,7 +457,7 @@ v3_pcons.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_pcons.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_pcons.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pcons.o: ../cryptlib.h v3_pcons.c +v3_pcons.o: ../include/internal/cryptlib.h v3_pcons.c v3_pku.o: ../../e_os.h ../../include/openssl/asn1.h v3_pku.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pku.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -461,7 +471,8 @@ v3_pku.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_pku.c +v3_pku.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_pku.o: v3_pku.c v3_pmaps.o: ../../e_os.h ../../include/openssl/asn1.h v3_pmaps.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_pmaps.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -476,7 +487,7 @@ v3_pmaps.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_pmaps.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_pmaps.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_pmaps.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_pmaps.o: ../cryptlib.h v3_pmaps.c +v3_pmaps.o: ../include/internal/cryptlib.h v3_pmaps.c v3_prn.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -489,7 +500,8 @@ v3_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h v3_prn.c +v3_prn.o: ../../include/openssl/x509v3.h ../include/internal/cryptlib.h +v3_prn.o: v3_prn.c v3_purp.o: ../../e_os.h ../../include/openssl/asn1.h v3_purp.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -503,7 +515,7 @@ v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_purp.o: ../cryptlib.h v3_purp.c +v3_purp.o: ../include/internal/cryptlib.h v3_purp.c v3_scts.o: ../../e_os.h ../../include/openssl/asn1.h v3_scts.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_scts.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -517,7 +529,7 @@ v3_scts.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_scts.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_scts.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_scts.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_scts.o: ../cryptlib.h v3_scts.c +v3_scts.o: ../include/internal/cryptlib.h v3_scts.c v3_skey.o: ../../e_os.h ../../include/openssl/asn1.h v3_skey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -531,7 +543,7 @@ v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_skey.o: ../cryptlib.h v3_skey.c +v3_skey.o: ../include/internal/cryptlib.h v3_skey.c v3_sxnet.o: ../../e_os.h ../../include/openssl/asn1.h v3_sxnet.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h v3_sxnet.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h @@ -546,7 +558,7 @@ v3_sxnet.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_sxnet.o: ../cryptlib.h v3_sxnet.c +v3_sxnet.o: ../include/internal/cryptlib.h v3_sxnet.c v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h @@ -560,7 +572,7 @@ v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -v3_utl.o: ../cryptlib.h v3_utl.c +v3_utl.o: ../include/internal/cryptlib.h v3_utl.c v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3err.o: ../../include/openssl/buffer.h ../../include/openssl/conf.h v3err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h From rsalz at openssl.org Thu May 14 19:58:22 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 14 May 2015 19:58:22 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431633502.042723.4687.nullmailer@dev.openssl.org> The branch master has been updated via 9f5be870e86ef57b52854be6328e1844afa95814 (commit) from a3aadb2d9c85bc958a428a17ef5d6c9de5ef87b8 (commit) - Log ----------------------------------------------------------------- commit 9f5be870e86ef57b52854be6328e1844afa95814 Author: Rich Salz Date: Thu May 14 15:57:30 2015 -0400 Update mkdef for moved header file. crypto/cryptlib.h moved to crypto/include/internal; update the script. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/mkdef.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mkdef.pl b/util/mkdef.pl index 18bc1ab..e2b1fb6 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -261,7 +261,7 @@ $ssl.=" include/openssl/tls1.h"; $ssl.=" include/openssl/srtp.h"; my $crypto ="include/openssl/crypto.h"; -$crypto.=" crypto/cryptlib.h"; +$crypto.=" crypto/include/internal/cryptlib.h"; $crypto.=" include/internal/o_dir.h"; $crypto.=" include/internal/o_str.h"; $crypto.=" include/openssl/des.h" ; # unless $no_des; From rsalz at openssl.org Fri May 15 10:48:39 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 15 May 2015 10:48:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431686919.466469.27728.nullmailer@dev.openssl.org> The branch master has been updated via 2eb264a14b93b277269b1f3311925d550d5de580 (commit) from 9f5be870e86ef57b52854be6328e1844afa95814 (commit) - Log ----------------------------------------------------------------- commit 2eb264a14b93b277269b1f3311925d550d5de580 Author: Rich Salz Date: Fri May 15 06:48:14 2015 -0400 Make up for a missed 'make update' update. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/safestack.h | 50 ++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/include/openssl/safestack.h b/include/openssl/safestack.h index 9e10c10..388f409 100644 --- a/include/openssl/safestack.h +++ b/include/openssl/safestack.h @@ -2068,31 +2068,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_void_sort(st) SKM_sk_sort(void, (st)) # define sk_void_is_sorted(st) SKM_sk_is_sorted(void, (st)) -# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) -# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) -# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) -# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) -# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) -# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) -# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) -# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) -# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ - ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ - sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) -# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) -# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) -# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) -# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) - # define sk_OPENSSL_STRING_new(cmp) ((STACK_OF(OPENSSL_STRING) *)sk_new(CHECKED_SK_CMP_FUNC(char, cmp))) # define sk_OPENSSL_STRING_new_null() ((STACK_OF(OPENSSL_STRING) *)sk_new_null()) # define sk_OPENSSL_STRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_STRING, st), CHECKED_PTR_OF(char, val)) @@ -2143,6 +2118,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void) # define sk_OPENSSL_BLOCK_sort(st) SKM_sk_sort(OPENSSL_BLOCK, (st)) # define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st)) +# define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null()) +# define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i)) +# define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func)) +# define sk_OPENSSL_PSTRING_deep_copy(st, copy_func, free_func) ((STACK_OF(OPENSSL_PSTRING) *)sk_deep_copy(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_COPY_FUNC(OPENSSL_STRING, copy_func), CHECKED_SK_FREE_FUNC(OPENSSL_STRING, free_func))) +# define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i) +# define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val)) +# define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i)) +# define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr)) +# define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp) \ + ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \ + sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp))) +# define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st) +# define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st)) +# define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st)) +# define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st)) + # define lh_ADDED_OBJ_new() LHM_lh_new(ADDED_OBJ,added_obj) # define lh_ADDED_OBJ_insert(lh,inst) LHM_lh_insert(ADDED_OBJ,lh,inst) # define lh_ADDED_OBJ_retrieve(lh,inst) LHM_lh_retrieve(ADDED_OBJ,lh,inst) From rsalz at openssl.org Fri May 15 12:16:35 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 15 May 2015 12:16:35 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431692195.554231.5081.nullmailer@dev.openssl.org> The branch master has been updated via 857048a7f339913fc4e510ddf033878850c655cd (commit) from 2eb264a14b93b277269b1f3311925d550d5de580 (commit) - Log ----------------------------------------------------------------- commit 857048a7f339913fc4e510ddf033878850c655cd Author: Rich Salz Date: Thu May 14 15:21:36 2015 -0400 Use #error in openssl/srp.h Follow the same convention the other OPENSSL_NO_xxx header files do, and use #error instead of making the header file be a no-op. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 7 +++++++ apps/s_server.c | 4 ++++ apps/srp.c | 6 ++++++ include/openssl/srp.h | 57 +++++++++++++++++++++++++++------------------------ ssl/tls_srp.c | 2 +- 5 files changed, 48 insertions(+), 28 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 8d78dc7..ba411f2 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -925,6 +925,13 @@ int s_client_main(int argc, char **argv) srp_arg.amp = 1; meth = TLSv1_client_method(); break; +#else + case OPT_SRPUSER: + case OPT_SRPPASS: + case OPT_SRP_STRENGTH: + case OPT_SRP_LATEUSER: + case OPT_SRP_MOREGROUPS: + break; #endif #ifndef OPENSSL_NO_SSL3 case OPT_SSL3: diff --git a/apps/s_server.c b/apps/s_server.c index c54caa6..2ef902a 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1317,6 +1317,10 @@ int s_server_main(int argc, char *argv[]) srpuserseed = opt_arg(); meth = TLSv1_server_method(); break; +#else + case OPT_SRPVFILE: + case OPT_SRPUSERSEED: + break; #endif case OPT_REV: rev = 1; diff --git a/apps/srp.c b/apps/srp.c index ec875cb..6c50a6e 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -680,4 +680,10 @@ int srp_main(int argc, char **argv) return (ret); } +#else + +# if PEDANTIC +static void *dummy = &dummy; +# endif + #endif diff --git a/include/openssl/srp.h b/include/openssl/srp.h index de6631d..3411fe5 100644 --- a/include/openssl/srp.h +++ b/include/openssl/srp.h @@ -60,18 +60,22 @@ #ifndef __SRP_H__ # define __SRP_H__ -# ifndef OPENSSL_NO_SRP +#include -# include -# include +# ifdef OPENSSL_NO_SRP +# error SRP is disabled. +# endif + +# include +# include #ifdef __cplusplus extern "C" { #endif -# include -# include -# include +# include +# include +# include typedef struct SRP_gN_cache_st { char *b64_bn; @@ -122,25 +126,25 @@ int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt, BIGNUM **verifier, const BIGNUM *N, const BIGNUM *g); -# define SRP_NO_ERROR 0 -# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 -# define SRP_ERR_VBASE_BN_LIB 2 -# define SRP_ERR_OPEN_FILE 3 -# define SRP_ERR_MEMORY 4 - -# define DB_srptype 0 -# define DB_srpverifier 1 -# define DB_srpsalt 2 -# define DB_srpid 3 -# define DB_srpgN 4 -# define DB_srpinfo 5 -# undef DB_NUMBER -# define DB_NUMBER 6 - -# define DB_SRP_INDEX 'I' -# define DB_SRP_VALID 'V' -# define DB_SRP_REVOKED 'R' -# define DB_SRP_MODIF 'v' +# define SRP_NO_ERROR 0 +# define SRP_ERR_VBASE_INCOMPLETE_FILE 1 +# define SRP_ERR_VBASE_BN_LIB 2 +# define SRP_ERR_OPEN_FILE 3 +# define SRP_ERR_MEMORY 4 + +# define DB_srptype 0 +# define DB_srpverifier 1 +# define DB_srpsalt 2 +# define DB_srpid 3 +# define DB_srpgN 4 +# define DB_srpinfo 5 +# undef DB_NUMBER +# define DB_NUMBER 6 + +# define DB_SRP_INDEX 'I' +# define DB_SRP_VALID 'V' +# define DB_SRP_REVOKED 'R' +# define DB_SRP_MODIF 'v' /* see srp.c */ char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N); @@ -160,11 +164,10 @@ BIGNUM *SRP_Calc_client_key(BIGNUM *N, BIGNUM *B, BIGNUM *g, BIGNUM *x, BIGNUM *a, BIGNUM *u); int SRP_Verify_B_mod_N(BIGNUM *B, BIGNUM *N); -# define SRP_MINIMAL_N 1024 +# define SRP_MINIMAL_N 1024 #ifdef __cplusplus } #endif -# endif #endif diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c index 7d4fd1d..6bd7845 100644 --- a/ssl/tls_srp.c +++ b/ssl/tls_srp.c @@ -60,11 +60,11 @@ #include #include -#include #include #include "ssl_locl.h" #ifndef OPENSSL_NO_SRP +#include int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx) { From rsalz at openssl.org Fri May 15 18:19:15 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 15 May 2015 18:19:15 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1431713955.421196.9129.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 051b41df4105355a5a9c7f1c0bd00cc70b2d324c (commit) from c59bd61b2efe023775fdc85b8452399fe551fb58 (commit) - Log ----------------------------------------------------------------- commit 051b41df4105355a5a9c7f1c0bd00cc70b2d324c Author: Andy Polyakov Date: Sun Jul 15 13:40:04 2012 +0000 mk1mf.pl: replace chop for windows. Backport old patch to make it work in mixture of perls for Windows. Reviewed-by: Richard Levitte Cherry-picked from 7bb98eee3c9e4694dfc2217001d5075ce8d2906e ----------------------------------------------------------------------- Summary of changes: util/mk1mf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 7d4491f..9b8abc0 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -340,7 +340,7 @@ open(IN,"<$infile") || die "unable to open $infile:$!\n"; $_=; for (;;) { - chop; + s/\s*$//; # was chop, didn't work in mixture of perls for Windows... ($key,$val)=/^([^=]+)=(.*)/; if ($key eq "RELATIVE_DIRECTORY") From rsalz at openssl.org Fri May 15 18:19:37 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 15 May 2015 18:19:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1431713977.615792.9374.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 2df0ba9b4f20f07f7d5bead4d2107d29d62b1798 (commit) from 76b49a8ad7759c2b702376d1ebc90008bdc26373 (commit) - Log ----------------------------------------------------------------- commit 2df0ba9b4f20f07f7d5bead4d2107d29d62b1798 Author: Andy Polyakov Date: Sun Jul 15 13:40:04 2012 +0000 mk1mf.pl: replace chop for windows. Backport old patch to make it work in mixture of perls for Windows. Reviewed-by: Richard Levitte Cherry-picked from 7bb98eee3c9e4694dfc2217001d5075ce8d2906e (cherry picked from commit 051b41df4105355a5a9c7f1c0bd00cc70b2d324c) ----------------------------------------------------------------------- Summary of changes: util/mk1mf.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 550ef9f..1eee7aa 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -326,7 +326,7 @@ open(IN,"<$infile") || die "unable to open $infile:$!\n"; $_=; for (;;) { - chop; + s/\s*$//; # was chop, didn't work in mixture of perls for Windows... ($key,$val)=/^([^=]+)=(.*)/; if ($key eq "RELATIVE_DIRECTORY") From rsalz at openssl.org Fri May 15 18:39:43 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 15 May 2015 18:39:43 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431715183.875685.11323.nullmailer@dev.openssl.org> The branch master has been updated via 756eff7a31b5b46577e8529645b254ccc256a8ae (commit) from 857048a7f339913fc4e510ddf033878850c655cd (commit) - Log ----------------------------------------------------------------- commit 756eff7a31b5b46577e8529645b254ccc256a8ae Author: Rich Salz Date: Thu May 14 15:36:09 2015 -0400 Remove unused #ifdef's from header files And remove a duplicate comment, probably from a merge hiccup. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: include/openssl/bn.h | 4 ---- include/openssl/pem.h | 36 ------------------------------------ 2 files changed, 40 deletions(-) diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 5a2e8db..9c53aaf 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -272,10 +272,6 @@ extern "C" { # ifdef OPENSSL_USE_DEPRECATED /* deprecated name for the flag */ # define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME -/* - * avoid leaking exponent information through timings - * (BN_mod_exp_mont() will call BN_mod_exp_mont_consttime) - */ # endif # ifdef OPENSSL_USE_DEPRECATED diff --git a/include/openssl/pem.h b/include/openssl/pem.h index d42e5b0..a1e5166 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -72,41 +72,6 @@ extern "C" { # define PEM_BUFSIZE 1024 -# define PEM_OBJ_UNDEF 0 -# define PEM_OBJ_X509 1 -# define PEM_OBJ_X509_REQ 2 -# define PEM_OBJ_CRL 3 -# define PEM_OBJ_SSL_SESSION 4 -# define PEM_OBJ_PRIV_KEY 10 -# define PEM_OBJ_PRIV_RSA 11 -# define PEM_OBJ_PRIV_DSA 12 -# define PEM_OBJ_PRIV_DH 13 -# define PEM_OBJ_PUB_RSA 14 -# define PEM_OBJ_PUB_DSA 15 -# define PEM_OBJ_PUB_DH 16 -# define PEM_OBJ_DHPARAMS 17 -# define PEM_OBJ_DSAPARAMS 18 -# define PEM_OBJ_PRIV_RSA_PUBLIC 19 -# define PEM_OBJ_PRIV_ECDSA 20 -# define PEM_OBJ_PUB_ECDSA 21 -# define PEM_OBJ_ECPARAMETERS 22 - -# define PEM_ERROR 30 -# define PEM_DEK_DES_CBC 40 -# define PEM_DEK_IDEA_CBC 45 -# define PEM_DEK_DES_EDE 50 -# define PEM_DEK_DES_ECB 60 -# define PEM_DEK_RSA 70 -# define PEM_DEK_RSA_MD2 80 -# define PEM_DEK_RSA_MD5 90 - -# define PEM_MD_MD2 NID_md2 -# define PEM_MD_MD5 NID_md5 -# define PEM_MD_SHA NID_sha -# define PEM_MD_MD2_RSA NID_md2WithRSAEncryption -# define PEM_MD_MD5_RSA NID_md5WithRSAEncryption -# define PEM_MD_SHA_RSA NID_sha1WithRSAEncryption - # define PEM_STRING_X509_OLD "X509 CERTIFICATE" # define PEM_STRING_X509 "CERTIFICATE" # define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" @@ -143,7 +108,6 @@ typedef struct PEM_Encode_Seal_st { EVP_CIPHER_CTX cipher; } PEM_ENCODE_SEAL_CTX; -/* enc_type is one off */ # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 # define PEM_TYPE_MIC_CLEAR 30 From matt at openssl.org Sat May 16 08:23:47 2015 From: matt at openssl.org (Matt Caswell) Date: Sat, 16 May 2015 08:23:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431764627.830846.22633.nullmailer@dev.openssl.org> The branch master has been updated via b2ce0337e8430f7d4d1e692415efc89ed02a8ea3 (commit) via a304d385900b72467808ba0c2db91f2fc26e0160 (commit) via d45ba43dab962bdc84158efc0cdddd5f5a08cf5e (commit) via a27e81ee54112d8db40e409f45f1e9b88ccbf6b1 (commit) via a3680c8f9c33d4190c367572645980ccdb9d5bbf (commit) via 13c9bb3ecec5f847b4c5295249e039d386e2d10e (commit) via 32ec41539b5b23bc42503589fcc5be65d648d1f5 (commit) from 756eff7a31b5b46577e8529645b254ccc256a8ae (commit) - Log ----------------------------------------------------------------- commit b2ce0337e8430f7d4d1e692415efc89ed02a8ea3 Author: Matt Caswell Date: Fri May 15 09:14:03 2015 +0100 Further version negotiation updates More miscellaneous updates to version negotiation following feedback. Reviewed-by: Kurt Roeckx commit a304d385900b72467808ba0c2db91f2fc26e0160 Author: Matt Caswell Date: Thu May 14 13:48:47 2015 +0100 Move SSLv3_*method() functions Move these functions into t1_clnt.c, t1_srvr.c and t1_meth.c and take advantage of the existing tls1_get*_method() functions that all the other methods are using. Since these now have to support SSLv3 anyway we might as well use the same set of get functions for both TLS and SSLv3. Reviewed-by: Kurt Roeckx commit d45ba43dab962bdc84158efc0cdddd5f5a08cf5e Author: Matt Caswell Date: Fri Apr 24 15:05:27 2015 +0100 Updates following review comments Miscellaneous updates following review comments on the version negotiation rewrite patches. Reviewed-by: Kurt Roeckx commit a27e81ee54112d8db40e409f45f1e9b88ccbf6b1 Author: Matt Caswell Date: Tue Mar 31 14:29:53 2015 +0100 Version negotiation rewrite doc updates Update various documentation references to the new TLS_*_method names. Also add a CHANGES entry. Reviewed-by: Kurt Roeckx commit a3680c8f9c33d4190c367572645980ccdb9d5bbf Author: Matt Caswell Date: Tue Mar 31 13:57:46 2015 +0100 Version negotiation rewrite cleanup Following the version negotiation rewrite all of the previous code that was dedicated to version negotiation can now be deleted - all six source files of it!! Reviewed-by: Kurt Roeckx commit 13c9bb3ecec5f847b4c5295249e039d386e2d10e Author: Matt Caswell Date: Tue Mar 31 00:18:31 2015 +0100 Client side version negotiation rewrite Continuing from the previous commit this changes the way we do client side version negotiation. Similarly all of the s23* "up front" state machine code has been avoided and again things now work much the same way as they already did for DTLS, i.e. we just do most of the work in the ssl3_get_server_hello() function. Reviewed-by: Kurt Roeckx commit 32ec41539b5b23bc42503589fcc5be65d648d1f5 Author: Matt Caswell Date: Fri Mar 27 23:01:51 2015 +0000 Server side version negotiation rewrite This commit changes the way that we do server side protocol version negotiation. Previously we had a whole set of code that had an "up front" state machine dedicated to the negotiating the protocol version. This adds significant complexity to the state machine. Historically the justification for doing this was the support of SSLv2 which works quite differently to SSLv3+. However, we have now removed support for SSLv2 so there is little reason to maintain this complexity. The one slight difficulty is that, although we no longer support SSLv2, we do still support an SSLv3+ ClientHello in an SSLv2 backward compatible ClientHello format. This is generally only used by legacy clients. This commit adds support within the SSLv3 code for these legacy format ClientHellos. Server side version negotiation now works in much the same was as DTLS, i.e. we introduce the concept of TLS_ANY_VERSION. If s->version is set to that then when a ClientHello is received it will work out the most appropriate version to respond with. Also, SSLv23_method and SSLv23_server_method have been replaced with TLS_method and TLS_server_method respectively. The old SSLv23* names still exist as macros pointing at the new name, although they are deprecated. Subsequent commits will look at client side version negotiation, as well of removal of the old s23* code. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: CHANGES | 9 + apps/Makefile | 130 +++---- apps/ciphers.c | 2 +- apps/ocsp.c | 2 +- apps/s_client.c | 2 +- apps/s_server.c | 2 +- apps/s_time.c | 2 +- crypto/threads/mttest.c | 2 +- demos/bio/client-arg.c | 2 +- demos/bio/client-conf.c | 2 +- demos/bio/saccept.c | 2 +- demos/bio/sconnect.c | 2 +- demos/bio/server-arg.c | 2 +- demos/bio/server-conf.c | 2 +- demos/easy_tls/easy-tls.c | 4 +- demos/ssl/cli.cpp | 2 +- demos/ssl/serv.cpp | 2 +- demos/state_machine/state_machine.c | 2 +- doc/crypto/BIO_f_ssl.pod | 4 +- doc/crypto/err.pod | 6 +- doc/ssl/SSL_CTX_new.pod | 35 +- doc/ssl/SSL_clear.pod | 2 +- doc/ssl/ssl.pod | 7 - include/openssl/ssl.h | 27 +- include/openssl/ssl23.h | 84 ---- include/openssl/tls1.h | 3 + ssl/Makefile | 487 +++++++++--------------- ssl/install-ssl.com | 2 +- ssl/record/README | 16 +- ssl/record/rec_layer_s23.c | 114 ------ ssl/record/rec_layer_s3.c | 44 +++ ssl/record/record.h | 10 +- ssl/record/record_locl.h | 2 + ssl/record/ssl3_record.c | 105 +++-- ssl/s23_clnt.c | 595 ----------------------------- ssl/s23_lib.c | 165 -------- ssl/s23_meth.c | 82 ---- ssl/s23_srvr.c | 585 ---------------------------- ssl/s3_both.c | 99 +++-- ssl/s3_clnt.c | 265 ++++++++++--- ssl/s3_lib.c | 28 +- ssl/s3_meth.c | 74 ---- ssl/s3_srvr.c | 741 ++++++++++++++++++++++++------------ ssl/ssl-lib.com | 3 +- ssl/ssl_err.c | 11 +- ssl/ssl_lib.c | 158 -------- ssl/ssl_locl.h | 56 --- ssl/ssl_stat.c | 44 --- ssl/t1_clnt.c | 21 +- ssl/t1_lib.c | 8 +- ssl/t1_meth.c | 20 +- ssl/t1_srvr.c | 21 +- test/Makefile | 20 +- test/ssltest.c | 2 +- util/ssleay.num | 9 +- 55 files changed, 1321 insertions(+), 2807 deletions(-) delete mode 100644 include/openssl/ssl23.h delete mode 100644 ssl/record/rec_layer_s23.c delete mode 100644 ssl/s23_clnt.c delete mode 100644 ssl/s23_lib.c delete mode 100644 ssl/s23_meth.c delete mode 100644 ssl/s23_srvr.c delete mode 100644 ssl/s3_meth.c diff --git a/CHANGES b/CHANGES index 337b9b1..8600b81 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,15 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + + *) Version negotiation has been rewritten. In particular SSLv23_method(), + SSLv23_client_method() and SSLv23_server_method() have been deprecated, + and turned into macros which simply call the new preferred function names + TLS_method(), TLS_client_method() and TLS_server_method(). All new code + should use the new names instead. Also as part of this change the ssl23.h + header file has been removed. + [Matt Caswell] + *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This code and the associated standard is no longer considered fit-for-purpose. [Matt Caswell] diff --git a/apps/Makefile b/apps/Makefile index 9952b3d..29bad61 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -191,12 +191,12 @@ apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h apps.o: ../include/openssl/pkcs7.h ../include/openssl/rsa.h apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h apps.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -apps.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -apps.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -apps.o: ../include/openssl/txt_db.h ../include/openssl/ui.h -apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -apps.o: ../include/openssl/x509v3.h apps.c apps.h progs.h +apps.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +apps.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +apps.o: ../include/openssl/ui.h ../include/openssl/x509.h +apps.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.c apps.h +apps.o: progs.h asn1pars.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h asn1pars.o: ../include/openssl/buffer.h ../include/openssl/conf.h asn1pars.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -244,11 +244,11 @@ ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h ciphers.o: ../include/openssl/sha.h ../include/openssl/srtp.h ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ciphers.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ciphers.o: ../include/openssl/x509v3.h apps.h ciphers.c progs.h +ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ciphers.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +ciphers.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +ciphers.o: ciphers.c progs.h cms.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h cms.o: ../include/openssl/buffer.h ../include/openssl/cms.h cms.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -428,11 +428,11 @@ engine.o: ../include/openssl/pem.h ../include/openssl/pem2.h engine.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h engine.o: ../include/openssl/sha.h ../include/openssl/srtp.h engine.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -engine.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -engine.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -engine.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -engine.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -engine.o: ../include/openssl/x509v3.h apps.h engine.c progs.h +engine.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +engine.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +engine.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +engine.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +engine.o: engine.c progs.h errstr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h errstr.o: ../include/openssl/buffer.h ../include/openssl/comp.h errstr.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -448,11 +448,11 @@ errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h errstr.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h errstr.o: ../include/openssl/sha.h ../include/openssl/srtp.h errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -errstr.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -errstr.o: ../include/openssl/x509v3.h apps.h errstr.c progs.h +errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +errstr.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +errstr.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +errstr.o: errstr.c progs.h gendsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h gendsa.o: ../include/openssl/bn.h ../include/openssl/buffer.h gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -534,12 +534,11 @@ ocsp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ocsp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ocsp.o: ../include/openssl/safestack.h ../include/openssl/sha.h ocsp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ocsp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ocsp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ocsp.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -ocsp.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h ocsp.c -ocsp.o: progs.h +ocsp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ocsp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ocsp.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +ocsp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ocsp.o: ../include/openssl/x509v3.h apps.h ocsp.c progs.h openssl.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h openssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -555,12 +554,11 @@ openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h openssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -openssl.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -openssl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -openssl.o: openssl.c progs.h s_apps.h +openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +openssl.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +openssl.o: ../include/openssl/x509v3.h apps.h openssl.c progs.h s_apps.h opt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h opt.o: ../include/openssl/buffer.h ../include/openssl/conf.h opt.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h @@ -783,12 +781,11 @@ s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_cb.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_cb.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_cb.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_cb.o: progs.h s_apps.h s_cb.c +s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_cb.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_cb.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_cb.c s_client.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_client.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -805,12 +802,12 @@ s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h s_client.o: ../include/openssl/rand.h ../include/openssl/safestack.h s_client.o: ../include/openssl/sha.h ../include/openssl/srp.h s_client.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_client.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_client.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_client.o: progs.h s_apps.h s_client.c timeouts.h +s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_client.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_client.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_client.c +s_client.o: timeouts.h s_server.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_server.o: ../include/openssl/bn.h ../include/openssl/buffer.h s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -828,12 +825,12 @@ s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h s_server.o: ../include/openssl/sha.h ../include/openssl/srp.h s_server.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_server.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_server.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_server.o: progs.h s_apps.h s_server.c timeouts.h +s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_server.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_server.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_server.c +s_server.o: timeouts.h s_socket.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_socket.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_socket.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -848,12 +845,11 @@ s_socket.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h s_socket.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s_socket.o: ../include/openssl/txt_db.h ../include/openssl/x509.h -s_socket.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h -s_socket.o: progs.h s_apps.h s_socket.c +s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s_socket.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h +s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s_socket.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_socket.c s_time.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s_time.o: ../include/openssl/buffer.h ../include/openssl/comp.h s_time.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -869,11 +865,11 @@ s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h s_time.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h s_time.o: ../include/openssl/sha.h ../include/openssl/srtp.h s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s_time.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s_time.o: ../include/openssl/x509v3.h apps.h progs.h s_apps.h s_time.c +s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s_time.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +s_time.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +s_time.o: progs.h s_apps.h s_time.c sess_id.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h sess_id.o: ../include/openssl/buffer.h ../include/openssl/comp.h sess_id.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -889,11 +885,11 @@ sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h sess_id.o: ../include/openssl/sha.h ../include/openssl/srtp.h sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -sess_id.o: ../include/openssl/tls1.h ../include/openssl/txt_db.h -sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -sess_id.o: ../include/openssl/x509v3.h apps.h progs.h sess_id.c +sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +sess_id.o: ../include/openssl/txt_db.h ../include/openssl/x509.h +sess_id.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h +sess_id.o: progs.h sess_id.c smime.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h smime.o: ../include/openssl/buffer.h ../include/openssl/conf.h smime.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h diff --git a/apps/ciphers.c b/apps/ciphers.c index 232fd60..47132fd 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -94,7 +94,7 @@ int ciphers_main(int argc, char **argv) SSL_CTX *ctx = NULL; SSL *ssl = NULL; STACK_OF(SSL_CIPHER) *sk = NULL; - const SSL_METHOD *meth = SSLv23_server_method(); + const SSL_METHOD *meth = TLS_server_method(); int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0; #ifndef OPENSSL_NO_SSL_TRACE int stdname = 0; diff --git a/apps/ocsp.c b/apps/ocsp.c index d52da18..c71b0d6 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -1261,7 +1261,7 @@ OCSP_RESPONSE *process_responder(OCSP_REQUEST *req, BIO_set_conn_port(cbio, port); if (use_ssl == 1) { BIO *sbio; - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); if (ctx == NULL) { BIO_printf(bio_err, "Error creating SSL context.\n"); goto end; diff --git a/apps/s_client.c b/apps/s_client.c index ba411f2..339e451 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -636,7 +636,7 @@ int s_client_main(int argc, char **argv) SSL_CONF_CTX *cctx = NULL; STACK_OF(OPENSSL_STRING) *ssl_args = NULL; STACK_OF(X509_CRL) *crls = NULL; - const SSL_METHOD *meth = SSLv23_client_method(); + const SSL_METHOD *meth = TLS_client_method(); char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL, *mbuf = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog; diff --git a/apps/s_server.c b/apps/s_server.c index 2ef902a..61d13f3 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -987,7 +987,7 @@ int s_server_main(int argc, char *argv[]) ENGINE *e = NULL; EVP_PKEY *s_key = NULL, *s_dkey = NULL; SSL_CONF_CTX *cctx = NULL; - const SSL_METHOD *meth = SSLv23_server_method(); + const SSL_METHOD *meth = TLS_server_method(); SSL_EXCERT *exc = NULL; STACK_OF(OPENSSL_STRING) *ssl_args = NULL; STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL; diff --git a/apps/s_time.c b/apps/s_time.c index 5bca72b..74decd2 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -167,7 +167,7 @@ int s_time_main(int argc, char **argv) int exitNow = 0; /* Set when it's time to exit main */ #endif - meth = SSLv23_client_method(); + meth = TLS_client_method(); verify_depth = 0; verify_error = X509_V_OK; diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index f6f8df2..3218c32 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -194,7 +194,7 @@ int main(int argc, char *argv[]) SSL_CTX *c_ctx = NULL; char *scert = TEST_SERVER_CERT; char *ccert = TEST_CLIENT_CERT; - SSL_METHOD *ssl_method = SSLv23_method(); + SSL_METHOD *ssl_method = TLS_method(); RAND_seed(rnd_seed, sizeof rnd_seed); diff --git a/demos/bio/client-arg.c b/demos/bio/client-arg.c index 8507e04..99ebff1 100644 --- a/demos/bio/client-arg.c +++ b/demos/bio/client-arg.c @@ -17,7 +17,7 @@ int main(int argc, char **argv) ERR_load_SSL_strings(); SSL_library_init(); - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); diff --git a/demos/bio/client-conf.c b/demos/bio/client-conf.c index b75088a..2a78315 100644 --- a/demos/bio/client-conf.c +++ b/demos/bio/client-conf.c @@ -37,7 +37,7 @@ int main(int argc, char **argv) goto end; } - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_FILE); diff --git a/demos/bio/saccept.c b/demos/bio/saccept.c index 505d98b..0d173aa 100644 --- a/demos/bio/saccept.c +++ b/demos/bio/saccept.c @@ -45,7 +45,7 @@ int main(int argc, char *argv[]) /* Add ciphers and message digests */ OpenSSL_add_ssl_algorithms(); - ctx = SSL_CTX_new(SSLv23_server_method()); + ctx = SSL_CTX_new(TLS_server_method()); if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) goto err; if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)) diff --git a/demos/bio/sconnect.c b/demos/bio/sconnect.c index 6e4ca65..865d503 100644 --- a/demos/bio/sconnect.c +++ b/demos/bio/sconnect.c @@ -43,7 +43,7 @@ char *argv[]; /* Setup all the global SSL stuff */ OpenSSL_add_ssl_algorithms(); - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); + ssl_ctx = SSL_CTX_new(TLS_client_method()); /* Lets make a SSL structure */ ssl = SSL_new(ssl_ctx); diff --git a/demos/bio/server-arg.c b/demos/bio/server-arg.c index b188f6a..242ca6c 100644 --- a/demos/bio/server-arg.c +++ b/demos/bio/server-arg.c @@ -29,7 +29,7 @@ int main(int argc, char *argv[]) /* Add ciphers and message digests */ OpenSSL_add_ssl_algorithms(); - ctx = SSL_CTX_new(SSLv23_server_method()); + ctx = SSL_CTX_new(TLS_server_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); diff --git a/demos/bio/server-conf.c b/demos/bio/server-conf.c index cc9fe8a..bf3dd06 100644 --- a/demos/bio/server-conf.c +++ b/demos/bio/server-conf.c @@ -49,7 +49,7 @@ int main(int argc, char *argv[]) goto err; } - ctx = SSL_CTX_new(SSLv23_server_method()); + ctx = SSL_CTX_new(TLS_server_method()); cctx = SSL_CONF_CTX_new(); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_SERVER); SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CERTIFICATE); diff --git a/demos/easy_tls/easy-tls.c b/demos/easy_tls/easy-tls.c index 9346720..b951290 100644 --- a/demos/easy_tls/easy-tls.c +++ b/demos/easy_tls/easy-tls.c @@ -667,8 +667,8 @@ SSL_CTX *tls_create_ctx(struct tls_create_ctx_args a, void *apparg) return NULL; ret = - SSL_CTX_new((a.client_p ? SSLv23_client_method : - SSLv23_server_method) ()); + SSL_CTX_new((a.client_p ? TLS_client_method : + TLS_server_method) ()); if (ret == NULL) goto err; diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp index cb5d329..3459f0f 100644 --- a/demos/ssl/cli.cpp +++ b/demos/ssl/cli.cpp @@ -38,7 +38,7 @@ void main () SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); - meth = SSLv23_client_method(); + meth = TLS_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); diff --git a/demos/ssl/serv.cpp b/demos/ssl/serv.cpp index 6d4cefd..9cb77f8 100644 --- a/demos/ssl/serv.cpp +++ b/demos/ssl/serv.cpp @@ -55,7 +55,7 @@ void main () SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); - meth = SSLv23_server_method(); + meth = TLS_server_method(); ctx = SSL_CTX_new (meth); if (!ctx) { ERR_print_errors_fp(stderr); diff --git a/demos/state_machine/state_machine.c b/demos/state_machine/state_machine.c index 1dd8c2b..98802a1 100644 --- a/demos/state_machine/state_machine.c +++ b/demos/state_machine/state_machine.c @@ -119,7 +119,7 @@ SSLStateMachine *SSLStateMachine_new(const char *szCertificateFile, die_unless(pMachine); - pMachine->pCtx = SSL_CTX_new(SSLv23_server_method()); + pMachine->pCtx = SSL_CTX_new(TLS_server_method()); die_unless(pMachine->pCtx); n = SSL_CTX_use_certificate_file(pMachine->pCtx, szCertificateFile, diff --git a/doc/crypto/BIO_f_ssl.pod b/doc/crypto/BIO_f_ssl.pod index a9f23f1..a0531b0 100644 --- a/doc/crypto/BIO_f_ssl.pod +++ b/doc/crypto/BIO_f_ssl.pod @@ -148,7 +148,7 @@ unencrypted example in L. * do it automatically */ - ctx = SSL_CTX_new(SSLv23_client_method()); + ctx = SSL_CTX_new(TLS_client_method()); /* We'd normally set some stuff like the verify paths and * mode here because as things stand this will connect to @@ -212,7 +212,7 @@ a client and also echoes the request to standard output. /* Might seed PRNG here */ - ctx = SSL_CTX_new(SSLv23_server_method()); + ctx = SSL_CTX_new(TLS_server_method()); if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM) diff --git a/doc/crypto/err.pod b/doc/crypto/err.pod index 4b10f59..1a19a19 100644 --- a/doc/crypto/err.pod +++ b/doc/crypto/err.pod @@ -79,16 +79,16 @@ Each sub-library has a specific macro XXXerr() that is used to report errors. Its first argument is a function code B, the second argument is a reason code B. Function codes are derived from the function names; reason codes consist of textual error -descriptions. For example, the function ssl23_read() reports a +descriptions. For example, the function ssl3_read_bytes() reports a "handshake failure" as follows: - SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_SSL_HANDSHAKE_FAILURE); Function and reason codes should consist of upper case characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name, if none is found it just uses -the capitalized form such as "SSL23_READ" in the above example. +the capitalized form such as "SSL3_READ_BYTES" in the above example. The trailing section of a reason code (after the "_R_") is translated into lower case and underscores changed to spaces. diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 0da3f7b..c788b9b 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions +SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, TLS_method, TLS_server_method, TLS_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions =head1 SYNOPSIS @@ -28,31 +28,30 @@ client only type. B can be of the following types: A TLS/SSL connection established with these methods will only understand the SSLv3 protocol. A client will send out SSLv3 client hello messages and will indicate that it only understands SSLv3. A server will only understand -SSLv3 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). +SSLv3 client hello messages. =item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void) A TLS/SSL connection established with these methods will only understand the TLSv1 protocol. A client will send out TLSv1 client hello messages and will indicate that it only understands TLSv1. A server will only understand -TLSv1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). It will also not understand -SSLv3 client hello messages. +TLSv1 client hello messages. =item TLSv1_1_method(void), TLSv1_1_server_method(void), TLSv1_1_client_method(void) A TLS/SSL connection established with these methods will only understand the TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and will indicate that it only understands TLSv1.1. A server will only -understand TLSv1.1 client hello messages. This especially means, that it will -not understand SSLv2 client hello messages which are widely used for -compatibility reasons, see SSLv23_*_method(). It will also not understand -SSLv3 client hello messages. +understand TLSv1.1 client hello messages. -=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) +=item TLSv1_2_method(void), TLSv1_2_server_method(void), TLSv1_2_client_method(void) + +A TLS/SSL connection established with these methods will only understand the +TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages +and will indicate that it only understands TLSv1.2. A server will only +understand TLSv1.2 client hello messages. + +=item TLS_method(void), TLS_server_method(void), TLS_client_method(void) A TLS/SSL connection established with these methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. @@ -63,6 +62,12 @@ will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern. +=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) + +Use of these functions is deprecated. They have been replaced with TLS_Method(), +TLS_server_method() and TLS_client_method() respectively. New code should use +those functions instead. + =back The list of protocols available can later be limited using the @@ -98,7 +103,9 @@ The return value points to an allocated SSL_CTX object. =head1 HISTORY SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in -OpenSSL 1.1.0. +OpenSSL 1.1.0. SSLv23_method, SSLv23_server_method and SSLv23_client_method were +deprecated and TLS_method, TLS_server_method and TLS_client_method +were introduced in OpenSSL 1.1.0. =head1 SEE ALSO diff --git a/doc/ssl/SSL_clear.pod b/doc/ssl/SSL_clear.pod index ba192bd..1b9ea1f 100644 --- a/doc/ssl/SSL_clear.pod +++ b/doc/ssl/SSL_clear.pod @@ -30,7 +30,7 @@ settings corresponding. This explicitly means, that e.g. the special method used during the session will be kept for the next handshake. So if the session was a TLSv1 session, a SSL client object will use a TLSv1 client method for the next handshake and a SSL server object will use a TLSv1 -server method, even if SSLv23_*_methods were chosen on startup. This +server method, even if TLS_*_methods were chosen on startup. This will might lead to connection failures (see L) for a description of the method's properties. diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 5af0fc6..a094356 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -103,13 +103,6 @@ That's the sub header file dealing with the SSLv3 protocol only. I. -=item B - -That's the sub header file dealing with the combined use of different -protocol version. -I. - =item B That's the sub header file dealing with the TLSv1 protocol only. diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 27e44cc..a93145b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -910,7 +910,6 @@ __owur int SSL_extension_supported(unsigned int ext_type); # include # include /* This is mostly sslv3 with a few tweaks */ # include /* Datagram TLS */ -# include # include /* Support for the use_srtp extension */ #ifdef __cplusplus @@ -1562,12 +1561,16 @@ __owur const SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */ __owur const SSL_METHOD *SSLv3_client_method(void); /* SSLv3 */ # endif -__owur const SSL_METHOD *SSLv23_method(void); /* Negotiate highest available SSL/TLS - * version */ -__owur const SSL_METHOD *SSLv23_server_method(void); /* Negotiate highest available - * SSL/TLS version */ -__owur const SSL_METHOD *SSLv23_client_method(void); /* Negotiate highest available - * SSL/TLS version */ +#ifdef OPENSSL_USE_DEPRECATED +#define SSLv23_method TLS_method +#define SSLv23_server_method TLS_server_method +#define SSLv23_client_method TLS_client_method +#endif + +/* Negotiate highest available SSL/TLS version */ +__owur const SSL_METHOD *TLS_method(void); +__owur const SSL_METHOD *TLS_server_method(void); +__owur const SSL_METHOD *TLS_client_method(void); __owur const SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ __owur const SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ @@ -1928,14 +1931,6 @@ void ERR_load_SSL_strings(void); # define SSL_F_DTLS1_SEND_SERVER_HELLO 266 # define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE 267 # define SSL_F_DTLS1_WRITE_APP_DATA_BYTES 268 -# define SSL_F_SSL23_ACCEPT 115 -# define SSL_F_SSL23_CLIENT_HELLO 116 -# define SSL_F_SSL23_CONNECT 117 -# define SSL_F_SSL23_GET_CLIENT_HELLO 118 -# define SSL_F_SSL23_GET_SERVER_HELLO 119 -# define SSL_F_SSL23_PEEK 237 -# define SSL_F_SSL23_READ 120 -# define SSL_F_SSL23_WRITE 121 # define SSL_F_SSL3_ACCEPT 128 # define SSL_F_SSL3_ADD_CERT_TO_BUF 296 # define SSL_F_SSL3_CALLBACK_CTRL 233 @@ -2073,6 +2068,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 # define SSL_F_SSL_SET_SESSION_TICKET_EXT 294 # define SSL_F_SSL_SET_TRUST 228 +# define SSL_F_SSL_SET_VERSION 347 # define SSL_F_SSL_SET_WFD 196 # define SSL_F_SSL_SHUTDOWN 224 # define SSL_F_SSL_SRP_CTX_INIT 313 @@ -2289,7 +2285,6 @@ void ERR_load_SSL_strings(void); # define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362 # define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363 # define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364 -# define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 # define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT 321 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319 # define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320 diff --git a/include/openssl/ssl23.h b/include/openssl/ssl23.h deleted file mode 100644 index 9de4685..0000000 --- a/include/openssl/ssl23.h +++ /dev/null @@ -1,84 +0,0 @@ -/* ssl/ssl23.h */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#ifndef HEADER_SSL23_H -# define HEADER_SSL23_H - -#ifdef __cplusplus -extern "C" { -#endif - -/* - * client - */ -/* write to server */ -# define SSL23_ST_CW_CLNT_HELLO_A (0x210|SSL_ST_CONNECT) -# define SSL23_ST_CW_CLNT_HELLO_B (0x211|SSL_ST_CONNECT) -/* read from server */ -# define SSL23_ST_CR_SRVR_HELLO_A (0x220|SSL_ST_CONNECT) -# define SSL23_ST_CR_SRVR_HELLO_B (0x221|SSL_ST_CONNECT) - -/* server */ -/* read from client */ -# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) -# define SSL23_ST_SR_CLNT_HELLO_B (0x211|SSL_ST_ACCEPT) - -#ifdef __cplusplus -} -#endif -#endif diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index e1beaf3..d107396 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -167,6 +167,9 @@ extern "C" { # define TLS1_2_VERSION 0x0303 # define TLS_MAX_VERSION TLS1_2_VERSION +/* Special value for method supporting multiple versions */ +# define TLS_ANY_VERSION 0x10000 + # define TLS1_VERSION_MAJOR 0x03 # define TLS1_VERSION_MINOR 0x01 diff --git a/ssl/Makefile b/ssl/Makefile index bb00516..ad2f99f 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -17,9 +17,8 @@ GENERAL=Makefile README ssl-lib.com install.com LIB=$(TOP)/libssl.a SHARED_LIB= libssl$(SHLIB_EXT) LIBSRC= \ - s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ + s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c record/rec_layer_s3.c \ s3_both.c s3_cbc.c s3_msg.c \ - s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c record/rec_layer_s23.c \ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \ d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c record/rec_layer_d1.c d1_msg.c \ d1_both.c d1_srtp.c \ @@ -29,9 +28,8 @@ LIBSRC= \ bio_ssl.c ssl_err.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c \ record/ssl3_buffer.c record/ssl3_record.c record/dtls1_bitmap.c LIBOBJ= \ - s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \ + s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o record/rec_layer_s3.o \ s3_both.o s3_cbc.o s3_msg.o \ - s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o record/rec_layer_s23.o \ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \ d1_meth.o d1_srvr.o d1_clnt.o d1_lib.o record/rec_layer_d1.o d1_msg.o \ d1_both.o d1_srtp.o\ @@ -106,10 +104,10 @@ bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h bio_ssl.o: ../include/openssl/sha.h ../include/openssl/srtp.h bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h -bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c record/record.h ssl_locl.h +bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c +bio_ssl.o: record/record.h ssl_locl.h d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -125,11 +123,10 @@ d1_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h d1_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h d1_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h d1_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c -d1_both.o: record/record.h ssl_locl.h +d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h +d1_both.o: ../include/openssl/x509_vfy.h d1_both.c record/record.h ssl_locl.h d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -147,10 +144,10 @@ d1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h d1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c record/record.h ssl_locl.h +d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c +d1_clnt.o: record/record.h ssl_locl.h d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -166,10 +163,10 @@ d1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h d1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c record/record.h ssl_locl.h +d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c +d1_lib.o: record/record.h ssl_locl.h d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -185,10 +182,10 @@ d1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h d1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c record/record.h ssl_locl.h +d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c +d1_meth.o: record/record.h ssl_locl.h d1_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -204,10 +201,10 @@ d1_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h d1_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h d1_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_msg.o: ../include/openssl/x509_vfy.h d1_msg.c record/record.h ssl_locl.h +d1_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_msg.c +d1_msg.o: record/record.h ssl_locl.h d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -223,10 +220,10 @@ d1_srtp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h d1_srtp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_srtp.o: ../include/openssl/sha.h ../include/openssl/srtp.h d1_srtp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_srtp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_srtp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_srtp.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_srtp.o: ../include/openssl/x509_vfy.h d1_srtp.c record/record.h ssl_locl.h +d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c +d1_srtp.o: record/record.h ssl_locl.h d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -244,10 +241,10 @@ d1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h d1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h d1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c record/record.h ssl_locl.h +d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c +d1_srvr.o: record/record.h ssl_locl.h dtls1_bitmap.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h dtls1_bitmap.o: ../include/openssl/buffer.h ../include/openssl/comp.h dtls1_bitmap.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -263,11 +260,10 @@ dtls1_bitmap.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h dtls1_bitmap.o: ../include/openssl/rsa.h ../include/openssl/safestack.h dtls1_bitmap.o: ../include/openssl/sha.h ../include/openssl/srtp.h dtls1_bitmap.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -dtls1_bitmap.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -dtls1_bitmap.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -dtls1_bitmap.o: ../include/openssl/tls1.h ../include/openssl/x509.h -dtls1_bitmap.o: ../include/openssl/x509_vfy.h dtls1_bitmap.c -dtls1_bitmap.o: record/../record/record.h record/../ssl_locl.h +dtls1_bitmap.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +dtls1_bitmap.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +dtls1_bitmap.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +dtls1_bitmap.o: dtls1_bitmap.c record/../record/record.h record/../ssl_locl.h dtls1_bitmap.o: record/dtls1_bitmap.c record/record_locl.h rec_layer_d1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_d1.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -284,33 +280,12 @@ rec_layer_d1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h rec_layer_d1.o: ../include/openssl/rand.h ../include/openssl/rsa.h rec_layer_d1.o: ../include/openssl/safestack.h ../include/openssl/sha.h rec_layer_d1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -rec_layer_d1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -rec_layer_d1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -rec_layer_d1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -rec_layer_d1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rec_layer_d1.o: rec_layer_d1.c record/../record/record.h record/../ssl_locl.h +rec_layer_d1.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +rec_layer_d1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rec_layer_d1.o: ../include/openssl/tls1.h ../include/openssl/x509.h +rec_layer_d1.o: ../include/openssl/x509_vfy.h rec_layer_d1.c +rec_layer_d1.o: record/../record/record.h record/../ssl_locl.h rec_layer_d1.o: record/rec_layer_d1.c record/record_locl.h -rec_layer_s23.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -rec_layer_s23.o: ../include/openssl/buffer.h ../include/openssl/comp.h -rec_layer_s23.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -rec_layer_s23.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -rec_layer_s23.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -rec_layer_s23.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -rec_layer_s23.o: ../include/openssl/evp.h ../include/openssl/hmac.h -rec_layer_s23.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -rec_layer_s23.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -rec_layer_s23.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -rec_layer_s23.o: ../include/openssl/pem.h ../include/openssl/pem2.h -rec_layer_s23.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -rec_layer_s23.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -rec_layer_s23.o: ../include/openssl/sha.h ../include/openssl/srtp.h -rec_layer_s23.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -rec_layer_s23.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -rec_layer_s23.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -rec_layer_s23.o: ../include/openssl/tls1.h ../include/openssl/x509.h -rec_layer_s23.o: ../include/openssl/x509_vfy.h rec_layer_s23.c -rec_layer_s23.o: record/../record/record.h record/../ssl_locl.h -rec_layer_s23.o: record/rec_layer_s23.c rec_layer_s3.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h rec_layer_s3.o: ../include/openssl/buffer.h ../include/openssl/comp.h rec_layer_s3.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -326,90 +301,12 @@ rec_layer_s3.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h rec_layer_s3.o: ../include/openssl/rand.h ../include/openssl/rsa.h rec_layer_s3.o: ../include/openssl/safestack.h ../include/openssl/sha.h rec_layer_s3.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -rec_layer_s3.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -rec_layer_s3.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -rec_layer_s3.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -rec_layer_s3.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -rec_layer_s3.o: rec_layer_s3.c record/../record/record.h record/../ssl_locl.h +rec_layer_s3.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +rec_layer_s3.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +rec_layer_s3.o: ../include/openssl/tls1.h ../include/openssl/x509.h +rec_layer_s3.o: ../include/openssl/x509_vfy.h rec_layer_s3.c +rec_layer_s3.o: record/../record/record.h record/../ssl_locl.h rec_layer_s3.o: record/rec_layer_s3.c record/record_locl.h -s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s23_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s23_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s23_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s23_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s23_clnt.o: record/record.h s23_clnt.c ssl_locl.h -s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s23_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s23_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s23_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s23_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_lib.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_lib.o: ../include/openssl/x509_vfy.h record/record.h s23_lib.c ssl_locl.h -s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s23_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s23_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s23_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s23_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s23_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s23_meth.o: ../include/openssl/x509_vfy.h record/record.h s23_meth.c ssl_locl.h -s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s23_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s23_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s23_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s23_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s23_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s23_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h -s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s23_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s23_srvr.o: record/record.h s23_srvr.c ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -425,11 +322,10 @@ s3_both.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h s3_both.o: ../include/openssl/rand.h ../include/openssl/rsa.h s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h s3_both.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_both.o: record/record.h s3_both.c ssl_locl.h +s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_both.o: ../include/openssl/x509_vfy.h record/record.h s3_both.c ssl_locl.h s3_cbc.o: ../e_os.h ../include/internal/constant_time_locl.h s3_cbc.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -446,11 +342,10 @@ s3_cbc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h s3_cbc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h s3_cbc.o: ../include/openssl/safestack.h ../include/openssl/sha.h s3_cbc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_cbc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_cbc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_cbc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_cbc.o: record/record.h s3_cbc.c ssl_locl.h +s3_cbc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_cbc.o: ../include/openssl/x509_vfy.h record/record.h s3_cbc.c ssl_locl.h s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -468,11 +363,10 @@ s3_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h s3_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_clnt.o: record/record.h s3_clnt.c ssl_locl.h +s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_clnt.o: ../include/openssl/x509_vfy.h record/record.h s3_clnt.c ssl_locl.h s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -488,11 +382,10 @@ s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h s3_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h s3_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h s3_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -s3_enc.o: record/record.h s3_enc.c ssl_locl.h +s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h +s3_enc.o: ../include/openssl/x509_vfy.h record/record.h s3_enc.c ssl_locl.h s3_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_lib.o: ../include/openssl/crypto.h ../include/openssl/dh.h @@ -506,32 +399,13 @@ s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h s3_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h s3_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h +s3_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h +s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h +s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h +s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h s3_lib.o: ../include/openssl/x509_vfy.h record/record.h s3_lib.c ssl_locl.h -s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s3_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s3_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s3_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s3_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s3_meth.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h -s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s3_meth.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s3_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s3_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_meth.o: ../include/openssl/x509_vfy.h record/record.h s3_meth.c ssl_locl.h s3_msg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_msg.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_msg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -547,10 +421,10 @@ s3_msg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h s3_msg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h s3_msg.o: ../include/openssl/sha.h ../include/openssl/srtp.h s3_msg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_msg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_msg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_msg.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_msg.o: ../include/openssl/x509_vfy.h record/record.h s3_msg.c ssl_locl.h +s3_msg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_msg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_msg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_msg.o: record/record.h s3_msg.c ssl_locl.h s3_srvr.o: ../e_os.h ../include/internal/constant_time_locl.h s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h @@ -569,10 +443,10 @@ s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s3_srvr.o: ../include/openssl/x509_vfy.h record/record.h s3_srvr.c ssl_locl.h +s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +s3_srvr.o: record/record.h s3_srvr.c ssl_locl.h ssl3_buffer.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_buffer.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl3_buffer.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -588,12 +462,11 @@ ssl3_buffer.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl3_buffer.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl3_buffer.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl3_buffer.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl3_buffer.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl3_buffer.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl3_buffer.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl3_buffer.o: ../include/openssl/x509_vfy.h record/../record/record.h -ssl3_buffer.o: record/../ssl_locl.h record/record_locl.h record/ssl3_buffer.c -ssl3_buffer.o: ssl3_buffer.c +ssl3_buffer.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl3_buffer.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl3_buffer.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl3_buffer.o: record/../record/record.h record/../ssl_locl.h +ssl3_buffer.o: record/record_locl.h record/ssl3_buffer.c ssl3_buffer.c ssl3_record.o: ../e_os.h ../include/internal/constant_time_locl.h ssl3_record.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl3_record.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -610,12 +483,12 @@ ssl3_record.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl3_record.o: ../include/openssl/rand.h ../include/openssl/rsa.h ssl3_record.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssl3_record.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl3_record.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl3_record.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl3_record.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl3_record.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl3_record.o: record/../record/record.h record/../ssl_locl.h -ssl3_record.o: record/record_locl.h record/ssl3_record.c ssl3_record.c +ssl3_record.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ssl3_record.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl3_record.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl3_record.o: ../include/openssl/x509_vfy.h record/../record/record.h +ssl3_record.o: record/../ssl_locl.h record/record_locl.h record/ssl3_record.c +ssl3_record.o: ssl3_record.c ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -631,10 +504,10 @@ ssl_algs.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_algs.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_algs.o: ../include/openssl/x509_vfy.h record/record.h ssl_algs.c ssl_locl.h +ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_algs.o: record/record.h ssl_algs.c ssl_locl.h ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1t.h ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -650,11 +523,10 @@ ssl_asn1.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ssl_asn1.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssl_asn1.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_asn1.o: record/record.h ssl_asn1.c ssl_locl.h +ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_asn1.o: ../include/openssl/x509_vfy.h record/record.h ssl_asn1.c ssl_locl.h ssl_cert.o: ../e_os.h ../include/internal/o_dir.h ../include/openssl/asn1.h ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h @@ -672,11 +544,10 @@ ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_cert.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -ssl_cert.o: record/record.h ssl_cert.c ssl_locl.h +ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_cert.o: ../include/openssl/x509v3.h record/record.h ssl_cert.c ssl_locl.h ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -692,11 +563,10 @@ ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ssl_ciph.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h ssl_ciph.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssl_ciph.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_ciph.o: record/record.h ssl_ciph.c ssl_locl.h +ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_ciph.o: ../include/openssl/x509_vfy.h record/record.h ssl_ciph.c ssl_locl.h ssl_conf.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_conf.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_conf.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -713,10 +583,10 @@ ssl_conf.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_conf.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_conf.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_conf.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_conf.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_conf.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_conf.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_conf.o: ../include/openssl/x509_vfy.h record/record.h ssl_conf.c ssl_locl.h +ssl_conf.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_conf.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_conf.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_conf.o: record/record.h ssl_conf.c ssl_locl.h ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h @@ -730,10 +600,10 @@ ssl_err.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssl_err.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c +ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h @@ -747,10 +617,10 @@ ssl_err2.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssl_err2.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c +ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h @@ -768,11 +638,11 @@ ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssl_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -ssl_lib.o: ../include/openssl/x509v3.h record/record.h ssl_lib.c ssl_locl.h +ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +ssl_lib.o: record/record.h ssl_lib.c ssl_locl.h ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -788,10 +658,10 @@ ssl_rsa.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_rsa.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_rsa.c +ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_rsa.o: record/record.h ssl_locl.h ssl_rsa.c ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -808,10 +678,10 @@ ssl_sess.o: ../include/openssl/pqueue.h ../include/openssl/rand.h ssl_sess.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_sess.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_sess.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_sess.c +ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_sess.o: record/record.h ssl_locl.h ssl_sess.c ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -827,10 +697,10 @@ ssl_stat.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_stat.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_stat.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_stat.c +ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_stat.o: record/record.h ssl_locl.h ssl_stat.c ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -846,10 +716,10 @@ ssl_txt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_txt.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_txt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_txt.c +ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_txt.o: record/record.h ssl_locl.h ssl_txt.c ssl_utst.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h ssl_utst.o: ../include/openssl/buffer.h ../include/openssl/comp.h ssl_utst.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -865,10 +735,10 @@ ssl_utst.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h ssl_utst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h ssl_utst.o: ../include/openssl/sha.h ../include/openssl/srtp.h ssl_utst.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssl_utst.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssl_utst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssl_utst.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssl_utst.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h ssl_utst.c +ssl_utst.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssl_utst.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssl_utst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssl_utst.o: record/record.h ssl_locl.h ssl_utst.c t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -884,11 +754,10 @@ t1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h t1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_clnt.o: record/record.h ssl_locl.h t1_clnt.c +t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_clnt.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_clnt.c t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -905,10 +774,10 @@ t1_enc.o: ../include/openssl/pqueue.h ../include/openssl/rand.h t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h t1_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_enc.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_enc.c +t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_enc.o: record/record.h ssl_locl.h t1_enc.c t1_ext.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_ext.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_ext.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -924,10 +793,10 @@ t1_ext.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_ext.o: ../include/openssl/rsa.h ../include/openssl/safestack.h t1_ext.o: ../include/openssl/sha.h ../include/openssl/srtp.h t1_ext.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_ext.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_ext.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_ext.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_ext.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_ext.c +t1_ext.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_ext.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_ext.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_ext.o: record/record.h ssl_locl.h t1_ext.c t1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h t1_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h @@ -945,11 +814,11 @@ t1_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_lib.o: ../include/openssl/rand.h ../include/openssl/rsa.h t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h t1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_lib.o: ../include/openssl/x509v3.h record/record.h ssl_locl.h t1_lib.c +t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +t1_lib.o: record/record.h ssl_locl.h t1_lib.c t1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -965,10 +834,10 @@ t1_meth.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h t1_meth.o: ../include/openssl/sha.h ../include/openssl/srtp.h t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_meth.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_meth.c +t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_meth.o: record/record.h ssl_locl.h t1_meth.c t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -984,10 +853,10 @@ t1_reneg.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_reneg.o: ../include/openssl/rsa.h ../include/openssl/safestack.h t1_reneg.o: ../include/openssl/sha.h ../include/openssl/srtp.h t1_reneg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_reneg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_reneg.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_reneg.c +t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_reneg.o: record/record.h ssl_locl.h t1_reneg.c t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1003,11 +872,10 @@ t1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h t1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -t1_srvr.o: record/record.h ssl_locl.h t1_srvr.c +t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h +t1_srvr.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_srvr.c t1_trce.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h t1_trce.o: ../include/openssl/buffer.h ../include/openssl/comp.h t1_trce.o: ../include/openssl/crypto.h ../include/openssl/dsa.h @@ -1023,10 +891,10 @@ t1_trce.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h t1_trce.o: ../include/openssl/rsa.h ../include/openssl/safestack.h t1_trce.o: ../include/openssl/sha.h ../include/openssl/srtp.h t1_trce.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -t1_trce.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -t1_trce.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -t1_trce.o: ../include/openssl/tls1.h ../include/openssl/x509.h -t1_trce.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h t1_trce.c +t1_trce.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +t1_trce.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +t1_trce.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +t1_trce.o: record/record.h ssl_locl.h t1_trce.c tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h @@ -1043,8 +911,7 @@ tls_srp.o: ../include/openssl/pqueue.h ../include/openssl/rand.h tls_srp.o: ../include/openssl/rsa.h ../include/openssl/safestack.h tls_srp.o: ../include/openssl/sha.h ../include/openssl/srp.h tls_srp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -tls_srp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -tls_srp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -tls_srp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -tls_srp.o: record/record.h ssl_locl.h tls_srp.c +tls_srp.o: ../include/openssl/ssl2.h ../include/openssl/ssl3.h +tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h +tls_srp.o: ../include/openssl/x509_vfy.h record/record.h ssl_locl.h tls_srp.c diff --git a/ssl/install-ssl.com b/ssl/install-ssl.com index 55e1a6a..c213357 100755 --- a/ssl/install-ssl.com +++ b/ssl/install-ssl.com @@ -70,7 +70,7 @@ $ if f$parse("wrk_sslinclude:") .eqs. "" then - $ if f$parse("wrk_sslxlib:") .eqs. "" then - create /directory /log wrk_sslxlib: $! -$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, srtp.h +$ exheader := ssl.h, ssl2.h, ssl3.h, tls1.h, dtls1.h, srtp.h $ libs := ssl_libssl $! $ xexe_dir := [-.'archd'.exe.ssl] diff --git a/ssl/record/README b/ssl/record/README index 6870b53..987e9fd 100644 --- a/ssl/record/README +++ b/ssl/record/README @@ -21,7 +21,7 @@ The source files map to components as follows: dtls1_bitmap.c -> DTLS1_BITMAP component ssl3_buffer.c -> SSL3_BUFFER component ssl3_record.c -> SSL3_RECORD component -rec_layer_s23.c, rec_layer_s3.c, rec_layer_d1.c -> RECORD_LAYER component +rec_layer_s3.c, rec_layer_d1.c -> RECORD_LAYER component The RECORD_LAYER component is a facade pattern, i.e. it provides a simplified interface to the record layer for the rest of libssl. The other 3 components are @@ -46,9 +46,6 @@ Conceptually it looks like this: | | | RECORD_LAYER | | | - | rec_layer_s23.c | - | ^ | - | | | | rec_layer_s3.c | | ^ | | _________|__________ | @@ -69,10 +66,9 @@ Conceptually it looks like this: |_______________| |_______________| |________________| -The three RECORD_LAYER source files build progressively on each other, i.e. -the simplest is rec_layer_s23.c. This provides the most basic functions used -for version negotiation. Next rec_layer_s3.c adds the SSL/TLS layer. Finally -rec_layer_d1.c builds off of the SSL/TLS code to provide DTLS specific -capabilities. It uses some DTLS specific RECORD_LAYER component members which -should only be accessed from rec_layer_d1.c. These are held in the +The two RECORD_LAYER source files build on each other, i.e. +the main one is rec_layer_s3.c which provides the core SSL/TLS layer. The second +one is rec_layer_d1.c which builds off of the SSL/TLS code to provide DTLS +specific capabilities. It uses some DTLS specific RECORD_LAYER component members +which should only be accessed from rec_layer_d1.c. These are held in the DTLS1_RECORD_LAYER struct. diff --git a/ssl/record/rec_layer_s23.c b/ssl/record/rec_layer_s23.c deleted file mode 100644 index eb09be1..0000000 --- a/ssl/record/rec_layer_s23.c +++ /dev/null @@ -1,114 +0,0 @@ -/* ssl/record/rec_layer_s23.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#define USE_SOCKETS -#include "../ssl_locl.h" -#include -#include - -int ssl23_write_bytes(SSL *s) -{ - int i, num, tot; - char *buf; - - buf = s->init_buf->data; - tot = s->init_off; - num = s->init_num; - for (;;) { - s->rwstate = SSL_WRITING; - i = BIO_write(s->wbio, &(buf[tot]), num); - if (i <= 0) { - s->init_off = tot; - s->init_num = num; - return (i); - } - s->rwstate = SSL_NOTHING; - if (i == num) - return (tot + i); - - num -= i; - tot += i; - } -} - -/* return regularly only when we have read (at least) 'n' bytes */ -int ssl23_read_bytes(SSL *s, int n) -{ - unsigned char *p; - int j; - - if (s->rlayer.packet_length < (unsigned int)n) { - p = s->rlayer.packet; - - for (;;) { - s->rwstate = SSL_READING; - j = BIO_read(s->rbio, - (char *)&(p[s->rlayer.packet_length]), - n - s->rlayer.packet_length); - if (j <= 0) - return (j); - s->rwstate = SSL_NOTHING; - s->rlayer.packet_length += j; - if (s->rlayer.packet_length >= (unsigned int)n) - return (s->rlayer.packet_length); - } - } - return (n); -} diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index eccb517..456fac4 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1110,6 +1110,35 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) */ /* + * Lets just double check that we've not got an SSLv2 record + */ + if (rr->rec_version == SSL2_VERSION) { + /* + * Should never happen. ssl3_get_record() should only give us an SSLv2 + * record back if this is the first packet and we are looking for an + * initial ClientHello. Therefore |type| should always be equal to + * |rr->type|. If not then something has gone horribly wrong + */ + al = SSL_AD_INTERNAL_ERROR; + SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); + goto f_err; + } + + if(s->method->version == TLS_ANY_VERSION + && (s->server || rr->type != SSL3_RT_ALERT)) { + /* + * If we've got this far and still haven't decided on what version + * we're using then this must be a client side alert we're dealing with + * (we don't allow heartbeats yet). We shouldn't be receiving anything + * other than a ClientHello if we are a server. + */ + s->version = rr->rec_version; + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + + /* * In case of record types for which we have 'fragment' storage, fill * that so that we can process the data at a fixed place. */ @@ -1464,4 +1493,19 @@ void ssl3_record_sequence_update(unsigned char *seq) } } +/* + * Returns true if the current rrec was sent in SSLv2 backwards compatible + * format and false otherwise. + */ +int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl) +{ + return SSL3_RECORD_is_sslv2_record(&rl->rrec); +} +/* + * Returns the length in bytes of the current rrec + */ +int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl) +{ + return SSL3_RECORD_get_length(&rl->rrec); +} diff --git a/ssl/record/record.h b/ssl/record/record.h index 6bccb71..cf1607c 100644 --- a/ssl/record/record.h +++ b/ssl/record/record.h @@ -132,6 +132,10 @@ typedef struct ssl3_buffer_st { #define SEQ_NUM_SIZE 8 typedef struct ssl3_record_st { + /* Record layer version */ + /* r */ + int rec_version; + /* type of record */ /* r */ int type; @@ -298,6 +302,8 @@ typedef struct record_layer_st { * * *****************************************************************************/ +#define MIN_SSL2_RECORD_LEN 9 + #define RECORD_LAYER_set_read_ahead(rl, ra) ((rl)->read_ahead = (ra)) #define RECORD_LAYER_get_read_ahead(rl) ((rl)->read_ahead) #define RECORD_LAYER_get_packet(rl) ((rl)->packet) @@ -319,9 +325,9 @@ void RECORD_LAYER_dup(RECORD_LAYER *dst, RECORD_LAYER *src); void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); int RECORD_LAYER_setup_comp_buffer(RECORD_LAYER *rl); +int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); +int RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl); __owur int ssl3_pending(const SSL *s); -__owur int ssl23_read_bytes(SSL *s, int n); -__owur int ssl23_write_bytes(SSL *s); __owur int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); __owur int do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len, int create_empty_fragment); diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index 72f8e55..b2222d7 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -186,6 +186,8 @@ int ssl3_release_write_buffer(SSL *s); #define SSL3_RECORD_set_off(r, o) ((r)->off = (o)) #define SSL3_RECORD_add_off(r, o) ((r)->off += (o)) #define SSL3_RECORD_get_epoch(r) ((r)->epoch) +#define SSL3_RECORD_is_sslv2_record(r) \ + ((r)->rec_version == SSL2_VERSION) void SSL3_RECORD_clear(SSL3_RECORD *r); void SSL3_RECORD_release(SSL3_RECORD *r); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 0328127..b0eb7cc 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -166,6 +166,7 @@ void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num) */ #define MAX_EMPTY_RECORDS 32 +#define SSL2_RT_HEADER_LENGTH 2 /*- * Call this to get a new input record. * It will return <= 0 if more data is needed, normally due to an error @@ -216,20 +217,49 @@ int ssl3_get_record(SSL *s) RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY); p = RECORD_LAYER_get_packet(&s->rlayer); - if (s->msg_callback) - s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, - s->msg_callback_arg); - /* Pull apart the header into the SSL3_RECORD */ - rr->type = *(p++); - ssl_major = *(p++); - ssl_minor = *(p++); - version = (ssl_major << 8) | ssl_minor; - n2s(p, rr->length); + /* + * Check whether this is a regular record or an SSLv2 style record. The + * latter is only used in an initial ClientHello for old clients. We + * check s->read_hash and s->enc_read_ctx to ensure this does not apply + * during renegotiation + */ + if (s->first_packet && s->server && !s->read_hash && !s->enc_read_ctx + && (p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { + /* SSLv2 style record */ + rr->type = SSL3_RT_HANDSHAKE; + rr->rec_version = SSL2_VERSION; + + rr->length = ((p[0] & 0x7f) << 8) | p[1]; + + if (rr->length > SSL3_BUFFER_get_len(&s->rlayer.rbuf) + - SSL2_RT_HEADER_LENGTH) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); + goto f_err; + } - /* Lets check version */ - if (!s->first_packet) { - if (version != s->version) { + if (rr->length < MIN_SSL2_RECORD_LEN) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + } else { + /* SSLv3+ style record */ + if (s->msg_callback) + s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s, + s->msg_callback_arg); + + /* Pull apart the header into the SSL3_RECORD */ + rr->type = *(p++); + ssl_major = *(p++); + ssl_minor = *(p++); + version = (ssl_major << 8) | ssl_minor; + rr->rec_version = version; + n2s(p, rr->length); + + /* Lets check version */ + if (!s->first_packet && version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) && !s->enc_write_ctx && !s->write_hash) @@ -240,47 +270,54 @@ int ssl3_get_record(SSL *s) al = SSL_AD_PROTOCOL_VERSION; goto f_err; } - } - if ((version >> 8) != SSL3_VERSION_MAJOR) { - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); - goto err; - } + if ((version >> 8) != SSL3_VERSION_MAJOR) { + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); + goto err; + } - if (rr->length > - SSL3_BUFFER_get_len(&s->rlayer.rbuf) - - SSL3_RT_HEADER_LENGTH) { - al = SSL_AD_RECORD_OVERFLOW; - SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); - goto f_err; + if (rr->length > + SSL3_BUFFER_get_len(&s->rlayer.rbuf) + - SSL3_RT_HEADER_LENGTH) { + al = SSL_AD_RECORD_OVERFLOW; + SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_PACKET_LENGTH_TOO_LONG); + goto f_err; + } } /* now s->rlayer.rstate == SSL_ST_READ_BODY */ } - /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */ - - if (rr->length > - RECORD_LAYER_get_packet_length(&s->rlayer) - SSL3_RT_HEADER_LENGTH) { - /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ + /* + * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data. + * Calculate how much more data we need to read for the rest of the record + */ + if (rr->rec_version == SSL2_VERSION) { + i = rr->length + SSL2_RT_HEADER_LENGTH - SSL3_RT_HEADER_LENGTH; + } else { i = rr->length; + } + if (i > 0) { + /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ + n = ssl3_read_n(s, i, i, 1); if (n <= 0) return (n); /* error or non-blocking io */ - /* - * now n == rr->length, and s->packet_length == SSL3_RT_HEADER_LENGTH - * + rr->length - */ } /* set state for later operations */ RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER); /* - * At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, + * At this point, s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length, + * or s->packet_length == SSL2_RT_HEADER_LENGTH + rr->length * and we have that many bytes in s->packet */ - rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); + if(rr->rec_version == SSL2_VERSION) { + rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]); + } else { + rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]); + } /* * ok, we can now read from 's->packet' data into 'rr' rr->input points diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c deleted file mode 100644 index 3434340..0000000 --- a/ssl/s23_clnt.c +++ /dev/null @@ -1,595 +0,0 @@ -/* ssl/s23_clnt.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#include -#include "ssl_locl.h" -#include -#include -#include -#include - -static const SSL_METHOD *ssl23_get_client_method(int ver); -static int ssl23_client_hello(SSL *s); -static int ssl23_get_server_hello(SSL *s); -static const SSL_METHOD *ssl23_get_client_method(int ver) -{ -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return (SSLv3_client_method()); -#endif - if (ver == TLS1_VERSION) - return (TLSv1_client_method()); - else if (ver == TLS1_1_VERSION) - return (TLSv1_1_client_method()); - else if (ver == TLS1_2_VERSION) - return (TLSv1_2_client_method()); - else - return (NULL); -} - -IMPLEMENT_ssl23_meth_func(SSLv23_client_method, - ssl_undefined_function, - ssl23_connect, ssl23_get_client_method) - -int ssl23_connect(SSL *s) -{ - BUF_MEM *buf = NULL; - unsigned long Time = (unsigned long)time(NULL); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int ret = -1; - int new_state, state; - - RAND_add(&Time, sizeof(Time), 0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) { - if (!SSL_clear(s)) - return -1; - } - - for (;;) { - state = s->state; - - switch (s->state) { - case SSL_ST_BEFORE: - case SSL_ST_CONNECT: - case SSL_ST_BEFORE | SSL_ST_CONNECT: - case SSL_ST_OK | SSL_ST_CONNECT: - - if (s->session != NULL) { - SSLerr(SSL_F_SSL23_CONNECT, - SSL_R_SSL23_DOING_SESSION_ID_REUSE); - ret = -1; - goto end; - } - s->server = 0; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); - - /* s->version=TLS1_VERSION; */ - s->type = SSL_ST_CONNECT; - - if (s->init_buf == NULL) { - if ((buf = BUF_MEM_new()) == NULL) { - ret = -1; - goto end; - } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { - ret = -1; - goto end; - } - s->init_buf = buf; - buf = NULL; - } - - if (!ssl3_setup_buffers(s)) { - ret = -1; - goto end; - } - - ssl3_init_finished_mac(s); - - s->state = SSL23_ST_CW_CLNT_HELLO_A; - s->ctx->stats.sess_connect++; - s->init_num = 0; - break; - - case SSL23_ST_CW_CLNT_HELLO_A: - case SSL23_ST_CW_CLNT_HELLO_B: - - s->shutdown = 0; - ret = ssl23_client_hello(s); - if (ret <= 0) - goto end; - s->state = SSL23_ST_CR_SRVR_HELLO_A; - s->init_num = 0; - - break; - - case SSL23_ST_CR_SRVR_HELLO_A: - case SSL23_ST_CR_SRVR_HELLO_B: - ret = ssl23_get_server_hello(s); - if (ret >= 0) - cb = NULL; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL23_CONNECT, SSL_R_UNKNOWN_STATE); - ret = -1; - goto end; - /* break; */ - } - - if (s->debug) { - (void)BIO_flush(s->wbio); - } - - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; - cb(s, SSL_CB_CONNECT_LOOP, 1); - s->state = new_state; - } - } - end: - s->in_handshake--; - BUF_MEM_free(buf); - if (cb != NULL) - cb(s, SSL_CB_CONNECT_EXIT, ret); - return (ret); -} - -/* - * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on - * failure, 1 on success. - */ -int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) -{ - int send_time = 0; - - if (len < 4) - return 0; - if (server) - send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; - else - send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; - if (send_time) { - unsigned long Time = (unsigned long)time(NULL); - unsigned char *p = result; - l2n(Time, p); - return RAND_bytes(p, len - 4); - } else - return RAND_bytes(result, len); -} - -static int ssl23_client_hello(SSL *s) -{ - unsigned char *buf; - unsigned char *p, *d; - int i; - unsigned long l; - int version = 0, version_major, version_minor; - int al = 0; -#ifndef OPENSSL_NO_COMP - int j; - SSL_COMP *comp; -#endif - int ret; - unsigned long mask, options = s->options; - - /* - * SSL_OP_NO_X disables all protocols above X *if* there are - * some protocols below X enabled. This is required in order - * to maintain "version capability" vector contiguous. So - * that if application wants to disable TLS1.0 in favour of - * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the - * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. - */ - mask = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1 -#if !defined(OPENSSL_NO_SSL3) - | SSL_OP_NO_SSLv3 -#endif - ; -#if !defined(OPENSSL_NO_TLS1_2_CLIENT) - version = TLS1_2_VERSION; - - if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask) - version = TLS1_1_VERSION; -#else - version = TLS1_1_VERSION; -#endif - mask &= ~SSL_OP_NO_TLSv1_1; - if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) - version = TLS1_VERSION; - mask &= ~SSL_OP_NO_TLSv1; -#if !defined(OPENSSL_NO_SSL3) - if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) - version = SSL3_VERSION; - mask &= ~SSL_OP_NO_SSLv3; -#endif - - buf = (unsigned char *)s->init_buf->data; - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) { - p = s->s3->client_random; - if (ssl_fill_hello_random(s, 0, p, SSL3_RANDOM_SIZE) <= 0) - return -1; - - if (version == TLS1_2_VERSION) { - version_major = TLS1_2_VERSION_MAJOR; - version_minor = TLS1_2_VERSION_MINOR; - } else if (tls1_suiteb(s)) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, - SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); - return -1; - } else if (version == TLS1_1_VERSION) { - version_major = TLS1_1_VERSION_MAJOR; - version_minor = TLS1_1_VERSION_MINOR; - } else if (version == TLS1_VERSION) { - version_major = TLS1_VERSION_MAJOR; - version_minor = TLS1_VERSION_MINOR; - } else if (FIPS_mode()) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, - SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - return -1; - } else if (version == SSL3_VERSION) { - version_major = SSL3_VERSION_MAJOR; - version_minor = SSL3_VERSION_MINOR; - } else { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_PROTOCOLS_AVAILABLE); - return (-1); - } - - s->client_version = version; - - /* create Client Hello in SSL 3.0/TLS 1.0 format */ - - /* - * do the record header (5 bytes) and handshake message header (4 - * bytes) last - */ - d = p = &(buf[9]); - - *(p++) = version_major; - *(p++) = version_minor; - - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; - - /* Session ID (zero since there is no reuse) */ - *(p++) = 0; - - /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ - i = ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &(p[2]), - ssl3_put_cipher_by_char); - if (i == 0) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } -#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* - * Some servers hang if client hello > 256 bytes as hack workaround - * chop number of supported ciphers to keep it well below this if we - * use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION - && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; -#endif - s2n(i, p); - p += i; - - /* COMPRESSION */ -#ifdef OPENSSL_NO_COMP - *(p++) = 1; -#else - if (!ssl_allow_compression(s) || !s->ctx->comp_methods) - j = 0; - else - j = sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++) = 1 + j; - for (i = 0; i < j; i++) { - comp = sk_SSL_COMP_value(s->ctx->comp_methods, i); - *(p++) = comp->id; - } -#endif - *(p++) = 0; /* Add the NULL method */ - -#ifndef OPENSSL_NO_TLSEXT - /* TLS extensions */ - if (ssl_prepare_clienthello_tlsext(s) <= 0) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); - return -1; - } - if ((p = - ssl_add_clienthello_tlsext(s, p, buf + SSL3_RT_MAX_PLAIN_LENGTH, - &al)) == NULL) { - ssl3_send_alert(s, SSL3_AL_FATAL, al); - SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } -#endif - - l = p - d; - - /* fill in 4-byte handshake header */ - d = &(buf[5]); - *(d++) = SSL3_MT_CLIENT_HELLO; - l2n3(l, d); - - l += 4; - - if (l > SSL3_RT_MAX_PLAIN_LENGTH) { - SSLerr(SSL_F_SSL23_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); - return -1; - } - - /* fill in 5-byte record header */ - d = buf; - *(d++) = SSL3_RT_HANDSHAKE; - *(d++) = version_major; - /* - * Some servers hang if we use long client hellos and a record number - * > TLS 1.0. - */ - if (TLS1_get_client_version(s) > TLS1_VERSION) - *(d++) = 1; - else - *(d++) = version_minor; - s2n((int)l, d); - - /* number of bytes to write */ - s->init_num = p - buf; - s->init_off = 0; - - ssl3_finish_mac(s, &(buf[5]), s->init_num - 5); - - s->state = SSL23_ST_CW_CLNT_HELLO_B; - s->init_off = 0; - } - - /* SSL3_ST_CW_CLNT_HELLO_B */ - ret = ssl23_write_bytes(s); - - if ((ret >= 2) && s->msg_callback) { - /* Client Hello has been sent; tell msg_callback */ - s->msg_callback(1, version, SSL3_RT_HEADER, s->init_buf->data, 5, s, - s->msg_callback_arg); - s->msg_callback(1, version, SSL3_RT_HANDSHAKE, s->init_buf->data + 5, - ret - 5, s, s->msg_callback_arg); - } - - return ret; -} - -static int ssl23_get_server_hello(SSL *s) -{ - unsigned char buf[8]; - unsigned char *p; - int i; - int n; - - n = ssl23_read_bytes(s, 7); - - if (n != 7) - return (n); - p = RECORD_LAYER_get_packet(&s->rlayer); - - memcpy(buf, p, n); - - if (p[1] == SSL3_VERSION_MAJOR && - p[2] <= TLS1_2_VERSION_MINOR && - ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) || - (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2))) { - /* we have sslv3 or tls1 (server hello or alert) */ - -#ifndef OPENSSL_NO_SSL3 - if ((p[2] == SSL3_VERSION_MINOR) && !(s->options & SSL_OP_NO_SSLv3)) { - if (FIPS_mode()) { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, - SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - goto err; - } - s->version = SSL3_VERSION; - s->method = SSLv3_client_method(); - } else -#endif - if ((p[2] == TLS1_VERSION_MINOR) && !(s->options & SSL_OP_NO_TLSv1)) { - s->version = TLS1_VERSION; - s->method = TLSv1_client_method(); - } else if ((p[2] == TLS1_1_VERSION_MINOR) && - !(s->options & SSL_OP_NO_TLSv1_1)) { - s->version = TLS1_1_VERSION; - s->method = TLSv1_1_client_method(); - } else if ((p[2] == TLS1_2_VERSION_MINOR) && - !(s->options & SSL_OP_NO_TLSv1_2)) { - s->version = TLS1_2_VERSION; - s->method = TLSv1_2_client_method(); - } else { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - - /* ensure that TLS_MAX_VERSION is up-to-date */ - OPENSSL_assert(s->version <= TLS_MAX_VERSION); - - if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_VERSION_TOO_LOW); - goto err; - } - - if (p[0] == SSL3_RT_ALERT && p[5] != SSL3_AL_WARNING) { - /* fatal alert */ - - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int j; - - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - i = p[5]; - if (cb != NULL) { - j = (i << 8) | p[6]; - cb(s, SSL_CB_READ_ALERT, j); - } - - if (s->msg_callback) { - s->msg_callback(0, s->version, SSL3_RT_HEADER, p, 5, s, - s->msg_callback_arg); - s->msg_callback(0, s->version, SSL3_RT_ALERT, p + 5, 2, s, - s->msg_callback_arg); - } - - s->rwstate = SSL_NOTHING; - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_AD_REASON_OFFSET + p[6]); - goto err; - } - - if (!ssl_init_wbio_buffer(s, 1)) - goto err; - - /* we are in this state */ - s->state = SSL3_ST_CR_SRVR_HELLO_A; - - /* - * put the 7 bytes we have read into the input buffer for SSLv3 - */ - if (!RECORD_LAYER_set_data(&s->rlayer, buf, n)) - goto err; - - s->handshake_func = s->method->ssl_connect; - } else { - SSLerr(SSL_F_SSL23_GET_SERVER_HELLO, SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - s->init_num = 0; - - /* - * Since, if we are sending a ssl23 client hello, we are not reusing a - * session-id - */ - if (!ssl_get_new_session(s, 0)) - goto err; - - return (SSL_connect(s)); - err: - return (-1); -} diff --git a/ssl/s23_lib.c b/ssl/s23_lib.c deleted file mode 100644 index 0c79941..0000000 --- a/ssl/s23_lib.c +++ /dev/null @@ -1,165 +0,0 @@ -/* ssl/s23_lib.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "ssl_locl.h" - -long ssl23_default_timeout(void) -{ - return (300); -} - -int ssl23_num_ciphers(void) -{ - return (ssl3_num_ciphers()); -} - -const SSL_CIPHER *ssl23_get_cipher(unsigned int u) -{ - return (ssl3_get_cipher(u)); -} - -/* - * This function needs to check if the ciphers required are actually - * available - */ -const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) -{ - return (ssl3_get_cipher_by_char(p)); -} - -int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) -{ - long l; - - /* We can write SSLv3 ciphers */ - /* but no ECC ciphers */ - if (c->algorithm_mkey == SSL_kECDHr || - c->algorithm_mkey == SSL_kECDHe || - c->algorithm_mkey == SSL_kEECDH || - c->algorithm_auth == SSL_aECDH || c->algorithm_auth == SSL_aECDSA) - return 0; - if (p != NULL) { - l = c->id; - p[0] = ((unsigned char)(l >> 16L)) & 0xFF; - p[1] = ((unsigned char)(l >> 8L)) & 0xFF; - p[2] = ((unsigned char)(l)) & 0xFF; - } - return (3); -} - -int ssl23_read(SSL *s, void *buf, int len) -{ - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) { - n = s->handshake_func(s); - if (n < 0) - return (n); - if (n == 0) { - SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - return (SSL_read(s, buf, len)); - } else { - ssl_undefined_function(s); - return (-1); - } -} - -int ssl23_peek(SSL *s, void *buf, int len) -{ - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) { - n = s->handshake_func(s); - if (n < 0) - return (n); - if (n == 0) { - SSLerr(SSL_F_SSL23_PEEK, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - return (SSL_peek(s, buf, len)); - } else { - ssl_undefined_function(s); - return (-1); - } -} - -int ssl23_write(SSL *s, const void *buf, int len) -{ - int n; - - clear_sys_error(); - if (SSL_in_init(s) && (!s->in_handshake)) { - n = s->handshake_func(s); - if (n < 0) - return (n); - if (n == 0) { - SSLerr(SSL_F_SSL23_WRITE, SSL_R_SSL_HANDSHAKE_FAILURE); - return (-1); - } - return (SSL_write(s, buf, len)); - } else { - ssl_undefined_function(s); - return (-1); - } -} diff --git a/ssl/s23_meth.c b/ssl/s23_meth.c deleted file mode 100644 index 757c5a9..0000000 --- a/ssl/s23_meth.c +++ /dev/null @@ -1,82 +0,0 @@ -/* ssl/s23_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "ssl_locl.h" - -static const SSL_METHOD *ssl23_get_method(int ver); -static const SSL_METHOD *ssl23_get_method(int ver) -{ -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return (SSLv3_method()); - else -#endif - if (ver == TLS1_VERSION) - return (TLSv1_method()); - else if (ver == TLS1_1_VERSION) - return (TLSv1_1_method()); - else if (ver == TLS1_2_VERSION) - return (TLSv1_2_method()); - else - return (NULL); -} - -IMPLEMENT_ssl23_meth_func(SSLv23_method, - ssl23_accept, ssl23_connect, ssl23_get_method) diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c deleted file mode 100644 index 50d634e..0000000 --- a/ssl/s23_srvr.c +++ /dev/null @@ -1,585 +0,0 @@ -/* ssl/s23_srvr.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ -/* ==================================================================== - * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core at openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay at cryptsoft.com). This product includes software written by Tim - * Hudson (tjh at cryptsoft.com). - * - */ - -#include -#include "ssl_locl.h" -#include -#include -#include -#include - -static const SSL_METHOD *ssl23_get_server_method(int ver); -int ssl23_get_client_hello(SSL *s); -static const SSL_METHOD *ssl23_get_server_method(int ver) -{ -#ifndef OPENSSL_NO_SSL3 - if (ver == SSL3_VERSION) - return (SSLv3_server_method()); -#endif - if (ver == TLS1_VERSION) - return (TLSv1_server_method()); - else if (ver == TLS1_1_VERSION) - return (TLSv1_1_server_method()); - else if (ver == TLS1_2_VERSION) - return (TLSv1_2_server_method()); - else - return (NULL); -} - -IMPLEMENT_ssl23_meth_func(SSLv23_server_method, - ssl23_accept, - ssl_undefined_function, ssl23_get_server_method) - -int ssl23_accept(SSL *s) -{ - BUF_MEM *buf; - unsigned long Time = (unsigned long)time(NULL); - void (*cb) (const SSL *ssl, int type, int val) = NULL; - int ret = -1; - int new_state, state; - - RAND_add(&Time, sizeof(Time), 0); - ERR_clear_error(); - clear_sys_error(); - - if (s->info_callback != NULL) - cb = s->info_callback; - else if (s->ctx->info_callback != NULL) - cb = s->ctx->info_callback; - - s->in_handshake++; - if (!SSL_in_init(s) || SSL_in_before(s)) { - if (!SSL_clear(s)) - return -1; - } - - for (;;) { - state = s->state; - - switch (s->state) { - case SSL_ST_BEFORE: - case SSL_ST_ACCEPT: - case SSL_ST_BEFORE | SSL_ST_ACCEPT: - case SSL_ST_OK | SSL_ST_ACCEPT: - - s->server = 1; - if (cb != NULL) - cb(s, SSL_CB_HANDSHAKE_START, 1); - - /* s->version=SSL3_VERSION; */ - s->type = SSL_ST_ACCEPT; - - if (s->init_buf == NULL) { - if ((buf = BUF_MEM_new()) == NULL) { - ret = -1; - goto end; - } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { - BUF_MEM_free(buf); - ret = -1; - goto end; - } - s->init_buf = buf; - } - - ssl3_init_finished_mac(s); - - s->state = SSL23_ST_SR_CLNT_HELLO_A; - s->ctx->stats.sess_accept++; - s->init_num = 0; - break; - - case SSL23_ST_SR_CLNT_HELLO_A: - case SSL23_ST_SR_CLNT_HELLO_B: - - s->shutdown = 0; - ret = ssl23_get_client_hello(s); - if (ret >= 0) - cb = NULL; - goto end; - /* break; */ - - default: - SSLerr(SSL_F_SSL23_ACCEPT, SSL_R_UNKNOWN_STATE); - ret = -1; - goto end; - /* break; */ - } - - if ((cb != NULL) && (s->state != state)) { - new_state = s->state; - s->state = state; - cb(s, SSL_CB_ACCEPT_LOOP, 1); - s->state = new_state; - } - } - end: - s->in_handshake--; - if (cb != NULL) - cb(s, SSL_CB_ACCEPT_EXIT, ret); - return (ret); -} - -int ssl23_get_client_hello(SSL *s) -{ - /*- - * Request this many bytes in initial read. - * We can detect SSL 3.0/TLS 1.0 Client Hellos - * ('type == 3') correctly only when the following - * is in a single record, which is not guaranteed by - * the protocol specification: - * Byte Content - * 0 type \ - * 1/2 version > record header - * 3/4 length / - * 5 msg_type \ - * 6-8 length > Client Hello message - * 9/10 client_version / - */ - unsigned char buf_space[11]; - unsigned char *buf = &(buf_space[0]); - unsigned char *p, *d, *d_len, *dd; - unsigned int i; - unsigned int csl, sil, cl; - int n = 0, j; - int type = 0; - int v[2]; - - if (s->state == SSL23_ST_SR_CLNT_HELLO_A) { - /* read the initial header */ - v[0] = v[1] = 0; - - if (!ssl3_setup_buffers(s)) - goto err; - - n = ssl23_read_bytes(s, sizeof buf_space); - if (n != sizeof buf_space) - return (n); /* n == -1 || n == 0 */ - - p = RECORD_LAYER_get_packet(&s->rlayer); - - memcpy(buf, p, n); - - if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) { - /* - * SSLv2 header - */ - if ((p[3] == 0x00) && (p[4] == 0x02)) { - v[0] = p[3]; - v[1] = p[4]; - /* SSLv2 */ - } else if (p[3] == SSL3_VERSION_MAJOR) { - v[0] = p[3]; - v[1] = p[4]; - /* SSLv3/TLSv1 */ - if (p[4] >= TLS1_VERSION_MINOR) { - if (p[4] >= TLS1_2_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_2)) { - s->version = TLS1_2_VERSION; - s->state = SSL23_ST_SR_CLNT_HELLO_B; - } else if (p[4] >= TLS1_1_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_1)) { - s->version = TLS1_1_VERSION; - /* - * type=2; - *//* - * done later to survive restarts - */ - s->state = SSL23_ST_SR_CLNT_HELLO_B; - } else if (!(s->options & SSL_OP_NO_TLSv1)) { - s->version = TLS1_VERSION; - /* - * type=2; - *//* - * done later to survive restarts - */ - s->state = SSL23_ST_SR_CLNT_HELLO_B; - } else if (!(s->options & SSL_OP_NO_SSLv3)) { - s->version = SSL3_VERSION; - /* type=2; */ - s->state = SSL23_ST_SR_CLNT_HELLO_B; - } - } else if (!(s->options & SSL_OP_NO_SSLv3)) { - s->version = SSL3_VERSION; - /* type=2; */ - s->state = SSL23_ST_SR_CLNT_HELLO_B; - } - } - } - /* p[4] < 5 ... silly record length? */ - else if ((p[0] == SSL3_RT_HANDSHAKE) && - (p[1] == SSL3_VERSION_MAJOR) && - (p[5] == SSL3_MT_CLIENT_HELLO) && ((p[3] == 0 && p[4] < 5) - || (p[9] >= p[1]))) { - /* - * SSLv3 or tls1 header - */ - - v[0] = p[1]; /* major version (= SSL3_VERSION_MAJOR) */ - /* - * We must look at client_version inside the Client Hello message - * to get the correct minor version. However if we have only a - * pathologically small fragment of the Client Hello message, this - * would be difficult, and we'd have to read more records to find - * out. No known SSL 3.0 client fragments ClientHello like this, - * so we simply reject such connections to avoid protocol version - * downgrade attacks. - */ - if (p[3] == 0 && p[4] < 6) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_SMALL); - goto err; - } - /* - * if major version number > 3 set minor to a value which will - * use the highest version 3 we support. If TLS 2.0 ever appears - * we will need to revise this.... - */ - if (p[9] > SSL3_VERSION_MAJOR) - v[1] = 0xff; - else - v[1] = p[10]; /* minor version according to client_version */ - if (v[1] >= TLS1_VERSION_MINOR) { - if (v[1] >= TLS1_2_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_2)) { - s->version = TLS1_2_VERSION; - type = 3; - } else if (v[1] >= TLS1_1_VERSION_MINOR && - !(s->options & SSL_OP_NO_TLSv1_1)) { - s->version = TLS1_1_VERSION; - type = 3; - } else if (!(s->options & SSL_OP_NO_TLSv1)) { - s->version = TLS1_VERSION; - type = 3; - } else if (!(s->options & SSL_OP_NO_SSLv3)) { - s->version = SSL3_VERSION; - type = 3; - } - } else { - /* client requests SSL 3.0 */ - if (!(s->options & SSL_OP_NO_SSLv3)) { - s->version = SSL3_VERSION; - type = 3; - } else if (!(s->options & SSL_OP_NO_TLSv1)) { - /* - * we won't be able to use TLS of course, but this will - * send an appropriate alert - */ - s->version = TLS1_VERSION; - type = 3; - } - } - } else if ((strncmp("GET ", (char *)p, 4) == 0) || - (strncmp("POST ", (char *)p, 5) == 0) || - (strncmp("HEAD ", (char *)p, 5) == 0) || - (strncmp("PUT ", (char *)p, 4) == 0)) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTP_REQUEST); - goto err; - } else if (strncmp("CONNECT", (char *)p, 7) == 0) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_HTTPS_PROXY_REQUEST); - goto err; - } - } - - /* ensure that TLS_MAX_VERSION is up-to-date */ - OPENSSL_assert(s->version <= TLS_MAX_VERSION); - - if (s->version < TLS1_2_VERSION && tls1_suiteb(s)) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, - SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); - goto err; - } - - if (FIPS_mode() && (s->version < TLS1_VERSION)) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, - SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); - goto err; - } - - if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_VERSION_TOO_LOW); - goto err; - } - - if (s->state == SSL23_ST_SR_CLNT_HELLO_B) { - /* - * we have SSLv3/TLSv1 in an SSLv2 header (other cases skip this - * state) - */ - - type = 2; - p = RECORD_LAYER_get_packet(&s->rlayer); - v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ - v[1] = p[4]; - - /*- - * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 - * header is sent directly on the wire, not wrapped as a TLS - * record. It's format is: - * Byte Content - * 0-1 msg_length - * 2 msg_type - * 3-4 version - * 5-6 cipher_spec_length - * 7-8 session_id_length - * 9-10 challenge_length - * ... ... - */ - n = ((p[0] & 0x7f) << 8) | p[1]; - if (n > (1024 * 4)) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_RECORD_TOO_LARGE); - goto err; - } - if (n < 9) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, - SSL_R_RECORD_LENGTH_MISMATCH); - goto err; - } - - j = ssl23_read_bytes(s, n + 2); - /* - * We previously read 11 bytes, so if j > 0, we must have j == n+2 == - * s->packet_length. We have at least 11 valid packet bytes. - */ - if (j <= 0) - return (j); - - ssl3_finish_mac(s, RECORD_LAYER_get_packet(&s->rlayer) + 2, - RECORD_LAYER_get_packet_length(&s->rlayer) - 2); - - /* CLIENT-HELLO */ - if (s->msg_callback) - s->msg_callback(0, SSL2_VERSION, 0, - RECORD_LAYER_get_packet(&s->rlayer) + 2, - RECORD_LAYER_get_packet_length(&s->rlayer) - 2, s, - s->msg_callback_arg); - - p = RECORD_LAYER_get_packet(&s->rlayer); - p += 5; - n2s(p, csl); - n2s(p, sil); - n2s(p, cl); - d = (unsigned char *)s->init_buf->data; - if ((csl + sil + cl + 11) - != RECORD_LAYER_get_packet_length(&s->rlayer)) { - /* We can't have TLS - * extensions in SSL - * 2.0 format * - * Client Hello, can - * we? Error - * condition should - * be * '>' - * otherweise */ - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, - SSL_R_RECORD_LENGTH_MISMATCH); - goto err; - } - - /* record header: msg_type ... */ - *(d++) = SSL3_MT_CLIENT_HELLO; - /* ... and length (actual value will be written later) */ - d_len = d; - d += 3; - - /* client_version */ - *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ - *(d++) = v[1]; - - /* lets populate the random area */ - /* get the challenge_length */ - i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl; - memset(d, 0, SSL3_RANDOM_SIZE); - memcpy(&(d[SSL3_RANDOM_SIZE - i]), &(p[csl + sil]), i); - d += SSL3_RANDOM_SIZE; - - /* no session-id reuse */ - *(d++) = 0; - - /* ciphers */ - j = 0; - dd = d; - d += 2; - for (i = 0; i < csl; i += 3) { - if (p[i] != 0) - continue; - *(d++) = p[i + 1]; - *(d++) = p[i + 2]; - j += 2; - } - s2n(j, dd); - - /* COMPRESSION */ - *(d++) = 1; - *(d++) = 0; - -#if 0 - /* copy any remaining data with may be extensions */ - p = p + csl + sil + cl; - while (p < s->packet + s->packet_length) { - *(d++) = *(p++); - } -#endif - - i = (d - (unsigned char *)s->init_buf->data) - 4; - l2n3((long)i, d_len); - - /* get the data reused from the init_buf */ - s->s3->tmp.reuse_message = 1; - s->s3->tmp.message_type = SSL3_MT_CLIENT_HELLO; - s->s3->tmp.message_size = i; - } - - /* imaginary new state (for program structure): */ - /* s->state = SSL23_SR_CLNT_HELLO_C */ - - if ((type == 2) || (type == 3)) { - /* - * we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) - */ - const SSL_METHOD *new_method; - new_method = ssl23_get_server_method(s->version); - if (new_method == NULL) { - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); - goto err; - } - s->method = new_method; - - if (!ssl_init_wbio_buffer(s, 1)) - goto err; - - /* we are in this state */ - s->state = SSL3_ST_SR_CLNT_HELLO_A; - - if (type == 3) { - /* - * put the 'n' bytes we have read into the input buffer for SSLv3 - */ - if (!RECORD_LAYER_set_data(&s->rlayer, buf, n)) - goto err; - } else { - if (!RECORD_LAYER_set_data(&s->rlayer, NULL, 0)) - goto err; - } - s->handshake_func = s->method->ssl_accept; - } else { - /* bad, very bad */ - SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); - goto err; - } - s->init_num = 0; - - if (buf != buf_space) - OPENSSL_free(buf); - return (SSL_accept(s)); - err: - if (buf != buf_space) - OPENSSL_free(buf); - return (-1); -} diff --git a/ssl/s3_both.c b/ssl/s3_both.c index bf5e8c7..17a8054 100644 --- a/ssl/s3_both.c +++ b/ssl/s3_both.c @@ -356,21 +356,21 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) } *ok = 1; s->state = stn; - s->init_msg = s->init_buf->data + 4; + s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; s->init_num = (int)s->s3->tmp.message_size; return s->init_num; } p = (unsigned char *)s->init_buf->data; - if (s->state == st1) { /* s->init_num < 4 */ + if (s->state == st1) { + /* s->init_num < SSL3_HM_HEADER_LENGTH */ int skip_message; do { - while (s->init_num < 4) { + while (s->init_num < SSL3_HM_HEADER_LENGTH) { i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, - &p[s->init_num], - 4 - s->init_num, 0); + &p[s->init_num], SSL3_HM_HEADER_LENGTH - s->init_num, 0); if (i <= 0) { s->rwstate = SSL_READING; *ok = 0; @@ -394,12 +394,11 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) if (s->msg_callback) s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, - p, 4, s, s->msg_callback_arg); + p, SSL3_HM_HEADER_LENGTH, s, + s->msg_callback_arg); } - } - while (skip_message); - - /* s->init_num == 4 */ + } while (skip_message); + /* s->init_num == SSL3_HM_HEADER_LENGTH */ if ((mt >= 0) && (*p != mt)) { al = SSL_AD_UNEXPECTED_MESSAGE; @@ -409,26 +408,50 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) s->s3->tmp.message_type = *(p++); - n2l3(p, l); - if (l > (unsigned long)max) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l > (INT_MAX - 4)) { /* BUF_MEM_grow takes an 'int' parameter */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); - goto f_err; - } - if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l + 4)) { - SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); - goto err; - } - s->s3->tmp.message_size = l; - s->state = stn; + if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) { + /* + * Only happens with SSLv3+ in an SSLv2 backward compatible + * ClientHello + */ + /* + * Total message size is the remaining record bytes to read + * plus the SSL3_HM_HEADER_LENGTH bytes that we already read + */ + l = RECORD_LAYER_get_rrec_length(&s->rlayer) + + SSL3_HM_HEADER_LENGTH; + if (l && !BUF_MEM_grow_clean(s->init_buf, (int)l)) { + SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); + goto err; + } + s->s3->tmp.message_size = l; + s->state = stn; - s->init_msg = s->init_buf->data + 4; - s->init_num = 0; + s->init_msg = s->init_buf->data; + s->init_num = SSL3_HM_HEADER_LENGTH; + } else { + n2l3(p, l); + if (l > (unsigned long)max) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); + goto f_err; + } + /* BUF_MEM_grow takes an 'int' parameter */ + if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_MESSAGE, SSL_R_EXCESSIVE_MESSAGE_SIZE); + goto f_err; + } + if (l && !BUF_MEM_grow_clean(s->init_buf, + (int)l + SSL3_HM_HEADER_LENGTH)) { + SSLerr(SSL_F_SSL3_GET_MESSAGE, ERR_R_BUF_LIB); + goto err; + } + s->s3->tmp.message_size = l; + s->state = stn; + + s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; + s->init_num = 0; + } } /* next state (stn) */ @@ -456,10 +479,20 @@ long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) #endif /* Feed this message into MAC computation. */ - ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + 4, s, s->msg_callback_arg); + if(RECORD_LAYER_is_sslv2_record(&s->rlayer)) { + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num); + if (s->msg_callback) + s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data, + (size_t)s->init_num, s, s->msg_callback_arg); + } else { + ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, + s->init_num + SSL3_HM_HEADER_LENGTH); + if (s->msg_callback) + s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, + (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, + s->msg_callback_arg); + } + *ok = 1; return s->init_num; f_err: diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 2228654..c0dec1e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -163,24 +163,17 @@ # include #endif +static int ssl_set_version(SSL *s); static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); #ifndef OPENSSL_NO_TLSEXT static int ssl3_check_finished(SSL *s); #endif +static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, + unsigned char *p, + int (*put_cb) (const SSL_CIPHER *, + unsigned char *)); -#ifndef OPENSSL_NO_SSL3_METHOD -static const SSL_METHOD *ssl3_get_client_method(int ver) -{ - if (ver == SSL3_VERSION) - return (SSLv3_client_method()); - else - return (NULL); -} -IMPLEMENT_ssl3_meth_func(SSLv3_client_method, - ssl_undefined_function, - ssl3_connect, ssl3_get_client_method) -#endif int ssl3_connect(SSL *s) { BUF_MEM *buf = NULL; @@ -234,14 +227,16 @@ int ssl3_connect(SSL *s) if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_START, 1); - if ((s->version & 0xff00) != 0x0300) { + if ((s->version >> 8) != SSL3_VERSION_MAJOR + && s->version != TLS_ANY_VERSION) { SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); s->state = SSL_ST_ERR; ret = -1; goto end; } - if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { + if (s->version != TLS_ANY_VERSION && + !ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { SSLerr(SSL_F_SSL3_CONNECT, SSL_R_VERSION_TOO_LOW); return -1; } @@ -668,6 +663,105 @@ int ssl3_connect(SSL *s) return (ret); } +/* + * Work out what version we should be using for the initial ClientHello if + * the version is currently set to (D)TLS_ANY_VERSION. + * Returns 1 on success + * Returns 0 on error + */ +static int ssl_set_version(SSL *s) +{ + unsigned long mask, options = s->options; + + if (s->method->version == TLS_ANY_VERSION) { + /* + * SSL_OP_NO_X disables all protocols above X *if* there are + * some protocols below X enabled. This is required in order + * to maintain "version capability" vector contiguous. So + * that if application wants to disable TLS1.0 in favour of + * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the + * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3. + */ + mask = SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1 +#if !defined(OPENSSL_NO_SSL3) + | SSL_OP_NO_SSLv3 +#endif + ; +#if !defined(OPENSSL_NO_TLS1_2_CLIENT) + if (options & SSL_OP_NO_TLSv1_2) { + if ((options & mask) != mask) { + s->version = TLS1_1_VERSION; + } else { + SSLerr(SSL_F_SSL_SET_VERSION, SSL_R_NO_PROTOCOLS_AVAILABLE); + return 0; + } + } else { + s->version = TLS1_2_VERSION; + } +#else + if ((options & mask) == mask) { + SSLerr(SSL_F_SSL_SET_VERSION, SSL_R_NO_PROTOCOLS_AVAILABLE); + return 0; + } + s->version = TLS1_1_VERSION; +#endif + + mask &= ~SSL_OP_NO_TLSv1_1; + if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask) + s->version = TLS1_VERSION; + mask &= ~SSL_OP_NO_TLSv1; +#if !defined(OPENSSL_NO_SSL3) + if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask) + s->version = SSL3_VERSION; +#endif + + if (s->version != TLS1_2_VERSION && tls1_suiteb(s)) { + SSLerr(SSL_F_SSL_SET_VERSION, + SSL_R_ONLY_TLS_1_2_ALLOWED_IN_SUITEB_MODE); + return 0; + } + + if (s->version == SSL3_VERSION && FIPS_mode()) { + SSLerr(SSL_F_SSL_SET_VERSION, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + return 0; + } + + } else if (s->method->version == DTLS_ANY_VERSION) { + /* Determine which DTLS version to use */ + /* If DTLS 1.2 disabled correct the version number */ + if (options & SSL_OP_NO_DTLSv1_2) { + if (tls1_suiteb(s)) { + SSLerr(SSL_F_SSL_SET_VERSION, + SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + return 0; + } + /* + * Disabling all versions is silly: return an error. + */ + if (options & SSL_OP_NO_DTLSv1) { + SSLerr(SSL_F_SSL_SET_VERSION, SSL_R_WRONG_SSL_VERSION); + return 0; + } + /* + * Update method so we don't use any DTLS 1.2 features. + */ + s->method = DTLSv1_client_method(); + s->version = DTLS1_VERSION; + } else { + /* + * We only support one version: update method + */ + if (options & SSL_OP_NO_DTLSv1) + s->method = DTLSv1_2_client_method(); + s->version = DTLS1_2_VERSION; + } + } + + s->client_version = s->version; + + return 1; +} + int ssl3_client_hello(SSL *s) { unsigned char *buf; @@ -683,6 +777,11 @@ int ssl3_client_hello(SSL *s) buf = (unsigned char *)s->init_buf->data; if (s->state == SSL3_ST_CW_CLNT_HELLO_A) { SSL_SESSION *sess = s->session; + + /* Work out what SSL/TLS/DTLS version to use */ + if (ssl_set_version(s) == 0) + goto err; + if ((sess == NULL) || (sess->ssl_version != s->version) || #ifdef OPENSSL_NO_TLSEXT !sess->session_id_length || @@ -697,38 +796,6 @@ int ssl3_client_hello(SSL *s) if (!ssl_get_new_session(s, 0)) goto err; } - if (s->method->version == DTLS_ANY_VERSION) { - /* Determine which DTLS version to use */ - int options = s->options; - /* If DTLS 1.2 disabled correct the version number */ - if (options & SSL_OP_NO_DTLSv1_2) { - if (tls1_suiteb(s)) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, - SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); - goto err; - } - /* - * Disabling all versions is silly: return an error. - */ - if (options & SSL_OP_NO_DTLSv1) { - SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_WRONG_SSL_VERSION); - goto err; - } - /* - * Update method so we don't use any DTLS 1.2 features. - */ - s->method = DTLSv1_client_method(); - s->version = DTLS1_VERSION; - } else { - /* - * We only support one version: update method - */ - if (options & SSL_OP_NO_DTLSv1) - s->method = DTLSv1_2_client_method(); - s->version = DTLS1_2_VERSION; - } - s->client_version = s->version; - } /* else use the pre-loaded session */ p = s->s3->client_random; @@ -934,7 +1001,45 @@ int ssl3_get_server_hello(SSL *s) } d = p = (unsigned char *)s->init_msg; - if (s->method->version == DTLS_ANY_VERSION) { + + if (s->method->version == TLS_ANY_VERSION) { + int sversion = (p[0] << 8) | p[1]; + +#if TLS_MAX_VERSION != TLS1_2_VERSION +#error Code needs updating for new TLS version +#endif +#ifndef OPENSSL_NO_SSL3 + if ((sversion == SSL3_VERSION) && !(s->options & SSL_OP_NO_SSLv3)) { + if (FIPS_mode()) { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, + SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE); + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + s->method = SSLv3_client_method(); + } else +#endif + if ((sversion == TLS1_VERSION) && !(s->options & SSL_OP_NO_TLSv1)) { + s->method = TLSv1_client_method(); + } else if ((sversion == TLS1_1_VERSION) && + !(s->options & SSL_OP_NO_TLSv1_1)) { + s->method = TLSv1_1_client_method(); + } else if ((sversion == TLS1_2_VERSION) && + !(s->options & SSL_OP_NO_TLSv1_2)) { + s->method = TLSv1_2_client_method(); + } else { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_UNSUPPORTED_PROTOCOL); + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + s->session->ssl_version = s->version = s->method->version; + + if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) { + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_VERSION_TOO_LOW); + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + } else if (s->method->version == DTLS_ANY_VERSION) { /* Work out correct protocol version to use */ int hversion = (p[0] << 8) | p[1]; int options = s->options; @@ -955,9 +1060,7 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } s->version = s->method->version; - } - - if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { + } else if ((p[0] != (s->version >> 8)) || (p[1] != (s->version & 0xff))) { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_WRONG_SSL_VERSION); s->version = (s->version & 0xff00) | p[1]; al = SSL_AD_PROTOCOL_VERSION; @@ -3444,3 +3547,65 @@ int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) i = s->ctx->client_cert_cb(s, px509, ppkey); return i; } + +int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, + unsigned char *p, + int (*put_cb) (const SSL_CIPHER *, + unsigned char *)) +{ + int i, j = 0; + SSL_CIPHER *c; + unsigned char *q; + int empty_reneg_info_scsv = !s->renegotiate; + /* Set disabled masks for this session */ + ssl_set_client_disabled(s); + + if (sk == NULL) + return (0); + q = p; + if (put_cb == NULL) + put_cb = s->method->put_cipher_by_char; + + for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { + c = sk_SSL_CIPHER_value(sk, i); + /* Skip disabled ciphers */ + if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED)) + continue; +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL + if (c->id == SSL3_CK_SCSV) { + if (!empty_reneg_info_scsv) + continue; + else + empty_reneg_info_scsv = 0; + } +#endif + j = put_cb(c, p); + p += j; + } + /* + * If p == q, no ciphers; caller indicates an error. Otherwise, add + * applicable SCSVs. + */ + if (p != q) { + if (empty_reneg_info_scsv) { + static SSL_CIPHER scsv = { + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv, p); + p += j; +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, + "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); +#endif + } + if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { + static SSL_CIPHER scsv = { + 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + j = put_cb(&scsv, p); + p += j; + } + } + + return (p - q); +} diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index e7f1898..1a67e4e 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -155,6 +155,7 @@ #ifndef OPENSSL_NO_DH # include #endif +#include const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT; @@ -3386,9 +3387,9 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) * Apparently we're using a version-flexible SSL_METHOD (not at its * highest protocol version). */ - if (s->ctx->method->version == SSLv23_method()->version) { + if (s->ctx->method->version == TLS_method()->version) { #if TLS_MAX_VERSION != TLS1_2_VERSION -# error Code needs update for SSLv23_method() support beyond TLS1_2_VERSION. +# error Code needs update for TLS_method() support beyond TLS1_2_VERSION. #endif if (!(s->options & SSL_OP_NO_TLSv1_2)) return s->version == TLS1_2_VERSION; @@ -4238,3 +4239,26 @@ long ssl_get_algorithm2(SSL *s) return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; return alg2; } + +/* + * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on + * failure, 1 on success. + */ +int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) +{ + int send_time = 0; + + if (len < 4) + return 0; + if (server) + send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0; + else + send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0; + if (send_time) { + unsigned long Time = (unsigned long)time(NULL); + unsigned char *p = result; + l2n(Time, p); + return RAND_bytes(p, len - 4); + } else + return RAND_bytes(result, len); +} diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c deleted file mode 100644 index e5a5299..0000000 --- a/ssl/s3_meth.c +++ /dev/null @@ -1,74 +0,0 @@ -/* ssl/s3_meth.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include -#include "ssl_locl.h" - -#ifndef OPENSSL_NO_SSL3_METHOD -static const SSL_METHOD *ssl3_get_method(int ver) -{ - if (ver == SSL3_VERSION) - return (SSLv3_method()); - else - return (NULL); -} - -IMPLEMENT_ssl3_meth_func(SSLv3_method, - ssl3_accept, ssl3_connect, ssl3_get_method) -#endif diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 4ee45eb..ce092a7 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -164,21 +164,10 @@ #include #include -#ifndef OPENSSL_NO_SSL3_METHOD -static const SSL_METHOD *ssl3_get_server_method(int ver); +static STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, + int num, STACK_OF(SSL_CIPHER) **skp, int sslv2format); -static const SSL_METHOD *ssl3_get_server_method(int ver) -{ - if (ver == SSL3_VERSION) - return (SSLv3_server_method()); - else - return (NULL); -} -IMPLEMENT_ssl3_meth_func(SSLv3_server_method, - ssl3_accept, - ssl_undefined_function, ssl3_get_server_method) -#endif #ifndef OPENSSL_NO_SRP static int ssl_check_srp_ext_ClientHello(SSL *s, int *al) { @@ -256,7 +245,7 @@ int ssl3_accept(SSL *s) if (cb != NULL) cb(s, SSL_CB_HANDSHAKE_START, 1); - if ((s->version >> 8) != 3) { + if ((s->version >> 8 != 3) && s->version != TLS_ANY_VERSION) { SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); s->state = SSL_ST_ERR; return -1; @@ -894,17 +883,18 @@ int ssl3_send_hello_request(SSL *s) int ssl3_get_client_hello(SSL *s) { - int i, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1; + int i, complen, j, ok, al = SSL_AD_INTERNAL_ERROR, ret = -1; unsigned int cookie_len; long n; unsigned long id; unsigned char *p, *d; SSL_CIPHER *c; #ifndef OPENSSL_NO_COMP - unsigned char *q; + unsigned char *q = NULL; SSL_COMP *comp = NULL; #endif STACK_OF(SSL_CIPHER) *ciphers = NULL; + int protverr = 1; if (s->state == SSL3_ST_SR_CLNT_HELLO_C && !s->first_packet) goto retry_cert; @@ -930,29 +920,121 @@ int ssl3_get_client_hello(SSL *s) s->first_packet = 0; d = p = (unsigned char *)s->init_msg; - /* - * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte - * for session id length - */ - if (n < 2 + SSL3_RANDOM_SIZE + 1) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + /* First lets get s->client_version set correctly */ + if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { + /*- + * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2 + * header is sent directly on the wire, not wrapped as a TLS + * record. Our record layer just processes the message length and passes + * the rest right through. Its format is: + * Byte Content + * 0-1 msg_length - decoded by the record layer + * 2 msg_type - s->init_msg points here + * 3-4 version + * 5-6 cipher_spec_length + * 7-8 session_id_length + * 9-10 challenge_length + * ... ... + */ + + if (p[0] != SSL2_MT_CLIENT_HELLO) { + /* + * Should never happen. We should have tested this in the record + * layer in order to have determined that this is a SSLv2 record + * in the first place + */ + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); + goto err; + } + + if ((p[1] == 0x00) && (p[2] == 0x02)) { + /* This is real SSLv2. We don't support it. */ + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); + goto err; + } else if (p[1] == SSL3_VERSION_MAJOR) { + /* SSLv3/TLS */ + s->client_version = (((int)p[1]) << 8) | (int)p[2]; + } else { + /* No idea what protocol this is */ + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); + goto err; + } + } else { + /* + * 2 bytes for client version, SSL3_RANDOM_SIZE bytes for random, 1 byte + * for session id length + */ + if (n < 2 + SSL3_RANDOM_SIZE + 1) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + + /* + * use version from inside client hello, not from record header (may + * differ: see RFC 2246, Appendix E, second paragraph) + */ + s->client_version = (((int)p[0]) << 8) | (int)p[1]; } - /* - * use version from inside client hello, not from record header (may - * differ: see RFC 2246, Appendix E, second paragraph) - */ - s->client_version = (((int)p[0]) << 8) | (int)p[1]; - p += 2; - - if (SSL_IS_DTLS(s) ? (s->client_version > s->version && - s->method->version != DTLS_ANY_VERSION) - : (s->client_version < s->version)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); - if ((s->client_version >> 8) == SSL3_VERSION_MAJOR && - !s->enc_write_ctx && !s->write_hash) { + /* Do SSL/TLS version negotiation if applicable */ + if (!SSL_IS_DTLS(s)) { + if (s->version != TLS_ANY_VERSION) { + if (s->client_version >= s->version) { + protverr = 0; + } + } else if (s->client_version >= SSL3_VERSION) { + switch(s->client_version) { + default: + case TLS1_2_VERSION: + if(!(s->options & SSL_OP_NO_TLSv1_2)) { + s->version = TLS1_2_VERSION; + s->method = TLSv1_2_server_method(); + protverr = 0; + break; + } + /* Deliberately fall through */ + case TLS1_1_VERSION: + if(!(s->options & SSL_OP_NO_TLSv1_1)) { + s->version = TLS1_1_VERSION; + s->method = TLSv1_1_server_method(); + protverr = 0; + break; + } + /* Deliberately fall through */ + case TLS1_VERSION: + if(!(s->options & SSL_OP_NO_TLSv1)) { + s->version = TLS1_VERSION; + s->method = TLSv1_server_method(); + protverr = 0; + break; + } + /* Deliberately fall through */ + case SSL3_VERSION: +#ifndef OPENSSL_NO_SSL3 + if(!(s->options & SSL_OP_NO_SSLv3)) { + s->version = SSL3_VERSION; + s->method = SSLv3_server_method(); + protverr = 0; + break; + } +#else + break; +#endif + } + } + } else if (s->client_version <= s->version + || s->method->version == DTLS_ANY_VERSION) { + /* + * For DTLS we just check versions are potentially compatible. Version + * negotiation comes later. + */ + protverr = 0; + } + + if (protverr) { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL); + if ((!s->enc_write_ctx && !s->write_hash)) { /* * similar to ssl3_get_record, send alert using remote version * number @@ -963,263 +1045,322 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } - /* - * If we require cookies and this ClientHello doesn't contain one, just - * return since we do not want to allocate any memory yet. So check - * cookie length... - */ - if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { - unsigned int session_length, cookie_length; + if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) { + /* + * Handle an SSLv2 backwards compatible ClientHello + * Note, this is only for SSLv3+ using the backward compatible format. + * Real SSLv2 is not supported, and is rejected above. + */ + unsigned int csl, sil, cl; - session_length = *(p + SSL3_RANDOM_SIZE); + p += 3; + n2s(p, csl); + n2s(p, sil); + n2s(p, cl); - if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + if (csl + sil + cl + MIN_SSL2_RECORD_LEN != (unsigned int) n) { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_RECORD_LENGTH_MISMATCH); al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; } - cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); - if (cookie_length == 0) - return 1; - } - - /* load the client random */ - memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; + if (csl == 0) { + /* we need at least one cipher */ + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); + goto f_err; + } - /* get the session-id */ - j = *(p++); + if (ssl_bytes_to_cipher_list(s, p, csl, &(ciphers), 1) == NULL) { + goto err; + } - if (p + j > d + n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } + /* + * Ignore any session id. We don't allow resumption in a backwards + * compatible ClientHello + */ + s->hit = 0; - s->hit = 0; - /* - * Versions before 0.9.7 always allow clients to resume sessions in - * renegotiation. 0.9.7 and later allow this by default, but optionally - * ignore resumption requests with flag - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather - * than a change to default behavior so that applications relying on this - * for security won't even compile against older library versions). - * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to - * request renegotiation but not a new session (s->new_session remains - * unset): for servers, this essentially just means that the - * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be ignored. - */ - if ((s->new_session - && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { if (!ssl_get_new_session(s, 1)) goto err; + + /* Load the client random */ + i = (cl > SSL3_RANDOM_SIZE) ? SSL3_RANDOM_SIZE : cl; + memset(s->s3->client_random, 0, SSL3_RANDOM_SIZE); + memcpy(s->s3->client_random, &(p[csl + sil]), i); + + /* Set p to end of packet to ensure we don't look for extensions */ + p = d + n; + + /* No compression, so set complen to 0 */ + complen = 0; } else { - i = ssl_get_prev_session(s, p, j, d + n); + /* If we get here we've got SSLv3+ in an SSLv3+ record */ + + p += 2; + /* - * Only resume if the session's version matches the negotiated - * version. - * RFC 5246 does not provide much useful advice on resumption - * with a different protocol version. It doesn't forbid it but - * the sanity of such behaviour would be questionable. - * In practice, clients do not accept a version mismatch and - * will abort the handshake with an error. + * If we require cookies and this ClientHello doesn't contain one, just + * return since we do not want to allocate any memory yet. So check + * cookie length... */ - if (i == 1 && s->version == s->session->ssl_version) { /* previous - * session */ - s->hit = 1; - } else if (i == -1) - goto err; - else { /* i == 0 */ + if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) { + unsigned int session_length, cookie_length; - if (!ssl_get_new_session(s, 1)) - goto err; - } - } + session_length = *(p + SSL3_RANDOM_SIZE); - p += j; + if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + cookie_length = *(p + SSL3_RANDOM_SIZE + session_length + 1); - if (SSL_IS_DTLS(s)) { - /* cookie stuff */ - if (p + 1 > d + n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; + if (cookie_length == 0) + return 1; } - cookie_len = *(p++); - if (p + cookie_len > d + n) { + /* load the client random */ + memcpy(s->s3->client_random, p, SSL3_RANDOM_SIZE); + p += SSL3_RANDOM_SIZE; + + /* get the session-id */ + j = *(p++); + + if (p + j > d + n) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; } + s->hit = 0; /* - * The ClientHello may contain a cookie even if the - * HelloVerify message has not been sent--make sure that it - * does not cause an overflow. + * Versions before 0.9.7 always allow clients to resume sessions in + * renegotiation. 0.9.7 and later allow this by default, but optionally + * ignore resumption requests with flag + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather + * than a change to default behavior so that applications relying on + * this for security won't even compile against older library versions). + * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to + * request renegotiation but not a new session (s->new_session remains + * unset): for servers, this essentially just means that the + * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be + * ignored. */ - if (cookie_len > sizeof(s->d1->rcvd_cookie)) { - /* too much data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); - goto f_err; + if ((s->new_session + && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) { + if (!ssl_get_new_session(s, 1)) + goto err; + } else { + i = ssl_get_prev_session(s, p, j, d + n); + /* + * Only resume if the session's version matches the negotiated + * version. + * RFC 5246 does not provide much useful advice on resumption + * with a different protocol version. It doesn't forbid it but + * the sanity of such behaviour would be questionable. + * In practice, clients do not accept a version mismatch and + * will abort the handshake with an error. + */ + if (i == 1 && s->version == s->session->ssl_version) { + /* previous session */ + s->hit = 1; + } else if (i == -1) + goto err; + else { + /* i == 0 */ + if (!ssl_get_new_session(s, 1)) + goto err; + } } - /* verify the cookie if appropriate option is set. */ - if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) && cookie_len > 0) { - memcpy(s->d1->rcvd_cookie, p, cookie_len); + p += j; - if (s->ctx->app_verify_cookie_cb != NULL) { - if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, - cookie_len) == 0) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_COOKIE_MISMATCH); - goto f_err; - } - /* else cookie verification succeeded */ - } - /* default verification */ - else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie, - s->d1->cookie_len) != 0) { - al = SSL_AD_HANDSHAKE_FAILURE; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); + if (SSL_IS_DTLS(s)) { + /* cookie stuff */ + if (p + 1 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; } - /* Set to -2 so if successful we return 2 */ - ret = -2; - } + cookie_len = *(p++); - p += cookie_len; - if (s->method->version == DTLS_ANY_VERSION) { - /* Select version to use */ - if (s->client_version <= DTLS1_2_VERSION && - !(s->options & SSL_OP_NO_DTLSv1_2)) { - s->version = DTLS1_2_VERSION; - s->method = DTLSv1_2_server_method(); - } else if (tls1_suiteb(s)) { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); - s->version = s->client_version; - al = SSL_AD_PROTOCOL_VERSION; + if (p + cookie_len > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); goto f_err; - } else if (s->client_version <= DTLS1_VERSION && - !(s->options & SSL_OP_NO_DTLSv1)) { - s->version = DTLS1_VERSION; - s->method = DTLSv1_server_method(); - } else { - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_WRONG_VERSION_NUMBER); - s->version = s->client_version; - al = SSL_AD_PROTOCOL_VERSION; + } + + /* + * The ClientHello may contain a cookie even if the + * HelloVerify message has not been sent--make sure that it + * does not cause an overflow. + */ + if (cookie_len > sizeof(s->d1->rcvd_cookie)) { + /* too much data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); goto f_err; } - s->session->ssl_version = s->version; + + /* verify the cookie if appropriate option is set. */ + if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) + && cookie_len > 0) { + memcpy(s->d1->rcvd_cookie, p, cookie_len); + + if (s->ctx->app_verify_cookie_cb != NULL) { + if (s->ctx->app_verify_cookie_cb(s, s->d1->rcvd_cookie, + cookie_len) == 0) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_COOKIE_MISMATCH); + goto f_err; + } + /* else cookie verification succeeded */ + } + /* default verification */ + else if (memcmp(s->d1->rcvd_cookie, s->d1->cookie, + s->d1->cookie_len) != 0) { + al = SSL_AD_HANDSHAKE_FAILURE; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_COOKIE_MISMATCH); + goto f_err; + } + /* Set to -2 so if successful we return 2 */ + ret = -2; + } + + p += cookie_len; + if (s->method->version == DTLS_ANY_VERSION) { + /* Select version to use */ + if (s->client_version <= DTLS1_2_VERSION && + !(s->options & SSL_OP_NO_DTLSv1_2)) { + s->version = DTLS1_2_VERSION; + s->method = DTLSv1_2_server_method(); + } else if (tls1_suiteb(s)) { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_ONLY_DTLS_1_2_ALLOWED_IN_SUITEB_MODE); + s->version = s->client_version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } else if (s->client_version <= DTLS1_VERSION && + !(s->options & SSL_OP_NO_DTLSv1)) { + s->version = DTLS1_VERSION; + s->method = DTLSv1_server_method(); + } else { + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_WRONG_VERSION_NUMBER); + s->version = s->client_version; + al = SSL_AD_PROTOCOL_VERSION; + goto f_err; + } + s->session->ssl_version = s->version; + } } - } - if (p + 2 > d + n) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - n2s(p, i); + if (p + 2 > d + n) { + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); + goto f_err; + } + n2s(p, i); - if (i == 0) { - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); - goto f_err; - } + if (i == 0) { + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_CIPHERS_SPECIFIED); + goto f_err; + } - /* i bytes of cipher data + 1 byte for compression length later */ - if ((p + i + 1) > (d + n)) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; - } - if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers)) == NULL) { - goto err; - } - p += i; + /* i bytes of cipher data + 1 byte for compression length later */ + if ((p + i + 1) > (d + n)) { + /* not enough data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + goto f_err; + } + if (ssl_bytes_to_cipher_list(s, p, i, &(ciphers), 0) == NULL) { + goto err; + } + p += i; - /* If it is a hit, check that the cipher is in the list */ - if (s->hit) { - j = 0; - id = s->session->cipher->id; + /* If it is a hit, check that the cipher is in the list */ + if (s->hit) { + j = 0; + id = s->session->cipher->id; #ifdef CIPHER_DEBUG - fprintf(stderr, "client sent %d ciphers\n", - sk_SSL_CIPHER_num(ciphers)); + fprintf(stderr, "client sent %d ciphers\n", + sk_SSL_CIPHER_num(ciphers)); #endif - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - c = sk_SSL_CIPHER_value(ciphers, i); + for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { + c = sk_SSL_CIPHER_value(ciphers, i); #ifdef CIPHER_DEBUG - fprintf(stderr, "client [%2d of %2d]:%s\n", - i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); + fprintf(stderr, "client [%2d of %2d]:%s\n", + i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c)); #endif - if (c->id == id) { - j = 1; - break; + if (c->id == id) { + j = 1; + break; + } } - } - /* - * Disabled because it can be used in a ciphersuite downgrade attack: - * CVE-2010-4180. - */ -#if 0 - if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) - && (sk_SSL_CIPHER_num(ciphers) == 1)) { /* - * Special case as client bug workaround: the previously used - * cipher may not be in the current list, the client instead - * might be trying to continue using a cipher that before wasn't - * chosen due to server preferences. We'll have to reject the - * connection if the cipher is not enabled, though. + * Disabled because it can be used in a ciphersuite downgrade + * attack: + * CVE-2010-4180. */ - c = sk_SSL_CIPHER_value(ciphers, 0); - if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { - s->session->cipher = c; - j = 1; +#if 0 + if (j == 0 && (s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) + && (sk_SSL_CIPHER_num(ciphers) == 1)) { + /* + * Special case as client bug workaround: the previously used + * cipher may not be in the current list, the client instead + * might be trying to continue using a cipher that before wasn't + * chosen due to server preferences. We'll have to reject the + * connection if the cipher is not enabled, though. + */ + c = sk_SSL_CIPHER_value(ciphers, 0); + if (sk_SSL_CIPHER_find(SSL_get_ciphers(s), c) >= 0) { + s->session->cipher = c; + j = 1; + } } - } #endif - if (j == 0) { - /* - * we need to have the cipher in the cipher list if we are asked - * to reuse it - */ - al = SSL_AD_ILLEGAL_PARAMETER; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, - SSL_R_REQUIRED_CIPHER_MISSING); - goto f_err; + if (j == 0) { + /* + * we need to have the cipher in the cipher list if we are asked + * to reuse it + */ + al = SSL_AD_ILLEGAL_PARAMETER; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, + SSL_R_REQUIRED_CIPHER_MISSING); + goto f_err; + } } - } - /* compression */ - i = *(p++); - if ((p + i) > (d + n)) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); - goto f_err; - } + /* compression */ + complen = *(p++); + if ((p + complen) > (d + n)) { + /* not enough data */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); + goto f_err; + } #ifndef OPENSSL_NO_COMP - q = p; + q = p; #endif - for (j = 0; j < i; j++) { - if (p[j] == 0) - break; - } + for (j = 0; j < complen; j++) { + if (p[j] == 0) + break; + } - p += i; - if (j >= i) { - /* no compress */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); - goto f_err; + p += complen; + if (j >= complen) { + /* no compress */ + al = SSL_AD_DECODE_ERROR; + SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_NO_COMPRESSION_SPECIFIED); + goto f_err; + } } + #ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (s->version >= SSL3_VERSION) { @@ -1281,7 +1422,7 @@ int ssl3_get_client_hello(SSL *s) /* * Worst case, we will use the NULL compression, but if we have other - * options, we will now look for them. We have i-1 compression + * options, we will now look for them. We have complen-1 compression * algorithms from the client, starting at q. */ s->s3->tmp.new_compression = NULL; @@ -1310,11 +1451,11 @@ int ssl3_get_client_hello(SSL *s) goto f_err; } /* Look for resumed method in compression list */ - for (m = 0; m < i; m++) { + for (m = 0; m < complen; m++) { if (q[m] == comp_id) break; } - if (m >= i) { + if (m >= complen) { al = SSL_AD_ILLEGAL_PARAMETER; SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING); @@ -1330,7 +1471,7 @@ int ssl3_get_client_hello(SSL *s) for (m = 0; m < nn; m++) { comp = sk_SSL_COMP_value(s->ctx->comp_methods, m); v = comp->id; - for (o = 0; o < i; o++) { + for (o = 0; o < complen; o++) { if (v == q[o]) { done = 1; break; @@ -3395,3 +3536,119 @@ int ssl3_get_next_proto(SSL *s) # endif #endif + +#define SSLV2_CIPHER_LEN 3 + +STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, + int num, + STACK_OF(SSL_CIPHER) **skp, + int sslv2format) +{ + const SSL_CIPHER *c; + STACK_OF(SSL_CIPHER) *sk; + int i, n; + + if (s->s3) + s->s3->send_connection_binding = 0; + + if(sslv2format) { + n = SSLV2_CIPHER_LEN; + } else { + n = ssl_put_cipher_by_char(s, NULL, NULL); + } + if (n == 0 || (num % n) != 0) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); + return (NULL); + } + if ((skp == NULL) || (*skp == NULL)) { + sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ + if(sk == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + return NULL; + } + } else { + sk = *skp; + sk_SSL_CIPHER_zero(sk); + } + + OPENSSL_free(s->cert->ciphers_raw); + s->cert->ciphers_raw = BUF_memdup(p, num); + if (s->cert->ciphers_raw == NULL) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } + s->cert->ciphers_rawlen = (size_t)num; + + for (i = 0; i < num; i += n) { + /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ + if (s->s3 && (n != 3 || !p[0]) && + (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { + /* SCSV fatal if renegotiating */ + if (s->renegotiate) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); + ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); + goto err; + } + s->s3->send_connection_binding = 1; + p += n; +#ifdef OPENSSL_RI_DEBUG + fprintf(stderr, "SCSV received by server\n"); +#endif + continue; + } + + /* Check for TLS_FALLBACK_SCSV */ + if ((n != 3 || !p[0]) && + (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && + (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) { + /* + * The SCSV indicates that the client previously tried a higher + * version. Fail if the current version is an unexpected + * downgrade. + */ + if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, + SSL_R_INAPPROPRIATE_FALLBACK); + if (s->s3) + ssl3_send_alert(s, SSL3_AL_FATAL, + SSL_AD_INAPPROPRIATE_FALLBACK); + goto err; + } + p += n; + continue; + } + + if(sslv2format) { + /* + * We only support SSLv2 format ciphers in SSLv3+ using a + * SSLv2 backward compatible ClientHello. In this case the first + * byte is always 0 for SSLv3 compatible ciphers. Anything else + * is an SSLv2 cipher and we ignore it + */ + if(p[0] == 0) + c = ssl_get_cipher_by_char(s, &p[1]); + else + c = NULL; + } else { + c = ssl_get_cipher_by_char(s, p); + } + p += n; + if (c != NULL) { + if (!sk_SSL_CIPHER_push(sk, c)) { + SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); + goto err; + } + } + } + + if (skp != NULL) + *skp = sk; + return (sk); + err: + if ((skp == NULL) || (*skp == NULL)) + sk_SSL_CIPHER_free(sk); + return (NULL); +} diff --git a/ssl/ssl-lib.com b/ssl/ssl-lib.com index 9a20b54..5d2b5dd 100644 --- a/ssl/ssl-lib.com +++ b/ssl/ssl-lib.com @@ -207,8 +207,7 @@ $ ENDIF $! $! Define The Different SSL "library" Files. $! -$ LIB_SSL = "s3_meth, s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ - - "s23_meth,s23_srvr,s23_clnt,s23_lib, s23_pkt,"+ - +$ LIB_SSL = "s3_srvr, s3_clnt, s3_lib, s3_enc,s3_pkt,s3_both,s3_cbc,"+ - "t1_meth, t1_srvr, t1_clnt, t1_lib, t1_enc, t1_ext,"+ - "d1_meth, d1_srvr, d1_clnt, d1_lib, d1_pkt,"+ - "d1_both,d1_srtp,"+ - diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 24891ad..86f8fa8 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -111,14 +111,6 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE), "dtls1_send_server_key_exchange"}, {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"}, - {ERR_FUNC(SSL_F_SSL23_ACCEPT), "ssl23_accept"}, - {ERR_FUNC(SSL_F_SSL23_CLIENT_HELLO), "SSL23_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL23_CONNECT), "ssl23_connect"}, - {ERR_FUNC(SSL_F_SSL23_GET_CLIENT_HELLO), "SSL23_GET_CLIENT_HELLO"}, - {ERR_FUNC(SSL_F_SSL23_GET_SERVER_HELLO), "SSL23_GET_SERVER_HELLO"}, - {ERR_FUNC(SSL_F_SSL23_PEEK), "ssl23_peek"}, - {ERR_FUNC(SSL_F_SSL23_READ), "ssl23_read"}, - {ERR_FUNC(SSL_F_SSL23_WRITE), "ssl23_write"}, {ERR_FUNC(SSL_F_SSL3_ACCEPT), "ssl3_accept"}, {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"}, @@ -297,6 +289,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_SSL_SET_SESSION_ID_CONTEXT), "SSL_set_session_id_context"}, {ERR_FUNC(SSL_F_SSL_SET_SESSION_TICKET_EXT), "SSL_set_session_ticket_ext"}, {ERR_FUNC(SSL_F_SSL_SET_TRUST), "SSL_set_trust"}, + {ERR_FUNC(SSL_F_SSL_SET_VERSION), "SSL_SET_VERSION"}, {ERR_FUNC(SSL_F_SSL_SET_WFD), "SSL_set_wfd"}, {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"}, {ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT), "SSL_SRP_CTX_init"}, @@ -564,8 +557,6 @@ static ERR_STRING_DATA SSL_str_reasons[] = { "srtp protection profile list too long"}, {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"}, - {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), - "ssl23 doing session id reuse"}, {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"}, {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3828018..b9ae025 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1394,164 +1394,6 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) return (buf); } -int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, - unsigned char *p, - int (*put_cb) (const SSL_CIPHER *, - unsigned char *)) -{ - int i, j = 0; - SSL_CIPHER *c; - unsigned char *q; - int empty_reneg_info_scsv = !s->renegotiate; - /* Set disabled masks for this session */ - ssl_set_client_disabled(s); - - if (sk == NULL) - return (0); - q = p; - if (put_cb == NULL) - put_cb = s->method->put_cipher_by_char; - - for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { - c = sk_SSL_CIPHER_value(sk, i); - /* Skip disabled ciphers */ - if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED)) - continue; -#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL - if (c->id == SSL3_CK_SCSV) { - if (!empty_reneg_info_scsv) - continue; - else - empty_reneg_info_scsv = 0; - } -#endif - j = put_cb(c, p); - p += j; - } - /* - * If p == q, no ciphers; caller indicates an error. Otherwise, add - * applicable SCSVs. - */ - if (p != q) { - if (empty_reneg_info_scsv) { - static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb(&scsv, p); - p += j; -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, - "TLS_EMPTY_RENEGOTIATION_INFO_SCSV sent by client\n"); -#endif - } - if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) { - static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0 - }; - j = put_cb(&scsv, p); - p += j; - } - } - - return (p - q); -} - -STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, - int num, - STACK_OF(SSL_CIPHER) **skp) -{ - const SSL_CIPHER *c; - STACK_OF(SSL_CIPHER) *sk; - int i, n; - - if (s->s3) - s->s3->send_connection_binding = 0; - - n = ssl_put_cipher_by_char(s, NULL, NULL); - if (n == 0 || (num % n) != 0) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, - SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST); - return (NULL); - } - if ((skp == NULL) || (*skp == NULL)) { - sk = sk_SSL_CIPHER_new_null(); /* change perhaps later */ - if(sk == NULL) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - return NULL; - } - } else { - sk = *skp; - sk_SSL_CIPHER_zero(sk); - } - - OPENSSL_free(s->cert->ciphers_raw); - s->cert->ciphers_raw = BUF_memdup(p, num); - if (s->cert->ciphers_raw == NULL) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - goto err; - } - s->cert->ciphers_rawlen = (size_t)num; - - for (i = 0; i < num; i += n) { - /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ - if (s->s3 && (n != 3 || !p[0]) && - (p[n - 2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && - (p[n - 1] == (SSL3_CK_SCSV & 0xff))) { - /* SCSV fatal if renegotiating */ - if (s->renegotiate) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, - SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); - ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE); - goto err; - } - s->s3->send_connection_binding = 1; - p += n; -#ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "SCSV received by server\n"); -#endif - continue; - } - - /* Check for TLS_FALLBACK_SCSV */ - if ((n != 3 || !p[0]) && - (p[n - 2] == ((SSL3_CK_FALLBACK_SCSV >> 8) & 0xff)) && - (p[n - 1] == (SSL3_CK_FALLBACK_SCSV & 0xff))) { - /* - * The SCSV indicates that the client previously tried a higher - * version. Fail if the current version is an unexpected - * downgrade. - */ - if (!SSL_ctrl(s, SSL_CTRL_CHECK_PROTO_VERSION, 0, NULL)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, - SSL_R_INAPPROPRIATE_FALLBACK); - if (s->s3) - ssl3_send_alert(s, SSL3_AL_FATAL, - SSL_AD_INAPPROPRIATE_FALLBACK); - goto err; - } - p += n; - continue; - } - - c = ssl_get_cipher_by_char(s, p); - p += n; - if (c != NULL) { - if (!sk_SSL_CIPHER_push(sk, c)) { - SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); - goto err; - } - } - } - - if (skp != NULL) - *skp = sk; - return (sk); - err: - if ((skp == NULL) || (*skp == NULL)) - sk_SSL_CIPHER_free(sk); - return (NULL); -} - #ifndef OPENSSL_NO_TLSEXT /** return a servername extension value if provided in Client Hello, or NULL. * So far, only host_name types are defined (RFC 3546). diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index f9c4e12..91eb119 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1816,43 +1816,6 @@ const SSL_METHOD *func_name(void) \ return &func_name##_data; \ } -# define IMPLEMENT_ssl23_meth_func(func_name, s_accept, s_connect, s_get_meth) \ -const SSL_METHOD *func_name(void) \ - { \ - static const SSL_METHOD func_name##_data= { \ - TLS1_2_VERSION, \ - tls1_new, \ - tls1_clear, \ - tls1_free, \ - s_accept, \ - s_connect, \ - ssl23_read, \ - ssl23_peek, \ - ssl23_write, \ - ssl_undefined_function, \ - ssl_undefined_function, \ - ssl_ok, \ - ssl3_get_message, \ - ssl3_read_bytes, \ - ssl3_write_bytes, \ - ssl3_dispatch_alert, \ - ssl3_ctrl, \ - ssl3_ctx_ctrl, \ - ssl23_get_cipher_by_char, \ - ssl23_put_cipher_by_char, \ - ssl_undefined_const_function, \ - ssl23_num_ciphers, \ - ssl23_get_cipher, \ - s_get_meth, \ - ssl23_default_timeout, \ - &TLSv1_2_enc_data, \ - ssl_undefined_void_function, \ - ssl3_callback_ctrl, \ - ssl3_ctx_callback_ctrl, \ - }; \ - return &func_name##_data; \ - } - # define IMPLEMENT_dtls1_meth_func(version, func_name, s_accept, s_connect, \ s_get_meth, enc_data) \ const SSL_METHOD *func_name(void) \ @@ -1919,13 +1882,6 @@ __owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b); DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id); __owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap, const SSL_CIPHER *const *bp); -__owur STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, - int num, - STACK_OF(SSL_CIPHER) **skp); -__owur int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, - unsigned char *p, - int (*put_cb) (const SSL_CIPHER *, - unsigned char *)); __owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted, @@ -2023,15 +1979,6 @@ __owur long ssl3_default_timeout(void); __owur int ssl3_set_handshake_header(SSL *s, int htype, unsigned long len); __owur int ssl3_handshake_write(SSL *s); -__owur int ssl23_num_ciphers(void); -__owur const SSL_CIPHER *ssl23_get_cipher(unsigned int u); -__owur int ssl23_read(SSL *s, void *buf, int len); -__owur int ssl23_peek(SSL *s, void *buf, int len); -__owur int ssl23_write(SSL *s, const void *buf, int len); -__owur int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); -__owur const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); -__owur long ssl23_default_timeout(void); - __owur int ssl_allow_compression(SSL *s); __owur long tls1_default_timeout(void); @@ -2105,9 +2052,6 @@ __owur int ssl3_get_cert_verify(SSL *s); __owur int ssl3_get_next_proto(SSL *s); # endif -__owur int ssl23_accept(SSL *s); -__owur int ssl23_connect(SSL *s); - __owur int tls1_new(SSL *s); void tls1_free(SSL *s); void tls1_clear(SSL *s); diff --git a/ssl/ssl_stat.c b/ssl/ssl_stat.c index 76b550c..f59553b 100644 --- a/ssl/ssl_stat.c +++ b/ssl/ssl_stat.c @@ -302,28 +302,6 @@ const char *SSL_state_string_long(const SSL *s) break; #endif -/* SSLv2/v3 compatibility states */ -/* client */ - case SSL23_ST_CW_CLNT_HELLO_A: - str = "SSLv2/v3 write client hello A"; - break; - case SSL23_ST_CW_CLNT_HELLO_B: - str = "SSLv2/v3 write client hello B"; - break; - case SSL23_ST_CR_SRVR_HELLO_A: - str = "SSLv2/v3 read server hello A"; - break; - case SSL23_ST_CR_SRVR_HELLO_B: - str = "SSLv2/v3 read server hello B"; - break; -/* server */ - case SSL23_ST_SR_CLNT_HELLO_A: - str = "SSLv2/v3 read client hello A"; - break; - case SSL23_ST_SR_CLNT_HELLO_B: - str = "SSLv2/v3 read client hello B"; - break; - /* DTLS */ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str = "DTLS1 read hello verify request A"; @@ -535,28 +513,6 @@ const char *SSL_state_string(const SSL *s) break; #endif -/* SSLv2/v3 compatibility states */ -/* client */ - case SSL23_ST_CW_CLNT_HELLO_A: - str = "23WCHA"; - break; - case SSL23_ST_CW_CLNT_HELLO_B: - str = "23WCHB"; - break; - case SSL23_ST_CR_SRVR_HELLO_A: - str = "23RSHA"; - break; - case SSL23_ST_CR_SRVR_HELLO_B: - str = "23RSHA"; - break; -/* server */ - case SSL23_ST_SR_CLNT_HELLO_A: - str = "23RCHA"; - break; - case SSL23_ST_SR_CLNT_HELLO_B: - str = "23RCHB"; - break; - /* DTLS */ case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A: str = "DRCHVA"; diff --git a/ssl/t1_clnt.c b/ssl/t1_clnt.c index 746b4e6..9e117e9 100644 --- a/ssl/t1_clnt.c +++ b/ssl/t1_clnt.c @@ -66,25 +66,42 @@ static const SSL_METHOD *tls1_get_client_method(int ver); static const SSL_METHOD *tls1_get_client_method(int ver) { + if (ver == TLS_ANY_VERSION) + return TLS_client_method(); if (ver == TLS1_2_VERSION) return TLSv1_2_client_method(); if (ver == TLS1_1_VERSION) return TLSv1_1_client_method(); if (ver == TLS1_VERSION) return TLSv1_client_method(); +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) + return (SSLv3_client_method()); +#endif return NULL; } +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_client_method, + ssl_undefined_function, + ssl3_connect, + tls1_get_client_method, TLSv1_2_enc_data) + IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method, ssl_undefined_function, ssl3_connect, tls1_get_client_method, TLSv1_2_enc_data) - IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method, ssl_undefined_function, ssl3_connect, tls1_get_client_method, TLSv1_1_enc_data) - IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method, ssl_undefined_function, ssl3_connect, tls1_get_client_method, TLSv1_enc_data) + +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(SSLv3_client_method, + ssl_undefined_function, + ssl3_connect, tls1_get_client_method) +#endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 9d90c1c..af0be02 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1458,13 +1458,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, */ if (s->options & SSL_OP_TLSEXT_PADDING) { int hlen = ret - (unsigned char *)s->init_buf->data; - /* - * The code in s23_clnt.c to build ClientHello messages includes the - * 5-byte record header in the buffer, while the code in s3_clnt.c - * does not. - */ - if (s->state == SSL23_ST_CW_CLNT_HELLO_A) - hlen -= 5; + if (hlen > 0xff && hlen < 0x200) { hlen = 0x200 - hlen; if (hlen >= 4) diff --git a/ssl/t1_meth.c b/ssl/t1_meth.c index 335d57b..aa16d3f 100644 --- a/ssl/t1_meth.c +++ b/ssl/t1_meth.c @@ -62,23 +62,39 @@ static const SSL_METHOD *tls1_get_method(int ver) { + if (ver == TLS_ANY_VERSION) + return TLS_method(); if (ver == TLS1_2_VERSION) return TLSv1_2_method(); if (ver == TLS1_1_VERSION) return TLSv1_1_method(); if (ver == TLS1_VERSION) return TLSv1_method(); +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) + return (SSLv3_method()); + else +#endif return NULL; } +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_method, + ssl3_accept, + ssl3_connect, tls1_get_method, TLSv1_2_enc_data) + IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method, ssl3_accept, ssl3_connect, tls1_get_method, TLSv1_2_enc_data) - IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method, ssl3_accept, ssl3_connect, tls1_get_method, TLSv1_1_enc_data) - IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method, ssl3_accept, ssl3_connect, tls1_get_method, TLSv1_enc_data) + +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(SSLv3_method, + ssl3_accept, ssl3_connect, tls1_get_method) +#endif diff --git a/ssl/t1_srvr.c b/ssl/t1_srvr.c index 8c6b3df..6e54b51 100644 --- a/ssl/t1_srvr.c +++ b/ssl/t1_srvr.c @@ -67,26 +67,43 @@ static const SSL_METHOD *tls1_get_server_method(int ver); static const SSL_METHOD *tls1_get_server_method(int ver) { + if (ver == TLS_ANY_VERSION) + return TLS_server_method(); if (ver == TLS1_2_VERSION) return TLSv1_2_server_method(); if (ver == TLS1_1_VERSION) return TLSv1_1_server_method(); if (ver == TLS1_VERSION) return TLSv1_server_method(); +#ifndef OPENSSL_NO_SSL3 + if (ver == SSL3_VERSION) + return (SSLv3_server_method()); +#endif return NULL; } +IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, TLS_server_method, + ssl3_accept, + ssl_undefined_function, + tls1_get_server_method, TLSv1_2_enc_data) + IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method, ssl3_accept, ssl_undefined_function, tls1_get_server_method, TLSv1_2_enc_data) - IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, +IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method, ssl3_accept, ssl_undefined_function, tls1_get_server_method, TLSv1_1_enc_data) - IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, +IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method, ssl3_accept, ssl_undefined_function, tls1_get_server_method, TLSv1_enc_data) + +#ifndef OPENSSL_NO_SSL3_METHOD +IMPLEMENT_ssl3_meth_func(SSLv3_server_method, + ssl3_accept, + ssl_undefined_function, tls1_get_server_method) +#endif diff --git a/test/Makefile b/test/Makefile index 6c973ad..691249b 100644 --- a/test/Makefile +++ b/test/Makefile @@ -741,11 +741,11 @@ heartbeat_test.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h heartbeat_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h heartbeat_test.o: ../include/openssl/sha.h ../include/openssl/srtp.h heartbeat_test.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -heartbeat_test.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -heartbeat_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -heartbeat_test.o: ../include/openssl/tls1.h ../include/openssl/x509.h -heartbeat_test.o: ../include/openssl/x509_vfy.h ../ssl/record/record.h -heartbeat_test.o: ../ssl/ssl_locl.h heartbeat_test.c testutil.h +heartbeat_test.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +heartbeat_test.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +heartbeat_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +heartbeat_test.o: ../ssl/record/record.h ../ssl/ssl_locl.h heartbeat_test.c +heartbeat_test.o: testutil.h hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h hmactest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h @@ -849,11 +849,11 @@ ssltest.o: ../include/openssl/rand.h ../include/openssl/rsa.h ssltest.o: ../include/openssl/safestack.h ../include/openssl/sha.h ssltest.o: ../include/openssl/srp.h ../include/openssl/srtp.h ssltest.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -ssltest.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -ssltest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h -ssltest.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -ssltest.o: ../ssl/record/record.h ../ssl/ssl_locl.h ssltest.c +ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h +ssltest.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h +ssltest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +ssltest.o: ../include/openssl/x509v3.h ../ssl/record/record.h ../ssl/ssl_locl.h +ssltest.o: ssltest.c testutil.o: ../e_os.h ../include/openssl/e_os2.h testutil.o: ../include/openssl/opensslconf.h testutil.c testutil.h v3nametest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h diff --git a/test/ssltest.c b/test/ssltest.c index 1fa2aa2c..95ba1a0 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1417,7 +1417,7 @@ int main(int argc, char *argv[]) if (tls1) meth = TLSv1_method(); else - meth = SSLv23_method(); + meth = TLS_method(); c_ctx = SSL_CTX_new(meth); s_ctx = SSL_CTX_new(meth); diff --git a/util/ssleay.num b/util/ssleay.num index 7fb0714..d595fe0 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -95,9 +95,9 @@ SSL_use_certificate_ASN1 106 EXIST::FUNCTION: SSL_use_certificate_file 107 EXIST::FUNCTION:STDIO SSL_write 108 EXIST::FUNCTION: SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION: -SSLv23_client_method 110 EXIST::FUNCTION:RSA -SSLv23_method 111 EXIST::FUNCTION:RSA -SSLv23_server_method 112 EXIST::FUNCTION:RSA +SSLv23_client_method 110 NOEXIST::FUNCTION: +SSLv23_method 111 NOEXIST::FUNCTION: +SSLv23_server_method 112 NOEXIST::FUNCTION: SSLv2_client_method 113 NOEXIST::FUNCTION: SSLv2_method 114 NOEXIST::FUNCTION: SSLv2_server_method 115 NOEXIST::FUNCTION: @@ -396,3 +396,6 @@ SSL_set_rbio 430 EXIST::FUNCTION: SSL_CIPHER_get_digest_nid 431 EXIST::FUNCTION: SSL_CIPHER_get_cipher_nid 432 EXIST::FUNCTION: SSL_use_certificate_chain_file 433 EXIST::FUNCTION:STDIO +TLS_server_method 434 EXIST::FUNCTION: +TLS_method 435 EXIST::FUNCTION: +TLS_client_method 436 EXIST::FUNCTION: From steve at openssl.org Mon May 18 17:45:02 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 18 May 2015 17:45:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431971102.691433.24125.nullmailer@dev.openssl.org> The branch master has been updated via 6c5b6cb035666d46495ccbe4a4f3d5e3a659cd40 (commit) via 978327bcadb738b7bc7a52f74c7b4c5f56bda4a6 (commit) from b2ce0337e8430f7d4d1e692415efc89ed02a8ea3 (commit) - Log ----------------------------------------------------------------- commit 6c5b6cb035666d46495ccbe4a4f3d5e3a659cd40 Author: Dr. Stephen Henson Date: Fri May 15 00:00:41 2015 +0100 ASN1 INTEGER refactor. Rewrite and tidy ASN1_INTEGER and ASN1_ENUMERATED handling. Remove code duplication. New functions to convert between int64_t and ASN.1 types without the quirks of the old long conversion functions. Add documentation. Reviewed-by: Rich Salz commit 978327bcadb738b7bc7a52f74c7b4c5f56bda4a6 Author: Dr. Stephen Henson Date: Sun May 17 15:09:46 2015 +0100 Add types to indent.pro Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/Makefile | 24 +- crypto/asn1/a_enum.c | 179 ----------- crypto/asn1/a_int.c | 540 ++++++++++++++++++++++------------ crypto/asn1/asn1_err.c | 15 +- crypto/asn1/f_enum.c | 193 ------------ crypto/asn1/f_int.c | 13 + doc/crypto/ASN1_INTEGER_get_int64.pod | 112 +++++++ include/openssl/asn1.h | 23 +- util/indent.pro | 8 + 9 files changed, 529 insertions(+), 578 deletions(-) delete mode 100644 crypto/asn1/a_enum.c delete mode 100644 crypto/asn1/f_enum.c create mode 100644 doc/crypto/ASN1_INTEGER_get_int64.pod diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 4283145..20b7948 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -17,7 +17,7 @@ GENERAL=Makefile README LIB=$(TOP)/libcrypto.a LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \ - a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ + a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_bignum.c \ x_long.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ @@ -25,13 +25,13 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ tasn_prn.c tasn_scn.c ameth_lib.c \ f_int.c f_string.c n_pkey.c \ - f_enum.c x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \ + x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \ asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \ asn_mstbl.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ - a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ + a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_bignum.o \ x_long.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ x_nx509.o d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ @@ -39,7 +39,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ tasn_new.o tasn_fre.o tasn_enc.o tasn_dec.o tasn_utl.o tasn_typ.o \ tasn_prn.o tasn_scn.o ameth_lib.o \ f_int.o f_string.o n_pkey.o \ - f_enum.o x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \ + x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \ asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_strnid.o \ evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \ asn_mstbl.o @@ -133,14 +133,6 @@ a_dup.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_dup.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h a_dup.o: a_dup.c -a_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h -a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -a_enum.o: ../../include/openssl/err.h ../../include/openssl/lhash.h -a_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -a_enum.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h -a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -a_enum.o: ../include/internal/cryptlib.h a_enum.c a_gentm.o: ../../e_os.h ../../include/openssl/asn1.h a_gentm.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h @@ -441,14 +433,6 @@ evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h evp_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h evp_asn1.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h evp_asn1.o: evp_asn1.c -f_enum.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h -f_enum.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h -f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h -f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -f_enum.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -f_enum.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h -f_enum.o: f_enum.c f_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h f_int.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c deleted file mode 100644 index 81c0f3a..0000000 --- a/crypto/asn1/a_enum.c +++ /dev/null @@ -1,179 +0,0 @@ -/* crypto/asn1/a_enum.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -/* - * Code for ENUMERATED type: identical to INTEGER apart from a different tag. - * for comments on encoding see a_int.c - */ - -int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) -{ - int j, k; - unsigned int i; - unsigned char buf[sizeof(long) + 1]; - long d; - - a->type = V_ASN1_ENUMERATED; - if (a->length < (int)(sizeof(long) + 1)) { - OPENSSL_free(a->data); - if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL) - memset(a->data, 0, sizeof(long) + 1); - } - if (a->data == NULL) { - ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE); - return (0); - } - d = v; - if (d < 0) { - d = -d; - a->type = V_ASN1_NEG_ENUMERATED; - } - - for (i = 0; i < sizeof(long); i++) { - if (d == 0) - break; - buf[i] = (int)d & 0xff; - d >>= 8; - } - j = 0; - for (k = i - 1; k >= 0; k--) - a->data[j++] = buf[k]; - a->length = j; - return (1); -} - -long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) -{ - int neg = 0, i; - long r = 0; - - if (a == NULL) - return (0L); - i = a->type; - if (i == V_ASN1_NEG_ENUMERATED) - neg = 1; - else if (i != V_ASN1_ENUMERATED) - return -1; - - if (a->length > (int)sizeof(long)) { - /* hmm... a bit ugly */ - return (0xffffffffL); - } - if (a->data == NULL) - return 0; - - for (i = 0; i < a->length; i++) { - r <<= 8; - r |= (unsigned char)a->data[i]; - } - if (neg) - r = -r; - return (r); -} - -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) -{ - ASN1_ENUMERATED *ret; - int len, j; - - if (ai == NULL) - ret = ASN1_ENUMERATED_new(); - else - ret = ai; - if (ret == NULL) { - ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR); - goto err; - } - if (BN_is_negative(bn)) - ret->type = V_ASN1_NEG_ENUMERATED; - else - ret->type = V_ASN1_ENUMERATED; - j = BN_num_bits(bn); - len = ((j == 0) ? 0 : ((j / 8) + 1)); - if (ret->length < len + 4) { - unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); - if (!new_data) { - ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->data = new_data; - } - - ret->length = BN_bn2bin(bn, ret->data); - return (ret); - err: - if (ret != ai) - ASN1_ENUMERATED_free(ret); - return (NULL); -} - -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) -{ - BIGNUM *ret; - - if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) - ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB); - else if (ai->type == V_ASN1_NEG_ENUMERATED) - BN_set_negative(ret, 1); - return (ret); -} diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 56a72fb..f3a7e6a 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -58,6 +58,7 @@ #include #include "internal/cryptlib.h" +#include #include #include #include "asn1_locl.h" @@ -88,10 +89,11 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) } /*- - * This converts an ASN1 INTEGER into its content encoding. + * This converts a big endian buffer and sign into its content encoding. + * This is used for INTEGER and ENUMERATED types. * The internal representation is an ASN1_STRING whose data is a big endian * representation of the value, ignoring the sign. The sign is determined by - * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. + * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive. * * Positive integers are no problem: they are almost the same as the DER * encoding, except if the first byte is >= 0x80 we need to add a zero pad. @@ -112,19 +114,19 @@ int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) * followed by optional zeros isn't padded. */ -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg, + unsigned char **pp) { - int pad = 0, ret, i, neg; - unsigned char *p, *n, pb = 0; + int pad = 0; + size_t ret, i; + unsigned char *p, pb = 0; + const unsigned char *n; - if (a == NULL) - return (0); - neg = a->type & V_ASN1_NEG; - if (a->length == 0) + if (b == NULL || blen == 0) ret = 1; else { - ret = a->length; - i = a->data[0]; + ret = blen; + i = b[0]; if (ret == 1 && i == 0) neg = 0; if (!neg && (i > 127)) { @@ -139,8 +141,8 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) * Special case: if any other bytes non zero we pad: * otherwise we don't. */ - for (i = 1; i < a->length; i++) - if (a->data[i]) { + for (i = 1; i < blen; i++) + if (b[i]) { pad = 1; pb = 0xFF; break; @@ -150,20 +152,20 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) ret += pad; } if (pp == NULL) - return (ret); + return ret; p = *pp; if (pad) *(p++) = pb; - if (a->length == 0) + if (blen == 0) *(p++) = 0; else if (!neg) - memcpy(p, a->data, (unsigned int)a->length); + memcpy(p, b, blen); else { /* Begin at the end of the encoding */ - n = a->data + a->length - 1; - p += a->length - 1; - i = a->length; + n = b + blen - 1; + p += blen - 1; + i = blen; /* Copy zeros to destination as long as source is zero */ while (!*n && i > 1) { *(p--) = 0; @@ -179,97 +181,241 @@ int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) } *pp += ret; - return (ret); + return ret; } -/* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ +/* + * convert content octets into a big endian buffer. Returns the length + * of buffer or 0 on error: for malformed INTEGER. If output bufer is + * NULL just return length. + */ -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) +static size_t c2i_ibuf(unsigned char *b, int *pneg, + const unsigned char *p, size_t plen) { - ASN1_INTEGER *ret = NULL; - const unsigned char *p, *pend; - unsigned char *to, *s; - int i; + size_t i; + int neg, pad; + /* Zero content length is illegal */ + if (plen == 0) { + ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT); + return 0; + } + neg = p[0] & 0x80; + if (pneg) + *pneg = neg; + /* Handle common case where length is 1 octet separately */ + if (plen == 1) { + if (b) { + if (neg) + b[0] = (p[0] ^ 0xFF) + 1; + else + b[0] = p[0]; + } + return 1; + } + if (p[0] == 0 || p[0] == 0xFF) + pad = 1; + else + pad = 0; + /* reject illegal padding: first two octets MSB can't match */ + if (pad && (neg == (p[1] & 0x80))) { + ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING); + return 0; + } + /* If positive just copy across */ + if (neg == 0) { + if (b) + memcpy(b, p + pad, plen - pad); + return plen - pad; + } - if ((a == NULL) || ((*a) == NULL)) { - if ((ret = ASN1_INTEGER_new()) == NULL) - return (NULL); - ret->type = V_ASN1_INTEGER; - } else - ret = (*a); + if (neg && pad) { + /* check is any following octets are non zero */ + for (i = 1; i < plen; i++) { + if (p[i] != 0) + break; + } + /* if all bytes are zero handle as special case */ + if (i == plen) { + if (b) { + b[0] = 1; + memset(b + 1, 0, plen - 1); + } + return plen; + } + } - p = *pp; - pend = p + len; + plen -= pad; + /* Must be negative: calculate twos complement */ + if (b) { + const unsigned char *from = p + plen - 1 + pad; + unsigned char *to = b + plen - 1; + i = plen; + while (*from == 0 && i) { + *to-- = 0; + i--; + from--; + } + *to-- = (*from-- ^ 0xff) + 1; + OPENSSL_assert(i != 0); + i--; + for (; i > 0; i--) + *to-- = *from-- ^ 0xff; + } + return plen; +} - /* - * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies - * a missing NULL parameter. - */ - s = OPENSSL_malloc((int)len + 1); - if (s == NULL) { - i = ERR_R_MALLOC_FAILURE; - goto err; +int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +{ + return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp); +} + +/* Convert big endian buffer into uint64_t, return 0 on error */ +static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen) +{ + size_t i; + if (blen > sizeof(*pr)) { + ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE); + return 0; } - to = s; - if (!len) { - /* - * Strictly speaking this is an illegal INTEGER but we tolerate it. - */ - ret->type = V_ASN1_INTEGER; - } else if (*p & 0x80) { /* a negative number */ - ret->type = V_ASN1_NEG_INTEGER; - if ((*p == 0xff) && (len != 1)) { - p++; - len--; - } - i = len; - p += i - 1; - to += i - 1; - while ((!*p) && i) { - *(to--) = 0; - i--; - p--; + *pr = 0; + if (b == NULL) + return 0; + for (i = 0; i < blen; i++) { + *pr <<= 8; + *pr |= b[i]; + } + return 1; +} + +static size_t asn1_put_uint64(unsigned char *b, uint64_t r) +{ + if (r >= 0x100) { + unsigned char *p; + uint64_t rtmp = r; + size_t i = 0; + + /* Work out how many bytes we need */ + while (rtmp) { + rtmp >>= 8; + i++; } - /* - * Special case: if all zeros then the number will be of the form FF - * followed by n zero bytes: this corresponds to 1 followed by n zero - * bytes. We've already written n zeros so we just append an extra - * one and set the first byte to a 1. This is treated separately - * because it is the only case where the number of bytes is larger - * than len. - */ - if (!i) { - *s = 1; - s[len] = 0; - len++; - } else { - *(to--) = (*(p--) ^ 0xff) + 1; - i--; - for (; i > 0; i--) - *(to--) = *(p--) ^ 0xff; + + /* Copy from end to beginning */ + p = b + i - 1; + + do { + *p-- = r & 0xFF; + r >>= 8; + } while (p >= b); + + return i; + } + + b[0] = (unsigned char)r; + return 1; + +} + +/* + * Absolute value of INT64_MIN: we can't just use -INT64_MIN as it produces + * overflow warnings. + */ + +#define ABS_INT64_MIN \ + ((uint64_t)INT64_MAX + (uint64_t)(-(INT64_MIN + INT64_MAX))) + +/* signed version of asn1_get_uint64 */ +static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, + int neg) +{ + uint64_t r; + if (asn1_get_uint64(&r, b, blen) == 0) + return 0; + if (neg) { + if (r > ABS_INT64_MIN) { + ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL); + return 0; } + *pr = (int64_t)-r; } else { - ret->type = V_ASN1_INTEGER; - if ((*p == 0) && (len != 1)) { - p++; - len--; + if (r > INT64_MAX) { + ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE); + return 0; } - memcpy(s, p, (int)len); + *pr = (int64_t)r; } + return 1; +} - OPENSSL_free(ret->data); - ret->data = s; - ret->length = (int)len; +/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */ +ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long len) +{ + ASN1_INTEGER *ret = NULL; + size_t r; + int neg; + + r = c2i_ibuf(NULL, NULL, *pp, len); + + if (r == 0) + return NULL; + + if ((a == NULL) || ((*a) == NULL)) { + ret = ASN1_INTEGER_new(); + if (ret == NULL) + return NULL; + ret->type = V_ASN1_INTEGER; + } else + ret = *a; + + if (ASN1_STRING_set(ret, NULL, r) == 0) + goto err; + + c2i_ibuf(ret->data, &neg, *pp, len); + + if (neg) + ret->type |= V_ASN1_NEG; + + *pp += len; if (a != NULL) (*a) = ret; - *pp = pend; - return (ret); + return ret; err: - ASN1err(ASN1_F_C2I_ASN1_INTEGER, i); + ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); if ((a == NULL) || (*a != ret)) ASN1_INTEGER_free(ret); - return (NULL); + return NULL; +} + +static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype) +{ + if (a == NULL) { + ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((a->type & ~V_ASN1_NEG) != itype) { + ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE); + return 0; + } + return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG); +} + +static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype) +{ + unsigned char tbuf[sizeof(r)]; + size_t l; + a->type = itype; + if (r < 0) { + l = asn1_put_uint64(tbuf, -r); + a->type |= V_ASN1_NEG; + } else { + l = asn1_put_uint64(tbuf, r); + a->type &= ~V_ASN1_NEG; + } + if (l == 0) + return 0; + return ASN1_STRING_set(a, tbuf, l); } /* @@ -340,116 +486,148 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, return (NULL); } -int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, + int atype) { - int j, k; - unsigned int i; - unsigned char buf[sizeof(long) + 1]; - - if (a->length < (int)(sizeof(long) + 1)) { - OPENSSL_free(a->data); - if ((a->data = OPENSSL_malloc(sizeof(long) + 1)) != NULL) - memset(a->data, 0, sizeof(long) + 1); - } - if (a->data == NULL) { - ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE); - return (0); - } - if (v < 0) { - v = -v; - a->type = V_ASN1_NEG_INTEGER; - } else - a->type = V_ASN1_INTEGER; + ASN1_INTEGER *ret; + int len; - for (i = 0; i < sizeof(long); i++) { - if (v == 0) - break; - buf[i] = (int)v & 0xff; - v >>= 8; + if (ai == NULL) { + ret = ASN1_STRING_type_new(atype); + } else { + ret = ai; + ret->type = atype; } - j = 0; - for (k = i - 1; k >= 0; k--) - a->data[j++] = buf[k]; - a->length = j; - return (1); -} - -long ASN1_INTEGER_get(const ASN1_INTEGER *a) -{ - int neg = 0, i; - long r = 0; - if (a == NULL) - return (0L); - i = a->type; - if (i == V_ASN1_NEG_INTEGER) - neg = 1; - else if (i != V_ASN1_INTEGER) - return -1; - - if (a->length > (int)sizeof(long)) { - /* hmm... a bit ugly, return all ones */ - return -1; + if (ret == NULL) { + ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR); + goto err; } - if (a->data == NULL) - return 0; - for (i = 0; i < a->length; i++) { - r <<= 8; - r |= (unsigned char)a->data[i]; - } - if (neg) - r = -r; - return (r); -} + if (BN_is_negative(bn) && !BN_is_zero(bn)) + ret->type |= V_ASN1_NEG_INTEGER; -ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) -{ - ASN1_INTEGER *ret; - int len, j; + len = BN_num_bytes(bn); - if (ai == NULL) - ret = ASN1_INTEGER_new(); - else - ret = ai; - if (ret == NULL) { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR); + if (len == 0) + len = 1; + + if (ASN1_STRING_set(ret, NULL, len) == 0) { + ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE); goto err; } - if (BN_is_negative(bn) && !BN_is_zero(bn)) - ret->type = V_ASN1_NEG_INTEGER; - else - ret->type = V_ASN1_INTEGER; - j = BN_num_bits(bn); - len = ((j == 0) ? 0 : ((j / 8) + 1)); - if (ret->length < len + 4) { - unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4); - if (!new_data) { - ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); - goto err; - } - ret->data = new_data; - } - ret->length = BN_bn2bin(bn, ret->data); + /* Correct zero case */ - if (!ret->length) { + if (BN_is_zero(bn)) ret->data[0] = 0; - ret->length = 1; - } - return (ret); + else + len = BN_bn2bin(bn, ret->data); + ret->length = len; + return ret; err: if (ret != ai) ASN1_INTEGER_free(ret); return (NULL); } -BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) +static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, + int itype) { BIGNUM *ret; - if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL) - ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB); - else if (ai->type == V_ASN1_NEG_INTEGER) + if ((ai->type & ~V_ASN1_NEG) != itype) { + ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE); + return NULL; + } + + ret = BN_bin2bn(ai->data, ai->length, bn); + if (ret == 0) { + ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB); + return NULL; + } + if (ai->type & V_ASN1_NEG) BN_set_negative(ret, 1); - return (ret); + return ret; +} + +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a) +{ + return asn1_string_get_int64(pr, a, V_ASN1_INTEGER); +} + +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r) +{ + return asn1_string_set_int64(a, r, V_ASN1_INTEGER); +} + +int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) +{ + return ASN1_INTEGER_set_int64(a, v); +} + +long ASN1_INTEGER_get(const ASN1_INTEGER *a) +{ + int i; + int64_t r; + if (a == NULL) + return 0; + i = ASN1_INTEGER_get_int64(&r, a); + if (i == 0) + return -1; + if (r > LONG_MAX || r < LONG_MIN) + return -1; + return (long)r; +} + +ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) +{ + return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER); +} + +BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) +{ + return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER); +} + +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a) +{ + return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED); +} + +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r) +{ + return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED); +} + +int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) +{ + return ASN1_ENUMERATED_set_int64(a, v); +} + +long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) +{ + int i; + int64_t r; + if (a == NULL) + return 0; + if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED) + return -1; + if (a->length > (int)sizeof(long)) + return 0xffffffffL; + i = ASN1_ENUMERATED_get_int64(&r, a); + if (i == 0) + return -1; + if (r > LONG_MAX || r < LONG_MIN) + return -1; + return (long)r; +} + +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai) +{ + return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED); +} + +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) +{ + return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED); } diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index b70ddb7..4151dc7 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,6 +1,6 @@ /* crypto/asn1/asn1_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -93,7 +93,9 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_ADJ), "ASN1_GENERALIZEDTIME_adj"}, {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"}, {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"}, + {ERR_FUNC(ASN1_F_ASN1_GET_INT64), "ASN1_GET_INT64"}, {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"}, + {ERR_FUNC(ASN1_F_ASN1_GET_UINT64), "ASN1_GET_UINT64"}, {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_NEW"}, {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"}, {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"}, @@ -101,8 +103,8 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, - {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_NEW), "ASN1_ITEM_EX_NEW"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, @@ -121,8 +123,10 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"}, {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "ASN1_STRING_GET_INT64"}, {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "ASN1_STRING_TO_BN"}, {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"}, {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"}, @@ -142,9 +146,11 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"}, {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"}, + {ERR_FUNC(ASN1_F_BN_TO_ASN1_STRING), "BN_TO_ASN1_STRING"}, {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"}, {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"}, {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"}, + {ERR_FUNC(ASN1_F_C2I_IBUF), "C2I_IBUF"}, {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"}, {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"}, {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"}, @@ -252,8 +258,10 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"}, {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), "illegal options on item template"}, + {ERR_REASON(ASN1_R_ILLEGAL_PADDING), "illegal padding"}, {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"}, {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"}, + {ERR_REASON(ASN1_R_ILLEGAL_ZERO_CONTENT), "illegal zero content"}, {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"}, {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), "integer too large for long"}, @@ -314,7 +322,9 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"}, {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"}, + {ERR_REASON(ASN1_R_TOO_LARGE), "too large"}, {ERR_REASON(ASN1_R_TOO_LONG), "too long"}, + {ERR_REASON(ASN1_R_TOO_SMALL), "too small"}, {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"}, {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"}, {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"}, @@ -339,6 +349,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "unsupported public key type"}, {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"}, + {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE), "wrong integer type"}, {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"}, {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"}, {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"}, diff --git a/crypto/asn1/f_enum.c b/crypto/asn1/f_enum.c deleted file mode 100644 index 4b85be9..0000000 --- a/crypto/asn1/f_enum.c +++ /dev/null @@ -1,193 +0,0 @@ -/* crypto/asn1/f_enum.c */ -/* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay at cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh at cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay at cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh at cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include -#include "internal/cryptlib.h" -#include -#include - -/* Based on a_int.c: equivalent ENUMERATED functions */ - -int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) -{ - int i, n = 0; - static const char *h = "0123456789ABCDEF"; - char buf[2]; - - if (a == NULL) - return (0); - - if (a->length == 0) { - if (BIO_write(bp, "00", 2) != 2) - goto err; - n = 2; - } else { - for (i = 0; i < a->length; i++) { - if ((i != 0) && (i % 35 == 0)) { - if (BIO_write(bp, "\\\n", 2) != 2) - goto err; - n += 2; - } - buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; - buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; - if (BIO_write(bp, buf, 2) != 2) - goto err; - n += 2; - } - } - return (n); - err: - return (-1); -} - -int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) -{ - int i, j, k, m, n, again, bufsize; - unsigned char *s = NULL, *sp; - unsigned char *bufp; - int num = 0, slen = 0, first = 1; - - bs->type = V_ASN1_ENUMERATED; - - bufsize = BIO_gets(bp, buf, size); - for (;;) { - if (bufsize < 1) - goto err; - i = bufsize; - if (buf[i - 1] == '\n') - buf[--i] = '\0'; - if (i == 0) - goto err; - if (buf[i - 1] == '\r') - buf[--i] = '\0'; - if (i == 0) - goto err; - again = (buf[i - 1] == '\\'); - - for (j = 0; j < i; j++) { - if (!(((buf[j] >= '0') && (buf[j] <= '9')) || - ((buf[j] >= 'a') && (buf[j] <= 'f')) || - ((buf[j] >= 'A') && (buf[j] <= 'F')))) { - i = j; - break; - } - } - buf[i] = '\0'; - /* - * We have now cleared all the crap off the end of the line - */ - if (i < 2) - goto err; - - bufp = (unsigned char *)buf; - if (first) { - first = 0; - if ((bufp[0] == '0') && (buf[1] == '0')) { - bufp += 2; - i -= 2; - } - } - k = 0; - i -= again; - if (i % 2 != 0) { - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS); - return 0; - } - i /= 2; - if (num + i > slen) { - sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); - if (sp == NULL) { - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE); - OPENSSL_free(s); - return 0; - } - s = sp; - slen = num + i * 2; - } - for (j = 0; j < i; j++, k += 2) { - for (n = 0; n < 2; n++) { - m = bufp[k + n]; - if ((m >= '0') && (m <= '9')) - m -= '0'; - else if ((m >= 'a') && (m <= 'f')) - m = m - 'a' + 10; - else if ((m >= 'A') && (m <= 'F')) - m = m - 'A' + 10; - else { - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, - ASN1_R_NON_HEX_CHARACTERS); - return 0; - } - s[num + j] <<= 4; - s[num + j] |= m; - } - } - num += i; - if (again) - bufsize = BIO_gets(bp, buf, size); - else - break; - } - bs->length = num; - bs->data = s; - return 1; - - err: - ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE); - return 0; -} diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 61029fa..9a0928e 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -204,3 +204,16 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); return 0; } + +int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a) +{ + return i2a_ASN1_INTEGER(bp, a); +} + +int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) +{ + int rv = a2i_ASN1_INTEGER(bp, bs, buf, size); + if (rv == 1) + bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG); + return rv; +} diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod new file mode 100644 index 0000000..98944b8 --- /dev/null +++ b/doc/crypto/ASN1_INTEGER_get_int64.pod @@ -0,0 +1,112 @@ +=pod + +=head1 NAME + +ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_set, BN_to_ASN1_INTEGER, ASN1_INTEGER_to_BN, ASN1_ENUMERATED_get_int64, ASN1_ENUMERATED_get, ASN1_ENUMERATED_set_int64, ASN1_ENUMERATED_set, BN_to_ASN1_ENUMERATED, ASN1_ENUMERATED_to_BN, - ASN.1 INTEGER and ENUMERATED utilities + +=head1 SYNOPSIS + + #include + + int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); + int ASN1_INTEGER_get(ASN1_INTEGER *a, long v); + + int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); + long ASN1_INTEGER_set(const ASN1_INTEGER *a); + + ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); + BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); + + int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_INTEGER *a); + long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); + + int ASN1_ENUMERATED_set_int64(ASN1_INTEGER *a, int64_t r); + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); + + ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); + BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); + +=head1 DESCRIPTION + +These functions convert to and from B and B +structures. + +ASN1_INTEGER_get_int64() converts an B into an B type +If successful it returns 1 and sets B<*pr> to the value of B. If it fails +(due to invalid type or the value being too big to fit into an B type) +it returns 0. + +ASN1_INTEGER_get() also returns the value of B but it returns 0 if B is +NULL and -1 on error (which is ambiguous because -1 is a legitimate value for +an B). New applications should use ASN1_INTEGER_get_int64() +instead. + +ASN1_INTEGER_set_int64() sets the value of B B to the +B value B. + +ASN1_INTEGER_set() sets the value of B B to the B value +B. + +BN_to_ASN1_INTEGER() converts B B to an B. If B +is NULL a new B structure is returned. If B is not NULL then +the existing structure will be used instead. + +ASN1_INTEGER_to_BN() converts ASN1_INTEGER B into a B. If B is +NULL a new B structure is returned. If B is not NULL then the +existing structure will be used instead. + +ASN1_ENUMERATED_get_int64(), ASN1_ENUMERATED_set_int64(), +ASN1_ENUMERATED_set(), BN_to_ASN1_ENUMERATED() and ASN1_ENUMERATED_to_BN() +behave in an identical way to their ASN1_INTEGER counterparts except they +operate on an B value. + +ASN1_ENUMERATED_get() returns the value of B in a similar way to +ASN1_INTEGER_get() but it returns B<0xffffffffL> if the value of B will not +fit in a long type. New applications should use ASN1_ENUMERATED_get_int64() +instead. + +=head1 NOTES + +In general an B or B type can contain an +integer of almost arbitrary size and so cannot always be represented by a C +B type. However in many cases (for example version numbers) they +represent small integers which can be more easily manipulated if converted to +an appropriate C integer type. + +=head1 BUGS + +The ambigious return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get() +mean these functions should be avoided if possible. They are retained for +compatibility. Normally the ambigious return values are not legitimate +values for the fields they represent. + +=head1 RETURN VALUES + +ASN1_INTEGER_set_int64(), ASN1_INTEGER_set(), ASN1_ENUMERATED_set_int64() and +ASN1_ENUMERATED_set() return 1 for success and 0 for failure. They will only +fail if a memory allocation error occurs. + +ASN1_INTEGER_get_int64() and ASN1_ENUMERATED_get_int64() return 1 for success +and 0 for failure. They will fail if the passed type is incorrect (this will +only happen if there is a programming error) or if the value exceeds the range +of an B type. + +BN_to_ASN1_INTEGER() and BN_to_ASN1_ENUMERATED() return an B or +B structure respectively or NULL if an error occurs. They will +only fail due to a memory allocation error. + +ASN1_INTEGER_to_BN() and ASN1_ENUMERATED_to_BN() return a B structure +of NULL if an error occurs. They can fail if the pased type is incorrect +(due to programming error) or due to a memory allocation failure. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +ASN1_INTEGER_set_int64(), ASN1_INTEGER_get_int64(), +ASN1_ENUMERATED_set_int64() and ASN1_ENUMERATED_get_int64() +were added to OpenSSL 1.1.0. + +=cut diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index b1bcef7..26d31b7 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -677,15 +677,21 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num); ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, const char *sn, const char *ln); +int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); long ASN1_INTEGER_get(const ASN1_INTEGER *a); ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); +int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a); +int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r); + + int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); -ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); -BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn); +ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai); +BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn); /* General */ /* given a string, return the correct type, max is the maximum length */ @@ -930,7 +936,9 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216 # define ASN1_F_ASN1_GENERALIZEDTIME_SET 185 # define ASN1_F_ASN1_GENERATE_V3 178 +# define ASN1_F_ASN1_GET_INT64 224 # define ASN1_F_ASN1_GET_OBJECT 114 +# define ASN1_F_ASN1_GET_UINT64 225 # define ASN1_F_ASN1_HEADER_NEW 115 # define ASN1_F_ASN1_I2D_BIO 116 # define ASN1_F_ASN1_I2D_FP 117 @@ -938,8 +946,8 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_INTEGER_TO_BN 119 # define ASN1_F_ASN1_ITEM_D2I_FP 206 # define ASN1_F_ASN1_ITEM_DUP 191 -# define ASN1_F_ASN1_ITEM_EX_NEW 121 # define ASN1_F_ASN1_ITEM_EX_D2I 120 +# define ASN1_F_ASN1_ITEM_EX_NEW 121 # define ASN1_F_ASN1_ITEM_I2D_BIO 192 # define ASN1_F_ASN1_ITEM_I2D_FP 193 # define ASN1_F_ASN1_ITEM_PACK 198 @@ -958,8 +966,10 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_SEQ_UNPACK 127 # define ASN1_F_ASN1_SIGN 128 # define ASN1_F_ASN1_STR2TYPE 179 +# define ASN1_F_ASN1_STRING_GET_INT64 227 # define ASN1_F_ASN1_STRING_SET 186 # define ASN1_F_ASN1_STRING_TABLE_ADD 129 +# define ASN1_F_ASN1_STRING_TO_BN 228 # define ASN1_F_ASN1_STRING_TYPE_NEW 130 # define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 # define ASN1_F_ASN1_TEMPLATE_NEW 133 @@ -978,9 +988,11 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_BITSTR_CB 180 # define ASN1_F_BN_TO_ASN1_ENUMERATED 138 # define ASN1_F_BN_TO_ASN1_INTEGER 139 +# define ASN1_F_BN_TO_ASN1_STRING 229 # define ASN1_F_C2I_ASN1_BIT_STRING 189 # define ASN1_F_C2I_ASN1_INTEGER 194 # define ASN1_F_C2I_ASN1_OBJECT 196 +# define ASN1_F_C2I_IBUF 226 # define ASN1_F_COLLECT_DATA 140 # define ASN1_F_D2I_ASN1_BIT_STRING 141 # define ASN1_F_D2I_ASN1_BOOLEAN 142 @@ -1079,8 +1091,10 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_ILLEGAL_OBJECT 183 # define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 # define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 +# define ASN1_R_ILLEGAL_PADDING 221 # define ASN1_R_ILLEGAL_TAGGED_ANY 127 # define ASN1_R_ILLEGAL_TIME_VALUE 184 +# define ASN1_R_ILLEGAL_ZERO_CONTENT 222 # define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185 # define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 # define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220 @@ -1133,7 +1147,9 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_TAG_VALUE_TOO_HIGH 153 # define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 # define ASN1_R_TIME_NOT_ASCII_FORMAT 193 +# define ASN1_R_TOO_LARGE 223 # define ASN1_R_TOO_LONG 155 +# define ASN1_R_TOO_SMALL 224 # define ASN1_R_TYPE_NOT_CONSTRUCTED 156 # define ASN1_R_TYPE_NOT_PRIMITIVE 195 # define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 @@ -1151,6 +1167,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 # define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 # define ASN1_R_UNSUPPORTED_TYPE 196 +# define ASN1_R_WRONG_INTEGER_TYPE 225 # define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200 # define ASN1_R_WRONG_TAG 168 # define ASN1_R_WRONG_TYPE 169 diff --git a/util/indent.pro b/util/indent.pro index 5a6d452..2a51225 100644 --- a/util/indent.pro +++ b/util/indent.pro @@ -717,3 +717,11 @@ -T tls12_lookup -T OPTIONS -T OPT_PAIR +-T uint64_t +-T int64_t +-T uint32_t +-T int32_t +-T uint16_t +-T int16_t +-T uint8_t +-T int8_t From steve at openssl.org Mon May 18 17:57:46 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Mon, 18 May 2015 17:57:46 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1431971866.678934.306.nullmailer@dev.openssl.org> The branch master has been updated via 6383d31645c6381817f26e2997b8bf58ec903edb (commit) via d376e57d6826e56f4c922806e088a111c52f9e92 (commit) via 76106e60a827ddaefe1fee28a749018241d8f517 (commit) from 6c5b6cb035666d46495ccbe4a4f3d5e3a659cd40 (commit) - Log ----------------------------------------------------------------- commit 6383d31645c6381817f26e2997b8bf58ec903edb Author: Dr. Stephen Henson Date: Tue May 12 22:17:34 2015 +0100 Move certificate validity flags out of CERT. Reviewed-by: Rich Salz commit d376e57d6826e56f4c922806e088a111c52f9e92 Author: Dr. Stephen Henson Date: Tue May 12 18:56:39 2015 +0100 Move signing digest out of CERT. Reviewed-by: Rich Salz commit 76106e60a827ddaefe1fee28a749018241d8f517 Author: Dr. Stephen Henson Date: Tue May 12 17:17:37 2015 +0100 CERT tidy Move per-connection state out of the CERT structure: which should just be for shared configuration data (e.g. certificates to use). In particular move temporary premaster secret, raw ciphers, peer signature algorithms and shared signature algorithms. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 20 +++++----- ssl/s3_lib.c | 13 ++++++- ssl/s3_srvr.c | 8 ++-- ssl/ssl_cert.c | 36 +----------------- ssl/ssl_lib.c | 40 ++++++++------------ ssl/ssl_locl.h | 50 +++++++++++++------------ ssl/t1_lib.c | 115 +++++++++++++++++++++++++++++++++------------------------ 7 files changed, 135 insertions(+), 147 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c0dec1e..3b49fa4 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2163,8 +2163,8 @@ int ssl3_get_certificate_request(SSL *s) } /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { - s->cert->pkeys[i].digest = NULL; - s->cert->pkeys[i].valid_flags = 0; + s->s3->tmp.md[i] = NULL; + s->s3->tmp.valid_flags[i] = 0; } if ((llen & 1) || !tls1_save_sigalgs(s, p, llen)) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR); @@ -3003,13 +3003,13 @@ int ssl3_send_client_key_exchange(SSL *s) #endif /* If we haven't written everything save PMS */ if (n <= 0) { - s->cert->pms = pms; - s->cert->pmslen = pmslen; + s->s3->tmp.pms = pms; + s->s3->tmp.pmslen = pmslen; } else { /* If we don't have a PMS restore */ if (pms == NULL) { - pms = s->cert->pms; - pmslen = s->cert->pmslen; + pms = s->s3->tmp.pms; + pmslen = s->s3->tmp.pmslen; } if (pms == NULL) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); @@ -3022,7 +3022,7 @@ int ssl3_send_client_key_exchange(SSL *s) session->master_key, pms, pmslen); OPENSSL_clear_free(pms, pmslen); - s->cert->pms = NULL; + s->s3->tmp.pms = NULL; if (s->session->master_key_length < 0) { ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR); SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); @@ -3035,7 +3035,7 @@ int ssl3_send_client_key_exchange(SSL *s) SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE); err: OPENSSL_clear_free(pms, pmslen); - s->cert->pms = NULL; + s->s3->tmp.pms = NULL; #ifndef OPENSSL_NO_EC BN_CTX_free(bn_ctx); OPENSSL_free(encodedPoint); @@ -3081,7 +3081,7 @@ int ssl3_send_client_verify(SSL *s) if (SSL_USE_SIGALGS(s)) { long hdatalen = 0; void *hdata; - const EVP_MD *md = s->cert->key->digest; + const EVP_MD *md = s->s3->tmp.md[s->cert->key - s->cert->pkeys]; hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md)) { SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY, ERR_R_INTERNAL_ERROR); @@ -3197,7 +3197,7 @@ static int ssl3_check_client_certificate(SSL *s) if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey) return 0; /* If no suitable signature algorithm can't use certificate */ - if (SSL_USE_SIGALGS(s) && !s->cert->key->digest) + if (SSL_USE_SIGALGS(s) && !s->s3->tmp.md[s->cert->key - s->cert->pkeys]) return 0; /* * If strict mode check suitability of chain before using it. This also diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 1a67e4e..c28c447 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2902,6 +2902,9 @@ void ssl3_free(SSL *s) #endif sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.ciphers_raw); + OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); + OPENSSL_free(s->s3->tmp.peer_sigalgs); BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); @@ -2922,6 +2925,12 @@ void ssl3_clear(SSL *s) ssl3_cleanup_key_block(s); sk_X509_NAME_pop_free(s->s3->tmp.ca_names, X509_NAME_free); + OPENSSL_free(s->s3->tmp.ciphers_raw); + s->s3->tmp.ciphers_raw = NULL; + OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen); + s->s3->tmp.pms = NULL; + OPENSSL_free(s->s3->tmp.peer_sigalgs); + s->s3->tmp.peer_sigalgs = NULL; #ifndef OPENSSL_NO_DH DH_free(s->s3->tmp.dh); @@ -3317,7 +3326,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) if (SSL_USE_SIGALGS(s)) { if (s->session && s->session->sess_cert) { const EVP_MD *sig; - sig = s->session->sess_cert->peer_key->digest; + sig = s->s3->tmp.peer_md; if (sig) { *(int *)parg = EVP_MD_type(sig); return 1; @@ -3883,7 +3892,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) continue; - ssl_set_cert_masks(cert, c); + ssl_set_masks(s, c); mask_k = cert->mask_k; mask_a = cert->mask_a; emask_k = cert->export_mask_k; diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index ce092a7..6bc80d5 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -3572,13 +3572,13 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p, sk_SSL_CIPHER_zero(sk); } - OPENSSL_free(s->cert->ciphers_raw); - s->cert->ciphers_raw = BUF_memdup(p, num); - if (s->cert->ciphers_raw == NULL) { + OPENSSL_free(s->s3->tmp.ciphers_raw); + s->s3->tmp.ciphers_raw = BUF_memdup(p, num); + if (s->s3->tmp.ciphers_raw == NULL) { SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE); goto err; } - s->cert->ciphers_rawlen = (size_t)num; + s->s3->tmp.ciphers_rawlen = (size_t)num; for (i = 0; i < num; i += n) { /* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV */ diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index d8b47e6..14c0c16 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -165,21 +165,6 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void) return ssl_x509_store_ctx_idx; } -void ssl_cert_set_default_md(CERT *cert) -{ - /* Set digest values to defaults */ -#ifndef OPENSSL_NO_DSA - cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_RSA - cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); - cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); -#endif -#ifndef OPENSSL_NO_EC - cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); -#endif -} - CERT *ssl_cert_new(void) { CERT *ret = OPENSSL_malloc(sizeof(*ret)); @@ -192,7 +177,6 @@ CERT *ssl_cert_new(void) ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]); ret->references = 1; - ssl_cert_set_default_md(ret); ret->sec_cb = ssl_security_default_callback; ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL; ret->sec_ex = NULL; @@ -286,7 +270,6 @@ CERT *ssl_cert_dup(CERT *cert) goto err; } } - rpk->valid_flags = 0; #ifndef OPENSSL_NO_TLSEXT if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ @@ -306,16 +289,7 @@ CERT *ssl_cert_dup(CERT *cert) } ret->references = 1; - /* - * Set digests to defaults. NB: we don't copy existing values as they - * will be set during handshake. - */ - ssl_cert_set_default_md(ret); - /* Peer sigalgs set to NULL as we get these from handshake too */ - ret->peer_sigalgs = NULL; - ret->peer_sigalgslen = 0; - /* Configured sigalgs however we copy across */ - + /* Configured sigalgs copied across */ if (cert->conf_sigalgs) { ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen); if (!ret->conf_sigalgs) @@ -361,8 +335,6 @@ CERT *ssl_cert_dup(CERT *cert) ret->chain_store = cert->chain_store; } - ret->ciphers_raw = NULL; - ret->sec_cb = cert->sec_cb; ret->sec_level = cert->sec_level; ret->sec_ex = cert->sec_ex; @@ -402,8 +374,6 @@ void ssl_cert_clear_certs(CERT *c) cpk->serverinfo = NULL; cpk->serverinfo_length = 0; #endif - /* Clear all flags apart from explicit sign */ - cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; } } @@ -438,20 +408,16 @@ void ssl_cert_free(CERT *c) #endif ssl_cert_clear_certs(c); - OPENSSL_free(c->peer_sigalgs); OPENSSL_free(c->conf_sigalgs); OPENSSL_free(c->client_sigalgs); OPENSSL_free(c->shared_sigalgs); OPENSSL_free(c->ctypes); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); - OPENSSL_free(c->ciphers_raw); #ifndef OPENSSL_NO_TLSEXT custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); #endif - OPENSSL_clear_free(c->pms, c->pmslen); - c->pms = NULL; OPENSSL_free(c); } diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b9ae025..b44cb19 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1076,10 +1076,10 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) case SSL_CTRL_GET_RAW_CIPHERLIST: if (parg) { - if (s->cert->ciphers_raw == NULL) + if (s->s3->tmp.ciphers_raw == NULL) return 0; - *(unsigned char **)parg = s->cert->ciphers_raw; - return (int)s->cert->ciphers_rawlen; + *(unsigned char **)parg = s->s3->tmp.ciphers_raw; + return (int)s->s3->tmp.ciphers_rawlen; } else return ssl_put_cipher_by_char(s, NULL, NULL); case SSL_CTRL_GET_EXTMS_SUPPORT: @@ -1933,9 +1933,11 @@ void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg) ssl_cert_set_cert_cb(s->cert, cb, arg); } -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) +void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) { CERT_PKEY *cpk; + CERT *c = s->cert; + int *pvalid = s->s3->tmp.valid_flags; int rsa_enc, rsa_tmp, rsa_sign, dh_tmp, dh_rsa, dh_dsa, dsa_sign; int rsa_enc_export, dh_rsa_export, dh_dsa_export; int rsa_tmp_export, dh_tmp_export, kl; @@ -1972,22 +1974,21 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) have_ecdh_tmp = (c->ecdh_tmp || c->ecdh_tmp_cb || c->ecdh_tmp_auto); #endif cpk = &(c->pkeys[SSL_PKEY_RSA_ENC]); - rsa_enc = cpk->valid_flags & CERT_PKEY_VALID; + rsa_enc = pvalid[SSL_PKEY_RSA_ENC] & CERT_PKEY_VALID; rsa_enc_export = (rsa_enc && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_RSA_SIGN]); - rsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; + rsa_sign = pvalid[SSL_PKEY_RSA_SIGN] & CERT_PKEY_SIGN; cpk = &(c->pkeys[SSL_PKEY_DSA_SIGN]); - dsa_sign = cpk->valid_flags & CERT_PKEY_SIGN; + dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_SIGN; cpk = &(c->pkeys[SSL_PKEY_DH_RSA]); - dh_rsa = cpk->valid_flags & CERT_PKEY_VALID; + dh_rsa = pvalid[SSL_PKEY_DH_RSA] & CERT_PKEY_VALID; dh_rsa_export = (dh_rsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_DH_DSA]); -/* FIX THIS EAY EAY EAY */ - dh_dsa = cpk->valid_flags & CERT_PKEY_VALID; + dh_dsa = pvalid[SSL_PKEY_DH_DSA] & CERT_PKEY_VALID; dh_dsa_export = (dh_dsa && EVP_PKEY_size(cpk->privatekey) * 8 <= kl); cpk = &(c->pkeys[SSL_PKEY_ECC]); #ifndef OPENSSL_NO_EC - have_ecc_cert = cpk->valid_flags & CERT_PKEY_VALID; + have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID; #endif mask_k = 0; mask_a = 0; @@ -2063,7 +2064,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) (x->ex_kusage & X509v3_KU_KEY_AGREEMENT) : 1; ecdsa_ok = (x->ex_flags & EXFLAG_KUSAGE) ? (x->ex_kusage & X509v3_KU_DIGITAL_SIGNATURE) : 1; - if (!(cpk->valid_flags & CERT_PKEY_SIGN)) + if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN)) ecdsa_ok = 0; ecc_pkey = X509_get_pubkey(x); ecc_pkey_size = (ecc_pkey != NULL) ? EVP_PKEY_bits(ecc_pkey) : 0; @@ -2204,7 +2205,7 @@ static int ssl_get_server_cert_index(const SSL *s) return idx; } -CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) +CERT_PKEY *ssl_get_server_send_pkey(SSL *s) { CERT *c; int i; @@ -2212,7 +2213,7 @@ CERT_PKEY *ssl_get_server_send_pkey(const SSL *s) c = s->cert; if (!s->s3 || !s->s3->tmp.new_cipher) return NULL; - ssl_set_cert_masks(c, s->s3->tmp.new_cipher); + ssl_set_masks(s, s->s3->tmp.new_cipher); #ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL /* @@ -2269,7 +2270,7 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, return (NULL); } if (pmd) - *pmd = c->pkeys[idx].digest; + *pmd = s->s3->tmp.md[idx]; return c->pkeys[idx].privatekey; } @@ -2826,15 +2827,6 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) if (new_cert == NULL) { return NULL; } - /* Preserve any already negotiated parameters */ - if (ssl->server) { - new_cert->peer_sigalgs = ssl->cert->peer_sigalgs; - new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen; - ssl->cert->peer_sigalgs = NULL; - new_cert->ciphers_raw = ssl->cert->ciphers_raw; - new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen; - ssl->cert->ciphers_raw = NULL; - } ssl_cert_free(ssl->cert); ssl->cert = new_cert; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 91eb119..d2ee634 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1277,6 +1277,30 @@ typedef struct ssl3_state_st { char *new_compression; # endif int cert_request; + /* Raw values of the cipher list from a client */ + unsigned char *ciphers_raw; + size_t ciphers_rawlen; + /* Temporary storage for premaster secret */ + unsigned char *pms; + size_t pmslen; + /* + * signature algorithms peer reports: e.g. supported signature + * algorithms extension for server or as part of a certificate + * request for client. + */ + unsigned char *peer_sigalgs; + /* Size of above array */ + size_t peer_sigalgslen; + /* Digest peer uses for signing */ + const EVP_MD *peer_md; + /* Array of digests used for signing */ + const EVP_MD *md[SSL_PKEY_NUM]; + /* + * Set if corresponding CERT_PKEY can be used with current + * SSL session: e.g. appropriate curve, signature algorithms etc. + * If zero it can't be used at all. + */ + int valid_flags[SSL_PKEY_NUM]; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -1425,8 +1449,6 @@ typedef struct dtls1_state_st { typedef struct cert_pkey_st { X509 *x509; EVP_PKEY *privatekey; - /* Digest to use when signing */ - const EVP_MD *digest; /* Chain for this certificate */ STACK_OF(X509) *chain; # ifndef OPENSSL_NO_TLSEXT @@ -1440,12 +1462,6 @@ typedef struct cert_pkey_st { unsigned char *serverinfo; size_t serverinfo_length; # endif - /* - * Set if CERT_PKEY can be used with current SSL session: e.g. - * appropriate curve, signature algorithms etc. If zero it can't be used - * at all. - */ - int valid_flags; } CERT_PKEY; /* Retrieve Suite B flags */ # define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) @@ -1531,16 +1547,6 @@ typedef struct cert_st { */ unsigned char *ctypes; size_t ctype_num; - /* Temporary storage for premaster secret */ - unsigned char *pms; - size_t pmslen; - /* - * signature algorithms peer reports: e.g. supported signature algorithms - * extension for server or as part of a certificate request for client. - */ - unsigned char *peer_sigalgs; - /* Size of above array */ - size_t peer_sigalgslen; /* * suppported signature algorithms. When set on a client this is sent in * the client hello as the supported signature algorithms extension. For @@ -1580,9 +1586,6 @@ typedef struct cert_st { */ X509_STORE *chain_store; X509_STORE *verify_store; - /* Raw values of the cipher list from a client */ - unsigned char *ciphers_raw; - size_t ciphers_rawlen; /* Custom extension methods for server and client */ custom_ext_methods cli_ext; custom_ext_methods srv_ext; @@ -1869,7 +1872,6 @@ void ssl_clear_cipher_ctx(SSL *s); int ssl_clear_bad_session(SSL *s); __owur CERT *ssl_cert_new(void); __owur CERT *ssl_cert_dup(CERT *cert); -void ssl_cert_set_default_md(CERT *cert); void ssl_cert_clear_certs(CERT *c); void ssl_cert_free(CERT *c); __owur SESS_CERT *ssl_sess_cert_new(void); @@ -1914,14 +1916,14 @@ __owur int ssl_ctx_security(SSL_CTX *ctx, int op, int bits, int nid, void *other int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); -__owur CERT_PKEY *ssl_get_server_send_pkey(const SSL *s); +__owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s); # ifndef OPENSSL_NO_TLSEXT __owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length); # endif __owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey); -void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher); +void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher); __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); __owur int ssl_verify_alarm_type(long type); void ssl_load_ciphers(void); diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index af0be02..5291574 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -795,9 +795,9 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) return 0; if (set_ee_md == 2) { if (check_md == NID_ecdsa_with_SHA256) - c->pkeys[SSL_PKEY_ECC].digest = EVP_sha256(); + s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha256(); else - c->pkeys[SSL_PKEY_ECC].digest = EVP_sha384(); + s->s3->tmp.md[SSL_PKEY_ECC] = EVP_sha384(); } } return rv; @@ -1036,8 +1036,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, /* * Store the digest used so applications can retrieve it if they wish. */ - if (s->session && s->session->sess_cert) - s->session->sess_cert->peer_key->digest = *pmd; + s->s3->tmp.peer_md = *pmd; return 1; } @@ -1889,8 +1888,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, # endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ - OPENSSL_free(s->cert->peer_sigalgs); - s->cert->peer_sigalgs = NULL; + OPENSSL_free(s->s3->tmp.peer_sigalgs); + s->s3->tmp.peer_sigalgs = NULL; # ifdef TLSEXT_TYPE_encrypt_then_mac s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; # endif @@ -2107,7 +2106,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } } else if (type == TLSEXT_TYPE_signature_algorithms) { int dsize; - if (s->cert->peer_sigalgs || size < 2) { + if (s->s3->tmp.peer_sigalgs || size < 2) { *al = SSL_AD_DECODE_ERROR; return 0; } @@ -2668,6 +2667,21 @@ static int ssl_check_clienthello_tlsext_early(SSL *s) return 1; } } +/* Initialise digests to default values */ +static void ssl_set_default_md(SSL *s) +{ + const EVP_MD **pmd = s->s3->tmp.md; +#ifndef OPENSSL_NO_DSA + pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1(); +#endif +#ifndef OPENSSL_NO_RSA + pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1(); + pmd[SSL_PKEY_RSA_ENC] = EVP_sha1(); +#endif +#ifndef OPENSSL_NO_EC + pmd[SSL_PKEY_ECC] = EVP_sha1(); +#endif +} int tls1_set_server_sigalgs(SSL *s) { @@ -2679,12 +2693,12 @@ int tls1_set_server_sigalgs(SSL *s) s->cert->shared_sigalgslen = 0; /* Clear certificate digests and validity flags */ for (i = 0; i < SSL_PKEY_NUM; i++) { - s->cert->pkeys[i].digest = NULL; - s->cert->pkeys[i].valid_flags = 0; + s->s3->tmp.md[i] = NULL; + s->s3->tmp.valid_flags[i] = 0; } /* If sigalgs received process it. */ - if (s->cert->peer_sigalgs) { + if (s->s3->tmp.peer_sigalgs) { if (!tls1_process_sigalgs(s)) { SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_MALLOC_FAILURE); al = SSL_AD_INTERNAL_ERROR; @@ -2697,8 +2711,9 @@ int tls1_set_server_sigalgs(SSL *s) al = SSL_AD_ILLEGAL_PARAMETER; goto err; } - } else - ssl_cert_set_default_md(s->cert); + } else { + ssl_set_default_md(s); + } return 1; err: ssl3_send_alert(s, SSL3_AL_FATAL, al); @@ -3386,13 +3401,13 @@ static int tls1_set_shared_sigalgs(SSL *s) if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) { pref = conf; preflen = conflen; - allow = c->peer_sigalgs; - allowlen = c->peer_sigalgslen; + allow = s->s3->tmp.peer_sigalgs; + allowlen = s->s3->tmp.peer_sigalgslen; } else { allow = conf; allowlen = conflen; - pref = c->peer_sigalgs; - preflen = c->peer_sigalgslen; + pref = s->s3->tmp.peer_sigalgs; + preflen = s->s3->tmp.peer_sigalgslen; } nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen); if (nmatch) { @@ -3420,12 +3435,12 @@ int tls1_save_sigalgs(SSL *s, const unsigned char *data, int dsize) if (!c) return 0; - OPENSSL_free(c->peer_sigalgs); - c->peer_sigalgs = OPENSSL_malloc(dsize); - if (!c->peer_sigalgs) + OPENSSL_free(s->s3->tmp.peer_sigalgs); + s->s3->tmp.peer_sigalgs = OPENSSL_malloc(dsize); + if (s->s3->tmp.peer_sigalgs == NULL) return 0; - c->peer_sigalgslen = dsize; - memcpy(c->peer_sigalgs, data, dsize); + s->s3->tmp.peer_sigalgslen = dsize; + memcpy(s->s3->tmp.peer_sigalgs, data, dsize); return 1; } @@ -3434,6 +3449,8 @@ int tls1_process_sigalgs(SSL *s) int idx; size_t i; const EVP_MD *md; + const EVP_MD **pmd = s->s3->tmp.md; + int *pvalid = s->s3->tmp.valid_flags; CERT *c = s->cert; TLS_SIGALGS *sigptr; if (!tls1_set_shared_sigalgs(s)) @@ -3453,12 +3470,11 @@ int tls1_process_sigalgs(SSL *s) if (sigs) { idx = tls12_get_pkey_idx(sigs[1]); md = tls12_get_hash(sigs[0]); - c->pkeys[idx].digest = md; - c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN; + pmd[idx] = md; + pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN; if (idx == SSL_PKEY_RSA_SIGN) { - c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = - CERT_PKEY_EXPLICIT_SIGN; - c->pkeys[SSL_PKEY_RSA_ENC].digest = md; + pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN; + pmd[SSL_PKEY_RSA_ENC] = md; } } } @@ -3467,14 +3483,13 @@ int tls1_process_sigalgs(SSL *s) for (i = 0, sigptr = c->shared_sigalgs; i < c->shared_sigalgslen; i++, sigptr++) { idx = tls12_get_pkey_idx(sigptr->rsign); - if (idx > 0 && c->pkeys[idx].digest == NULL) { + if (idx > 0 && pmd[idx] == NULL) { md = tls12_get_hash(sigptr->rhash); - c->pkeys[idx].digest = md; - c->pkeys[idx].valid_flags = CERT_PKEY_EXPLICIT_SIGN; + pmd[idx] = md; + pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN; if (idx == SSL_PKEY_RSA_SIGN) { - c->pkeys[SSL_PKEY_RSA_ENC].valid_flags = - CERT_PKEY_EXPLICIT_SIGN; - c->pkeys[SSL_PKEY_RSA_ENC].digest = md; + pvalid[SSL_PKEY_RSA_ENC] = CERT_PKEY_EXPLICIT_SIGN; + pmd[SSL_PKEY_RSA_ENC] = md; } } @@ -3489,18 +3504,18 @@ int tls1_process_sigalgs(SSL *s) * supported it stays as NULL. */ # ifndef OPENSSL_NO_DSA - if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest) - c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1(); + if (pmd[SSL_PKEY_DSA_SIGN] == NULL) + pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1(); # endif # ifndef OPENSSL_NO_RSA - if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest) { - c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1(); - c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1(); + if (pmd[SSL_PKEY_RSA_SIGN] == NULL) { + pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1(); + pmd[SSL_PKEY_RSA_ENC] = EVP_sha1(); } # endif # ifndef OPENSSL_NO_EC - if (!c->pkeys[SSL_PKEY_ECC].digest) - c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1(); + if (pmd[SSL_PKEY_ECC] == NULL) + pmd[SSL_PKEY_ECC] = EVP_sha1(); # endif } return 1; @@ -3510,12 +3525,12 @@ int SSL_get_sigalgs(SSL *s, int idx, int *psign, int *phash, int *psignhash, unsigned char *rsig, unsigned char *rhash) { - const unsigned char *psig = s->cert->peer_sigalgs; + const unsigned char *psig = s->s3->tmp.peer_sigalgs; if (psig == NULL) return 0; if (idx >= 0) { idx <<= 1; - if (idx >= (int)s->cert->peer_sigalgslen) + if (idx >= (int)s->s3->tmp.peer_sigalgslen) return 0; psig += idx; if (rhash) @@ -3524,7 +3539,7 @@ int SSL_get_sigalgs(SSL *s, int idx, *rsig = psig[1]; tls1_lookup_sigalg(phash, psign, psignhash, psig); } - return s->cert->peer_sigalgslen / 2; + return s->s3->tmp.peer_sigalgslen / 2; } int SSL_get_shared_sigalgs(SSL *s, int idx, @@ -3866,6 +3881,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int check_flags = 0, strict_mode; CERT_PKEY *cpk = NULL; CERT *c = s->cert; + int *pvalid; unsigned int suiteb_flags = tls1_suiteb(s); /* idx == -1 means checking server chains */ if (idx != -1) { @@ -3875,6 +3891,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, idx = cpk - c->pkeys; } else cpk = c->pkeys + idx; + pvalid = s->s3->tmp.valid_flags + idx; x = cpk->x509; pk = cpk->privatekey; chain = cpk->chain; @@ -3887,7 +3904,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) { rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_VALID | CERT_PKEY_SIGN; - cpk->valid_flags = rv; + *pvalid = rv; return rv; } # endif @@ -3898,6 +3915,8 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (idx == -1) return 0; cpk = c->pkeys + idx; + pvalid = s->s3->tmp.valid_flags + idx; + if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT) check_flags = CERT_PKEY_STRICT_FLAGS; else @@ -3923,7 +3942,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) { int default_nid; unsigned char rsign = 0; - if (c->peer_sigalgs) + if (s->s3->tmp.peer_sigalgs) default_nid = 0; /* If no sigalgs extension use defaults from RFC5246 */ else { @@ -4084,9 +4103,9 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, end: if (TLS1_get_version(s) >= TLS1_2_VERSION) { - if (cpk->valid_flags & CERT_PKEY_EXPLICIT_SIGN) + if (*pvalid & CERT_PKEY_EXPLICIT_SIGN) rv |= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN; - else if (cpk->digest) + else if (s->s3->tmp.md[idx] != NULL) rv |= CERT_PKEY_SIGN; } else rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN; @@ -4097,10 +4116,10 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, */ if (!check_flags) { if (rv & CERT_PKEY_VALID) - cpk->valid_flags = rv; + *pvalid = rv; else { /* Preserve explicit sign flag, clear rest */ - cpk->valid_flags &= CERT_PKEY_EXPLICIT_SIGN; + *pvalid &= CERT_PKEY_EXPLICIT_SIGN; return 0; } } From rsalz at openssl.org Tue May 19 11:19:48 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 19 May 2015 11:19:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432034388.265254.19539.nullmailer@dev.openssl.org> The branch master has been updated via 00d565cfbe90fab3b157e644caca4eb4a2ebec79 (commit) from 6383d31645c6381817f26e2997b8bf58ec903edb (commit) - Log ----------------------------------------------------------------- commit 00d565cfbe90fab3b157e644caca4eb4a2ebec79 Author: Robert Swiecki Date: Mon May 18 19:08:02 2015 -0400 Don't add write errors into bytecounts Signed-off-by: Rich Salz Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 61d13f3..e46376d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2290,8 +2290,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } From rsalz at openssl.org Tue May 19 11:20:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 19 May 2015 11:20:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432034423.877006.20306.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via cdcb94eea7533da2d67e0fc8d393829a2498f1ad (commit) from 051b41df4105355a5a9c7f1c0bd00cc70b2d324c (commit) - Log ----------------------------------------------------------------- commit cdcb94eea7533da2d67e0fc8d393829a2498f1ad Author: Robert Swiecki Date: Mon May 18 19:08:02 2015 -0400 Don't add write errors into bytecounts Signed-off-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 00d565cfbe90fab3b157e644caca4eb4a2ebec79) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 5d58fe0..e662720 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2455,8 +2455,10 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } From rsalz at openssl.org Tue May 19 11:20:44 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 19 May 2015 11:20:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432034444.225571.20609.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via e96de9822eea06f43d4104fc2d055d7895b08834 (commit) from 2df0ba9b4f20f07f7d5bead4d2107d29d62b1798 (commit) - Log ----------------------------------------------------------------- commit e96de9822eea06f43d4104fc2d055d7895b08834 Author: Robert Swiecki Date: Mon May 18 19:08:02 2015 -0400 Don't add write errors into bytecounts Signed-off-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 00d565cfbe90fab3b157e644caca4eb4a2ebec79) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 648dc6a..093a80d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2251,8 +2251,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } From rsalz at openssl.org Tue May 19 11:21:05 2015 From: rsalz at openssl.org (Rich Salz) Date: Tue, 19 May 2015 11:21:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432034465.643269.20914.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 2dff75f4dff0199719eca03e01b6ef23d91ceebc (commit) from 690d040b2e9df9c6ac19e1aab8f0cd79a84a2ee4 (commit) - Log ----------------------------------------------------------------- commit 2dff75f4dff0199719eca03e01b6ef23d91ceebc Author: Robert Swiecki Date: Mon May 18 19:08:02 2015 -0400 Don't add write errors into bytecounts Signed-off-by: Rich Salz Reviewed-by: Matt Caswell (cherry picked from commit 00d565cfbe90fab3b157e644caca4eb4a2ebec79) ----------------------------------------------------------------------- Summary of changes: apps/s_server.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/apps/s_server.c b/apps/s_server.c index 3ca8f89..0f527ec 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -2037,8 +2037,10 @@ static int sv_body(char *hostname, int s, unsigned char *context) ret = 1; goto err; } - l += k; - i -= k; + if (k > 0) { + l += k; + i -= k; + } if (i <= 0) break; } From steve at openssl.org Tue May 19 13:07:14 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 19 May 2015 13:07:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432040834.497911.1915.nullmailer@dev.openssl.org> The branch master has been updated via 4d69f9e69d2f5069ab37da68f4b93a6f337fb13e (commit) from 00d565cfbe90fab3b157e644caca4eb4a2ebec79 (commit) - Log ----------------------------------------------------------------- commit 4d69f9e69d2f5069ab37da68f4b93a6f337fb13e Author: Dr. Stephen Henson Date: Mon May 18 23:29:57 2015 +0100 move masks out of CERT structure Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 5 ++--- ssl/s3_lib.c | 10 ++++------ ssl/ssl_cert.c | 5 ----- ssl/ssl_lib.c | 9 ++++----- ssl/ssl_locl.h | 23 +++++++++++------------ ssl/ssl_rsa.c | 2 -- ssl/t1_lib.c | 38 ++++++++++++++++++-------------------- 7 files changed, 39 insertions(+), 53 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 3b49fa4..46f9909 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -957,7 +957,6 @@ int ssl3_get_server_hello(SSL *s) { STACK_OF(SSL_CIPHER) *sk; const SSL_CIPHER *c; - CERT *ct = s->cert; unsigned char *p, *d; int i, al = SSL_AD_INTERNAL_ERROR, ok; unsigned int j; @@ -1151,9 +1150,9 @@ int ssl3_get_server_hello(SSL *s) } /* Set version disabled mask now we know version */ if (!SSL_USE_TLS1_2_CIPHERS(s)) - ct->mask_ssl = SSL_TLSV1_2; + s->s3->tmp.mask_ssl = SSL_TLSV1_2; else - ct->mask_ssl = 0; + s->s3->tmp.mask_ssl = 0; /* * If it is a disabled cipher we didn't send it in client hello, so * return an error. diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index c28c447..78e95fc 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -3843,11 +3843,9 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, SSL_CIPHER *c, *ret = NULL; STACK_OF(SSL_CIPHER) *prio, *allow; int i, ii, ok; - CERT *cert; unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; /* Let's see which ciphers we can support */ - cert = s->cert; #if 0 /* @@ -3893,10 +3891,10 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, continue; ssl_set_masks(s, c); - mask_k = cert->mask_k; - mask_a = cert->mask_a; - emask_k = cert->export_mask_k; - emask_a = cert->export_mask_a; + mask_k = s->s3->tmp.mask_k; + mask_a = s->s3->tmp.mask_a; + emask_k = s->s3->tmp.export_mask_k; + emask_a = s->s3->tmp.export_mask_a; #ifndef OPENSSL_NO_SRP if (s->srp_ctx.srp_Mask & SSL_kSRP) { mask_k |= SSL_kSRP; diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 14c0c16..987b2b7 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -196,11 +196,6 @@ CERT *ssl_cert_dup(CERT *cert) memset(ret, 0, sizeof(*ret)); ret->key = &ret->pkeys[cert->key - cert->pkeys]; - ret->valid = cert->valid; - ret->mask_k = cert->mask_k; - ret->mask_a = cert->mask_a; - ret->export_mask_k = cert->export_mask_k; - ret->export_mask_a = cert->export_mask_a; #ifndef OPENSSL_NO_RSA if (cert->rsa_tmp != NULL) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b44cb19..2624b37 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2114,11 +2114,10 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) emask_a |= SSL_aPSK; #endif - c->mask_k = mask_k; - c->mask_a = mask_a; - c->export_mask_k = emask_k; - c->export_mask_a = emask_a; - c->valid = 1; + s->s3->tmp.mask_k = mask_k; + s->s3->tmp.mask_a = mask_a; + s->s3->tmp.export_mask_k = emask_k; + s->s3->tmp.export_mask_a = emask_a; } /* This handy macro borrowed from crypto/x509v3/v3_purp.c */ diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index d2ee634..04e5908 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1301,6 +1301,17 @@ typedef struct ssl3_state_st { * If zero it can't be used at all. */ int valid_flags[SSL_PKEY_NUM]; + /* + * For servers the following masks are for the key and auth algorithms + * that are supported by the certs below. For clients they are masks of + * *disabled* algorithms based on the current session. + */ + unsigned long mask_k; + unsigned long mask_a; + unsigned long export_mask_k; + unsigned long export_mask_a; + /* Client only */ + unsigned long mask_ssl; } tmp; /* Connection binding to prevent renegotiation attacks */ @@ -1509,18 +1520,6 @@ typedef struct cert_st { * an index, not a pointer. */ CERT_PKEY *key; - /* - * For servers the following masks are for the key and auth algorithms - * that are supported by the certs below. For clients they are masks of - * *disabled* algorithms based on the current session. - */ - int valid; - unsigned long mask_k; - unsigned long mask_a; - unsigned long export_mask_k; - unsigned long export_mask_a; - /* Client only */ - unsigned long mask_ssl; # ifndef OPENSSL_NO_RSA RSA *rsa_tmp; RSA *(*rsa_tmp_cb) (SSL *ssl, int is_export, int keysize); diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index 31ce9bd..a9c832c 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -216,7 +216,6 @@ static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); c->pkeys[i].privatekey = pkey; c->key = &(c->pkeys[i]); - c->valid = 0; return (1); } @@ -420,7 +419,6 @@ static int ssl_set_cert(CERT *c, X509 *x) c->pkeys[i].x509 = x; c->key = &(c->pkeys[i]); - c->valid = 0; return (1); } diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 5291574..f3fa0f5 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1048,46 +1048,44 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, */ void ssl_set_client_disabled(SSL *s) { - CERT *c = s->cert; - c->mask_a = 0; - c->mask_k = 0; + s->s3->tmp.mask_a = 0; + s->s3->tmp.mask_k = 0; /* Don't allow TLS 1.2 only ciphers if we don't suppport them */ if (!SSL_CLIENT_USE_TLS1_2_CIPHERS(s)) - c->mask_ssl = SSL_TLSV1_2; + s->s3->tmp.mask_ssl = SSL_TLSV1_2; else - c->mask_ssl = 0; - ssl_set_sig_mask(&c->mask_a, s, SSL_SECOP_SIGALG_MASK); + s->s3->tmp.mask_ssl = 0; + ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK); /* * Disable static DH if we don't include any appropriate signature * algorithms. */ - if (c->mask_a & SSL_aRSA) - c->mask_k |= SSL_kDHr | SSL_kECDHr; - if (c->mask_a & SSL_aDSS) - c->mask_k |= SSL_kDHd; - if (c->mask_a & SSL_aECDSA) - c->mask_k |= SSL_kECDHe; + if (s->s3->tmp.mask_a & SSL_aRSA) + s->s3->tmp.mask_k |= SSL_kDHr | SSL_kECDHr; + if (s->s3->tmp.mask_a & SSL_aDSS) + s->s3->tmp.mask_k |= SSL_kDHd; + if (s->s3->tmp.mask_a & SSL_aECDSA) + s->s3->tmp.mask_k |= SSL_kECDHe; # ifndef OPENSSL_NO_PSK /* with PSK there must be client callback set */ if (!s->psk_client_callback) { - c->mask_a |= SSL_aPSK; - c->mask_k |= SSL_kPSK; + s->s3->tmp.mask_a |= SSL_aPSK; + s->s3->tmp.mask_k |= SSL_kPSK; } # endif /* OPENSSL_NO_PSK */ # ifndef OPENSSL_NO_SRP if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { - c->mask_a |= SSL_aSRP; - c->mask_k |= SSL_kSRP; + s->s3->tmp.mask_a |= SSL_aSRP; + s->s3->tmp.mask_k |= SSL_kSRP; } # endif - c->valid = 1; } int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op) { - CERT *ct = s->cert; - if (c->algorithm_ssl & ct->mask_ssl || c->algorithm_mkey & ct->mask_k - || c->algorithm_auth & ct->mask_a) + if (c->algorithm_ssl & s->s3->tmp.mask_ssl + || c->algorithm_mkey & s->s3->tmp.mask_k + || c->algorithm_auth & s->s3->tmp.mask_a) return 1; return !ssl_security(s, op, c->strength_bits, 0, (void *)c); } From appro at openssl.org Wed May 20 07:16:20 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 20 May 2015 07:16:20 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432106180.021512.18170.nullmailer@dev.openssl.org> The branch master has been updated via 579734ced696125c0768a2f4e56e97939b0e6e49 (commit) from 4d69f9e69d2f5069ab37da68f4b93a6f337fb13e (commit) - Log ----------------------------------------------------------------- commit 579734ced696125c0768a2f4e56e97939b0e6e49 Author: Andy Polyakov Date: Wed May 13 22:19:59 2015 +0200 bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3. BLKINIT optimization worked on T4, but for some reason appears "too aggressive" for T3 triggering intermiitent EC failures. It's not clear why only EC is affected... Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/vis3-mont.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index 8da52c6..1d8dc9e 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -100,7 +100,7 @@ $code.=<<___; ld [$ap+12], $t3 or $t0, $aj, $aj add $ap, 16, $ap - stxa $aj, [$anp]0xe2 ! converted ap[0] + stx $aj, [$anp] ! converted ap[0] mulx $aj, $m0, $lo0 ! ap[0]*bp[0] umulxhi $aj, $m0, $hi0 @@ -150,7 +150,7 @@ $code.=<<___; sllx $t1, 32, $aj add $ap, 8, $ap or $t0, $aj, $aj - stxa $aj, [$anp]0xe2 ! converted ap[j] + stx $aj, [$anp] ! converted ap[j] ld [$np+0], $t2 ! np[j] addcc $nlo, $hi1, $lo1 @@ -169,7 +169,7 @@ $code.=<<___; addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] umulxhi $nj, $m1, $nj ! nhi=nj addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp ! tp++ brnz,pt $cnt, .L1st @@ -182,12 +182,12 @@ $code.=<<___; addxc $nj, %g0, $hi1 addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp addcc $hi0, $hi1, $hi1 addxc %g0, %g0, $ovf ! upmost overflow bit - stxa $hi1, [$tp]0xe2 + stx $hi1, [$tp] add $tp, 8, $tp ba .Louter From appro at openssl.org Wed May 20 07:20:40 2015 From: appro at openssl.org (Andy Polyakov) Date: Wed, 20 May 2015 07:20:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL-fips-2_0-dev update Message-ID: <1432106440.992910.19312.nullmailer@dev.openssl.org> The branch OpenSSL-fips-2_0-dev has been updated via d8a23532dd3a023b7fa43db7d1dc4433a42363cb (commit) from 8a09500d9cc1bafcbafb4d18c1bf2238bf354171 (commit) - Log ----------------------------------------------------------------- commit d8a23532dd3a023b7fa43db7d1dc4433a42363cb Author: Andy Polyakov Date: Sat Apr 13 20:57:37 2013 +0200 crypto/modes/modes_lcl.h: let STRICT_ALIGNMENT be on ARMv7. While ARMv7 in general is capable of unaligned access, not all instructions actually are. And trouble is that compiler doesn't seem to differentiate those capable and incapable of unaligned access. Side effect is that kernel goes into endless loop retrying same instruction triggering unaligned trap. Problem was observed in xts128.c and ccm128.c modules. It's possible to resolve it by using (volatile u32*) casts, but letting STRICT_ALIGNMENT be feels more appropriate. (cherry picked from commit 3bdd80521a81d50ade4214053cd9b293f920a77b) Reviewed-by: Dr. Stephen Henson Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/modes/modes_lcl.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/crypto/modes/modes_lcl.h b/crypto/modes/modes_lcl.h index 4dab6a6..fa5d3b0 100644 --- a/crypto/modes/modes_lcl.h +++ b/crypto/modes/modes_lcl.h @@ -29,10 +29,7 @@ typedef unsigned char u8; #if defined(__i386) || defined(__i386__) || \ defined(__x86_64) || defined(__x86_64__) || \ defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \ - defined(__s390__) || defined(__s390x__) || \ - ( (defined(__arm__) || defined(__arm)) && \ - (defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ - defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)) ) + defined(__s390__) || defined(__s390x__) # undef STRICT_ALIGNMENT #endif From rsalz at openssl.org Wed May 20 08:19:09 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 20 May 2015 08:19:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432109949.419226.24553.nullmailer@dev.openssl.org> The branch master has been updated via 3a114e616424825689482398cc7f9eb8d146f591 (commit) from 579734ced696125c0768a2f4e56e97939b0e6e49 (commit) - Log ----------------------------------------------------------------- commit 3a114e616424825689482398cc7f9eb8d146f591 Author: StudioEtrange Date: Wed May 20 02:17:14 2015 -0400 GitHub284: Fix typo in xx-32.pl scripts. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/pl/BC-32.pl | 2 +- util/pl/VC-32.pl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index b659227..fd5c4b6 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -130,7 +130,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index d04b98a..bf6aebf 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -365,7 +365,7 @@ sub do_link_rule my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; if ($standalone == 1) { @@ -401,7 +401,7 @@ sub do_rlink_rule my $files = "$rl_start $rl_mid $rl_end"; $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs \$(FIPS_SHA1_EXE)\n"; $ret.="\t\$(PERL) ms\\segrenam.pl \$\$a $rl_start\n"; $ret.="\t\$(PERL) ms\\segrenam.pl \$\$b $rl_mid\n"; From rsalz at openssl.org Wed May 20 08:34:51 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 20 May 2015 08:34:51 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432110891.648907.26568.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 17b753f23a0b97f9a1db6c4d03e6cdff5a54f8f6 (commit) from cdcb94eea7533da2d67e0fc8d393829a2498f1ad (commit) - Log ----------------------------------------------------------------- commit 17b753f23a0b97f9a1db6c4d03e6cdff5a54f8f6 Author: StudioEtrange Date: Wed May 20 04:33:57 2015 -0400 GitHub284: Fix typo in xx-32.pl scripts. Reviewed-by: Richard Levitte Signed-off-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: util/pl/BC-32.pl | 2 +- util/pl/VC-32.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index ed28e65..f7161d7 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -130,7 +130,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 852eb30..da05e9d 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -357,7 +357,7 @@ sub do_link_rule my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; if ($standalone == 1) { From rsalz at openssl.org Wed May 20 08:36:23 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 20 May 2015 08:36:23 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432110983.880501.26964.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 5a1f055d91515058f50a8105f4b0d12cfa09d5fb (commit) from e96de9822eea06f43d4104fc2d055d7895b08834 (commit) - Log ----------------------------------------------------------------- commit 5a1f055d91515058f50a8105f4b0d12cfa09d5fb Author: StudioEtrange Date: Wed May 20 04:35:39 2015 -0400 GitHub284: Fix typo in xx-32.pl scripts. Signed-off-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/pl/BC-32.pl | 2 +- util/pl/VC-32.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index b41bb45..6d03664 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -130,7 +130,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 3705fc7..b597998 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -341,7 +341,7 @@ sub do_link_rule my($target,$files,$dep_libs,$libs,$standalone)=@_; local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; if ($standalone == 1) { From rsalz at openssl.org Wed May 20 08:37:09 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 20 May 2015 08:37:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432111029.124949.27230.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via ea04412c1338e3730064c902db180ca534d450b2 (commit) from 2dff75f4dff0199719eca03e01b6ef23d91ceebc (commit) - Log ----------------------------------------------------------------- commit ea04412c1338e3730064c902db180ca534d450b2 Author: StudioEtrange Date: Wed May 20 04:36:44 2015 -0400 GitHub284: Fix typo in xx-32.pl scripts. Signed-off-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: util/pl/BC-32.pl | 2 +- util/pl/VC-32.pl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/util/pl/BC-32.pl b/util/pl/BC-32.pl index b41bb45..6d03664 100644 --- a/util/pl/BC-32.pl +++ b/util/pl/BC-32.pl @@ -130,7 +130,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $files \$(APP_EX_OBJ), $target,, $libs\n\n"; return($ret); diff --git a/util/pl/VC-32.pl b/util/pl/VC-32.pl index 5f25fc4..92bee11 100644 --- a/util/pl/VC-32.pl +++ b/util/pl/VC-32.pl @@ -300,7 +300,7 @@ sub do_link_rule local($ret,$_); $file =~ s/\//$o/g if $o ne '/'; - $n=&bname($targer); + $n=&bname($target); $ret.="$target: $files $dep_libs\n"; $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n"; $ret.=" \$(APP_EX_OBJ) $files $libs\n<<\n"; From steve at openssl.org Wed May 20 11:23:12 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 20 May 2015 11:23:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432120992.619847.13216.nullmailer@dev.openssl.org> The branch master has been updated via 3b53e18a4ff9ceddbcf3480afd1e787983038e2b (commit) via a95fb9e35824b479ee208c504fc3824827b3fdcd (commit) from 3a114e616424825689482398cc7f9eb8d146f591 (commit) - Log ----------------------------------------------------------------- commit 3b53e18a4ff9ceddbcf3480afd1e787983038e2b Author: Dr. Stephen Henson Date: Tue May 19 15:51:01 2015 +0100 Add scrypt tests. Add scrypt test support to evp_test and add test values from from draft-josefsson-scrypt-kdf-03. Reviewed-by: Rich Salz commit a95fb9e35824b479ee208c504fc3824827b3fdcd Author: Dr. Stephen Henson Date: Tue May 19 12:43:12 2015 +0100 Add scrypt support. Add scrypt algorithm as described in draft-josefsson-scrypt-kdf-03 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/evp/Makefile | 4 +- crypto/evp/scrypt.c | 295 ++++++++++++++++++++++++++++++++++++++++++++++++++ include/openssl/evp.h | 5 + test/evp_test.c | 160 ++++++++++++++++++++++++++- test/evptests.txt | 39 +++++++ 5 files changed, 500 insertions(+), 3 deletions(-) create mode 100644 crypto/evp/scrypt.c diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 6aa4d75..81ac1c2 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -24,7 +24,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \ bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ - evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ + evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c scrypt.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ e_aes_cbc_hmac_sha1.c e_aes_cbc_hmac_sha256.c e_rc4_hmac_md5.c @@ -37,7 +37,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \ bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ - evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ + evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o scrypt.o \ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \ e_aes_cbc_hmac_sha1.o e_aes_cbc_hmac_sha256.o e_rc4_hmac_md5.o diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c new file mode 100644 index 0000000..971d53e --- /dev/null +++ b/crypto/evp/scrypt.c @@ -0,0 +1,295 @@ +/* scrypt.c */ +/* + * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project + * 2015. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include + +#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) +static void salsa208_word_specification(uint32_t inout[16]) +{ + int i; + uint32_t x[16]; + memcpy(x, inout, sizeof(x)); + for (i = 8; i > 0; i -= 2) { + x[4] ^= R(x[0] + x[12], 7); + x[8] ^= R(x[4] + x[0], 9); + x[12] ^= R(x[8] + x[4], 13); + x[0] ^= R(x[12] + x[8], 18); + x[9] ^= R(x[5] + x[1], 7); + x[13] ^= R(x[9] + x[5], 9); + x[1] ^= R(x[13] + x[9], 13); + x[5] ^= R(x[1] + x[13], 18); + x[14] ^= R(x[10] + x[6], 7); + x[2] ^= R(x[14] + x[10], 9); + x[6] ^= R(x[2] + x[14], 13); + x[10] ^= R(x[6] + x[2], 18); + x[3] ^= R(x[15] + x[11], 7); + x[7] ^= R(x[3] + x[15], 9); + x[11] ^= R(x[7] + x[3], 13); + x[15] ^= R(x[11] + x[7], 18); + x[1] ^= R(x[0] + x[3], 7); + x[2] ^= R(x[1] + x[0], 9); + x[3] ^= R(x[2] + x[1], 13); + x[0] ^= R(x[3] + x[2], 18); + x[6] ^= R(x[5] + x[4], 7); + x[7] ^= R(x[6] + x[5], 9); + x[4] ^= R(x[7] + x[6], 13); + x[5] ^= R(x[4] + x[7], 18); + x[11] ^= R(x[10] + x[9], 7); + x[8] ^= R(x[11] + x[10], 9); + x[9] ^= R(x[8] + x[11], 13); + x[10] ^= R(x[9] + x[8], 18); + x[12] ^= R(x[15] + x[14], 7); + x[13] ^= R(x[12] + x[15], 9); + x[14] ^= R(x[13] + x[12], 13); + x[15] ^= R(x[14] + x[13], 18); + } + for (i = 0; i < 16; ++i) + inout[i] += x[i]; + OPENSSL_cleanse(x, sizeof(x)); +} + +static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r) +{ + uint64_t i, j; + uint32_t X[16], *pB; + + memcpy(X, B + (r * 2 - 1) * 16, sizeof(X)); + pB = B; + for (i = 0; i < r * 2; i++) { + for (j = 0; j < 16; j++) + X[j] ^= *pB++; + salsa208_word_specification(X); + memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X)); + } + OPENSSL_cleanse(X, sizeof(X)); +} + +static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N, + uint32_t *X, uint32_t *T, uint32_t *V) +{ + unsigned char *pB; + uint32_t *pV; + uint64_t i, k; + + /* Convert from little endian input */ + for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) { + *pV = *pB++; + *pV |= *pB++ << 8; + *pV |= *pB++ << 16; + *pV |= *pB++ << 24; + } + + for (i = 1; i < N; i++, pV += 32 * r) + scryptBlockMix(pV, pV - 32 * r, r); + + scryptBlockMix(X, V + (N - 1) * 32 * r, r); + + for (i = 0; i < N; i++) { + uint32_t j; + j = X[16 * (2 * r - 1)] % N; + pV = V + 32 * r * j; + for (k = 0; k < 32 * r; k++) + T[k] = X[k] ^ *pV++; + scryptBlockMix(X, T, r); + } + /* Convert output to little endian */ + for (i = 0, pB = B; i < 32 * r; i++) { + uint32_t xtmp = X[i]; + *pB++ = xtmp & 0xff; + *pB++ = (xtmp >> 8) & 0xff; + *pB++ = (xtmp >> 16) & 0xff; + *pB++ = (xtmp >> 24) & 0xff; + } +} + +#ifndef SIZE_MAX +# define SIZE_MAX ((size_t)-1) +#endif + +/* + * Maximum power of two that will fit in uint64_t: this should work on + * most (all?) platforms. + */ + +#define LOG2_UINT64_MAX (sizeof(uint64_t) * 8 - 1) + +/* + * Maximum value of p * r: + * p <= ((2^32-1) * hLen) / MFLen => + * p <= ((2^32-1) * 32) / (128 * r) => + * p * r <= (2^30-1) + * + */ + +#define SCRYPT_PR_MAX ((1 << 30) - 1) + +/* + * Maximum permitted memory allow this to be overridden with Configuration + * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible. + */ + +#ifdef SCRYPT_MAX_MEM +# if SCRYPT_MAX_MEM == 0 +# undef SCRYPT_MAX_MEM +/* + * Although we could theoretically allocate SIZE_MAX memory that would leave + * no memory available for anything else so set limit as half that. + */ +# define SCRYPT_MAX_MEM (SIZE_MAX/2) +# endif +#else +/* Default memory limit: 32 MB */ +# define SCRYPT_MAX_MEM (1024 * 1024 * 32) +#endif + +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen) +{ + int rv = 0; + unsigned char *B; + uint32_t *X, *V, *T; + uint64_t i, Blen, Vlen; + + /* Sanity check parameters */ + /* initial check, r,p must be non zero, N >= 2 and a power of 2 */ + if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) + return 0; + /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ + if (p > SCRYPT_PR_MAX / r) + return 0; + + /* + * Need to check N: if 2^(128 * r / 8) overflows limit this is + * automatically satisfied since N <= UINT64_MAX. + */ + + if (16 * r <= LOG2_UINT64_MAX) { + if (N >= (1UL << (16 * r))) + return 0; + } + + /* Memory checks: check total allocated buffer size fits in uint64_t */ + + /* + * B size in section 5 step 1.S + * Note: we know p * 128 * r < UINT64_MAX because we already checked + * p * r < SCRYPT_PR_MAX + */ + Blen = p * 128 * r; + + /* + * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t. + * This is combined size V, X and T (section 4) + */ + i = UINT64_MAX / (32 * sizeof(uint32_t)); + if (N + 2 > i / r) + return 0; + Vlen = 32 * r * (N + 2) * sizeof(uint32_t); + + /* check total allocated size fits in uint64_t */ + if (Blen > UINT64_MAX - Vlen) + return 0; + + if (maxmem == 0) + maxmem = SCRYPT_MAX_MEM; + + if (Blen + Vlen > maxmem) + return 0; + + /* If no key return to indicate parameters are OK */ + if (key == NULL) + return 1; + + B = OPENSSL_malloc(Blen + Vlen); + if (B == 0) + return 0; + X = (uint32_t *)(B + Blen); + T = X + 32 * r; + V = T + 32 * r; + if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(), + Blen, B) == 0) + goto err; + + for (i = 0; i < p; i++) + scryptROMix(B + 128 * r * i, r, N, X, T, V); + + if (PKCS5_PBKDF2_HMAC(pass, passlen, B, Blen, 1, EVP_sha256(), + keylen, key) == 0) + goto err; + rv = 1; +#ifdef SCRYPT_DEBUG + fprintf(stderr, "scrypt parameters:\n"); + fprintf(stderr, "N=%lu, p=%lu, r=%lu\n", N, p, r); + fprintf(stderr, "Salt:\n"); + BIO_dump_fp(stderr, (char *)salt, saltlen); + fprintf(stderr, "Password:\n"); + BIO_dump_fp(stderr, (char *)pass, passlen); + fprintf(stderr, "Key:\n"); + BIO_dump_fp(stderr, (char *)key, keylen); +#endif + err: + OPENSSL_clear_free(B, Blen + Vlen); + return rv; +} diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 4df3ce7..2af823f 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1068,6 +1068,11 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de); +int EVP_PBE_scrypt(const char *pass, size_t passlen, + const unsigned char *salt, size_t saltlen, + uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, + unsigned char *key, size_t keylen); + void PKCS5_PBE_add(void); int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, diff --git a/test/evp_test.c b/test/evp_test.c index e682f43..e0e4857 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -60,6 +60,7 @@ #include #include #include +#include "internal/numbers.h" /* Remove spaces from beginning and end of a string */ @@ -143,7 +144,16 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen) if (value[vlen - 1] != '"') return 0; vlen--; - *buf = BUF_memdup(value, vlen); + if (vlen == 0) { + *buf = OPENSSL_malloc(1); + if (*buf == NULL) + return 0; + **buf = 0; + } else { + *buf = BUF_memdup(value, vlen); + if (*buf == NULL) + return 0; + } *buflen = vlen; return 1; } @@ -157,6 +167,30 @@ static int test_bin(const char *value, unsigned char **buf, size_t *buflen) *buflen = len; return 1; } +/* Parse unsigned decimal 64 bit integer value */ +static int test_uint64(const char *value, uint64_t *pr) +{ + const char *p = value; + if (!*p) { + fprintf(stderr, "Invalid empty integer value\n"); + return -1; + } + *pr = 0; + while (*p) { + if (*pr > UINT64_MAX/10) { + fprintf(stderr, "Integer string overflow value=%s\n", value); + return -1; + } + *pr *= 10; + if (*p < '0' || *p > '9') { + fprintf(stderr, "Invalid integer string value=%s\n", value); + return -1; + } + *pr += *p - '0'; + p++; + } + return 1; +} /* Structure holding test information */ struct evp_test { @@ -216,6 +250,7 @@ static const struct evp_test_method mac_test_method; static const struct evp_test_method psign_test_method, pverify_test_method; static const struct evp_test_method pdecrypt_test_method; static const struct evp_test_method pverify_recover_test_method; +static const struct evp_test_method pbe_test_method; static const struct evp_test_method *evp_test_list[] = { &digest_test_method, @@ -225,6 +260,7 @@ static const struct evp_test_method *evp_test_list[] = { &pverify_test_method, &pdecrypt_test_method, &pverify_recover_test_method, + &pbe_test_method, NULL }; @@ -1243,3 +1279,125 @@ static const struct evp_test_method pverify_test_method = { pkey_test_parse, verify_test_run }; + +/* PBE tests */ + +#define PBE_TYPE_SCRYPT 1 + +struct pbe_data { + + int pbe_type; + + /* scrypt parameters */ + uint64_t N, r, p, maxmem; + + /* password */ + unsigned char *pass; + size_t pass_len; + + /* salt */ + unsigned char *salt; + size_t salt_len; + + /* Expected output */ + unsigned char *key; + size_t key_len; +}; + +static int scrypt_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + if (strcmp(keyword, "N") == 0) + return test_uint64(value, &pdata->N); + if (strcmp(keyword, "p") == 0) + return test_uint64(value, &pdata->p); + if (strcmp(keyword, "r") == 0) + return test_uint64(value, &pdata->r); + if (strcmp(keyword, "maxmem") == 0) + return test_uint64(value, &pdata->maxmem); + return 0; +} + +static int scrypt_test_run(struct evp_test *t) +{ + struct pbe_data *pdata = t->data; + const char *err = "INTERNAL_ERROR"; + unsigned char *key; + key = OPENSSL_malloc(pdata->key_len); + if (!key) + goto err; + err = "SCRYPT_ERROR"; + if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->N, pdata->r, pdata->p, pdata->maxmem, + key, pdata->key_len) == 0) + goto err; + err = "KEY_MISMATCH"; + if (check_output(t, pdata->key, key, pdata->key_len)) + goto err; + err = NULL; + err: + OPENSSL_free(key); + t->err = err; + return 1; +} + +static int pbe_test_init(struct evp_test *t, const char *alg) +{ + struct pbe_data *pdat; + int pbe_type = 0; + if (strcmp(alg, "scrypt") == 0) + pbe_type = PBE_TYPE_SCRYPT; + else + fprintf(stderr, "Unknown pbe algorithm %s\n", alg); + pdat = OPENSSL_malloc(sizeof(*pdat)); + pdat->pbe_type = pbe_type; + pdat->pass = NULL; + pdat->salt = NULL; + pdat->N = 0; + pdat->r = 0; + pdat->p = 0; + pdat->maxmem = 0; + t->data = pdat; + return 1; +} + +static void pbe_test_cleanup(struct evp_test *t) +{ + struct pbe_data *pdat = t->data; + test_free(pdat->pass); + test_free(pdat->salt); + test_free(pdat->key); +} + +static int pbe_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + if (strcmp(keyword, "Password") == 0) + return test_bin(value, &pdata->pass, &pdata->pass_len); + if (strcmp(keyword, "Salt") == 0) + return test_bin(value, &pdata->salt, &pdata->salt_len); + if (strcmp(keyword, "Key") == 0) + return test_bin(value, &pdata->key, &pdata->key_len); + if (pdata->pbe_type == PBE_TYPE_SCRYPT) + return scrypt_test_parse(t, keyword, value); + return 0; +} + +static int pbe_test_run(struct evp_test *t) +{ + struct pbe_data *pdata = t->data; + if (pdata->pbe_type == PBE_TYPE_SCRYPT) + return scrypt_test_run(t); + return 0; +} + +static const struct evp_test_method pbe_test_method = { + "PBE", + pbe_test_init, + pbe_test_cleanup, + pbe_test_parse, + pbe_test_run +}; diff --git a/test/evptests.txt b/test/evptests.txt index 26d371c..25b9ef6 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2314,3 +2314,42 @@ Ctrl = digest:SHA1 Input = "0123456789ABCDEF1234" Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000 Result = VERIFY_ERROR + +# scrypt tests from draft-josefsson-scrypt-kdf-03 +PBE = scrypt +Password = "" +Salt = "" +N = 16 +r = 1 +p = 1 +Key = 77d6576238657b203b19ca42c18a0497f16b4844e3074ae8dfdffa3fede21442fcd0069ded0948f8326a753a0fc81f17e8d3e0fb2e0d3628cf35e20c38d18906 + +PBE = scrypt +Password = "password" +Salt = "NaCl" +N = 1024 +r = 8 +p = 16 +Key = fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640 + +PBE = scrypt +Password = "pleaseletmein" +Salt = "SodiumChloride" +N = 16384 +r = 8 +p = 1 +Key = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 + +# NB: this test requires more than 2GB of memory to run so it will hit the +# scrypt memory limit and return an error. To run this test without error +# uncomment out the "maxmem" line and comment out the "Result" +# line +PBE = scrypt +Password = "pleaseletmein" +Salt = "SodiumChloride" +N = 1048576 +r = 8 +p = 1 +Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4 +#maxmem = 10000000000 +Result = SCRYPT_ERROR From steve at openssl.org Wed May 20 13:09:42 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 20 May 2015 13:09:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432127382.708387.25805.nullmailer@dev.openssl.org> The branch master has been updated via 5a1d2509060da8ca99fa41135eff7bf3a193f69f (commit) from 3b53e18a4ff9ceddbcf3480afd1e787983038e2b (commit) - Log ----------------------------------------------------------------- commit 5a1d2509060da8ca99fa41135eff7bf3a193f69f Author: Dr. Stephen Henson Date: Wed May 20 13:32:19 2015 +0100 make update Reviewed-by: Emilia K?sper ----------------------------------------------------------------------- Summary of changes: crypto/evp/Makefile | 8 ++++++++ test/Makefile | 29 +++++++++++++++-------------- util/libeay.num | 5 +++++ 3 files changed, 28 insertions(+), 14 deletions(-) diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 81ac1c2..9cd98cd 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -768,3 +768,11 @@ pmeth_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h pmeth_lib.o: ../../include/openssl/x509_vfy.h ../include/internal/asn1_int.h pmeth_lib.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h pmeth_lib.o: pmeth_lib.c +scrypt.o: ../../include/internal/numbers.h ../../include/openssl/asn1.h +scrypt.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h +scrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h +scrypt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h +scrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +scrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h +scrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +scrypt.o: scrypt.c diff --git a/test/Makefile b/test/Makefile index 691249b..da97db7 100644 --- a/test/Makefile +++ b/test/Makefile @@ -690,20 +690,21 @@ evp_extra_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h evp_extra_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h evp_extra_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h evp_extra_test.o: evp_extra_test.c -evp_test.o: ../include/openssl/asn1.h ../include/openssl/bio.h -evp_test.o: ../include/openssl/buffer.h ../include/openssl/conf.h -evp_test.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h -evp_test.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -evp_test.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -evp_test.o: ../include/openssl/evp.h ../include/openssl/lhash.h -evp_test.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -evp_test.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -evp_test.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -evp_test.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h -evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h -evp_test.o: ../include/openssl/x509v3.h evp_test.c +evp_test.o: ../include/internal/numbers.h ../include/openssl/asn1.h +evp_test.o: ../include/openssl/bio.h ../include/openssl/buffer.h +evp_test.o: ../include/openssl/conf.h ../include/openssl/crypto.h +evp_test.o: ../include/openssl/e_os2.h ../include/openssl/ec.h +evp_test.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h +evp_test.o: ../include/openssl/err.h ../include/openssl/evp.h +evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h +evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h +evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h +evp_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h +evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h +evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h +evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h +evp_test.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h +evp_test.o: evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h diff --git a/util/libeay.num b/util/libeay.num index d41686f..1225f8c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4561,3 +4561,8 @@ COMP_CTX_get_method 4919 EXIST::FUNCTION: COMP_CTX_get_type 4920 EXIST::FUNCTION: COMP_get_name 4921 EXIST::FUNCTION: COMP_get_type 4922 EXIST::FUNCTION: +ASN1_INTEGER_get_int64 4923 EXIST::FUNCTION: +ASN1_ENUMERATED_set_int64 4924 EXIST::FUNCTION: +EVP_PBE_scrypt 4925 EXIST::FUNCTION: +ASN1_INTEGER_set_int64 4926 EXIST::FUNCTION: +ASN1_ENUMERATED_get_int64 4927 EXIST::FUNCTION: From emilia at openssl.org Wed May 20 13:44:47 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 20 May 2015 13:44:47 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432129487.208088.31011.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 63830384e90d9b36d2793d4891501ec024827433 (commit) via ff4de7dde90d15b366abe4664b904f22539969c9 (commit) via 3372aeed2ce056af9d577a0d79b34dd7f9b67dad (commit) via 8568170d774f02880eec6cad5512f555d0c83f65 (commit) via f1612746ec7580132f81fb81a23f6705e63d113b (commit) from 5a1f055d91515058f50a8105f4b0d12cfa09d5fb (commit) - Log ----------------------------------------------------------------- commit 63830384e90d9b36d2793d4891501ec024827433 Author: Emilia Kasper Date: Tue May 19 12:05:22 2015 +0200 client: reject handshakes with DH parameters < 768 bits. Since the client has no way of communicating her supported parameter range to the server, connections to servers that choose weak DH will simply fail. Reviewed-by: Kurt Roeckx commit ff4de7dde90d15b366abe4664b904f22539969c9 Author: Emilia Kasper Date: Tue May 12 16:10:05 2015 +0200 Update documentation with Diffie-Hellman best practices. - Do not advise generation of DH parameters with dsaparam to save computation time. - Promote use of custom parameters more, and explicitly forbid use of built-in parameters weaker than 2048 bits. - Advise the callback to ignore - it is currently called with 1024 bits, but this value can and should be safely ignored by servers. Reviewed-by: Rich Salz commit 3372aeed2ce056af9d577a0d79b34dd7f9b67dad Author: Emilia Kasper Date: Wed May 13 12:05:41 2015 +0200 dhparam: fix documentation The default bitlength is now 2048. Also clarify that either the number of bits or the generator must be present: $ openssl dhparam -2 and $ openssl dhparam 2048 generate parameters but $ openssl dhparam does not. Reviewed-by: Matt Caswell commit 8568170d774f02880eec6cad5512f555d0c83f65 Author: Emilia Kasper Date: Wed May 13 11:57:55 2015 +0200 dhparam: set the default to 2048 bits Reviewed-by: Matt Caswell Reviewed-by: Kurt Roeckx commit f1612746ec7580132f81fb81a23f6705e63d113b Author: Emilia Kasper Date: Tue May 12 20:15:46 2015 +0200 s_server: Use 2048-bit DH parameters by default. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +- apps/dhparam.c | 4 +- apps/gendh.c | 2 +- apps/s_server.c | 58 +++++++++++------ doc/apps/dhparam.pod | 13 ++-- doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 106 +++++++++++++------------------- ssl/s3_clnt.c | 22 +++++-- ssl/ssl.h | 1 + ssl/ssl_err.c | 1 + 9 files changed, 114 insertions(+), 96 deletions(-) diff --git a/CHANGES b/CHANGES index 11bdbbd..9d2f9f9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.1m and 1.0.1n [xx XXX xxxx] - *) + *) Reject DH handshakes with parameters shorter than 768 bits. + [Kurt Roeckx and Emilia Kasper] Changes between 1.0.1l and 1.0.1m [19 Mar 2015] diff --git a/apps/dhparam.c b/apps/dhparam.c index f86311c..d3b6d58 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -130,7 +130,7 @@ # undef PROG # define PROG dhparam_main -# define DEFBITS 512 +# define DEFBITS 2048 /*- * -inform arg - input format - default PEM (DER or PEM) @@ -254,7 +254,7 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, " -5 generate parameters using 5 as the generator value\n"); BIO_printf(bio_err, - " numbits number of bits in to generate (default 512)\n"); + " numbits number of bits in to generate (default 2048)\n"); # ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine e use engine e, possibly a hardware device.\n"); diff --git a/apps/gendh.c b/apps/gendh.c index adaa101..fef6f1b 100644 --- a/apps/gendh.c +++ b/apps/gendh.c @@ -80,7 +80,7 @@ # include # include -# define DEFBITS 512 +# define DEFBITS 2048 # undef PROG # define PROG gendh_main diff --git a/apps/s_server.c b/apps/s_server.c index 093a80d..7e501d2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -219,7 +219,7 @@ static int generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); -static DH *get_dh512(void); +static DH *get_dh2048(void); #endif #ifdef MONOLITH @@ -227,30 +227,48 @@ static void s_server_init(void); #endif #ifndef OPENSSL_NO_DH -static unsigned char dh512_p[] = { - 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75, - 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, - 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3, - 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, - 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C, - 0x47, 0x74, 0xE8, 0x33, +static unsigned char dh2048_p[] = { + 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6, + 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1, + 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9, + 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD, + 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17, + 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F, + 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD, + 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30, + 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E, + 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4, + 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58, + 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B, + 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C, + 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B, + 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD, + 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C, + 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C, + 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29, + 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B, + 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C, + 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55, + 0xE9,0x32,0x0B,0x3B, }; -static unsigned char dh512_g[] = { +static unsigned char dh2048_g[] = { 0x02, }; -static DH *get_dh512(void) +DH *get_dh2048() { - DH *dh = NULL; + DH *dh; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return (NULL); - return (dh); + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (dh->p == NULL || dh->g == NULL) { + DH_free(dh); + return NULL; + } + return dh; } #endif @@ -1654,7 +1672,11 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting temp DH parameters\n"); } else { BIO_printf(bio_s_out, "Using default temp DH parameters\n"); - dh = get_dh512(); + dh = get_dh2048(); + if (dh == NULL) { + ERR_print_errors(bio_err); + goto end; + } } (void)BIO_flush(bio_s_out); diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 6e27cf5..1cd4c76 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -71,8 +71,10 @@ check if the parameters are valid primes and generator. =item B<-2>, B<-5> -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but B is present, parameters are generated with the +default generator 2. =item B<-rand> I @@ -85,9 +87,10 @@ all others. =item I this option specifies that a parameter set should be generated of size -I. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +I. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (B<-2> or B<-5>) is +present, parameters are generated with a default length of 2048 bits. =item B<-noout> diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 7a27eef..b754c16 100644 --- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -61,12 +61,12 @@ negotiation is being saved. If "strong" primes were used to generate the DH parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that "strong" primes were used, +SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup +attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. +The option is required to implement perfect forward secrecy (PFS). As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. @@ -74,82 +74,62 @@ DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. +openssl L application. This application +guarantees that "strong" primes are used. -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L application. -Authors may also generate their own set of parameters using -L, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. +L application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. Files dh1024.pem +and dh512.pem contain old parameters that must not be used by +applications. An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. +can supply the DH parameters via a callback function. -The B is called with the B needed and -the B information. The B flag is set, when the -ephemeral DH key exchange is performed with an export cipher. +Previous versions of the callback used B and B +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use SSL_CTX_set_tmp_dh() in combination with +SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore +B and B and simply supply at least 2048-bit +parameters in the callback. =head1 EXAMPLES -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; + Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 + + Code for setting up parameters during server initialization: ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); + SSL_CTX ctx = SSL_CTX_new(); + ... + + /* Set up ephemeral DH parameters. */ + DH *dh_2048 = NULL; + FILE *paramfile; + paramfile = fopen("dh_param_2048.pem", "r"); if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); fclose(paramfile); + } else { + /* Error. */ } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + if (dh_2048 == NULL) { + /* Error. */ } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ } + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ... =head1 RETURN VALUES diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index a521d56..780a03f 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3295,23 +3295,33 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kEDH) && - !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + if ((alg_k & SSL_kEDH) && dh == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; - } else if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { + } + if ((alg_k & SSL_kDHr) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); goto f_err; } # ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { + if ((alg_k & SSL_kDHd) && !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); goto f_err; } # endif -#endif + + /* Check DHE only: static DH not implemented. */ + if (alg_k & SSL_kEDH) { + int dh_size = BN_num_bits(dh->p); + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); + goto f_err; + } + } +#endif /* !OPENSSL_NO_DH */ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { #ifndef OPENSSL_NO_RSA diff --git a/ssl/ssl.h b/ssl/ssl.h index 62472a1..32e27c6 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2524,6 +2524,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 835b43c..fef324d 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -441,6 +441,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"}, From emilia at openssl.org Wed May 20 13:44:47 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 20 May 2015 13:44:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432129487.524047.31061.nullmailer@dev.openssl.org> The branch master has been updated via 1554d55318a7bb3347f4ccfadf78cca56e51ee79 (commit) via 1f302db3e70f50f9b5e0860581a18e117eafcf20 (commit) via b5a379aae5e05d18a17e41cd7591a038e21395eb (commit) from 5a1d2509060da8ca99fa41135eff7bf3a193f69f (commit) - Log ----------------------------------------------------------------- commit 1554d55318a7bb3347f4ccfadf78cca56e51ee79 Author: Emilia Kasper Date: Mon May 18 13:57:01 2015 +0200 Remove dh512.pem Reviewed-by: Rich Salz commit 1f302db3e70f50f9b5e0860581a18e117eafcf20 Author: Emilia Kasper Date: Tue May 12 16:10:05 2015 +0200 Update documentation with Diffie-Hellman best practices. - Do not advise generation of DH parameters with dsaparam to save computation time. - Promote use of custom parameters more, and explicitly forbid use of built-in parameters weaker than 2048 bits. - Advise the callback to ignore - it is currently called with 1024 bits, but this value can and should be safely ignored by servers. Reviewed-by: Rich Salz commit b5a379aae5e05d18a17e41cd7591a038e21395eb Author: Emilia Kasper Date: Wed May 13 12:05:41 2015 +0200 dhparam: fix documentation The default bitlength is now 2048. Also clarify that either the number of bits or the generator must be present: $ openssl dhparam -2 and $ openssl dhparam 2048 generate parameters but $ openssl dhparam does not. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/dh512.pem | 9 --- doc/apps/dhparam.pod | 13 ++-- doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 104 +++++++++++++------------------- 3 files changed, 49 insertions(+), 77 deletions(-) delete mode 100644 apps/dh512.pem diff --git a/apps/dh512.pem b/apps/dh512.pem deleted file mode 100644 index 200d16c..0000000 --- a/apps/dh512.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN DH PARAMETERS----- -MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak -XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC ------END DH PARAMETERS----- - -These are the 512 bit DH parameters from "Assigned Number for SKIP Protocols" -(http://www.skip-vpn.org/spec/numbers.html). -See there for how they were generated. -Note that g is not a generator, but this is not a problem since p is a safe prime. diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 6e27cf5..1cd4c76 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -71,8 +71,10 @@ check if the parameters are valid primes and generator. =item B<-2>, B<-5> -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but B is present, parameters are generated with the +default generator 2. =item B<-rand> I @@ -85,9 +87,10 @@ all others. =item I this option specifies that a parameter set should be generated of size -I. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +I. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (B<-2> or B<-5>) is +present, parameters are generated with a default length of 2048 bits. =item B<-noout> diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index a9995fc..64c8b65 100644 --- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -61,12 +61,11 @@ negotiation is being saved. If "strong" primes were used to generate the DH parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that "strong" primes were used, +SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup +attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. The option is required to implement perfect forward secrecy (PFS). As generating DH parameters is extremely time consuming, an application @@ -75,82 +74,61 @@ DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. +openssl L application. This application +guarantees that "strong" primes are used. -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L application. -Authors may also generate their own set of parameters using -L, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. +L application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. File dh1024.pem +contains old parameters that must not be used by applications. An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. +can supply the DH parameters via a callback function. -The B is called with the B needed and -the B information. The B flag is set, when the -ephemeral DH key exchange is performed with an export cipher. +Previous versions of the callback used B and B +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use SSL_CTX_set_tmp_dh() in combination with +SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore +B and B and simply supply at least 2048-bit +parameters in the callback. =head1 EXAMPLES -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; + Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 + + Code for setting up parameters during server initialization: ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); + SSL_CTX ctx = SSL_CTX_new(); + ... + + /* Set up ephemeral DH parameters. */ + DH *dh_2048 = NULL; + FILE *paramfile; + paramfile = fopen("dh_param_2048.pem", "r"); if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); fclose(paramfile); + } else { + /* Error. */ } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + if (dh_2048 == NULL) { + /* Error. */ } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ } + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ... =head1 RETURN VALUES From emilia at openssl.org Wed May 20 13:44:47 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 20 May 2015 13:44:47 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432129487.299199.31037.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 10a70da729948bb573d27cef4459077c49f3eb46 (commit) via dcbc03ede7625f6a1023389196f62aff8916ce4b (commit) via b32aa8e63eba643f9c510af2838f1534de70bd2e (commit) via 82697bc2b9640aaf25c4adb87f41d9c5437b87ab (commit) from 17b753f23a0b97f9a1db6c4d03e6cdff5a54f8f6 (commit) - Log ----------------------------------------------------------------- commit 10a70da729948bb573d27cef4459077c49f3eb46 Author: Emilia Kasper Date: Tue May 19 11:53:31 2015 +0200 client: reject handshakes with DH parameters < 768 bits. Since the client has no way of communicating her supported parameter range to the server, connections to servers that choose weak DH will simply fail. Reviewed-by: Kurt Roeckx commit dcbc03ede7625f6a1023389196f62aff8916ce4b Author: Emilia Kasper Date: Tue May 12 16:10:05 2015 +0200 Update documentation with Diffie-Hellman best practices. - Do not advise generation of DH parameters with dsaparam to save computation time. - Promote use of custom parameters more, and explicitly forbid use of built-in parameters weaker than 2048 bits. - Advise the callback to ignore - it is currently called with 1024 bits, but this value can and should be safely ignored by servers. Reviewed-by: Rich Salz commit b32aa8e63eba643f9c510af2838f1534de70bd2e Author: Emilia Kasper Date: Wed May 13 12:05:41 2015 +0200 dhparam: fix documentation The default bitlength is now 2048. Also clarify that either the number of bits or the generator must be present: $ openssl dhparam -2 and $ openssl dhparam 2048 generate parameters but $ openssl dhparam does not. Reviewed-by: Matt Caswell commit 82697bc2b9640aaf25c4adb87f41d9c5437b87ab Author: Emilia Kasper Date: Tue May 12 20:15:46 2015 +0200 s_server: Use 2048-bit DH parameters by default. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 3 +- apps/s_server.c | 58 +++++++++++------ doc/apps/dhparam.pod | 13 ++-- doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 106 +++++++++++++------------------- ssl/s3_clnt.c | 73 +++++++++++++++------- ssl/ssl.h | 2 + ssl/ssl_err.c | 4 +- 7 files changed, 148 insertions(+), 111 deletions(-) diff --git a/CHANGES b/CHANGES index 4723703..6dabf87 100644 --- a/CHANGES +++ b/CHANGES @@ -4,7 +4,8 @@ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] - *) + *) Reject DH handshakes with parameters shorter than 768 bits. + [Kurt Roeckx and Emilia Kasper] Changes between 1.0.2 and 1.0.2a [19 Mar 2015] diff --git a/apps/s_server.c b/apps/s_server.c index e662720..acef382 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -222,7 +222,7 @@ static void init_session_cache_ctx(SSL_CTX *sctx); static void free_sessions(void); #ifndef OPENSSL_NO_DH static DH *load_dh_param(const char *dhfile); -static DH *get_dh512(void); +static DH *get_dh2048(void); #endif #ifdef MONOLITH @@ -230,30 +230,48 @@ static void s_server_init(void); #endif #ifndef OPENSSL_NO_DH -static unsigned char dh512_p[] = { - 0xDA, 0x58, 0x3C, 0x16, 0xD9, 0x85, 0x22, 0x89, 0xD0, 0xE4, 0xAF, 0x75, - 0x6F, 0x4C, 0xCA, 0x92, 0xDD, 0x4B, 0xE5, 0x33, 0xB8, 0x04, 0xFB, 0x0F, - 0xED, 0x94, 0xEF, 0x9C, 0x8A, 0x44, 0x03, 0xED, 0x57, 0x46, 0x50, 0xD3, - 0x69, 0x99, 0xDB, 0x29, 0xD7, 0x76, 0x27, 0x6B, 0xA2, 0xD3, 0xD4, 0x12, - 0xE2, 0x18, 0xF4, 0xDD, 0x1E, 0x08, 0x4C, 0xF6, 0xD8, 0x00, 0x3E, 0x7C, - 0x47, 0x74, 0xE8, 0x33, +static unsigned char dh2048_p[] = { + 0xF6,0x42,0x57,0xB7,0x08,0x7F,0x08,0x17,0x72,0xA2,0xBA,0xD6, + 0xA9,0x42,0xF3,0x05,0xE8,0xF9,0x53,0x11,0x39,0x4F,0xB6,0xF1, + 0x6E,0xB9,0x4B,0x38,0x20,0xDA,0x01,0xA7,0x56,0xA3,0x14,0xE9, + 0x8F,0x40,0x55,0xF3,0xD0,0x07,0xC6,0xCB,0x43,0xA9,0x94,0xAD, + 0xF7,0x4C,0x64,0x86,0x49,0xF8,0x0C,0x83,0xBD,0x65,0xE9,0x17, + 0xD4,0xA1,0xD3,0x50,0xF8,0xF5,0x59,0x5F,0xDC,0x76,0x52,0x4F, + 0x3D,0x3D,0x8D,0xDB,0xCE,0x99,0xE1,0x57,0x92,0x59,0xCD,0xFD, + 0xB8,0xAE,0x74,0x4F,0xC5,0xFC,0x76,0xBC,0x83,0xC5,0x47,0x30, + 0x61,0xCE,0x7C,0xC9,0x66,0xFF,0x15,0xF9,0xBB,0xFD,0x91,0x5E, + 0xC7,0x01,0xAA,0xD3,0x5B,0x9E,0x8D,0xA0,0xA5,0x72,0x3A,0xD4, + 0x1A,0xF0,0xBF,0x46,0x00,0x58,0x2B,0xE5,0xF4,0x88,0xFD,0x58, + 0x4E,0x49,0xDB,0xCD,0x20,0xB4,0x9D,0xE4,0x91,0x07,0x36,0x6B, + 0x33,0x6C,0x38,0x0D,0x45,0x1D,0x0F,0x7C,0x88,0xB3,0x1C,0x7C, + 0x5B,0x2D,0x8E,0xF6,0xF3,0xC9,0x23,0xC0,0x43,0xF0,0xA5,0x5B, + 0x18,0x8D,0x8E,0xBB,0x55,0x8C,0xB8,0x5D,0x38,0xD3,0x34,0xFD, + 0x7C,0x17,0x57,0x43,0xA3,0x1D,0x18,0x6C,0xDE,0x33,0x21,0x2C, + 0xB5,0x2A,0xFF,0x3C,0xE1,0xB1,0x29,0x40,0x18,0x11,0x8D,0x7C, + 0x84,0xA7,0x0A,0x72,0xD6,0x86,0xC4,0x03,0x19,0xC8,0x07,0x29, + 0x7A,0xCA,0x95,0x0C,0xD9,0x96,0x9F,0xAB,0xD0,0x0A,0x50,0x9B, + 0x02,0x46,0xD3,0x08,0x3D,0x66,0xA4,0x5D,0x41,0x9F,0x9C,0x7C, + 0xBD,0x89,0x4B,0x22,0x19,0x26,0xBA,0xAB,0xA2,0x5E,0xC3,0x55, + 0xE9,0x32,0x0B,0x3B, }; -static unsigned char dh512_g[] = { +static unsigned char dh2048_g[] = { 0x02, }; -static DH *get_dh512(void) +DH *get_dh2048() { - DH *dh = NULL; + DH *dh; if ((dh = DH_new()) == NULL) - return (NULL); - dh->p = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL); - dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL); - if ((dh->p == NULL) || (dh->g == NULL)) - return (NULL); - return (dh); + return NULL; + dh->p=BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL); + dh->g=BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL); + if (dh->p == NULL || dh->g == NULL) { + DH_free(dh); + return NULL; + } + return dh; } #endif @@ -1867,7 +1885,11 @@ int MAIN(int argc, char *argv[]) BIO_printf(bio_s_out, "Setting temp DH parameters\n"); } else { BIO_printf(bio_s_out, "Using default temp DH parameters\n"); - dh = get_dh512(); + dh = get_dh2048(); + if (dh == NULL) { + ERR_print_errors(bio_err); + goto end; + } } (void)BIO_flush(bio_s_out); diff --git a/doc/apps/dhparam.pod b/doc/apps/dhparam.pod index 6e27cf5..1cd4c76 100644 --- a/doc/apps/dhparam.pod +++ b/doc/apps/dhparam.pod @@ -71,8 +71,10 @@ check if the parameters are valid primes and generator. =item B<-2>, B<-5> -The generator to use, either 2 or 5. 2 is the default. If present then the -input file is ignored and parameters are generated instead. +The generator to use, either 2 or 5. If present then the +input file is ignored and parameters are generated instead. If not +present but B is present, parameters are generated with the +default generator 2. =item B<-rand> I @@ -85,9 +87,10 @@ all others. =item I this option specifies that a parameter set should be generated of size -I. It must be the last option. If not present then a value of 512 -is used. If this option is present then the input file is ignored and -parameters are generated instead. +I. It must be the last option. If this option is present then +the input file is ignored and parameters are generated instead. If +this option is not present but a generator (B<-2> or B<-5>) is +present, parameters are generated with a default length of 2048 bits. =item B<-noout> diff --git a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod index 7a27eef..b754c16 100644 --- a/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod @@ -61,12 +61,12 @@ negotiation is being saved. If "strong" primes were used to generate the DH parameters, it is not strictly necessary to generate a new key for each handshake but it does improve forward -secrecy. If it is not assured, that "strong" primes were used (see especially -the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used -in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE -has an impact on the computer time needed during negotiation, but it is not -very large, so application authors/users should consider to always enable -this option. +secrecy. If it is not assured that "strong" primes were used, +SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup +attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the +computer time needed during negotiation, but it is not very large, so +application authors/users should consider always enabling this option. +The option is required to implement perfect forward secrecy (PFS). As generating DH parameters is extremely time consuming, an application should not generate the parameters on the fly but supply the parameters. @@ -74,82 +74,62 @@ DH parameters can be reused, as the actual key is newly generated during the negotiation. The risk in reusing DH parameters is that an attacker may specialize on a very often used DH group. Applications should therefore generate their own DH parameters during the installation process using the -openssl L application. In order to reduce the computer -time needed for this generation, it is possible to use DSA parameters -instead (see L), but in this case SSL_OP_SINGLE_DH_USE -is mandatory. +openssl L application. This application +guarantees that "strong" primes are used. -Application authors may compile in DH parameters. Files dh512.pem, -dh1024.pem, dh2048.pem, and dh4096.pem in the 'apps' directory of current +Files dh2048.pem, and dh4096.pem in the 'apps' directory of the current version of the OpenSSL distribution contain the 'SKIP' DH parameters, which use safe primes and were generated verifiably pseudo-randomly. These files can be converted into C code using the B<-C> option of the -L application. -Authors may also generate their own set of parameters using -L, but a user may not be sure how the parameters were -generated. The generation of DH parameters during installation is therefore -recommended. +L application. Generation of custom DH +parameters during installation should still be preferred to stop an +attacker from specializing on a commonly used group. Files dh1024.pem +and dh512.pem contain old parameters that must not be used by +applications. An application may either directly specify the DH parameters or -can supply the DH parameters via a callback function. The callback approach -has the advantage, that the callback may supply DH parameters for different -key lengths. +can supply the DH parameters via a callback function. -The B is called with the B needed and -the B information. The B flag is set, when the -ephemeral DH key exchange is performed with an export cipher. +Previous versions of the callback used B and B +parameters to control parameter generation for export and non-export +cipher suites. Modern servers that do not support export ciphersuites +are advised to either use SSL_CTX_set_tmp_dh() in combination with +SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore +B and B and simply supply at least 2048-bit +parameters in the callback. =head1 EXAMPLES -Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling +Setup DH parameters with a key length of 2048 bits. (Error handling partly left out.) - ... - /* Set up ephemeral DH stuff */ - DH *dh_512 = NULL; - DH *dh_1024 = NULL; - FILE *paramfile; + Command-line parameter generation: + $ openssl dhparam -out dh_param_2048.pem 2048 + + Code for setting up parameters during server initialization: ... - /* "openssl dhparam -out dh_param_512.pem -2 512" */ - paramfile = fopen("dh_param_512.pem", "r"); + SSL_CTX ctx = SSL_CTX_new(); + ... + + /* Set up ephemeral DH parameters. */ + DH *dh_2048 = NULL; + FILE *paramfile; + paramfile = fopen("dh_param_2048.pem", "r"); if (paramfile) { - dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); + dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); fclose(paramfile); + } else { + /* Error. */ } - /* "openssl dhparam -out dh_param_1024.pem -2 1024" */ - paramfile = fopen("dh_param_1024.pem", "r"); - if (paramfile) { - dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL); - fclose(paramfile); + if (dh_2048 == NULL) { + /* Error. */ } - ... - - /* "openssl dhparam -C -2 512" etc... */ - DH *get_dh512() { ... } - DH *get_dh1024() { ... } - - DH *tmp_dh_callback(SSL *s, int is_export, int keylength) - { - DH *dh_tmp=NULL; - - switch (keylength) { - case 512: - if (!dh_512) - dh_512 = get_dh512(); - dh_tmp = dh_512; - break; - case 1024: - if (!dh_1024) - dh_1024 = get_dh1024(); - dh_tmp = dh_1024; - break; - default: - /* Generating a key on the fly is very costly, so use what is there */ - setup_dh_parameters_like_above(); - } - return(dh_tmp); + if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) { + /* Error. */ } + SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE); + ... =head1 RETURN VALUES diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index eebd423..c25e077 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -2361,6 +2361,25 @@ int ssl3_get_server_done(SSL *s) return (ret); } +#ifndef OPENSSL_NO_DH +static DH *get_server_static_dh_key(SESS_CERT *scert) +{ + DH *dh_srvr = NULL; + EVP_PKEY *spkey = NULL; + int idx = scert->peer_cert_type; + + if (idx >= 0) + spkey = X509_get_pubkey(scert->peer_pkeys[idx].x509); + if (spkey) { + dh_srvr = EVP_PKEY_get1_DH(spkey); + EVP_PKEY_free(spkey); + } + if (dh_srvr == NULL) + SSLerr(SSL_F_GET_SERVER_STATIC_DH_KEY, ERR_R_INTERNAL_ERROR); + return dh_srvr; +} +#endif + int ssl3_send_client_key_exchange(SSL *s) { unsigned char *p; @@ -2603,25 +2622,14 @@ int ssl3_send_client_key_exchange(SSL *s) goto err; } - if (scert->peer_dh_tmp != NULL) + if (scert->peer_dh_tmp != NULL) { dh_srvr = scert->peer_dh_tmp; - else { - /* we get them from the cert */ - int idx = scert->peer_cert_type; - EVP_PKEY *spkey = NULL; - dh_srvr = NULL; - if (idx >= 0) - spkey = X509_get_pubkey(scert->peer_pkeys[idx].x509); - if (spkey) { - dh_srvr = EVP_PKEY_get1_DH(spkey); - EVP_PKEY_free(spkey); - } - if (dh_srvr == NULL) { - SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, - ERR_R_INTERNAL_ERROR); + } else { + dh_srvr = get_server_static_dh_key(scert); + if (dh_srvr == NULL) goto err; - } } + if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) { /* Use client certificate key */ EVP_PKEY *clkey = s->cert->key->privatekey; @@ -3464,25 +3472,44 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif #ifndef OPENSSL_NO_DH - if ((alg_k & SSL_kEDH) && - !(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || (dh != NULL))) { - SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_KEY); + if ((alg_k & SSL_kEDH) && dh == NULL) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, ERR_R_INTERNAL_ERROR); goto f_err; - } else if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && + } + if ((alg_k & SSL_kDHr) && !SSL_USE_SIGALGS(s) && !has_bits(i, EVP_PK_DH | EVP_PKS_RSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_RSA_CERT); goto f_err; } # ifndef OPENSSL_NO_DSA - else if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) && - !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { + if ((alg_k & SSL_kDHd) && !SSL_USE_SIGALGS(s) && + !has_bits(i, EVP_PK_DH | EVP_PKS_DSA)) { SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_MISSING_DH_DSA_CERT); goto f_err; } # endif -#endif + + if (alg_k & (SSL_kDHE | SSL_kDHr | SSL_kDHd)) { + int dh_size; + if (alg_k & SSL_kDHE) { + dh_size = BN_num_bits(dh->p); + } else { + DH *dh_srvr = get_server_static_dh_key(sc); + if (dh_srvr == NULL) + goto f_err; + dh_size = BN_num_bits(dh_srvr->p); + DH_free(dh_srvr); + } + + if ((!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 768) + || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && dh_size < 512)) { + SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_DH_KEY_TOO_SMALL); + goto f_err; + } + } +#endif /* !OPENSSL_NO_DH */ if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { #ifndef OPENSSL_NO_RSA diff --git a/ssl/ssl.h b/ssl/ssl.h index 70fa00b..8eb852a 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2641,6 +2641,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_GET_CLIENT_MASTER_KEY 107 # define SSL_F_GET_SERVER_FINISHED 108 # define SSL_F_GET_SERVER_HELLO 109 +# define SSL_F_GET_SERVER_STATIC_DH_KEY 340 # define SSL_F_GET_SERVER_VERIFY 110 # define SSL_F_I2D_SSL_SESSION 111 # define SSL_F_READ_N 112 @@ -2906,6 +2907,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_DATA_LENGTH_TOO_LONG 146 # define SSL_R_DECRYPTION_FAILED 147 # define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 281 +# define SSL_R_DH_KEY_TOO_SMALL 372 # define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 # define SSL_R_DIGEST_CHECK_FAILED 149 # define SSL_R_DTLS_MESSAGE_TOO_BIG 334 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 76c92ae..fc0fb8f 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -1,6 +1,6 @@ /* ssl/ssl_err.c */ /* ==================================================================== - * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_GET_CLIENT_MASTER_KEY), "GET_CLIENT_MASTER_KEY"}, {ERR_FUNC(SSL_F_GET_SERVER_FINISHED), "GET_SERVER_FINISHED"}, {ERR_FUNC(SSL_F_GET_SERVER_HELLO), "GET_SERVER_HELLO"}, + {ERR_FUNC(SSL_F_GET_SERVER_STATIC_DH_KEY), "GET_SERVER_STATIC_DH_KEY"}, {ERR_FUNC(SSL_F_GET_SERVER_VERIFY), "GET_SERVER_VERIFY"}, {ERR_FUNC(SSL_F_I2D_SSL_SESSION), "i2d_SSL_SESSION"}, {ERR_FUNC(SSL_F_READ_N), "READ_N"}, @@ -459,6 +460,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_DECRYPTION_FAILED), "decryption failed"}, {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"}, + {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL), "dh key too small"}, {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"}, {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED), "digest check failed"}, From emilia at openssl.org Wed May 20 14:08:24 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 20 May 2015 14:08:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432130904.754941.9717.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via f4d1fb776955187a35c3ee36d4413871917c3138 (commit) from 10a70da729948bb573d27cef4459077c49f3eb46 (commit) - Log ----------------------------------------------------------------- commit f4d1fb776955187a35c3ee36d4413871917c3138 Author: Emilia Kasper Date: Wed May 20 15:47:51 2015 +0200 Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client). Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else. The result: $ openssl s_server -named_curves "auto" This command will negotiate an ECDHE ciphersuite with P-256: $ openssl s_client This command will negotiate P-384: $ openssl s_client -curves "P-384" This command will not negotiate ECDHE because P-224 is disabled with "auto": $ openssl s_client -curves "P-224" Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 +++++ ssl/ssltest.c | 7 ++---- ssl/t1_lib.c | 68 +++++++++++++++++++++++++++++++++++++++++------------------ 3 files changed, 54 insertions(+), 26 deletions(-) diff --git a/CHANGES b/CHANGES index 6dabf87..0fedee6 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,11 @@ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + *) Only support 256-bit or stronger elliptic curves with the + 'ecdh_auto' setting (server) or by default (client). Of supported + curves, prefer P-256 (both). + [Emilia Kasper] + *) Reject DH handshakes with parameters shorter than 768 bits. [Kurt Roeckx and Emilia Kasper] diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 8a6f00f..805da4c 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -1339,12 +1339,9 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; } - } else -# ifdef OPENSSL_NO_EC2M + } else { nid = NID_X9_62_prime256v1; -# else - nid = NID_sect163r2; -# endif + } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 26ebdb3..8cde013 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -262,47 +262,68 @@ static const unsigned char ecformats_default[] = { TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; -static const unsigned char eccurves_default[] = { -# ifndef OPENSSL_NO_EC2M - 0, 14, /* sect571r1 (14) */ - 0, 13, /* sect571k1 (13) */ -# endif +/* The client's default curves / the server's 'auto' curves. */ +static const unsigned char eccurves_auto[] = { + /* Prefer P-256 which has the fastest and most secure implementations. */ + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ 0, 25, /* secp521r1 (25) */ 0, 28, /* brainpool512r1 (28) */ + 0, 27, /* brainpoolP384r1 (27) */ + 0, 24, /* secp384r1 (24) */ + 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ # ifndef OPENSSL_NO_EC2M + /* >= 256-bit binary curves. */ + 0, 14, /* sect571r1 (14) */ + 0, 13, /* sect571k1 (13) */ 0, 11, /* sect409k1 (11) */ 0, 12, /* sect409r1 (12) */ + 0, 9, /* sect283k1 (9) */ + 0, 10, /* sect283r1 (10) */ # endif +}; + +static const unsigned char eccurves_all[] = { + /* Prefer P-256 which has the fastest and most secure implementations. */ + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ + 0, 25, /* secp521r1 (25) */ + 0, 28, /* brainpool512r1 (28) */ 0, 27, /* brainpoolP384r1 (27) */ 0, 24, /* secp384r1 (24) */ + 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ # ifndef OPENSSL_NO_EC2M + /* >= 256-bit binary curves. */ + 0, 14, /* sect571r1 (14) */ + 0, 13, /* sect571k1 (13) */ + 0, 11, /* sect409k1 (11) */ + 0, 12, /* sect409r1 (12) */ 0, 9, /* sect283k1 (9) */ 0, 10, /* sect283r1 (10) */ # endif - 0, 26, /* brainpoolP256r1 (26) */ - 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ + /* + * Remaining curves disabled by default but still permitted if set + * via an explicit callback or parameters. + */ + 0, 20, /* secp224k1 (20) */ + 0, 21, /* secp224r1 (21) */ + 0, 18, /* secp192k1 (18) */ + 0, 19, /* secp192r1 (19) */ + 0, 15, /* secp160k1 (15) */ + 0, 16, /* secp160r1 (16) */ + 0, 17, /* secp160r2 (17) */ # ifndef OPENSSL_NO_EC2M 0, 8, /* sect239k1 (8) */ 0, 6, /* sect233k1 (6) */ 0, 7, /* sect233r1 (7) */ -# endif - 0, 20, /* secp224k1 (20) */ - 0, 21, /* secp224r1 (21) */ -# ifndef OPENSSL_NO_EC2M 0, 4, /* sect193r1 (4) */ 0, 5, /* sect193r2 (5) */ -# endif - 0, 18, /* secp192k1 (18) */ - 0, 19, /* secp192r1 (19) */ -# ifndef OPENSSL_NO_EC2M 0, 1, /* sect163k1 (1) */ 0, 2, /* sect163r1 (2) */ 0, 3, /* sect163r2 (3) */ # endif - 0, 15, /* secp160k1 (15) */ - 0, 16, /* secp160r1 (16) */ - 0, 17, /* secp160r2 (17) */ }; static const unsigned char suiteb_curves[] = { @@ -476,8 +497,13 @@ static int tls1_get_curvelist(SSL *s, int sess, } else # endif { - *pcurves = eccurves_default; - pcurveslen = sizeof(eccurves_default); + if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + *pcurves = eccurves_auto; + pcurveslen = sizeof(eccurves_auto); + } else { + *pcurves = eccurves_all; + pcurveslen = sizeof(eccurves_all); + } } } } From emilia at openssl.org Wed May 20 14:08:24 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 20 May 2015 14:08:24 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432130904.885207.9739.nullmailer@dev.openssl.org> The branch master has been updated via de57d2372985d2640ae82f7954bf9dc07caf2f09 (commit) from 1554d55318a7bb3347f4ccfadf78cca56e51ee79 (commit) - Log ----------------------------------------------------------------- commit de57d2372985d2640ae82f7954bf9dc07caf2f09 Author: Emilia Kasper Date: Wed May 20 15:47:51 2015 +0200 Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client). Also reorder preferences to prefer prime curves to binary curves, and P-256 to everything else. The result: $ openssl s_server -named_curves "auto" This command will negotiate an ECDHE ciphersuite with P-256: $ openssl s_client This command will negotiate P-384: $ openssl s_client -curves "P-384" This command will not negotiate ECDHE because P-224 is disabled with "auto": $ openssl s_client -curves "P-224" Reviewed-by: Kurt Roeckx Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: CHANGES | 9 ++++++++- ssl/t1_lib.c | 63 ++++++++++++++++++++++++++++++++++++++++++++-------------- test/ssltest.c | 7 ++----- 3 files changed, 58 insertions(+), 21 deletions(-) diff --git a/CHANGES b/CHANGES index 8600b81..397ff2c 100644 --- a/CHANGES +++ b/CHANGES @@ -396,7 +396,14 @@ whose return value is often ignored. [Steve Henson] - Changes between 1.0.2 and 1.0.2a [xx XXX xxxx] + Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + + *) Only support 256-bit or stronger elliptic curves with the + 'ecdh_auto' setting (server) or by default (client). Of supported + curves, prefer P-256 (both). + [Emilia Kasper] + + Changes between 1.0.2 and 1.0.2a [19 Mar 2015] *) ClientHello sigalgs DoS fix diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index f3fa0f5..7053c4a 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -268,37 +268,65 @@ static const unsigned char ecformats_default[] = { TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 }; -static const unsigned char eccurves_default[] = { - 0, 14, /* sect571r1 (14) */ - 0, 13, /* sect571k1 (13) */ +/* The client's default curves / the server's 'auto' curves. */ +static const unsigned char eccurves_auto[] = { + /* Prefer P-256 which has the fastest and most secure implementations. */ + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ 0, 25, /* secp521r1 (25) */ 0, 28, /* brainpool512r1 (28) */ - 0, 11, /* sect409k1 (11) */ - 0, 12, /* sect409r1 (12) */ 0, 27, /* brainpoolP384r1 (27) */ 0, 24, /* secp384r1 (24) */ + 0, 26, /* brainpoolP256r1 (26) */ + 0, 22, /* secp256k1 (22) */ + /* >= 256-bit binary curves. */ + 0, 14, /* sect571r1 (14) */ + 0, 13, /* sect571k1 (13) */ + 0, 11, /* sect409k1 (11) */ + 0, 12, /* sect409r1 (12) */ 0, 9, /* sect283k1 (9) */ 0, 10, /* sect283r1 (10) */ +}; + +static const unsigned char eccurves_all[] = { + /* Prefer P-256 which has the fastest and most secure implementations. */ + 0, 23, /* secp256r1 (23) */ + /* Other >= 256-bit prime curves. */ + 0, 25, /* secp521r1 (25) */ + 0, 28, /* brainpool512r1 (28) */ + 0, 27, /* brainpoolP384r1 (27) */ + 0, 24, /* secp384r1 (24) */ 0, 26, /* brainpoolP256r1 (26) */ 0, 22, /* secp256k1 (22) */ - 0, 23, /* secp256r1 (23) */ + /* >= 256-bit binary curves. */ + 0, 14, /* sect571r1 (14) */ + 0, 13, /* sect571k1 (13) */ + 0, 11, /* sect409k1 (11) */ + 0, 12, /* sect409r1 (12) */ + 0, 9, /* sect283k1 (9) */ + 0, 10, /* sect283r1 (10) */ + /* + * Remaining curves disabled by default but still permitted if set + * via an explicit callback or parameters. + */ + 0, 20, /* secp224k1 (20) */ + 0, 21, /* secp224r1 (21) */ + 0, 18, /* secp192k1 (18) */ + 0, 19, /* secp192r1 (19) */ + 0, 15, /* secp160k1 (15) */ + 0, 16, /* secp160r1 (16) */ + 0, 17, /* secp160r2 (17) */ 0, 8, /* sect239k1 (8) */ 0, 6, /* sect233k1 (6) */ 0, 7, /* sect233r1 (7) */ - 0, 20, /* secp224k1 (20) */ - 0, 21, /* secp224r1 (21) */ 0, 4, /* sect193r1 (4) */ 0, 5, /* sect193r2 (5) */ - 0, 18, /* secp192k1 (18) */ - 0, 19, /* secp192r1 (19) */ 0, 1, /* sect163k1 (1) */ 0, 2, /* sect163r1 (2) */ 0, 3, /* sect163r2 (3) */ - 0, 15, /* secp160k1 (15) */ - 0, 16, /* secp160r1 (16) */ - 0, 17, /* secp160r2 (17) */ }; + static const unsigned char suiteb_curves[] = { 0, TLSEXT_curve_P_256, 0, TLSEXT_curve_P_384 @@ -419,8 +447,13 @@ static int tls1_get_curvelist(SSL *s, int sess, pcurveslen = s->tlsext_ellipticcurvelist_length; } if (!*pcurves) { - *pcurves = eccurves_default; - pcurveslen = sizeof(eccurves_default); + if (!s->server || (s->cert && s->cert->ecdh_tmp_auto)) { + *pcurves = eccurves_auto; + pcurveslen = sizeof(eccurves_auto); + } else { + *pcurves = eccurves_all; + pcurveslen = sizeof(eccurves_all); + } } } diff --git a/test/ssltest.c b/test/ssltest.c index 95ba1a0..136bf9a 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1494,12 +1494,9 @@ int main(int argc, char *argv[]) BIO_printf(bio_err, "unknown curve name (%s)\n", named_curve); goto end; } - } else -# ifdef OPENSSL_NO_EC2M + } else { nid = NID_X9_62_prime256v1; -# else - nid = NID_sect163r2; -# endif + } ecdh = EC_KEY_new_by_curve_name(nid); if (ecdh == NULL) { From steve at openssl.org Wed May 20 17:43:15 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Wed, 20 May 2015 17:43:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432143795.288573.9983.nullmailer@dev.openssl.org> The branch master has been updated via c5f2810581380bc248279207a4c58a126047acd8 (commit) from de57d2372985d2640ae82f7954bf9dc07caf2f09 (commit) - Log ----------------------------------------------------------------- commit c5f2810581380bc248279207a4c58a126047acd8 Author: Dr. Stephen Henson Date: Tue May 19 17:02:29 2015 +0100 Add functions to convert between uint64_t and ASN1_INTEGER. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/a_int.c | 40 +++++++++++++++++++++++++++++++++++ crypto/asn1/asn1_err.c | 2 ++ doc/crypto/ASN1_INTEGER_get_int64.pod | 10 +++++++++ include/openssl/asn1.h | 5 +++++ 4 files changed, 57 insertions(+) diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index f3a7e6a..9a58378 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -58,6 +58,7 @@ #include #include "internal/cryptlib.h" +#include "internal/numbers.h" #include #include #include @@ -418,6 +419,35 @@ static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype) return ASN1_STRING_set(a, tbuf, l); } +static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, + int itype) +{ + if (a == NULL) { + ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if ((a->type & ~V_ASN1_NEG) != itype) { + ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE); + return 0; + } + if (a->type & V_ASN1_NEG) { + ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE); + return 0; + } + return asn1_get_uint64(pr, a->data, a->length); +} + +static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype) +{ + unsigned char tbuf[sizeof(r)]; + size_t l; + a->type = itype; + l = asn1_put_uint64(tbuf, r); + if (l == 0) + return 0; + return ASN1_STRING_set(a, tbuf, l); +} + /* * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1 * integers: some broken software can encode a positive INTEGER with its MSB @@ -560,6 +590,16 @@ int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r) return asn1_string_set_int64(a, r, V_ASN1_INTEGER); } +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a) +{ + return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER); +} + +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r) +{ + return asn1_string_set_uint64(a, r, V_ASN1_INTEGER); +} + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) { return ASN1_INTEGER_set_int64(a, v); diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 4151dc7..0fc0b5e 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -124,6 +124,7 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"}, {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"}, {ERR_FUNC(ASN1_F_ASN1_STRING_GET_INT64), "ASN1_STRING_GET_INT64"}, + {ERR_FUNC(ASN1_F_ASN1_STRING_GET_UINT64), "ASN1_STRING_GET_UINT64"}, {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"}, {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"}, {ERR_FUNC(ASN1_F_ASN1_STRING_TO_BN), "ASN1_STRING_TO_BN"}, @@ -251,6 +252,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"}, {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"}, {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"}, + {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"}, {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"}, {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"}, {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"}, diff --git a/doc/crypto/ASN1_INTEGER_get_int64.pod b/doc/crypto/ASN1_INTEGER_get_int64.pod index 98944b8..8911afd 100644 --- a/doc/crypto/ASN1_INTEGER_get_int64.pod +++ b/doc/crypto/ASN1_INTEGER_get_int64.pod @@ -14,6 +14,9 @@ ASN1_INTEGER_get_int64, ASN1_INTEGER_get, ASN1_INTEGER_set_int64, ASN1_INTEGER_s int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); long ASN1_INTEGER_set(const ASN1_INTEGER *a); + int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); + int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); @@ -36,6 +39,10 @@ If successful it returns 1 and sets B<*pr> to the value of B . If it fails (due to invalid type or the value being too big to fit into an B type) it returns 0. +ASN1_INTEGER_get_uint64() is similar to ASN1_INTEGER_get_int64_t() except it +converts to a B type and an error is returned if the passed integer +is negative. + ASN1_INTEGER_get() also returns the value of B but it returns 0 if B is NULL and -1 on error (which is ambiguous because -1 is a legitimate value for an B). New applications should use ASN1_INTEGER_get_int64() @@ -44,6 +51,9 @@ instead. ASN1_INTEGER_set_int64() sets the value of B B to the B value B. +ASN1_INTEGER_set_uint64() sets the value of B B to the +B value B. + ASN1_INTEGER_set() sets the value of B B to the B value B. diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 26d31b7..cdd587b 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -679,6 +679,9 @@ ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a); int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r); +int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a); +int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r); + int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); long ASN1_INTEGER_get(const ASN1_INTEGER *a); ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai); @@ -967,6 +970,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_ASN1_SIGN 128 # define ASN1_F_ASN1_STR2TYPE 179 # define ASN1_F_ASN1_STRING_GET_INT64 227 +# define ASN1_F_ASN1_STRING_GET_UINT64 230 # define ASN1_F_ASN1_STRING_SET 186 # define ASN1_F_ASN1_STRING_TABLE_ADD 129 # define ASN1_F_ASN1_STRING_TO_BN 228 @@ -1085,6 +1089,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_ILLEGAL_HEX 178 # define ASN1_R_ILLEGAL_IMPLICIT_TAG 179 # define ASN1_R_ILLEGAL_INTEGER 180 +# define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226 # define ASN1_R_ILLEGAL_NESTED_TAGGING 181 # define ASN1_R_ILLEGAL_NULL 125 # define ASN1_R_ILLEGAL_NULL_VALUE 182 From kurt at openssl.org Wed May 20 20:19:07 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 20 May 2015 20:19:07 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432153147.381108.5675.nullmailer@dev.openssl.org> The branch master has been updated via ac38115c1a4fb61c66c2a8cd2a9800751828d328 (commit) from c5f2810581380bc248279207a4c58a126047acd8 (commit) - Log ----------------------------------------------------------------- commit ac38115c1a4fb61c66c2a8cd2a9800751828d328 Author: Kurt Roeckx Date: Sat Apr 18 12:50:25 2015 +0200 Correctly check for export size limit 40 bit ciphers are limited to 512 bit RSA, 56 bit ciphers to 1024 bit. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/x509/x509type.c | 3 --- include/openssl/evp.h | 1 - ssl/s3_clnt.c | 5 ++++- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index bc93697..97e5bab 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -121,9 +121,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; if (pkey == NULL) EVP_PKEY_free(pk); return (ret); diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 2af823f..d5af5ed 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -94,7 +94,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 46f9909..4977e9c 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3324,6 +3324,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) int i, idx; long alg_k, alg_a; EVP_PKEY *pkey = NULL; + int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; @@ -3373,6 +3374,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); + pkey_bits = EVP_PKEY_bits(pkey); i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); EVP_PKEY_free(pkey); @@ -3418,7 +3420,8 @@ int ssl3_check_cert_and_algorithm(SSL *s) # endif #endif - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if (rsa == NULL From kurt at openssl.org Wed May 20 20:22:54 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 20 May 2015 20:22:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432153374.176255.6637.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 2d8e705b2a68a6dfe620f781c55e8230a0cb2dfb (commit) from f4d1fb776955187a35c3ee36d4413871917c3138 (commit) - Log ----------------------------------------------------------------- commit 2d8e705b2a68a6dfe620f781c55e8230a0cb2dfb Author: Kurt Roeckx Date: Sat Apr 18 12:50:25 2015 +0200 Correctly check for export size limit 40 bit ciphers are limited to 512 bit RSA, 56 bit ciphers to 1024 bit. Reviewed-by: Rich Salz (cherry picked from commit ac38115c1a4fb61c66c2a8cd2a9800751828d328) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp.h | 1 - crypto/x509/x509type.c | 3 --- ssl/s3_clnt.c | 5 ++++- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 4891133..1d705cd 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -103,7 +103,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 0331752..9219f75 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -121,9 +121,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; if (pkey == NULL) EVP_PKEY_free(pk); return (ret); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index c25e077..98c7b9e 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3398,6 +3398,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) int i, idx; long alg_k, alg_a; EVP_PKEY *pkey = NULL; + int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; @@ -3447,6 +3448,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); + pkey_bits = EVP_PKEY_bits(pkey); i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); EVP_PKEY_free(pkey); @@ -3511,7 +3513,8 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif /* !OPENSSL_NO_DH */ - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if (rsa == NULL From kurt at openssl.org Wed May 20 20:26:39 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 20 May 2015 20:26:39 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432153599.850217.7211.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 3b509e8cdc5ca6f42fd66a1325c9d0d23a4103c6 (commit) from 63830384e90d9b36d2793d4891501ec024827433 (commit) - Log ----------------------------------------------------------------- commit 3b509e8cdc5ca6f42fd66a1325c9d0d23a4103c6 Author: Kurt Roeckx Date: Sat Apr 18 12:50:25 2015 +0200 Correctly check for export size limit 40 bit ciphers are limited to 512 bit RSA, 56 bit ciphers to 1024 bit. Reviewed-by: Rich Salz (cherry picked from commit ac38115c1a4fb61c66c2a8cd2a9800751828d328) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp.h | 1 - crypto/x509/x509type.c | 3 --- ssl/s3_clnt.c | 5 ++++- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 01bdeeb..6cf98ac 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -103,7 +103,6 @@ # define EVP_PKS_RSA 0x0100 # define EVP_PKS_DSA 0x0200 # define EVP_PKS_EC 0x0400 -# define EVP_PKT_EXP 0x1000 /* <= 512 bit key */ # define EVP_PKEY_NONE NID_undef # define EVP_PKEY_RSA NID_rsaEncryption diff --git a/crypto/x509/x509type.c b/crypto/x509/x509type.c index 0331752..9219f75 100644 --- a/crypto/x509/x509type.c +++ b/crypto/x509/x509type.c @@ -121,9 +121,6 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey) } } - /* /8 because it's 1024 bits we look for, not bytes */ - if (EVP_PKEY_size(pk) <= 1024 / 8) - ret |= EVP_PKT_EXP; if (pkey == NULL) EVP_PKEY_free(pk); return (ret); diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 780a03f..012905b 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -3228,6 +3228,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) int i, idx; long alg_k, alg_a; EVP_PKEY *pkey = NULL; + int pkey_bits; SESS_CERT *sc; #ifndef OPENSSL_NO_RSA RSA *rsa; @@ -3270,6 +3271,7 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif pkey = X509_get_pubkey(sc->peer_pkeys[idx].x509); + pkey_bits = EVP_PKEY_bits(pkey); i = X509_certificate_type(sc->peer_pkeys[idx].x509, pkey); EVP_PKEY_free(pkey); @@ -3323,7 +3325,8 @@ int ssl3_check_cert_and_algorithm(SSL *s) } #endif /* !OPENSSL_NO_DH */ - if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i, EVP_PKT_EXP)) { + if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && + pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) { #ifndef OPENSSL_NO_RSA if (alg_k & SSL_kRSA) { if (rsa == NULL From kurt at openssl.org Wed May 20 21:20:25 2015 From: kurt at openssl.org (Kurt Roeckx) Date: Wed, 20 May 2015 21:20:25 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432156825.373835.14422.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1c687ff4dd5dcc0f05f1d062effdb40e4e41f24f (commit) via c6a39046f576ab0af25bf3ef844812330af2b27b (commit) via cf1bf3f03250113c04dcfb929a1e83c744a14e9d (commit) via f7bf8e02dfcb2c02bc12a59276d0a3ba43e6c204 (commit) from 3b509e8cdc5ca6f42fd66a1325c9d0d23a4103c6 (commit) - Log ----------------------------------------------------------------- commit 1c687ff4dd5dcc0f05f1d062effdb40e4e41f24f Author: Matt Caswell Date: Tue Jan 27 11:15:15 2015 +0000 Add documentation for the -no_alt_chains option for various apps, as well as the X509_V_FLAG_NO_ALT_CHAINS flag. Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx Conflicts: doc/apps/cms.pod doc/apps/ocsp.pod doc/apps/s_client.pod doc/apps/s_server.pod doc/apps/smime.pod doc/apps/verify.pod commit c6a39046f576ab0af25bf3ef844812330af2b27b Author: Matt Caswell Date: Tue Jan 27 10:50:38 2015 +0000 Add -no_alt_chains option to apps to implement the new X509_V_FLAG_NO_ALT_CHAINS flag. Using this option means that when building certificate chains, the first chain found will be the one used. Without this flag, if the first chain found is not trusted then we will keep looking to see if we can build an alternative chain instead. Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx Conflicts: apps/cms.c apps/ocsp.c apps/s_client.c apps/s_server.c apps/smime.c apps/verify.c commit cf1bf3f03250113c04dcfb929a1e83c744a14e9d Author: Matt Caswell Date: Tue Jan 27 10:35:27 2015 +0000 Add flag to inhibit checking for alternate certificate chains. Setting this behaviour will force behaviour as per previous versions of OpenSSL Reviewed-by: Dr. Stephen Henson Reviewed-by: Kurt Roeckx commit f7bf8e02dfcb2c02bc12a59276d0a3ba43e6c204 Author: Matt Caswell Date: Tue Jan 27 10:03:29 2015 +0000 In certain situations the server provided certificate chain may no longer be valid. However the issuer of the leaf, or some intermediate cert is in fact in the trust store. When building a trust chain if the first attempt fails, then try to see if alternate chains could be constructed that are trusted. RT3637 RT3621 Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 2 + apps/cms.c | 2 + apps/ocsp.c | 2 + apps/s_client.c | 2 + apps/s_server.c | 2 + apps/smime.c | 2 + apps/verify.c | 2 +- crypto/x509/x509_vfy.c | 167 +++++++++++++++++------------ crypto/x509/x509_vfy.h | 6 ++ doc/apps/cms.pod | 5 +- doc/apps/ocsp.pod | 11 ++ doc/apps/s_client.pod | 7 +- doc/apps/s_server.pod | 9 ++ doc/apps/smime.pod | 4 +- doc/apps/verify.pod | 13 +++ doc/crypto/X509_VERIFY_PARAM_set_flags.pod | 8 +- 16 files changed, 172 insertions(+), 72 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 5b7aedc..6801238 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2238,6 +2238,8 @@ int args_verify(char ***pargs, int *pargc, flags |= X509_V_FLAG_NOTIFY_POLICY; else if (!strcmp(arg, "-check_ss_sig")) flags |= X509_V_FLAG_CHECK_SS_SIGNATURE; + else if (!strcmp(arg, "-no_alt_chains")) + flags |= X509_V_FLAG_NO_ALT_CHAINS; else return 0; diff --git a/apps/cms.c b/apps/cms.c index 0cc4b46..d7645c0 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -581,6 +581,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); diff --git a/apps/ocsp.c b/apps/ocsp.c index 71def26..572f064 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -519,6 +519,8 @@ int MAIN(int argc, char **argv) BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-VAfile file validator certificates file\n"); BIO_printf(bio_err, "-validity_period n maximum validity discrepancy in seconds\n"); diff --git a/apps/s_client.c b/apps/s_client.c index b9b7975..28737b6 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -323,6 +323,8 @@ static void sc_usage(void) BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -reconnect - Drop and re-make the connection with the same Session-ID\n"); BIO_printf(bio_err, " -pause - sleep(1) after each read(2) and write(2) system call\n"); diff --git a/apps/s_server.c b/apps/s_server.c index 7e501d2..b58e5e0 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -541,6 +541,8 @@ static void sv_usage(void) BIO_printf(bio_err, " -CApath arg - PEM format directory of CA's\n"); BIO_printf(bio_err, " -CAfile arg - PEM format file of CA's\n"); BIO_printf(bio_err, + " -no_alt_chains - only ever use the first certificate chain found\n"); + BIO_printf(bio_err, " -nocert - Don't use any certificates (Anon-DH)\n"); BIO_printf(bio_err, " -cipher arg - play with 'openssl ciphers' to see what goes here\n"); diff --git a/apps/smime.c b/apps/smime.c index 7b351f6..53e43c5 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -442,6 +442,8 @@ int MAIN(int argc, char **argv) "-CApath dir trusted certificates directory\n"); BIO_printf(bio_err, "-CAfile file trusted certificates file\n"); BIO_printf(bio_err, + "-no_alt_chains only ever use the first certificate chain found\n"); + BIO_printf(bio_err, "-crl_check check revocation status of signer's certificate using CRLs\n"); BIO_printf(bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n"); diff --git a/apps/verify.c b/apps/verify.c index 7295c76..e29f9bb 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -227,7 +227,7 @@ int MAIN(int argc, char **argv) if (ret == 1) { BIO_printf(bio_err, "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]"); - BIO_printf(bio_err, " [-attime timestamp]"); + BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " [-engine e]"); #endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 559b5cd..29dd86c 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -151,11 +151,11 @@ static int x509_subject_cmp(X509 **a, X509 **b) int X509_verify_cert(X509_STORE_CTX *ctx) { - X509 *x, *xtmp, *chain_ss = NULL; + X509 *x, *xtmp, *xtmp2, *chain_ss = NULL; int bad_chain = 0; X509_VERIFY_PARAM *param = ctx->param; int depth, i, ok = 0; - int num; + int num, j, retry; int (*cb) (int xok, X509_STORE_CTX *xctx); STACK_OF(X509) *sktmp = NULL; if (ctx->cert == NULL) { @@ -224,85 +224,118 @@ int X509_verify_cert(X509_STORE_CTX *ctx) break; } + /* Remember how many untrusted certs we have */ + j = num; /* * at this point, chain should contain a list of untrusted certificates. * We now need to add at least one trusted one, if possible, otherwise we * complain. */ - /* - * Examine last certificate in chain and see if it is self signed. - */ - - i = sk_X509_num(ctx->chain); - x = sk_X509_value(ctx->chain, i - 1); - if (ctx->check_issued(ctx, x, x)) { - /* we have a self signed certificate */ - if (sk_X509_num(ctx->chain) == 1) { - /* - * We have a single self signed certificate: see if we can find - * it in the store. We must have an exact match to avoid possible - * impersonation. - */ - ok = ctx->get_issuer(&xtmp, ctx, x); - if ((ok <= 0) || X509_cmp(x, xtmp)) { - ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; - ctx->current_cert = x; - ctx->error_depth = i - 1; - if (ok == 1) - X509_free(xtmp); - bad_chain = 1; - ok = cb(0, ctx); - if (!ok) - goto end; + do { + /* + * Examine last certificate in chain and see if it is self signed. + */ + i = sk_X509_num(ctx->chain); + x = sk_X509_value(ctx->chain, i - 1); + if (ctx->check_issued(ctx, x, x)) { + /* we have a self signed certificate */ + if (sk_X509_num(ctx->chain) == 1) { + /* + * We have a single self signed certificate: see if we can + * find it in the store. We must have an exact match to avoid + * possible impersonation. + */ + ok = ctx->get_issuer(&xtmp, ctx, x); + if ((ok <= 0) || X509_cmp(x, xtmp)) { + ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + ctx->current_cert = x; + ctx->error_depth = i - 1; + if (ok == 1) + X509_free(xtmp); + bad_chain = 1; + ok = cb(0, ctx); + if (!ok) + goto end; + } else { + /* + * We have a match: replace certificate with store + * version so we get any trust settings. + */ + X509_free(x); + x = xtmp; + (void)sk_X509_set(ctx->chain, i - 1, x); + ctx->last_untrusted = 0; + } } else { /* - * We have a match: replace certificate with store version so - * we get any trust settings. + * extract and save self signed certificate for later use */ - X509_free(x); - x = xtmp; - (void)sk_X509_set(ctx->chain, i - 1, x); - ctx->last_untrusted = 0; + chain_ss = sk_X509_pop(ctx->chain); + ctx->last_untrusted--; + num--; + j--; + x = sk_X509_value(ctx->chain, num - 1); } - } else { - /* - * extract and save self signed certificate for later use - */ - chain_ss = sk_X509_pop(ctx->chain); - ctx->last_untrusted--; - num--; - x = sk_X509_value(ctx->chain, num - 1); } - } - - /* We now lookup certs from the certificate store */ - for (;;) { - /* If we have enough, we break */ - if (depth < num) - break; - - /* If we are self signed, we break */ - if (ctx->check_issued(ctx, x, x)) - break; - - ok = ctx->get_issuer(&xtmp, ctx, x); + /* We now lookup certs from the certificate store */ + for (;;) { + /* If we have enough, we break */ + if (depth < num) + break; + /* If we are self signed, we break */ + if (ctx->check_issued(ctx, x, x)) + break; + ok = ctx->get_issuer(&xtmp, ctx, x); + if (ok < 0) + return ok; + if (ok == 0) + break; + x = xtmp; + if (!sk_X509_push(ctx->chain, x)) { + X509_free(xtmp); + X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + return 0; + } + num++; + } - if (ok < 0) - return ok; - if (ok == 0) - break; + /* + * If we haven't got a least one certificate from our store then check + * if there is an alternative chain that could be used. We only do this + * if the user hasn't switched off alternate chain checking + */ + retry = 0; + if (j == ctx->last_untrusted && + !(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS)) { + while (j-- > 1) { + xtmp2 = sk_X509_value(ctx->chain, j - 1); + ok = ctx->get_issuer(&xtmp, ctx, xtmp2); + if (ok < 0) + goto end; + /* Check if we found an alternate chain */ + if (ok > 0) { + /* + * Free up the found cert we'll add it again later + */ + X509_free(xtmp); - x = xtmp; - if (!sk_X509_push(ctx->chain, x)) { - X509_free(xtmp); - X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE); - return 0; + /* + * Dump all the certs above this point - we've found an + * alternate chain + */ + while (num > j) { + xtmp = sk_X509_pop(ctx->chain); + X509_free(xtmp); + num--; + ctx->last_untrusted--; + } + retry = 1; + break; + } + } } - num++; - } - - /* we now have our chain, lets check it... */ + } while (retry); /* Is last certificate looked up self signed? */ if (!ctx->check_issued(ctx, x, x)) { diff --git a/crypto/x509/x509_vfy.h b/crypto/x509/x509_vfy.h index 1f8c0ec..aacdf55 100644 --- a/crypto/x509/x509_vfy.h +++ b/crypto/x509/x509_vfy.h @@ -405,6 +405,12 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth); # define X509_V_FLAG_USE_DELTAS 0x2000 /* Check selfsigned CA signature */ # define X509_V_FLAG_CHECK_SS_SIGNATURE 0x4000 +/* + * If the initial chain is not trusted, do not attempt to build an alternative + * chain. Alternate chain checking was introduced in 1.0.1n/1.0.2b. Setting + * this flag will force the behaviour to match that of previous versions. + */ +# define X509_V_FLAG_NO_ALT_CHAINS 0x100000 # define X509_VP_FLAG_DEFAULT 0x1 # define X509_VP_FLAG_OVERWRITE 0x2 diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod index 75b6988..9a24082 100644 --- a/doc/apps/cms.pod +++ b/doc/apps/cms.pod @@ -35,6 +35,7 @@ B B [B<-print>] [B<-CAfile file>] [B<-CApath dir>] +[B<-no_alt_chains>] [B<-md digest>] [B<-[cipher]>] [B<-nointern>] @@ -406,7 +407,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. @@ -614,4 +615,6 @@ The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/doc/apps/ocsp.pod b/doc/apps/ocsp.pod index 2372b37..fdb900c 100644 --- a/doc/apps/ocsp.pod +++ b/doc/apps/ocsp.pod @@ -29,6 +29,7 @@ B B [B<-path>] [B<-CApath dir>] [B<-CAfile file>] +[B<-no_alt_chains>]] [B<-VAfile file>] [B<-validity_period n>] [B<-status_age n>] @@ -143,6 +144,10 @@ connection timeout to the OCSP responder in seconds file or pathname containing trusted CA certificates. These are used to verify the signature on the OCSP response. +=item B<-no_alt_chains> + +See L|verify(1)> manual page for details. + =item B<-verify_other file> file containing additional certificates to search when attempting to locate @@ -379,3 +384,9 @@ second file. openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -reqin req.der -respout resp.der + +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + +=cut diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index b021c73..d92ec93 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -19,6 +19,7 @@ B B [B<-pass arg>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-reconnect>] [B<-pause>] [B<-showcerts>] @@ -116,7 +117,7 @@ also used when building the client certificate chain. A file containing trusted certificates to use during server authentication and to use when attempting to build the client certificate chain. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various certificate chain valiadition option. See the L|verify(1)> manual page for details. @@ -347,4 +348,8 @@ information whenever a session is renegotiated. L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 2105b60..491038e 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -33,6 +33,7 @@ B B [B<-state>] [B<-CApath directory>] [B<-CAfile filename>] +[B<-no_alt_chains>] [B<-nocert>] [B<-cipher cipherlist>] [B<-serverpref>] @@ -178,6 +179,10 @@ and to use when attempting to build the server certificate chain. The list is also used in the list of acceptable client CAs passed to the client when a certificate is requested. +=item B<-no_alt_chains> + +See the L|verify(1)> manual page for details. + =item B<-state> prints out the SSL session states. @@ -398,4 +403,8 @@ unknown cipher suites a client says it supports. L, L, L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index d39a59a..94a8823 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -15,6 +15,7 @@ B B [B<-pk7out>] [B<-[cipher]>] [B<-in file>] +[B<-no_alt_chains>] [B<-certfile file>] [B<-signer file>] [B<-recip file>] @@ -259,7 +260,7 @@ portion of a message so they may be included manually. If signing then many S/MIME mail clients check the signers certificate's email address matches that specified in the From: address. -=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig> +=item B<-purpose, -ignore_critical, -issuer_checks, -crl_check, -crl_check_all, -policy_check, -extended_crl, -x509_strict, -policy -check_ss_sig -no_alt_chains> Set various options of certificate chain verification. See L|verify(1)> manual page for details. @@ -441,5 +442,6 @@ structures may cause parsing errors. The use of multiple B<-signer> options and the B<-resign> command were first added in OpenSSL 1.0.0 +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. =cut diff --git a/doc/apps/verify.pod b/doc/apps/verify.pod index 0c8e492..18eeee0 100644 --- a/doc/apps/verify.pod +++ b/doc/apps/verify.pod @@ -22,6 +22,7 @@ B B [B<-extended_crl>] [B<-use_deltas>] [B<-policy_print>] +[B<-no_alt_chains>] [B<-untrusted file>] [B<-help>] [B<-issuer_checks>] @@ -108,6 +109,14 @@ Set policy variable inhibit-any-policy (see RFC5280). Set policy variable inhibit-policy-mapping (see RFC5280). +=item B<-no_alt_chains> + +When building a certificate chain, if the first certificate chain found is not +trusted, then OpenSSL will continue to check to see if an alternative chain can +be found that is trusted. With this option that behaviour is suppressed so that +only the first chain found is ever used. Using this option will force the +behaviour to match that of previous OpenSSL versions. + =item B<-policy_print> Print out diagnostics related to policy processing. @@ -409,4 +418,8 @@ B<20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY> error codes. L +=head1 HISTORY + +The -no_alt_chains options was first added to OpenSSL 1.0.1n and 1.0.2b. + =cut diff --git a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod index 46cac2b..9d86d46 100644 --- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod @@ -133,6 +133,12 @@ verification. If this flag is set then additional status codes will be sent to the verification callback and it B be prepared to handle such cases without assuming they are hard errors. +The B flag suppresses checking for alternative +chains. By default, when building a certificate chain, if the first certificate +chain found is not trusted, then OpenSSL will continue to check to see if an +alternative chain can be found that is trusted. With this flag set the behaviour +will match that of OpenSSL versions prior to 1.0.1n and 1.0.2b. + =head1 NOTES The above functions should be used to manipulate verification parameters @@ -166,6 +172,6 @@ L =head1 HISTORY -TBA +The B flag was added in OpenSSL 1.0.1n and 1.0.2b =cut From rsalz at openssl.org Wed May 20 21:58:29 2015 From: rsalz at openssl.org (Rich Salz) Date: Wed, 20 May 2015 21:58:29 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432159109.696998.19520.nullmailer@dev.openssl.org> The branch master has been updated via 3e8e688f867a1ec1e554da67f111fa58a6ee1138 (commit) from ac38115c1a4fb61c66c2a8cd2a9800751828d328 (commit) - Log ----------------------------------------------------------------- commit 3e8e688f867a1ec1e554da67f111fa58a6ee1138 Author: Rich Salz Date: Fri May 15 16:32:49 2015 -0400 Replace switch/assignments with table lookup Typedef STRINT_PAIR to be the same as OPT_PAIR, and use that structure and a bunch of tables instead of switch statements to lookup various values out of the SSL/TLS message buffers. Shrinks a bunch of code. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.h | 9 +- apps/s_cb.c | 552 ++++++++++++++++++------------------------------------------ 2 files changed, 173 insertions(+), 388 deletions(-) diff --git a/apps/apps.h b/apps/apps.h index e55dcd6..7033d2e 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -340,10 +340,15 @@ typedef struct options_st { const char *helpstr; } OPTIONS; -typedef struct opt_pair_st { +/* + * A string/int pairing; widely use for option value lookup, hence the + * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use + * the "generic" name STRINT_PAIR. + */ +typedef struct string_int_pair_st { const char *name; int retval; -} OPT_PAIR; +} OPT_PAIR, STRINT_PAIR; /* Flags to pass into opt_format; see FORMAT_xxx, below. */ # define OPT_FMT_PEMDER (1L << 1) diff --git a/apps/s_cb.c b/apps/s_cb.c index 4979edf..35366c5 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -135,6 +135,14 @@ int verify_return_error = 0; unsigned char cookie_secret[COOKIE_SECRET_LENGTH]; int cookie_initialized = 0; +static const char *lookup(int val, const STRINT_PAIR* list, const char* def) +{ + for ( ; list->name; ++list) + if (list->retval == val) + return list->name; + return def; +} + int verify_callback(int ok, X509_STORE_CTX *ctx) { X509 *err_cert; @@ -273,6 +281,19 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key, return 1; } +static STRINT_PAIR cert_type_list[] = { + {"RSA sign", TLS_CT_RSA_SIGN}, + {"DSA sign", TLS_CT_DSS_SIGN}, + {"RSA fixed DH", TLS_CT_RSA_FIXED_DH}, + {"DSS fixed DH", TLS_CT_DSS_FIXED_DH}, + {"ECDSA sign", TLS_CT_ECDSA_SIGN}, + {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH}, + {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH}, + {"GOST94 Sign", TLS_CT_GOST94_SIGN}, + {"GOST01 Sign", TLS_CT_GOST01_SIGN}, + {NULL} +}; + static void ssl_print_client_cert_types(BIO *bio, SSL *s) { const unsigned char *p; @@ -283,51 +304,10 @@ static void ssl_print_client_cert_types(BIO *bio, SSL *s) BIO_puts(bio, "Client Certificate Types: "); for (i = 0; i < cert_type_num; i++) { unsigned char cert_type = p[i]; - char *cname; - switch (cert_type) { - case TLS_CT_RSA_SIGN: - cname = "RSA sign"; - break; - - case TLS_CT_DSS_SIGN: - cname = "DSA sign"; - break; - - case TLS_CT_RSA_FIXED_DH: - cname = "RSA fixed DH"; - break; - - case TLS_CT_DSS_FIXED_DH: - cname = "DSS fixed DH"; - break; - - case TLS_CT_ECDSA_SIGN: - cname = "ECDSA sign"; - break; - - case TLS_CT_RSA_FIXED_ECDH: - cname = "RSA fixed ECDH"; - break; - - case TLS_CT_ECDSA_FIXED_ECDH: - cname = "ECDSA fixed ECDH"; - break; - - case TLS_CT_GOST94_SIGN: - cname = "GOST94 Sign"; - break; - - case TLS_CT_GOST01_SIGN: - cname = "GOST01 Sign"; - break; - - default: - cname = NULL; - } + const char *cname = lookup((int)cert_type, cert_type_list, NULL); if (i) BIO_puts(bio, ", "); - if (cname) BIO_puts(bio, cname); else @@ -571,36 +551,71 @@ void apps_ssl_info_callback(const SSL *s, int where, int ret) } } -static const char *ssl_version_str(int version) -{ - switch (version) { - case SSL3_VERSION: - return "SSL 3.0"; - case TLS1_VERSION: - return "TLS 1.0"; - case TLS1_1_VERSION: - return "TLS 1.1"; - case TLS1_2_VERSION: - return "TLS 1.2"; - case DTLS1_VERSION: - return "DTLS 1.0"; - case DTLS1_BAD_VER: - return "DTLS 1.0 (bad)"; - default: - return "???"; - } -} +static STRINT_PAIR ssl_versions[] = { + {"SSL 3.0", SSL3_VERSION}, + {"TLS 1.0", TLS1_VERSION}, + {"TLS 1.1", TLS1_1_VERSION}, + {"TLS 1.2", TLS1_2_VERSION}, + {"DTLS 1.0", DTLS1_VERSION}, + {"DTLS 1.0 (bad)", DTLS1_BAD_VER}, + {NULL} +}; +static STRINT_PAIR alert_types[] = { + {" close_notify", 0}, + {" unexpected_message", 10}, + {" bad_record_mac", 20}, + {" decryption_failed", 21}, + {" record_overflow", 22}, + {" decompression_failure", 30}, + {" handshake_failure", 40}, + {" bad_certificate", 42}, + {" unsupported_certificate", 43}, + {" certificate_revoked", 44}, + {" certificate_expired", 45}, + {" certificate_unknown", 46}, + {" illegal_parameter", 47}, + {" unknown_ca", 48}, + {" access_denied", 49}, + {" decode_error", 50}, + {" decrypt_error", 51}, + {" export_restriction", 60}, + {" protocol_version", 70}, + {" insufficient_security", 71}, + {" internal_error", 80}, + {" user_canceled", 90}, + {" no_renegotiation", 100}, + {" unsupported_extension", 110}, + {" certificate_unobtainable", 111}, + {" unrecognized_name", 112}, + {" bad_certificate_status_response", 113}, + {" bad_certificate_hash_value", 114}, + {" unknown_psk_identity", 115}, + {NULL} +}; + +static STRINT_PAIR handshakes[] = { + {", HelloRequest", 0}, + {", ClientHello", 1}, + {", ServerHello", 2}, + {", HelloVerifyRequest", 3}, + {", Certificate", 11}, + {", ServerKeyExchange", 12}, + {", CertificateRequest", 13}, + {", ServerHelloDone", 14}, + {", CertificateVerify", 15}, + {", ClientKeyExchange", 16}, + {", Finished", 20}, + {NULL} +}; void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { BIO *bio = arg; - const char *str_write_p, *str_version, *str_content_type = - "", *str_details1 = "", *str_details2 = ""; - - str_write_p = write_p ? ">>>" : "<<<"; - - str_version = ssl_version_str(version); + const char *str_write_p = write_p ? ">>>" : "<<<"; + const char *str_version = lookup(version, ssl_versions, "???"); + const char *str_content_type = "", *str_details1 = "", *str_details2 = ""; + const unsigned char* bp = buf; if (version == SSL3_VERSION || version == TLS1_VERSION || @@ -613,17 +628,9 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, break; case 21: str_content_type = "Alert"; - break; - case 22: - str_content_type = "Handshake"; - break; - } - - if (content_type == 21) { /* Alert */ str_details1 = ", ???"; - if (len == 2) { - switch (((const unsigned char *)buf)[0]) { + switch (bp[0]) { case 1: str_details1 = ", warning"; break; @@ -631,147 +638,21 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, str_details1 = ", fatal"; break; } - - str_details2 = " ???"; - switch (((const unsigned char *)buf)[1]) { - case 0: - str_details2 = " close_notify"; - break; - case 10: - str_details2 = " unexpected_message"; - break; - case 20: - str_details2 = " bad_record_mac"; - break; - case 21: - str_details2 = " decryption_failed"; - break; - case 22: - str_details2 = " record_overflow"; - break; - case 30: - str_details2 = " decompression_failure"; - break; - case 40: - str_details2 = " handshake_failure"; - break; - case 42: - str_details2 = " bad_certificate"; - break; - case 43: - str_details2 = " unsupported_certificate"; - break; - case 44: - str_details2 = " certificate_revoked"; - break; - case 45: - str_details2 = " certificate_expired"; - break; - case 46: - str_details2 = " certificate_unknown"; - break; - case 47: - str_details2 = " illegal_parameter"; - break; - case 48: - str_details2 = " unknown_ca"; - break; - case 49: - str_details2 = " access_denied"; - break; - case 50: - str_details2 = " decode_error"; - break; - case 51: - str_details2 = " decrypt_error"; - break; - case 60: - str_details2 = " export_restriction"; - break; - case 70: - str_details2 = " protocol_version"; - break; - case 71: - str_details2 = " insufficient_security"; - break; - case 80: - str_details2 = " internal_error"; - break; - case 90: - str_details2 = " user_canceled"; - break; - case 100: - str_details2 = " no_renegotiation"; - break; - case 110: - str_details2 = " unsupported_extension"; - break; - case 111: - str_details2 = " certificate_unobtainable"; - break; - case 112: - str_details2 = " unrecognized_name"; - break; - case 113: - str_details2 = " bad_certificate_status_response"; - break; - case 114: - str_details2 = " bad_certificate_hash_value"; - break; - case 115: - str_details2 = " unknown_psk_identity"; - break; - } + str_details2 = lookup((int)bp[1], alert_types, " ???"); } - } - - if (content_type == 22) { /* Handshake */ + break; + case 22: + str_content_type = "Handshake"; str_details1 = "???"; - - if (len > 0) { - switch (((const unsigned char *)buf)[0]) { - case 0: - str_details1 = ", HelloRequest"; - break; - case 1: - str_details1 = ", ClientHello"; - break; - case 2: - str_details1 = ", ServerHello"; - break; - case 3: - str_details1 = ", HelloVerifyRequest"; - break; - case 11: - str_details1 = ", Certificate"; - break; - case 12: - str_details1 = ", ServerKeyExchange"; - break; - case 13: - str_details1 = ", CertificateRequest"; - break; - case 14: - str_details1 = ", ServerHelloDone"; - break; - case 15: - str_details1 = ", CertificateVerify"; - break; - case 16: - str_details1 = ", ClientKeyExchange"; - break; - case 20: - str_details1 = ", Finished"; - break; - } - } - } + if (len > 0) + str_details1 = lookup((int)bp[0], handshakes, "???"); + break; #ifndef OPENSSL_NO_HEARTBEATS - if (content_type == 24) { /* Heartbeat */ + case 24: str_details1 = ", Heartbeat"; if (len > 0) { - switch (((const unsigned char *)buf)[0]) { + switch (bp[0]) { case 1: str_details1 = ", HeartbeatRequest"; break; @@ -780,8 +661,9 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, break; } } - } + break; #endif + } } BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, @@ -805,104 +687,40 @@ void msg_cb(int write_p, int version, int content_type, const void *buf, (void)BIO_flush(bio); } -void tlsext_cb(SSL *s, int client_server, int type, - unsigned char *data, int len, void *arg) -{ - BIO *bio = arg; - char *extname; - - switch (type) { - case TLSEXT_TYPE_server_name: - extname = "server name"; - break; - - case TLSEXT_TYPE_max_fragment_length: - extname = "max fragment length"; - break; - - case TLSEXT_TYPE_client_certificate_url: - extname = "client certificate URL"; - break; - - case TLSEXT_TYPE_trusted_ca_keys: - extname = "trusted CA keys"; - break; - - case TLSEXT_TYPE_truncated_hmac: - extname = "truncated HMAC"; - break; - - case TLSEXT_TYPE_status_request: - extname = "status request"; - break; - - case TLSEXT_TYPE_user_mapping: - extname = "user mapping"; - break; - - case TLSEXT_TYPE_client_authz: - extname = "client authz"; - break; - - case TLSEXT_TYPE_server_authz: - extname = "server authz"; - break; - - case TLSEXT_TYPE_cert_type: - extname = "cert type"; - break; - - case TLSEXT_TYPE_elliptic_curves: - extname = "elliptic curves"; - break; - - case TLSEXT_TYPE_ec_point_formats: - extname = "EC point formats"; - break; - - case TLSEXT_TYPE_srp: - extname = "SRP"; - break; - - case TLSEXT_TYPE_signature_algorithms: - extname = "signature algorithms"; - break; - - case TLSEXT_TYPE_use_srtp: - extname = "use SRTP"; - break; - - case TLSEXT_TYPE_heartbeat: - extname = "heartbeat"; - break; - - case TLSEXT_TYPE_session_ticket: - extname = "session ticket"; - break; - - case TLSEXT_TYPE_renegotiate: - extname = "renegotiation info"; - break; - +static STRINT_PAIR tlsext_types[] = { + {"server name", TLSEXT_TYPE_server_name}, + {"max fragment length", TLSEXT_TYPE_max_fragment_length}, + {"client certificate URL", TLSEXT_TYPE_client_certificate_url}, + {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys}, + {"truncated HMAC", TLSEXT_TYPE_truncated_hmac}, + {"status request", TLSEXT_TYPE_status_request}, + {"user mapping", TLSEXT_TYPE_user_mapping}, + {"client authz", TLSEXT_TYPE_client_authz}, + {"server authz", TLSEXT_TYPE_server_authz}, + {"cert type", TLSEXT_TYPE_cert_type}, + {"elliptic curves", TLSEXT_TYPE_elliptic_curves}, + {"EC point formats", TLSEXT_TYPE_ec_point_formats}, + {"SRP", TLSEXT_TYPE_srp}, + {"signature algorithms", TLSEXT_TYPE_signature_algorithms}, + {"use SRTP", TLSEXT_TYPE_use_srtp}, + {"heartbeat", TLSEXT_TYPE_heartbeat}, + {"session ticket", TLSEXT_TYPE_session_ticket}, + {"renegotiation info", TLSEXT_TYPE_renegotiate}, + {"TLS padding", TLSEXT_TYPE_padding}, #ifdef TLSEXT_TYPE_next_proto_neg - case TLSEXT_TYPE_next_proto_neg: - extname = "next protocol"; - break; + {"next protocol", TLSEXT_TYPE_next_proto_neg}, #endif #ifdef TLSEXT_TYPE_encrypt_then_mac - case TLSEXT_TYPE_encrypt_then_mac: - extname = "encrypt-then-mac"; - break; + {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac}, #endif - case TLSEXT_TYPE_padding: - extname = "TLS padding"; - break; - - default: - extname = "unknown"; - break; + {NULL} +}; - } +void tlsext_cb(SSL *s, int client_server, int type, + unsigned char *data, int len, void *arg) +{ + BIO *bio = arg; + const char *extname = lookup(type, tlsext_types, "unknown"); BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n", client_server ? "server" : "client", extname, type, len); @@ -1073,33 +891,27 @@ struct ssl_excert_st { struct ssl_excert_st *next, *prev; }; -struct chain_flags { - int flag; - const char *name; -}; - -struct chain_flags chain_flags_list[] = { - {CERT_PKEY_VALID, "Overall Validity"}, - {CERT_PKEY_SIGN, "Sign with EE key"}, - {CERT_PKEY_EE_SIGNATURE, "EE signature"}, - {CERT_PKEY_CA_SIGNATURE, "CA signature"}, - {CERT_PKEY_EE_PARAM, "EE key parameters"}, - {CERT_PKEY_CA_PARAM, "CA key parameters"}, - {CERT_PKEY_EXPLICIT_SIGN, "Explicity sign with EE key"}, - {CERT_PKEY_ISSUER_NAME, "Issuer Name"}, - {CERT_PKEY_CERT_TYPE, "Certificate Type"}, - {0, NULL} +static STRINT_PAIR chain_flags[] = { + {"Overall Validity", CERT_PKEY_VALID}, + {"Sign with EE key", CERT_PKEY_SIGN}, + {"EE signature", CERT_PKEY_EE_SIGNATURE}, + {"CA signature", CERT_PKEY_CA_SIGNATURE}, + {"EE key parameters", CERT_PKEY_EE_PARAM}, + {"CA key parameters", CERT_PKEY_CA_PARAM}, + {"Explicity sign with EE key", CERT_PKEY_EXPLICIT_SIGN}, + {"Issuer Name", CERT_PKEY_ISSUER_NAME}, + {"Certificate Type", CERT_PKEY_CERT_TYPE}, + {NULL} }; static void print_chain_flags(SSL *s, int flags) { - struct chain_flags *ctmp = chain_flags_list; + STRINT_PAIR *pp; - while (ctmp->name) { - BIO_printf(bio_err, "\t%s: %s\n", ctmp->name, - flags & ctmp->flag ? "OK" : "NOT OK"); - ctmp++; - } + for (pp = chain_flags; pp->name; ++pp) + BIO_printf(bio_err, "\t%s: %s\n", + pp->name, + (flags & pp->retval) ? "OK" : "NOT OK"); BIO_printf(bio_err, "\tSuite B: "); if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS) BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n"); @@ -1499,6 +1311,31 @@ typedef struct { void *other, void *ex); } security_debug_ex; +static STRINT_PAIR callback_types[] = { + {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED}, + {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED}, + {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK}, +#ifndef OPENSSL_NO_DH + {"Temp DH key bits", SSL_SECOP_TMP_DH}, +#endif + {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED}, + {"Shared Curve", SSL_SECOP_CURVE_SHARED}, + {"Check Curve", SSL_SECOP_CURVE_CHECK}, + {"Supported Signature Algorithm digest", SSL_SECOP_SIGALG_SUPPORTED}, + {"Shared Signature Algorithm digest", SSL_SECOP_SIGALG_SHARED}, + {"Check Signature Algorithm digest", SSL_SECOP_SIGALG_CHECK}, + {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK}, + {"Certificate chain EE key", SSL_SECOP_EE_KEY}, + {"Certificate chain CA key", SSL_SECOP_CA_KEY}, + {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY}, + {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY}, + {"Certificate chain CA digest", SSL_SECOP_CA_MD}, + {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD}, + {"SSL compression", SSL_SECOP_COMPRESSION}, + {"Session ticket", SSL_SECOP_TICKET}, + {NULL} +}; + static int security_callback_debug(SSL *s, SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) @@ -1511,79 +1348,22 @@ static int security_callback_debug(SSL *s, SSL_CTX *ctx, return 1; BIO_puts(sdb->out, "Security callback: "); + nm = lookup(op, callback_types, NULL); switch (op) { - case SSL_SECOP_CIPHER_SUPPORTED: - nm = "Supported Ciphersuite"; - break; - case SSL_SECOP_CIPHER_SHARED: - nm = "Shared Ciphersuite"; - break; - case SSL_SECOP_CIPHER_CHECK: - nm = "Check Ciphersuite"; - break; case SSL_SECOP_TICKET: - BIO_puts(sdb->out, "Session ticket"); - show_bits = 0; - nm = NULL; - break; case SSL_SECOP_COMPRESSION: - BIO_puts(sdb->out, "SSL compression"); show_bits = 0; nm = NULL; break; -#ifndef OPENSSL_NO_DH - case SSL_SECOP_TMP_DH: - nm = "Temp DH key bits"; - break; -#endif - case SSL_SECOP_CURVE_SUPPORTED: - nm = "Supported Curve"; - break; - case SSL_SECOP_CURVE_SHARED: - nm = "Shared Curve"; - break; - case SSL_SECOP_CURVE_CHECK: - nm = "Check Curve"; - break; case SSL_SECOP_VERSION: - BIO_printf(sdb->out, "Version=%s", ssl_version_str(nid)); + BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???")); show_bits = 0; nm = NULL; break; - case SSL_SECOP_SIGALG_SUPPORTED: - nm = "Supported Signature Algorithm digest"; - break; - case SSL_SECOP_SIGALG_SHARED: - nm = "Shared Signature Algorithm digest"; - break; - case SSL_SECOP_SIGALG_CHECK: - nm = "Check Signature Algorithm digest"; - break; - case SSL_SECOP_SIGALG_MASK: - nm = "Signature Algorithm mask"; - break; - case SSL_SECOP_EE_KEY: - nm = "Certificate chain EE key"; - break; - case SSL_SECOP_CA_KEY: - nm = "Certificate chain CA key"; - break; case SSL_SECOP_CA_MD: - cert_md = 1; - nm = "Certificate chain CA digest"; - break; - case SSL_SECOP_PEER_EE_KEY: - nm = "Peer Chain EE key"; - break; - case SSL_SECOP_PEER_CA_KEY: - nm = "Peer Chain CA key"; - break; case SSL_SECOP_PEER_CA_MD: cert_md = 1; - nm = "Peer chain CA digest"; break; - default: - nm = NULL; } if (nm) BIO_printf(sdb->out, "%s=", nm); From steve at openssl.org Thu May 21 12:19:05 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 21 May 2015 12:19:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432210745.446418.15164.nullmailer@dev.openssl.org> The branch master has been updated via 3a752c85ee38a92d7777b8fe1cce2e54bf619529 (commit) via 941fbf711a83a2232150e5be2cabf6332d2d9985 (commit) via e98aa30d555cb5a656d320a0f86ab5b3b1dce2db (commit) via 96b96d6c456befe49d5845a029e2bb0a4addc58d (commit) from 3e8e688f867a1ec1e554da67f111fa58a6ee1138 (commit) - Log ----------------------------------------------------------------- commit 3a752c85ee38a92d7777b8fe1cce2e54bf619529 Author: Dr. Stephen Henson Date: Wed May 20 22:27:22 2015 +0100 make update Reviewed-by: Rich Salz commit 941fbf711a83a2232150e5be2cabf6332d2d9985 Author: Dr. Stephen Henson Date: Wed May 20 22:22:57 2015 +0100 correction Reviewed-by: Rich Salz commit e98aa30d555cb5a656d320a0f86ab5b3b1dce2db Author: Dr. Stephen Henson Date: Wed May 20 13:23:06 2015 +0100 Add scrypt PBE algorithm code. This adds support for the ASN.1 structures in draft-josefsson-scrypt-kdf-03 Private keys encrypted by scrypt can now be decrypted transparently as long as they don't exceed the memory limits. Reviewed-by: Rich Salz commit 96b96d6c456befe49d5845a029e2bb0a4addc58d Author: Dr. Stephen Henson Date: Fri Jan 30 16:08:18 2015 +0000 Add scrypt OID from draft-josefsson-scrypt-kdf-03 Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/asn1/Makefile | 26 +++- crypto/asn1/asn1_err.c | 4 + crypto/asn1/p5_scrypt.c | 332 +++++++++++++++++++++++++++++++++++++++++++++ crypto/evp/evp_err.c | 10 +- crypto/evp/evp_pbe.c | 3 +- crypto/objects/obj_dat.h | 15 +- crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 3 + include/openssl/asn1.h | 3 + include/openssl/evp.h | 6 + include/openssl/obj_mac.h | 4 + include/openssl/x509.h | 5 + test/evptests.txt | 2 +- util/libeay.num | 4 + 14 files changed, 401 insertions(+), 17 deletions(-) create mode 100644 crypto/asn1/p5_scrypt.c diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 20b7948..4dee260 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -27,8 +27,8 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ f_int.c f_string.c n_pkey.c \ x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \ asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \ - evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c \ - asn_mstbl.c + evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \ + asn_moid.c asn_mstbl.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ @@ -41,8 +41,8 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ f_int.o f_string.o n_pkey.o \ x_pkey.o bio_asn1.o bio_ndef.o asn_mime.o \ asn1_gen.o asn1_par.o asn1_lib.o asn1_err.o a_strnid.o \ - evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o \ - asn_mstbl.o + evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p5_scrypt.o p8_pkey.o \ + asn_moid.o asn_mstbl.o SRC= $(LIBSRC) @@ -150,7 +150,8 @@ a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h a_i2d_fp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h a_i2d_fp.o: ../../include/openssl/symhacks.h ../include/internal/cryptlib.h a_i2d_fp.o: a_i2d_fp.c -a_int.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h +a_int.o: ../../e_os.h ../../include/internal/numbers.h +a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h a_int.o: ../../include/openssl/err.h ../../include/openssl/lhash.h @@ -528,6 +529,21 @@ p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h p5_pbev2.o: ../include/internal/cryptlib.h p5_pbev2.c +p5_scrypt.o: ../../e_os.h ../../include/openssl/asn1.h +p5_scrypt.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h +p5_scrypt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +p5_scrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +p5_scrypt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +p5_scrypt.o: ../../include/openssl/err.h ../../include/openssl/evp.h +p5_scrypt.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h +p5_scrypt.o: ../../include/openssl/objects.h +p5_scrypt.o: ../../include/openssl/opensslconf.h +p5_scrypt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h +p5_scrypt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h +p5_scrypt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +p5_scrypt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +p5_scrypt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +p5_scrypt.o: ../include/internal/cryptlib.h p5_scrypt.c p8_pkey.o: ../../e_os.h ../../include/openssl/asn1.h p8_pkey.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h p8_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 0fc0b5e..b7fbd9d 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -188,9 +188,11 @@ static ERR_STRING_DATA ASN1_str_functs[] = { {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"}, {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"}, {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV), "PKCS5_pbe2_set_iv"}, + {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_SCRYPT), "PKCS5_pbe2_set_scrypt"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"}, {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR), "PKCS5_pbe_set0_algor"}, {ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET), "PKCS5_pbkdf2_set"}, + {ERR_FUNC(ASN1_F_PKCS5_SCRYPT_SET), "PKCS5_SCRYPT_SET"}, {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"}, {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"}, {ERR_FUNC(ASN1_F_STBL_MODULE_INIT), "STBL_MODULE_INIT"}, @@ -275,6 +277,8 @@ static ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"}, {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"}, {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"}, + {ERR_REASON(ASN1_R_INVALID_SCRYPT_PARAMETERS), + "invalid scrypt parameters"}, {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"}, {ERR_REASON(ASN1_R_INVALID_STRING_TABLE_VALUE), "invalid string table value"}, diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c new file mode 100644 index 0000000..5c4de79 --- /dev/null +++ b/crypto/asn1/p5_scrypt.c @@ -0,0 +1,332 @@ +/* p5_scrypt.c */ +/* + * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project + * 2015. + */ +/* ==================================================================== + * Copyright (c) 2015 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing at OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay at cryptsoft.com). This product includes software written by Tim + * Hudson (tjh at cryptsoft.com). + * + */ + +#include +#include "internal/cryptlib.h" +#include +#include +#include +#include +#include + +/* PKCS#5 scrypt password based encryption structures */ + +typedef struct { + ASN1_OCTET_STRING *salt; + ASN1_INTEGER *costParameter; + ASN1_INTEGER *blockSize; + ASN1_INTEGER *parallelizationParameter; + ASN1_INTEGER *keyLength; +} SCRYPT_PARAMS; + +ASN1_SEQUENCE(SCRYPT_PARAMS) = { + ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING), + ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER), + ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER), + ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER), + ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER), +} ASN1_SEQUENCE_END(SCRYPT_PARAMS) + +DECLARE_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) +IMPLEMENT_ASN1_ALLOC_FUNCTIONS(SCRYPT_PARAMS) + +static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, + size_t keylen, uint64_t N, uint64_t r, + uint64_t p); + +/* + * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt + */ + +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p) +{ + X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL; + int alg_nid; + size_t keylen = 0; + EVP_CIPHER_CTX ctx; + unsigned char iv[EVP_MAX_IV_LENGTH]; + PBE2PARAM *pbe2 = NULL; + ASN1_OBJECT *obj; + + if (!cipher) { + ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER); + goto err; + } + + if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { + ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, + ASN1_R_INVALID_SCRYPT_PARAMETERS); + goto err; + } + + alg_nid = EVP_CIPHER_type(cipher); + if (alg_nid == NID_undef) { + ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, + ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + goto err; + } + obj = OBJ_nid2obj(alg_nid); + pbe2 = PBE2PARAM_new(); + if (pbe2 == NULL) + goto merr; + + /* Setup the AlgorithmIdentifier for the encryption scheme */ + scheme = pbe2->encryption; + + scheme->algorithm = obj; + scheme->parameter = ASN1_TYPE_new(); + if (scheme->parameter == NULL) + goto merr; + + /* Create random IV */ + if (EVP_CIPHER_iv_length(cipher)) { + if (aiv) + memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); + else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) + goto err; + } + + EVP_CIPHER_CTX_init(&ctx); + + /* Dummy cipherinit to just setup the IV */ + if (EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0) == 0) + goto err; + if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { + ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, + ASN1_R_ERROR_SETTING_CIPHER_PARAMS); + EVP_CIPHER_CTX_cleanup(&ctx); + goto err; + } + EVP_CIPHER_CTX_cleanup(&ctx); + + /* If its RC2 then we'd better setup the key length */ + + if (alg_nid == NID_rc2_cbc) + keylen = EVP_CIPHER_key_length(cipher); + + /* Setup keyfunc */ + + X509_ALGOR_free(pbe2->keyfunc); + + pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p); + + if (pbe2->keyfunc == NULL) + goto merr; + + /* Now set up top level AlgorithmIdentifier */ + + ret = X509_ALGOR_new(); + if (ret == NULL) + goto merr; + + ret->algorithm = OBJ_nid2obj(NID_pbes2); + + /* Encode PBE2PARAM into parameter */ + + if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2, + &ret->parameter) == NULL) + goto merr; + + PBE2PARAM_free(pbe2); + pbe2 = NULL; + + return ret; + + merr: + ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE); + + err: + PBE2PARAM_free(pbe2); + X509_ALGOR_free(kalg); + X509_ALGOR_free(ret); + + return NULL; + +} + +static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, + size_t keylen, uint64_t N, uint64_t r, + uint64_t p) +{ + X509_ALGOR *keyfunc = NULL; + SCRYPT_PARAMS *sparam = NULL; + + sparam = SCRYPT_PARAMS_new(); + if (sparam == NULL) + goto merr; + + if (!saltlen) + saltlen = PKCS5_SALT_LEN; + + /* This will either copy salt or grow the buffer */ + if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0) + goto merr; + + if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0) + goto err; + + if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0) + goto merr; + + if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0) + goto merr; + + if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0) + goto merr; + + /* If have a key len set it up */ + + if (keylen > 0) { + sparam->keyLength = ASN1_INTEGER_new(); + if (sparam->keyLength == NULL) + goto merr; + if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0) + goto merr; + } + + /* Finally setup the keyfunc structure */ + + keyfunc = X509_ALGOR_new(); + if (!keyfunc) + goto merr; + + keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt); + + /* Encode SCRYPT_PARAMS into parameter of pbe2 */ + + if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam, + &keyfunc->parameter) == NULL) + goto merr; + + SCRYPT_PARAMS_free(sparam); + return keyfunc; + + merr: + ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE); + err: + SCRYPT_PARAMS_free(sparam); + X509_ALGOR_free(keyfunc); + return NULL; +} + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de) +{ + unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; + uint64_t p, r, N; + size_t saltlen; + size_t keylen = 0; + int rv = 0; + SCRYPT_PARAMS *sparam = NULL; + + if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { + EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET); + goto err; + } + + /* Decode parameter */ + + sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param); + + if (sparam == NULL) { + EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR); + goto err; + } + + keylen = EVP_CIPHER_CTX_key_length(ctx); + + /* Now check the parameters of sparam */ + + if (sparam->keyLength) { + uint64_t spkeylen; + if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0) + || (spkeylen != keylen)) { + EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, + EVP_R_UNSUPPORTED_KEYLENGTH); + goto err; + } + } + /* Check all parameters fit in uint64_t and are acceptable to scrypt */ + if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0 + || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 + || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 + || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { + EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, + EVP_R_ILLEGAL_SCRYPT_PARAMETERS); + goto err; + } + + /* it seems that its all OK */ + + salt = sparam->salt->data; + saltlen = sparam->salt->length; + if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen) + == 0) + goto err; + rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); + err: + if (keylen) + OPENSSL_cleanse(key, keylen); + SCRYPT_PARAMS_free(sparam); + return rv; +} diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 7d8f4c6..00c9386 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -148,6 +148,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"}, {ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN), "PKCS5_V2_PBKDF2_KEYIVGEN"}, + {ERR_FUNC(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN), "PKCS5_v2_scrypt_keyivgen"}, {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"}, {ERR_FUNC(EVP_F_PKEY_SET_TYPE), "PKEY_SET_TYPE"}, {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"}, @@ -165,8 +166,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"}, {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"}, {ERR_REASON(EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, - {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), - "camellia key setup failed"}, + {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"}, {ERR_REASON(EVP_R_COMMAND_NOT_SUPPORTED), "command not supported"}, {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"}, @@ -188,6 +188,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"}, {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"}, {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"}, + {ERR_REASON(EVP_R_ILLEGAL_SCRYPT_PARAMETERS), "illegal scrypt parameters"}, {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"}, {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, @@ -212,8 +213,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), - "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, diff --git a/crypto/evp/evp_pbe.c b/crypto/evp/evp_pbe.c index e4ad16b..13d9658 100644 --- a/crypto/evp/evp_pbe.c +++ b/crypto/evp/evp_pbe.c @@ -118,7 +118,8 @@ static const EVP_PBE_CTL builtin_pbe[] = { {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0}, {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0}, {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0}, - {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen} + {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen}, + {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen} }; #ifdef TEST diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 9422b89..1ccbced 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 973 -#define NUM_SN 966 -#define NUM_LN 966 -#define NUM_OBJ 902 +#define NUM_NID 974 +#define NUM_SN 967 +#define NUM_LN 967 +#define NUM_OBJ 903 -static const unsigned char lvalues[6355]={ +static const unsigned char lvalues[6364]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -964,6 +964,7 @@ static const unsigned char lvalues[6355]={ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F, /* [6330] OBJ_camellia_256_ccm */ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31, /* [6338] OBJ_camellia_256_ctr */ 0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32, /* [6346] OBJ_camellia_256_cmac */ +0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,/* [6354] OBJ_id_scrypt */ }; static const ASN1_OBJECT nid_objs[NUM_NID]={ @@ -2553,6 +2554,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={ &(lvalues[6338]),0}, {"CAMELLIA-256-CMAC","camellia-256-cmac",NID_camellia_256_cmac,8, &(lvalues[6346]),0}, +{"id-scrypt","id-scrypt",NID_id_scrypt,9,&(lvalues[6354]),0}, }; static const unsigned int sn_objs[NUM_SN]={ @@ -3098,6 +3100,7 @@ static const unsigned int sn_objs[NUM_SN]={ 314, /* "id-regInfo" */ 322, /* "id-regInfo-certReq" */ 321, /* "id-regInfo-utf8Pairs" */ +973, /* "id-scrypt" */ 512, /* "id-set" */ 191, /* "id-smime-aa" */ 215, /* "id-smime-aa-contentHint" */ @@ -4053,6 +4056,7 @@ static const unsigned int ln_objs[NUM_LN]={ 314, /* "id-regInfo" */ 322, /* "id-regInfo-certReq" */ 321, /* "id-regInfo-utf8Pairs" */ +973, /* "id-scrypt" */ 191, /* "id-smime-aa" */ 215, /* "id-smime-aa-contentHint" */ 218, /* "id-smime-aa-contentIdentifier" */ @@ -5148,6 +5152,7 @@ static const unsigned int obj_objs[NUM_OBJ]={ 856, /* OBJ_LocalKeySet 1 3 6 1 4 1 311 17 2 */ 390, /* OBJ_dcObject 1 3 6 1 4 1 1466 344 */ 91, /* OBJ_bf_cbc 1 3 6 1 4 1 3029 1 2 */ +973, /* OBJ_id_scrypt 1 3 6 1 4 1 11591 4 11 */ 315, /* OBJ_id_regCtrl_regToken 1 3 6 1 5 5 7 5 1 1 */ 316, /* OBJ_id_regCtrl_authenticator 1 3 6 1 5 5 7 5 1 2 */ 317, /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index f4fe14f..af57c68 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -970,3 +970,4 @@ camellia_256_gcm 969 camellia_256_ccm 970 camellia_256_ctr 971 camellia_256_cmac 972 +id_scrypt 973 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 25a9bb8..655f405 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -1360,3 +1360,6 @@ secg-scheme 14 3 : dhSinglePass-cofactorDH-sha512kdf-scheme 1 3 6 1 4 1 311 60 2 1 1 : jurisdictionL : jurisdictionLocalityName 1 3 6 1 4 1 311 60 2 1 2 : jurisdictionST : jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 3 : jurisdictionC : jurisdictionCountryName + +# SCRYPT algorithm +1 3 6 1 4 1 11591 4 11 : id-scrypt diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index cdd587b..06ee036 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -1033,9 +1033,11 @@ void ERR_load_ASN1_strings(void); # define ASN1_F_OID_MODULE_INIT 174 # define ASN1_F_PARSE_TAGGING 182 # define ASN1_F_PKCS5_PBE2_SET_IV 167 +# define ASN1_F_PKCS5_PBE2_SET_SCRYPT 231 # define ASN1_F_PKCS5_PBE_SET 202 # define ASN1_F_PKCS5_PBE_SET0_ALGOR 215 # define ASN1_F_PKCS5_PBKDF2_SET 219 +# define ASN1_F_PKCS5_SCRYPT_SET 232 # define ASN1_F_SMIME_READ_ASN1 212 # define ASN1_F_SMIME_TEXT 213 # define ASN1_F_STBL_MODULE_INIT 223 @@ -1109,6 +1111,7 @@ void ERR_load_ASN1_strings(void); # define ASN1_R_INVALID_MODIFIER 186 # define ASN1_R_INVALID_NUMBER 187 # define ASN1_R_INVALID_OBJECT_ENCODING 216 +# define ASN1_R_INVALID_SCRYPT_PARAMETERS 227 # define ASN1_R_INVALID_SEPARATOR 131 # define ASN1_R_INVALID_STRING_TABLE_VALUE 218 # define ASN1_R_INVALID_TIME_FORMAT 132 diff --git a/include/openssl/evp.h b/include/openssl/evp.h index d5af5ed..3a4bcbd 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1072,6 +1072,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem, unsigned char *key, size_t keylen); +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de); + void PKCS5_PBE_add(void); int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen, @@ -1489,6 +1493,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_PKCS5_PBE_KEYIVGEN 117 # define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 # define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN 164 +# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN 180 # define EVP_F_PKCS8_SET_BROKEN 112 # define EVP_F_PKEY_SET_TYPE 158 # define EVP_F_RC2_MAGIC_TO_METH 109 @@ -1524,6 +1529,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_EXPECTING_A_ECDSA_KEY 141 # define EVP_R_EXPECTING_A_EC_KEY 142 # define EVP_R_FIPS_MODE_NOT_SUPPORTED 167 +# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS 171 # define EVP_R_INITIALIZATION_ERROR 134 # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index 475a9dc..0e6a99e 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -4264,3 +4264,7 @@ #define LN_jurisdictionCountryName "jurisdictionCountryName" #define NID_jurisdictionCountryName 957 #define OBJ_jurisdictionCountryName 1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L + +#define SN_id_scrypt "id-scrypt" +#define NID_id_scrypt 973 +#define OBJ_id_scrypt 1L,3L,6L,1L,4L,1L,11591L,4L,11L diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 6f481b5..0c2d19a 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h @@ -1107,6 +1107,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen, unsigned char *aiv, int prf_nid); +X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, + const unsigned char *salt, int saltlen, + unsigned char *aiv, uint64_t N, uint64_t r, + uint64_t p); + X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid, int keylen); diff --git a/test/evptests.txt b/test/evptests.txt index 25b9ef6..db63362 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2340,7 +2340,7 @@ r = 8 p = 1 Key = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887 -# NB: this test requires more than 2GB of memory to run so it will hit the +# NB: this test requires more than 1GB of memory to run so it will hit the # scrypt memory limit and return an error. To run this test without error # uncomment out the "maxmem" line and comment out the "Result" # line diff --git a/util/libeay.num b/util/libeay.num index 1225f8c..9d0213c 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4566,3 +4566,7 @@ ASN1_ENUMERATED_set_int64 4924 EXIST::FUNCTION: EVP_PBE_scrypt 4925 EXIST::FUNCTION: ASN1_INTEGER_set_int64 4926 EXIST::FUNCTION: ASN1_ENUMERATED_get_int64 4927 EXIST::FUNCTION: +PKCS5_v2_scrypt_keyivgen 4928 EXIST::FUNCTION: +ASN1_INTEGER_get_uint64 4929 EXIST::FUNCTION: +ASN1_INTEGER_set_uint64 4930 EXIST::FUNCTION: +PKCS5_pbe2_set_scrypt 4931 EXIST::FUNCTION: From matt at openssl.org Fri May 22 07:11:02 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 07:11:02 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432278662.341661.5879.nullmailer@dev.openssl.org> The branch master has been updated via 6b41b3f5eacc6b1bb851c9dce22d6e893f32ea7d (commit) from 3a752c85ee38a92d7777b8fe1cce2e54bf619529 (commit) - Log ----------------------------------------------------------------- commit 6b41b3f5eacc6b1bb851c9dce22d6e893f32ea7d Author: Matt Caswell Date: Thu May 21 14:06:52 2015 +0100 Fix a memory leak in compression The function RECORD_LAYER_clear() is supposed to clear the contents of the RECORD_LAYER structure, but retain certain data such as buffers that are allocated. Unfortunately one buffer (for compression) got missed and was inadvertently being wiped, thus causing a memory leak. In part this is due to the fact that RECORD_LAYER_clear() was reaching inside SSL3_BUFFERs and SSL3_RECORDs, which it really shouldn't. So, I've rewritten it to only clear the data it knows about, and to defer clearing of SSL3_RECORD and SSL3_BUFFER structures to SSL_RECORD_clear() and the new function SSL3_BUFFER_clear(). Reviewed-by: Tim Hudson Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_s3.c | 49 +++++++++++++++++++++++------------------------ ssl/record/record_locl.h | 1 + ssl/record/ssl3_buffer.c | 13 +++++++++++++ ssl/record/ssl3_record.c | 8 +++++++- 4 files changed, 45 insertions(+), 26 deletions(-) diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 456fac4..47a021d 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -142,35 +142,34 @@ void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s) void RECORD_LAYER_clear(RECORD_LAYER *rl) { - unsigned char *rp, *wp; - size_t rlen, wlen; - int read_ahead; - SSL *s; - DTLS_RECORD_LAYER *d; - - s = rl->s; - d = rl->d; - read_ahead = rl->read_ahead; - rp = SSL3_BUFFER_get_buf(&rl->rbuf); - rlen = SSL3_BUFFER_get_len(&rl->rbuf); - wp = SSL3_BUFFER_get_buf(&rl->wbuf); - wlen = SSL3_BUFFER_get_len(&rl->wbuf); - memset(rl, 0, sizeof(*rl)); - SSL3_BUFFER_set_buf(&rl->rbuf, rp); - SSL3_BUFFER_set_len(&rl->rbuf, rlen); - SSL3_BUFFER_set_buf(&rl->wbuf, wp); - SSL3_BUFFER_set_len(&rl->wbuf, wlen); - - /* Do I need to do this? As far as I can tell read_ahead did not + rl->rstate = SSL_ST_READ_HEADER; + + /* Do I need to clear read_ahead? As far as I can tell read_ahead did not * previously get reset by SSL_clear...so I'll keep it that way..but is * that right? */ - rl->read_ahead = read_ahead; - rl->rstate = SSL_ST_READ_HEADER; - rl->s = s; - rl->d = d; + + rl->packet = NULL; + rl->packet_length = 0; + rl->wnum = 0; + memset(rl->alert_fragment, 0, sizeof(rl->alert_fragment)); + rl->alert_fragment_len = 0; + memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment)); + rl->handshake_fragment_len = 0; + rl->wpend_tot = 0; + rl->wpend_type = 0; + rl->wpend_ret = 0; + rl->wpend_buf = NULL; + + SSL3_BUFFER_clear(&rl->rbuf); + SSL3_BUFFER_clear(&rl->wbuf); + SSL3_RECORD_clear(&rl->rrec); + SSL3_RECORD_clear(&rl->wrec); + + memset(rl->read_sequence, 0, sizeof(rl->read_sequence)); + memset(rl->write_sequence, 0, sizeof(rl->write_sequence)); - if (d) + if (rl->d) DTLS_RECORD_LAYER_clear(rl); } diff --git a/ssl/record/record_locl.h b/ssl/record/record_locl.h index b2222d7..f92e89d 100644 --- a/ssl/record/record_locl.h +++ b/ssl/record/record_locl.h @@ -162,6 +162,7 @@ void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap); #define SSL3_BUFFER_add_offset(b, o) ((b)->offset += (o)) #define SSL3_BUFFER_is_initialised(b) ((b)->buf != NULL) +void SSL3_BUFFER_clear(SSL3_BUFFER *b); void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n); void SSL3_BUFFER_release(SSL3_BUFFER *b); __owur int ssl3_setup_read_buffer(SSL *s); diff --git a/ssl/record/ssl3_buffer.c b/ssl/record/ssl3_buffer.c index 5a8d34c..66fb721 100644 --- a/ssl/record/ssl3_buffer.c +++ b/ssl/record/ssl3_buffer.c @@ -120,6 +120,19 @@ void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, int n) b->offset = 0; } +/* + * Clear the contents of an SSL3_BUFFER but retain any memory allocated + */ +void SSL3_BUFFER_clear(SSL3_BUFFER *b) +{ + unsigned char *buf = b->buf; + size_t len = b->len; + + memset(b, 0, sizeof(*b)); + b->buf = buf; + b->len = len; +} + void SSL3_BUFFER_release(SSL3_BUFFER *b) { OPENSSL_free(b->buf); diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index b0eb7cc..5070bc3 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -132,9 +132,15 @@ static const unsigned char ssl3_pad_2[48] = { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c }; +/* + * Clear the contents of an SSL3_RECORD but retain any memory allocated + */ void SSL3_RECORD_clear(SSL3_RECORD *r) { - memset(r->seq_num, 0, sizeof(r->seq_num)); + unsigned char *comp = r->comp; + + memset(r, 0, sizeof(*r)); + r->comp = comp; } void SSL3_RECORD_release(SSL3_RECORD *r) From matt at openssl.org Fri May 22 08:40:58 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 08:40:58 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432284058.449448.15628.nullmailer@dev.openssl.org> The branch master has been updated via a7f82a1ab2be0b9c27944430ac48ad63cc0d5e79 (commit) from 6b41b3f5eacc6b1bb851c9dce22d6e893f32ea7d (commit) - Log ----------------------------------------------------------------- commit a7f82a1ab2be0b9c27944430ac48ad63cc0d5e79 Author: Matt Caswell Date: Fri May 15 09:42:08 2015 +0100 Fix various OPENSSL_NO_* options This fixes compilation with various OPENSSL_NO_* options that got broken during the big apps cleanup. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 14 ++++++++++++++ apps/s_server.c | 17 ++++++++++++++++- apps/srp.c | 21 ++++++++++----------- 3 files changed, 40 insertions(+), 12 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 339e451..9717ad1 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -722,6 +722,20 @@ int s_client_main(int argc, char **argv) #ifdef OPENSSL_NO_SSL_TRACE case OPT_TRACE: #endif +#ifdef OPENSSL_NO_PSK + case OPT_PSK_IDENTITY: + case OPT_PSK: +#endif +#ifdef OPENSSL_NO_SSL3 + case OPT_SSL3: +#endif +#ifdef OPENSSL_NO_DTLS1 + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: +#endif case OPT_EOF: case OPT_ERR: opthelp: diff --git a/apps/s_server.c b/apps/s_server.c index e46376d..5500cea 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -997,7 +997,10 @@ int s_server_main(int argc, char *argv[]) char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL; char *dhfile = NULL, *dpassarg = NULL, *dpass = NULL, *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; - char *crl_file = NULL, *prog, *p; + char *crl_file = NULL, *prog; +#ifndef OPENSSL_NO_PSK + char *p; +#endif const char *unix_path = NULL; #ifndef NO_SYS_UN_H int unlink_unix_path = 0; @@ -1046,6 +1049,18 @@ int s_server_main(int argc, char *argv[]) prog = opt_init(argc, argv, s_server_options); while ((o = opt_next()) != OPT_EOF) { switch (o) { +#ifdef OPENSSL_NO_PSK + case OPT_PSK_HINT: + case OPT_PSK: +#endif +#ifdef OPENSSL_NO_DTLS1 + case OPT_DTLS: + case OPT_DTLS1: + case OPT_DTLS1_2: + case OPT_TIMEOUT: + case OPT_MTU: + case OPT_CHAIN: +#endif case OPT_EOF: case OPT_ERR: opthelp: diff --git a/apps/srp.c b/apps/srp.c index 6c50a6e..161f2b8 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -58,17 +58,16 @@ #include #ifndef OPENSSL_NO_SRP -# include -# include -# include -# include -# include -# include -# include -# include -# include - -# include "apps.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "apps.h" # define BASE_SECTION "srp" # define CONFIG_FILE "openssl.cnf" From matt at openssl.org Fri May 22 09:26:31 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 09:26:31 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432286791.644455.20345.nullmailer@dev.openssl.org> The branch master has been updated via 4dc1aa0436fdb8af50960db676b739c8ef81f38c (commit) from a7f82a1ab2be0b9c27944430ac48ad63cc0d5e79 (commit) - Log ----------------------------------------------------------------- commit 4dc1aa0436fdb8af50960db676b739c8ef81f38c Author: Lubom Date: Thu May 7 14:20:31 2015 +0100 Lost alert in DTLS If a client receives a bad hello request in DTLS then the alert is not sent correctly. RT#2801 Signed-off-by: Matt Caswell Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/record/rec_layer_d1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 45324ec..159c222 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -704,7 +704,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (s->rlayer.d->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto err; + goto f_err; } /* From matt at openssl.org Fri May 22 09:26:47 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 09:26:47 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432286807.218824.21056.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 254c01ed548263cf7128f54dc5c51b4df18f9b37 (commit) from 2d8e705b2a68a6dfe620f781c55e8230a0cb2dfb (commit) - Log ----------------------------------------------------------------- commit 254c01ed548263cf7128f54dc5c51b4df18f9b37 Author: Lubom Date: Thu May 7 14:20:31 2015 +0100 Lost alert in DTLS If a client receives a bad hello request in DTLS then the alert is not sent correctly. RT#2801 Signed-off-by: Matt Caswell Reviewed-by: Kurt Roeckx (cherry picked from commit 4dc1aa0436fdb8af50960db676b739c8ef81f38c) ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 940ca69..fe30ec7 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1069,7 +1069,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (s->d1->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto err; + goto f_err; } /* From matt at openssl.org Fri May 22 09:27:05 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 09:27:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432286825.246009.21359.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 0a9f8e0621ba03d6cbd5691f997eedba2d8536f7 (commit) from 1c687ff4dd5dcc0f05f1d062effdb40e4e41f24f (commit) - Log ----------------------------------------------------------------- commit 0a9f8e0621ba03d6cbd5691f997eedba2d8536f7 Author: Lubom Date: Thu May 7 14:20:31 2015 +0100 Lost alert in DTLS If a client receives a bad hello request in DTLS then the alert is not sent correctly. RT#2801 Signed-off-by: Matt Caswell Reviewed-by: Kurt Roeckx (cherry picked from commit 4dc1aa0436fdb8af50960db676b739c8ef81f38c) ----------------------------------------------------------------------- Summary of changes: ssl/d1_pkt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c index 7b49a7d..d659ed4 100644 --- a/ssl/d1_pkt.c +++ b/ssl/d1_pkt.c @@ -1065,7 +1065,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) (s->d1->handshake_fragment[3] != 0)) { al = SSL_AD_DECODE_ERROR; SSLerr(SSL_F_DTLS1_READ_BYTES, SSL_R_BAD_HELLO_REQUEST); - goto err; + goto f_err; } /* From matt at openssl.org Fri May 22 10:36:12 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 10:36:12 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432290972.975661.28344.nullmailer@dev.openssl.org> The branch master has been updated via 8757bf83775afe10cb18d15943248a75bcc6a24b (commit) from 4dc1aa0436fdb8af50960db676b739c8ef81f38c (commit) - Log ----------------------------------------------------------------- commit 8757bf83775afe10cb18d15943248a75bcc6a24b Author: Matt Caswell Date: Fri May 22 09:28:43 2015 +0100 Ignore files from other branches There are a number of files that are created on other branches that are not held in git and are not needed in master. When checking out master after working on another branch these files show up in "git status", so just add them to .gitignore Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: .gitignore | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/.gitignore b/.gitignore index 77f8d21..1ac7f75 100644 --- a/.gitignore +++ b/.gitignore @@ -109,3 +109,29 @@ ms/nt.mak ms/ntdll.mak ms/ssleay32.def ms/version32.rc + +# Files created on other branches that are not held in git, and are not +# needed on this branch +include/openssl/asn1_mac.h +include/openssl/des_old.h +include/openssl/fips.h +include/openssl/fips_rand.h +include/openssl/krb5_asn.h +include/openssl/kssl.h +include/openssl/pq_compat.h +include/openssl/ssl23.h +include/openssl/tmdiff.h +include/openssl/ui_compat.h +test/fips_aesavs.c +test/fips_desmovs.c +test/fips_dsatest.c +test/fips_dssvs.c +test/fips_hmactest.c +test/fips_randtest.c +test/fips_rngvs.c +test/fips_rsagtest.c +test/fips_rsastest.c +test/fips_rsavtest.c +test/fips_shatest.c +test/fips_test_suite.c +test/shatest.c From levitte at openssl.org Fri May 22 17:12:26 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 22 May 2015 17:12:26 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432314746.765138.20466.nullmailer@dev.openssl.org> The branch master has been updated via 0f539dc1a2f45580435c39dada44dd276e79cb88 (commit) from 8757bf83775afe10cb18d15943248a75bcc6a24b (commit) - Log ----------------------------------------------------------------- commit 0f539dc1a2f45580435c39dada44dd276e79cb88 Author: Richard Levitte Date: Fri May 22 17:54:06 2015 +0200 Fix the update target and remove duplicate file updates We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 19 +++---------------- apps/Makefile | 5 +++++ crypto/Makefile | 11 ++++++++--- crypto/aes/Makefile | 2 ++ crypto/asn1/Makefile | 2 ++ crypto/bf/Makefile | 2 ++ crypto/bio/Makefile | 2 ++ crypto/bn/Makefile | 2 ++ crypto/buffer/Makefile | 2 ++ crypto/camellia/Makefile | 2 ++ crypto/cast/Makefile | 2 ++ crypto/cmac/Makefile | 2 ++ crypto/cms/Makefile | 2 ++ crypto/comp/Makefile | 2 ++ crypto/conf/Makefile | 2 ++ crypto/des/Makefile | 2 ++ crypto/dh/Makefile | 2 ++ crypto/dsa/Makefile | 2 ++ crypto/dso/Makefile | 2 ++ crypto/ec/Makefile | 2 ++ crypto/ecdh/Makefile | 2 ++ crypto/ecdsa/Makefile | 2 ++ crypto/engine/Makefile | 2 ++ crypto/err/Makefile | 2 ++ crypto/evp/Makefile | 2 ++ crypto/hmac/Makefile | 2 ++ crypto/idea/Makefile | 2 ++ crypto/jpake/Makefile | 2 ++ crypto/lhash/Makefile | 2 ++ crypto/md2/Makefile | 2 ++ crypto/md4/Makefile | 2 ++ crypto/md5/Makefile | 2 ++ crypto/mdc2/Makefile | 2 ++ crypto/modes/Makefile | 2 ++ crypto/objects/Makefile | 2 ++ crypto/ocsp/Makefile | 2 ++ crypto/pem/Makefile | 2 ++ crypto/pkcs12/Makefile | 2 ++ crypto/pkcs7/Makefile | 2 ++ crypto/pqueue/Makefile | 2 ++ crypto/rand/Makefile | 2 ++ crypto/rc2/Makefile | 2 ++ crypto/rc4/Makefile | 2 ++ crypto/rc5/Makefile | 2 ++ crypto/ripemd/Makefile | 2 ++ crypto/rsa/Makefile | 2 ++ crypto/seed/Makefile | 2 ++ crypto/sha/Makefile | 2 ++ crypto/srp/Makefile | 2 ++ crypto/stack/Makefile | 2 ++ crypto/store/Makefile | 2 ++ crypto/ts/Makefile | 2 ++ crypto/txt_db/Makefile | 2 ++ crypto/ui/Makefile | 2 ++ crypto/whrlpool/Makefile | 2 ++ crypto/x509/Makefile | 2 ++ crypto/x509v3/Makefile | 2 ++ engines/Makefile | 12 +++++++----- engines/ccgost/Makefile | 13 +++++++------ ssl/Makefile | 13 +++++++------ test/Makefile | 13 +++++++------ tools/Makefile | 2 ++ 62 files changed, 154 insertions(+), 42 deletions(-) diff --git a/Makefile.org b/Makefile.org index 69baf48..ea9f6a0 100644 --- a/Makefile.org +++ b/Makefile.org @@ -439,6 +439,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num apps/openssl-vms.cnf TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -466,26 +469,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl include/openssl/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl include/openssl/obj_mac.h crypto/objects/obj_dat.h -include/openssl/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num include/openssl/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure Configurations/*.conf (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/apps/Makefile b/apps/Makefile index 29bad61..ea78064 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -76,6 +76,9 @@ all: exe exe: $(EXE) +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -120,6 +123,8 @@ tests: lint: echo nope >fluff +update: openssl-vms.cnf depend + depend: @if [ -z "$(THIS)" ]; then \ $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ diff --git a/crypto/Makefile b/crypto/Makefile index b0645fc..99cd65c 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -110,12 +110,17 @@ libs: lint: @target=lint; $(RECURSIVE_MAKE) -depend: +update: local_depend + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index d3ce809..3ae1988 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -108,6 +108,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 4dee260..66b0ef2 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -79,6 +79,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bf/Makefile b/crypto/bf/Makefile index 928e94d..dbf5a64 100644 --- a/crypto/bf/Makefile +++ b/crypto/bf/Makefile @@ -53,6 +53,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bio/Makefile b/crypto/bio/Makefile index ff00c6e..aa297f0 100644 --- a/crypto/bio/Makefile +++ b/crypto/bio/Makefile @@ -57,6 +57,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index c8d3dc2..7d55778 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -158,6 +158,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/buffer/Makefile b/crypto/buffer/Makefile index 96261f1..f9d52fe 100644 --- a/crypto/buffer/Makefile +++ b/crypto/buffer/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 2602dbf..4aa84db 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -59,6 +59,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cast/Makefile b/crypto/cast/Makefile index 08d24b0..f9905ad 100644 --- a/crypto/cast/Makefile +++ b/crypto/cast/Makefile @@ -53,6 +53,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cmac/Makefile b/crypto/cmac/Makefile index 31d50e4..0c770c4 100644 --- a/crypto/cmac/Makefile +++ b/crypto/cmac/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile index 8383fe5..4924fcf 100644 --- a/crypto/cms/Makefile +++ b/crypto/cms/Makefile @@ -51,6 +51,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index 7884f99..5f9b42d 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -48,6 +48,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index 1ad2412..2df0a98 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -48,6 +48,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/des/Makefile b/crypto/des/Makefile index eb8f3bd..56c41f1 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index 14f1efa..f9be501 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -47,6 +47,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 0761873..aa2b785 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -47,6 +47,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dso/Makefile b/crypto/dso/Makefile index 17af757..b2efd5c 100644 --- a/crypto/dso/Makefile +++ b/crypto/dso/Makefile @@ -47,6 +47,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 5113faf..a2c135a 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -72,6 +72,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile index b924e62..e980a1c 100644 --- a/crypto/ecdh/Makefile +++ b/crypto/ecdh/Makefile @@ -46,6 +46,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index be6f849..01a7c34 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -46,6 +46,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index bddabe2..532fadd 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -55,6 +55,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/err/Makefile b/crypto/err/Makefile index acbb06e..e384e62 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 9cd98cd..c23c39a 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -68,6 +68,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile index 1415ebd..934631a 100644 --- a/crypto/hmac/Makefile +++ b/crypto/hmac/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/idea/Makefile b/crypto/idea/Makefile index 345b602..db18952 100644 --- a/crypto/idea/Makefile +++ b/crypto/idea/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile index 1f01d73..3a7b5ae 100644 --- a/crypto/jpake/Makefile +++ b/crypto/jpake/Makefile @@ -27,6 +27,8 @@ lib: $(LIBOBJ) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/lhash/Makefile b/crypto/lhash/Makefile index 952f028..feb5fa5 100644 --- a/crypto/lhash/Makefile +++ b/crypto/lhash/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md2/Makefile b/crypto/md2/Makefile index 153c48e..1ca1896 100644 --- a/crypto/md2/Makefile +++ b/crypto/md2/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md4/Makefile b/crypto/md4/Makefile index b1904c0..cf5cb8d 100644 --- a/crypto/md4/Makefile +++ b/crypto/md4/Makefile @@ -46,6 +46,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index 7dd700f..24834f3 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 33f318f..5517a08 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index 69afd89..ce27c2d 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -78,6 +78,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index 94e1d4e..7bc0aac 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -58,6 +58,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: obj_dat.h ../../include/openssl/obj_mac.h obj_xref.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index 497275d..ea5f728 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -48,6 +48,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 03bb92c..ce112c0 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -48,6 +48,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile index 4c08faa..98ec4bf 100644 --- a/crypto/pkcs12/Makefile +++ b/crypto/pkcs12/Makefile @@ -51,6 +51,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile index f00ff24..96e5a07 100644 --- a/crypto/pkcs7/Makefile +++ b/crypto/pkcs7/Makefile @@ -52,6 +52,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile index 569c3c9..b5c8eea 100644 --- a/crypto/pqueue/Makefile +++ b/crypto/pqueue/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index 3e09b89..a0b1245 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -47,6 +47,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc2/Makefile b/crypto/rc2/Makefile index 22e1b49..b07d3c1 100644 --- a/crypto/rc2/Makefile +++ b/crypto/rc2/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index b8eecef..5d61aac 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc5/Makefile b/crypto/rc5/Makefile index 4336e6e..130b4a8 100644 --- a/crypto/rc5/Makefile +++ b/crypto/rc5/Makefile @@ -53,6 +53,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile index af4824e..e86987f 100644 --- a/crypto/ripemd/Makefile +++ b/crypto/ripemd/Makefile @@ -53,6 +53,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index 6c33a04..65d243d 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -51,6 +51,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/seed/Makefile b/crypto/seed/Makefile index b4ea879..5f13cbe 100644 --- a/crypto/seed/Makefile +++ b/crypto/seed/Makefile @@ -46,6 +46,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index f99a6b3..4a8b77f 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -108,6 +108,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile index ff6e905..e90adf7 100644 --- a/crypto/srp/Makefile +++ b/crypto/srp/Makefile @@ -44,6 +44,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/stack/Makefile b/crypto/stack/Makefile index 76f1b2b..9a60eec 100644 --- a/crypto/stack/Makefile +++ b/crypto/stack/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/store/Makefile b/crypto/store/Makefile index 79e31b5..b73fb30 100644 --- a/crypto/store/Makefile +++ b/crypto/store/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index 2f56229..673d01b 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -57,6 +57,8 @@ tags: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile index ca967ab..6e9d372 100644 --- a/crypto/txt_db/Makefile +++ b/crypto/txt_db/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ui/Makefile b/crypto/ui/Makefile index 1346d13..2a02136 100644 --- a/crypto/ui/Makefile +++ b/crypto/ui/Makefile @@ -45,6 +45,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile index 31c63ad..aafb467 100644 --- a/crypto/whrlpool/Makefile +++ b/crypto/whrlpool/Makefile @@ -58,6 +58,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index a6b2b7c..7e0e594 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -57,6 +57,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index d7be020..fb1085b 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -55,6 +55,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/engines/Makefile b/engines/Makefile index 769a4e5..eca15e2 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -134,12 +134,14 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @target=lint; $(RECURSIVE_MAKE) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - fi - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index 1ce1848..f3378aa 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -63,12 +63,13 @@ install: tests: -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @[ -z "$(THIS)" ] && $(MAKE) -f $(TOP)/Makefile reflect THIS=$@ + +depend: local_depend + @[ -z "$(THIS)" ] && $(MAKE) -f $(TOP)/Makefile reflect THIS=$@ +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/ssl/Makefile b/ssl/Makefile index ad2f99f..d1fc049 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -71,12 +71,13 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/test/Makefile b/test/Makefile index da97db7..86a251f 100644 --- a/test/Makefile +++ b/test/Makefile @@ -392,12 +392,13 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) @echo $(START) $@ ../util/shlib_wrap.sh ./$(CONSTTIMETEST) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/tools/Makefile b/tools/Makefile index edd7fc5..d4752f8 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -53,6 +53,8 @@ tags: errors: +update: depend + depend: dclean: From rsalz at openssl.org Fri May 22 20:57:09 2015 From: rsalz at openssl.org (Rich Salz) Date: Fri, 22 May 2015 20:57:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432328229.768478.15191.nullmailer@dev.openssl.org> The branch master has been updated via 552bf8ec5e64d1a169069111850ebc5d250e0499 (commit) from 0f539dc1a2f45580435c39dada44dd276e79cb88 (commit) - Log ----------------------------------------------------------------- commit 552bf8ec5e64d1a169069111850ebc5d250e0499 Author: Michael Trapp Date: Fri May 8 15:34:07 2015 -0400 RT266: Add HTTP proxy/CONNECT to s_client Signed-off-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 54 +++++++++++++++++++++++++++++++++++++++++++++------ doc/apps/s_client.pod | 7 +++++++ 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 9717ad1..c3c5bce 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -481,7 +481,7 @@ typedef enum OPTION_choice { OPT_V_ENUM, OPT_X_ENUM, OPT_S_ENUM, - OPT_FALLBACKSCSV, OPT_NOCMDS + OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY } OPTION_CHOICE; OPTIONS s_client_options[] = { @@ -490,6 +490,8 @@ OPTIONS s_client_options[] = { {"port", OPT_PORT, 'p', "Use -connect instead"}, {"connect", OPT_CONNECT, 's', "TCP/IP where to connect (default is " SSL_HOST_NAME ":" PORT_STR ")"}, + {"proxy", OPT_PROXY, 's', + "Connect to via specified proxy to the real server"}, {"unix", OPT_UNIX, 's', "Connect over unix domain sockets"}, {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"}, {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"}, @@ -610,7 +612,8 @@ typedef enum PROTOCOL_choice { PROTO_IMAP, PROTO_FTP, PROTO_TELNET, - PROTO_XMPP + PROTO_XMPP, + PROTO_CONNECT } PROTOCOL_CHOICE; static OPT_PAIR services[] = { @@ -637,8 +640,8 @@ int s_client_main(int argc, char **argv) STACK_OF(OPENSSL_STRING) *ssl_args = NULL; STACK_OF(X509_CRL) *crls = NULL; const SSL_METHOD *meth = TLS_client_method(); - char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL, *mbuf = - NULL; + char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL; + char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog; char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME, *inrand = NULL; @@ -752,8 +755,11 @@ int s_client_main(int argc, char **argv) port = atoi(opt_arg()); break; case OPT_CONNECT: - if (!extract_host_port(opt_arg(), &host, NULL, &port)) - goto end; + connectstr = opt_arg(); + break; + case OPT_PROXY: + proxystr = opt_arg(); + starttls_proto = PROTO_CONNECT; break; case OPT_UNIX: unix_path = opt_arg(); @@ -1069,6 +1075,17 @@ int s_client_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (proxystr) { + if (connectstr == NULL) { + BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); + goto opthelp; + } + if (!extract_host_port(proxystr, &host, NULL, &port)) + goto end; + } + else if (!extract_host_port(connectstr, &host, NULL, &port)) + goto end; + if (unix_path && (socket_type != SOCK_STREAM)) { BIO_printf(bio_err, "Can't use unix sockets and datagrams together\n"); @@ -1619,6 +1636,31 @@ int s_client_main(int argc, char **argv) if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0) goto shut; } + break; + case PROTO_CONNECT: + { + int foundit = 0; + BIO *fbio = BIO_new(BIO_f_buffer()); + + BIO_push(fbio, sbio); + BIO_printf(fbio, "CONNECT %s\r\n\r\n", connectstr); + (void)BIO_flush(fbio); + /* wait for multi-line response to end CONNECT response */ + do { + mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ); + if (strstr(mbuf, "200") != NULL + && strstr(mbuf, "established") != NULL) + foundit++; + } while (mbuf_len > 3 && foundit == 0); + (void)BIO_flush(fbio); + BIO_pop(fbio); + BIO_free(fbio); + if (!foundit) { + BIO_printf(bio_err, "%s: HTTP CONNECT failed\n", prog); + goto shut; + } + } + break; } for (;;) { diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 6aaef19..12a6ef7 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -9,6 +9,7 @@ s_client - SSL/TLS client program B B [B<-connect host:port>] +[B<-proxy host:port>] [B<-servername name>] [B<-verify depth>] [B<-verify_return_error>] @@ -100,6 +101,12 @@ manual page. This specifies the host and optional port to connect to. If not specified then an attempt is made to connect to the local host on port 4433. +=item B<-proxy host:port> + +When used with the B<-connect> flag, the program uses the host and port +specified with this flag and issues an HTTP CONNECT command to connect +to the desired server. + =item B<-servername name> Set the TLS SNI (Server Name Indication) extension in the ClientHello message. From matt at openssl.org Fri May 22 22:13:25 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:13:25 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432332805.784383.31474.nullmailer@dev.openssl.org> The branch master has been updated via 2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 (commit) via e481f9b90b164fd1053015d1c4e0a0d92076d7a8 (commit) from 552bf8ec5e64d1a169069111850ebc5d250e0499 (commit) - Log ----------------------------------------------------------------- commit 2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 Author: Matt Caswell Date: Fri May 15 10:55:10 2015 +0100 Add CHANGES entry for OPENSSL_NO_TLSEXT removal Reviewed-by: Rich Salz Reviewed-by: Richard Levitte commit e481f9b90b164fd1053015d1c4e0a0d92076d7a8 Author: Matt Caswell Date: Fri May 15 10:49:56 2015 +0100 Remove support for OPENSSL_NO_TLSEXT Given the pervasive nature of TLS extensions it is inadvisable to run OpenSSL without support for them. It also means that maintaining the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably not well tested). Therefore it is being removed. Reviewed-by: Rich Salz Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 5 + Configure | 10 - INSTALL.VMS | 2 +- apps/apps.c | 2 - apps/apps.h | 2 - apps/s_client.c | 68 ++----- apps/s_server.c | 111 ++++------- doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod | 3 - include/openssl/ssl.h | 82 ++++---- include/openssl/tls1.h | 59 +++--- makevms.com | 3 - ssl/d1_clnt.c | 12 +- ssl/d1_srvr.c | 17 +- ssl/s3_clnt.c | 40 +--- ssl/s3_lib.c | 45 ++--- ssl/s3_srvr.c | 46 ++--- ssl/ssl_asn1.c | 14 -- ssl/ssl_cert.c | 8 - ssl/ssl_conf.c | 4 - ssl/ssl_lib.c | 30 +-- ssl/ssl_locl.h | 50 ++--- ssl/ssl_rsa.c | 6 +- ssl/ssl_sess.c | 26 +-- ssl/ssl_txt.c | 2 - ssl/t1_ext.c | 6 +- ssl/t1_lib.c | 269 +++++++++++++-------------- util/mk1mf.pl | 2 - util/mkdef.pl | 6 +- util/ssleay.num | 24 +-- 29 files changed, 332 insertions(+), 622 deletions(-) diff --git a/CHANGES b/CHANGES index 397ff2c..e1e0721 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,11 @@ _______________ Changes between 1.0.2 and 1.1.0 [xx XXX xxxx] + *) Given the pervasive nature of TLS extensions it is inadvisable to run + OpenSSL without support for them. It also means that maintaining + the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably + not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. + [Matt Caswell] *) Version negotiation has been rewritten. In particular SSLv23_method(), SSLv23_client_method() and SSLv23_server_method() have been deprecated, diff --git a/Configure b/Configure index f0a8acc..6cc05bd 100755 --- a/Configure +++ b/Configure @@ -1086,10 +1086,6 @@ if (defined($disabled{"md5"}) || defined($disabled{"sha"}) $disabled{"tls1"} = "forced"; } -if (defined($disabled{"tls1"})) - { - $disabled{"tlsext"} = "forced"; - } if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) || defined($disabled{"dh"})) @@ -1097,12 +1093,6 @@ if (defined($disabled{"ec"}) || defined($disabled{"dsa"}) $disabled{"gost"} = "forced"; } -# SRP and HEARTBEATS require TLSEXT -if (defined($disabled{"tlsext"})) - { - $disabled{"srp"} = "forced"; - $disabled{"heartbeats"} = "forced"; - } if ($target eq "TABLE") { foreach $target (sort keys %table) { diff --git a/INSTALL.VMS b/INSTALL.VMS index 084b279..8f0d847 100644 --- a/INSTALL.VMS +++ b/INSTALL.VMS @@ -136,7 +136,7 @@ Currently, the logical names supported are: DES, DGRAM, DH, DSA, EC, EC2M, ECDH, ECDSA, ENGINE, ERR, GOST, HEARTBEATS, HMAC, IDEA, MD2, MD4, MD5, OCB, OCSP, PSK, RC2, RC4, RC5, RMD160, RSA, SCTP, - SEED, SOCK, SRP, SRTP, TLSEXT, WHIRLPOOL. So, for + SEED, SOCK, SRP, SRTP, WHIRLPOOL. So, for example, having the logical name OPENSSL_NO_RSA with the value YES means that the LIBCRYPTO.OLB library will not contain an RSA implementation. diff --git a/apps/apps.c b/apps/apps.c index ab6eb40..593c036 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -2202,7 +2202,6 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret) #endif -#ifndef OPENSSL_NO_TLSEXT /*- * next_protos_parse parses a comma separated list of strings into a string * in a format suitable for passing to SSL_CTX_set_next_protos_advertised. @@ -2238,7 +2237,6 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in) *outlen = len + 1; return out; } -#endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, const char *checkhost, diff --git a/apps/apps.h b/apps/apps.h index 7033d2e..33b2e65 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -514,9 +514,7 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret); void jpake_server_auth(BIO *out, BIO *conn, const char *secret); # endif -# ifndef OPENSSL_NO_TLSEXT unsigned char *next_protos_parse(unsigned short *outlen, const char *in); -# endif /* ndef OPENSSL_NO_TLSEXT */ void print_cert_checks(BIO *bio, X509 *x, const char *checkhost, diff --git a/apps/s_client.c b/apps/s_client.c index c3c5bce..8c5412c 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -198,9 +198,7 @@ static int c_ign_eof = 0; static int c_brief = 0; static void print_stuff(BIO *berr, SSL *con, int full); -#ifndef OPENSSL_NO_TLSEXT static int ocsp_resp_cb(SSL *s, void *arg); -#endif #ifndef OPENSSL_NO_PSK /* Default PSK identity and key */ @@ -269,8 +267,6 @@ static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity, } #endif -#ifndef OPENSSL_NO_TLSEXT - /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { BIO *biodebug; @@ -289,7 +285,7 @@ static int ssl_servername_cb(SSL *s, int *ad, void *arg) return SSL_TLSEXT_ERR_OK; } -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP /* This is a context that we pass to all callbacks */ typedef struct srp_arg_st { @@ -301,7 +297,7 @@ typedef struct srp_arg_st { int strength /* minimal size for N */ ; } SRP_ARG; -# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 +# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64 static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g) { @@ -377,7 +373,7 @@ static int ssl_srp_verify_param_cb(SSL *s, void *arg) return 0; } -# define PWD_STRLEN 1024 +# define PWD_STRLEN 1024 static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) { @@ -398,11 +394,11 @@ static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg) return pass; } -# endif +#endif char *srtp_profiles = NULL; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* This the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -435,7 +431,7 @@ static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len); return SSL_TLSEXT_ERR_OK; } -# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ +#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, @@ -457,8 +453,6 @@ static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type, return 1; } -#endif - typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_UNIX, OPT_XMPPHOST, OPT_VERIFY, @@ -563,7 +557,6 @@ OPTIONS s_client_options[] = { {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal mength in bits for N"}, #endif {"name", OPT_SMTPHOST, 's', "Hostname to use for \"-starttls smtp\""}, -#ifndef OPENSSL_NO_TLSEXT {"servername", OPT_SERVERNAME, 's', "Set TLS extension servername in ClientHello"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', @@ -573,10 +566,9 @@ OPTIONS s_client_options[] = { "types Send empty ClientHello extensions (comma-separated numbers)"}, {"alpn", OPT_ALPN, 's', "Enable ALPN extension, considering named protocols supported (comma-separated list)"}, -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Enable NPN extension, considering named protocols supported (comma-separated list)"}, -# endif #endif {"CRL", OPT_CRL, '<'}, {"crl_download", OPT_CRL_DOWNLOAD, '-'}, @@ -673,16 +665,14 @@ int s_client_main(int argc, char **argv) #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_NETWARE) struct timeval tv; #endif -#ifndef OPENSSL_NO_TLSEXT char *servername = NULL; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; -# define MAX_SI_TYPES 100 +#define MAX_SI_TYPES 100 unsigned short serverinfo_types[MAX_SI_TYPES]; int serverinfo_count = 0, start = 0, len; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; -# endif #endif #ifndef OPENSSL_NO_SRP char *srppass = NULL; @@ -870,14 +860,12 @@ int s_client_main(int argc, char **argv) case OPT_DEBUG: c_debug = 1; break; -#ifndef OPENSSL_NO_TLSEXT case OPT_TLSEXTDEBUG: c_tlsextdebug = 1; break; case OPT_STATUS: c_status_req = 1; break; -#endif #ifdef WATT32 case OPT_WDEBUG: dbug_init(); @@ -1027,7 +1015,6 @@ int s_client_main(int argc, char **argv) case OPT_VERIFYCAFILE: vfyCAfile = opt_arg(); break; -#ifndef OPENSSL_NO_TLSEXT case OPT_NEXTPROTONEG: next_proto_neg_in = opt_arg(); break; @@ -1046,16 +1033,13 @@ int s_client_main(int argc, char **argv) } } break; -#endif case OPT_STARTTLS: if (!opt_pair(opt_arg(), services, &starttls_proto)) goto end; -#ifndef OPENSSL_NO_TLSEXT case OPT_SERVERNAME: servername = opt_arg(); /* meth=TLSv1_client_method(); */ break; -#endif #ifndef OPENSSL_NO_JPAKE case OPT_JPAKE: jpake_secret = opt_arg(); @@ -1101,7 +1085,7 @@ int s_client_main(int argc, char **argv) } #endif -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) next_proto.status = -1; if (next_proto_neg_in) { next_proto.data = @@ -1250,11 +1234,10 @@ int s_client_main(int argc, char **argv) if (exc) ssl_ctx_set_excert(ctx, exc); -#if !defined(OPENSSL_NO_TLSEXT) -# if !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.data) SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto); -# endif +#endif if (alpn_in) { unsigned short alpn_len; unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in); @@ -1270,8 +1253,7 @@ int s_client_main(int argc, char **argv) } OPENSSL_free(alpn); } -#endif -#ifndef OPENSSL_NO_TLSEXT + for (i = 0; i < serverinfo_count; i++) { if (!SSL_CTX_add_client_custom_ext(ctx, serverinfo_types[i], @@ -1282,7 +1264,6 @@ int s_client_main(int argc, char **argv) serverinfo_types[i]); } } -#endif if (state) SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback); @@ -1299,7 +1280,6 @@ int s_client_main(int argc, char **argv) if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain)) goto end; -#ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { tlsextcbp.biodebug = bio_err; SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); @@ -1321,7 +1301,6 @@ int s_client_main(int argc, char **argv) ssl_srp_verify_param_cb); } # endif -#endif con = SSL_new(ctx); if (sess_in) { @@ -1350,7 +1329,6 @@ int s_client_main(int argc, char **argv) if (fallback_scsv) SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV); -#ifndef OPENSSL_NO_TLSEXT if (servername != NULL) { if (!SSL_set_tlsext_host_name(con, servername)) { BIO_printf(bio_err, "Unable to set TLS servername extension.\n"); @@ -1358,7 +1336,6 @@ int s_client_main(int argc, char **argv) goto end; } } -#endif re_start: #ifdef NO_SYS_UN_H @@ -1449,7 +1426,7 @@ int s_client_main(int argc, char **argv) SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out); } -#ifndef OPENSSL_NO_TLSEXT + if (c_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_c_out); @@ -1459,7 +1436,6 @@ int s_client_main(int argc, char **argv) SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb); SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out); } -#endif #ifndef OPENSSL_NO_JPAKE if (jpake_secret) jpake_client_auth(bio_c_out, sbio, jpake_secret); @@ -1680,13 +1656,13 @@ int s_client_main(int argc, char **argv) tty_on = 1; if (in_init) { in_init = 0; -#ifndef OPENSSL_NO_TLSEXT + if (servername != NULL && !SSL_session_reused(con)) { BIO_printf(bio_c_out, "Server did %sacknowledge servername extension.\n", tlsextcbp.ack ? "" : "not "); } -#endif + if (sess_out) { BIO *stmp = BIO_new_file(sess_out, "w"); if (stmp) { @@ -2028,7 +2004,7 @@ int s_client_main(int argc, char **argv) print_stuff(bio_c_out, con, 1); SSL_free(con); } -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(next_proto.data); #endif SSL_CTX_free(ctx); @@ -2155,8 +2131,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) } #endif -#if !defined(OPENSSL_NO_TLSEXT) -# if !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto.status != -1) { const unsigned char *proto; unsigned int proto_len; @@ -2165,7 +2140,7 @@ static void print_stuff(BIO *bio, SSL *s, int full) BIO_write(bio, proto, proto_len); BIO_write(bio, "\n", 1); } -# endif +#endif { const unsigned char *proto; unsigned int proto_len; @@ -2177,7 +2152,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) } else BIO_printf(bio, "No ALPN negotiated\n"); } -#endif #ifndef OPENSSL_NO_SRTP { @@ -2216,8 +2190,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) (void)BIO_flush(bio); } -#ifndef OPENSSL_NO_TLSEXT - static int ocsp_resp_cb(SSL *s, void *arg) { const unsigned char *p; @@ -2241,5 +2213,3 @@ static int ocsp_resp_cb(SSL *s, void *arg) OCSP_RESPONSE_free(rsp); return 1; } - -#endif diff --git a/apps/s_server.c b/apps/s_server.c index 5500cea..6bbabcc 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -218,9 +218,7 @@ static int bufsize = BUFSIZZ; static int accept_socket = -1; #define TEST_CERT "server.pem" -#ifndef OPENSSL_NO_TLSEXT -# define TEST_CERT2 "server2.pem" -#endif +#define TEST_CERT2 "server2.pem" extern int verify_depth, verify_return_error, verify_quiet; @@ -229,9 +227,7 @@ static int s_server_session_id_context = 1; /* anything will do */ static const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL; -#ifndef OPENSSL_NO_TLSEXT static const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL; -#endif static char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL; #ifdef FIONBIO static int s_nbio = 0; @@ -239,19 +235,15 @@ static int s_nbio = 0; static int s_nbio_test = 0; int s_crlf = 0; static SSL_CTX *ctx = NULL; -#ifndef OPENSSL_NO_TLSEXT static SSL_CTX *ctx2 = NULL; -#endif static int www = 0; static BIO *bio_s_out = NULL; static BIO *bio_s_msg = NULL; static int s_debug = 0; -#ifndef OPENSSL_NO_TLSEXT static int s_tlsextdebug = 0; static int s_tlsextstatus = 0; static int cert_status_cb(SSL *s, void *arg); -#endif static int no_resume_ephemeral = 0; static int s_msg = 0; static int s_quiet = 0; @@ -272,12 +264,9 @@ static long socket_mtu; static int cert_chain = 0; #endif -#ifndef OPENSSL_NO_TLSEXT static BIO *serverinfo_in = NULL; static const char *s_serverinfo_file = NULL; -#endif - #ifndef OPENSSL_NO_PSK static char *psk_identity = "Client_identity"; char *psk_key = NULL; /* by default PSK is not used */ @@ -401,11 +390,9 @@ static void s_server_init(void) s_cert_file = TEST_CERT; s_key_file = NULL; s_chain_file = NULL; -#ifndef OPENSSL_NO_TLSEXT s_cert_file2 = TEST_CERT2; s_key_file2 = NULL; ctx2 = NULL; -#endif s_nbio = 0; s_nbio_test = 0; ctx = NULL; @@ -575,8 +562,6 @@ static int ebcdic_puts(BIO *bp, const char *str) } #endif -#ifndef OPENSSL_NO_TLSEXT - /* This is a context that we pass to callbacks */ typedef struct tlsextctx_st { char *servername; @@ -732,7 +717,7 @@ static int cert_status_cb(SSL *s, void *arg) goto done; } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* This is the context that we pass to next_proto_cb */ typedef struct tlsextnextprotoctx_st { unsigned char *data; @@ -749,7 +734,7 @@ static int next_proto_cb(SSL *s, const unsigned char **data, return SSL_TLSEXT_ERR_OK; } -# endif /* ndef OPENSSL_NO_NEXTPROTONEG */ +#endif /* ndef OPENSSL_NO_NEXTPROTONEG */ /* This the context that we pass to alpn_cb */ typedef struct tlsextalpnctx_st { @@ -789,7 +774,6 @@ static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen, return SSL_TLSEXT_ERR_OK; } -#endif /* ndef OPENSSL_NO_TLSEXT */ static int not_resumable_sess_cb(SSL *s, int is_forward_secure) { @@ -849,10 +833,8 @@ OPTIONS s_server_options[] = { "Turn on peer certificate verification, must have a cert"}, {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT}, {"naccept", OPT_NACCEPT, 'p', "Terminate after pnum connections"}, -#ifndef OPENSSL_NO_TLSEXT {"serverinfo", OPT_SERVERINFO, 's', "PEM serverinfo file for certificate"}, -#endif {"certform", OPT_CERTFORM, 'F', "Certificate format (PEM or DER) PEM default"}, {"key", OPT_KEY, '<', @@ -924,7 +906,6 @@ OPTIONS s_server_options[] = { "Generate SSL/TLS session IDs prefixed by arg"}, {"rand", OPT_RAND, 's', "Load the file(s) into the random number generator"}, -#ifndef OPENSSL_NO_TLSEXT {"servername", OPT_SERVERNAME, 's', "Servername for HostName TLS extension"}, {"servername_fatal", OPT_SERVERNAME_FATAL, '-', @@ -935,15 +916,14 @@ OPTIONS s_server_options[] = { "-Private Key file to use for servername if not in -cert2"}, {"tlsextdebug", OPT_TLSEXTDEBUG, '-', "Hex dump of all TLS extensions received"}, -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG {"nextprotoneg", OPT_NEXTPROTONEG, 's', "Set the advertised protocols for the NPN extension (comma-separated list)"}, -# endif +#endif {"use_srtp", OPT_SRTP_PROFILES, '<', "Offer SRTP key management with a colon-separated profile list"}, {"alpn", OPT_ALPN, 's', "Set the advertised protocols for the ALPN extension (comma-separated list)"}, -#endif {"keymatexport", OPT_KEYMATEXPORT, 's', "Export keying material using label"}, {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p', @@ -1016,17 +996,15 @@ int s_server_main(int argc, char *argv[]) unsigned short port = PORT; unsigned char *context = NULL; OPTION_CHOICE o; -#ifndef OPENSSL_NO_TLSEXT EVP_PKEY *s_key2 = NULL; X509 *s_cert2 = NULL; tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING }; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG const char *next_proto_neg_in = NULL; tlsextnextprotoctx next_proto = { NULL, 0 }; -# endif +#endif const char *alpn_in = NULL; tlsextalpnctx alpn_ctx = { NULL, 0 }; -#endif #ifndef OPENSSL_NO_PSK /* by default do not send a PSK identity hint */ static char *psk_identity_hint = NULL; @@ -1122,11 +1100,9 @@ int s_server_main(int argc, char *argv[]) case OPT_CRL_DOWNLOAD: crl_download = 1; break; -#ifndef OPENSSL_NO_TLSEXT case OPT_SERVERINFO: s_serverinfo_file = opt_arg(); break; -#endif case OPT_CERTFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format)) goto opthelp; @@ -1241,7 +1217,6 @@ int s_server_main(int argc, char *argv[]) case OPT_DEBUG: s_debug = 1; break; -#ifndef OPENSSL_NO_TLSEXT case OPT_TLSEXTDEBUG: s_tlsextdebug = 1; break; @@ -1265,7 +1240,6 @@ int s_server_main(int argc, char *argv[]) goto end; } break; -#endif case OPT_MSG: s_msg = 1; break; @@ -1395,7 +1369,6 @@ int s_server_main(int argc, char *argv[]) case OPT_RAND: inrand = opt_arg(); break; -#ifndef OPENSSL_NO_TLSEXT case OPT_SERVERNAME: tlsextcbp.servername = opt_arg(); break; @@ -1408,15 +1381,14 @@ int s_server_main(int argc, char *argv[]) case OPT_KEY2: s_key_file2 = opt_arg(); break; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG case OPT_NEXTPROTONEG: next_proto_neg_in = opt_arg(); break; -# endif +#endif case OPT_ALPN: alpn_in = opt_arg(); break; -#endif #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK) case OPT_JPAKE: jpake_secret = opt_arg(); @@ -1468,10 +1440,9 @@ int s_server_main(int argc, char *argv[]) if (s_key_file == NULL) s_key_file = s_cert_file; -#ifndef OPENSSL_NO_TLSEXT + if (s_key_file2 == NULL) s_key_file2 = s_cert_file2; -#endif if (!load_excert(&exc)) goto end; @@ -1497,7 +1468,7 @@ int s_server_main(int argc, char *argv[]) if (!s_chain) goto end; } -#ifndef OPENSSL_NO_TLSEXT + if (tlsextcbp.servername) { s_key2 = load_key(s_key_file2, s_key_format, 0, pass, e, "second server certificate private key file"); @@ -1514,10 +1485,8 @@ int s_server_main(int argc, char *argv[]) goto end; } } -#endif /* OPENSSL_NO_TLSEXT */ } -#if !defined(OPENSSL_NO_TLSEXT) -# if !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) if (next_proto_neg_in) { unsigned short len; next_proto.data = next_protos_parse(&len, next_proto_neg_in); @@ -1527,7 +1496,7 @@ int s_server_main(int argc, char *argv[]) } else { next_proto.data = NULL; } -# endif +#endif alpn_ctx.data = NULL; if (alpn_in) { unsigned short len; @@ -1536,7 +1505,6 @@ int s_server_main(int argc, char *argv[]) goto end; alpn_ctx.len = len; } -#endif if (crl_file) { X509_CRL *crl; @@ -1610,10 +1578,8 @@ int s_server_main(int argc, char *argv[]) s_key_file = NULL; s_dcert_file = NULL; s_dkey_file = NULL; -#ifndef OPENSSL_NO_TLSEXT s_cert_file2 = NULL; s_key_file2 = NULL; -#endif } ctx = SSL_CTX_new(meth); @@ -1678,7 +1644,7 @@ int s_server_main(int argc, char *argv[]) ERR_print_errors(bio_err); goto end; } -#ifndef OPENSSL_NO_TLSEXT + if (s_cert2) { ctx2 = SSL_CTX_new(meth); if (ctx2 == NULL) { @@ -1732,14 +1698,13 @@ int s_server_main(int argc, char *argv[]) if (!config_ctx(cctx, ssl_args, ctx2, no_ecdhe, jpake_secret == NULL)) goto end; } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG if (next_proto.data) SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto); -# endif +#endif if (alpn_ctx.data) SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx); -#endif #ifndef OPENSSL_NO_DH if (!no_dhe) { @@ -1765,7 +1730,7 @@ int s_server_main(int argc, char *argv[]) DH_free(dh); goto end; } -# ifndef OPENSSL_NO_TLSEXT + if (ctx2) { if (!dhfile) { DH *dh2 = load_dh_param(s_cert_file2); @@ -1786,24 +1751,22 @@ int s_server_main(int argc, char *argv[]) goto end; } } -# endif DH_free(dh); } #endif if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain)) goto end; -#ifndef OPENSSL_NO_TLSEXT + if (s_serverinfo_file != NULL && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) { ERR_print_errors(bio_err); goto end; } -#endif -#ifndef OPENSSL_NO_TLSEXT + if (ctx2 && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain)) goto end; -#endif + if (s_dcert != NULL) { if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain)) goto end; @@ -1811,21 +1774,18 @@ int s_server_main(int argc, char *argv[]) #ifndef OPENSSL_NO_RSA if (!no_tmp_rsa) { SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb); -# ifndef OPENSSL_NO_TLSEXT if (ctx2) SSL_CTX_set_tmp_rsa_callback(ctx2, tmp_rsa_cb); -# endif } #endif if (no_resume_ephemeral) { SSL_CTX_set_not_resumable_session_callback(ctx, not_resumable_sess_cb); -#ifndef OPENSSL_NO_TLSEXT + if (ctx2) SSL_CTX_set_not_resumable_session_callback(ctx2, not_resumable_sess_cb); -#endif } #ifndef OPENSSL_NO_PSK # ifdef OPENSSL_NO_JPAKE @@ -1860,7 +1820,6 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback); SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback); -#ifndef OPENSSL_NO_TLSEXT if (ctx2) { SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback); if (!SSL_CTX_set_session_id_context(ctx2, @@ -1876,7 +1835,6 @@ int s_server_main(int argc, char *argv[]) SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb); SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp); } -#endif #ifndef OPENSSL_NO_SRP if (srp_verifier_file != NULL) { @@ -1898,10 +1856,9 @@ int s_server_main(int argc, char *argv[]) #endif if (CAfile != NULL) { SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile)); -#ifndef OPENSSL_NO_TLSEXT + if (ctx2) SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile)); -#endif } BIO_printf(bio_s_out, "ACCEPT\n"); @@ -1937,7 +1894,6 @@ int s_server_main(int argc, char *argv[]) OPENSSL_free(dpass); X509_VERIFY_PARAM_free(vpm); free_sessions(); -#ifndef OPENSSL_NO_TLSEXT OPENSSL_free(tlscstatp.host); OPENSSL_free(tlscstatp.port); OPENSSL_free(tlscstatp.path); @@ -1945,11 +1901,10 @@ int s_server_main(int argc, char *argv[]) X509_free(s_cert2); EVP_PKEY_free(s_key2); BIO_free(serverinfo_in); -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG OPENSSL_free(next_proto.data); -# endif - OPENSSL_free(alpn_ctx.data); #endif + OPENSSL_free(alpn_ctx.data); ssl_excert_free(exc); sk_OPENSSL_STRING_free(ssl_args); SSL_CONF_CTX_free(cctx); @@ -2018,7 +1973,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) if (con == NULL) { con = SSL_new(ctx); -#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); @@ -2027,7 +1982,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb); SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp); } -#endif + if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { @@ -2109,12 +2064,11 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context) SSL_set_msg_callback(con, msg_cb); SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out); } -#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } -#endif width = s + 1; for (;;) { @@ -2399,7 +2353,7 @@ static int init_ssl_connection(SSL *con) X509 *peer; long verify_error; char buf[BUFSIZ]; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) const unsigned char *next_proto_neg; unsigned next_proto_neg_len; #endif @@ -2476,7 +2430,7 @@ static int init_ssl_connection(SSL *con) #endif BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)"); -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len); if (next_proto_neg) { BIO_printf(bio_s_out, "NEXTPROTO is "); @@ -2574,12 +2528,12 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context) if ((con = SSL_new(ctx)) == NULL) goto err; -#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } -#endif + if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) goto err; @@ -2920,12 +2874,11 @@ static int rev_body(char *hostname, int s, int stype, unsigned char *context) if ((con = SSL_new(ctx)) == NULL) goto err; -#ifndef OPENSSL_NO_TLSEXT + if (s_tlsextdebug) { SSL_set_tlsext_debug_callback(con, tlsext_cb); SSL_set_tlsext_debug_arg(con, bio_s_out); } -#endif if (context && !SSL_set_session_id_context(con, context, strlen((char *)context))) { ERR_print_errors(bio_err); diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod index af203b8..4e9fd84 100644 --- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod +++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod @@ -21,9 +21,6 @@ RFC5077 provide an enhanced session resumption capability where the server implementation is not required to maintain per session state. It only applies to TLS and there is no SSLv3 implementation. -The callback is available when the OpenSSL library was built without -I being defined. - The callback function I will be called for every client instigated TLS session when session ticket extension is presented in the TLS hello message. It is the responsibility of this function to create or retrieve the diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index a93145b..9694e24 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -338,8 +338,6 @@ typedef int (*tls_session_secret_cb_fn) (SSL *s, void *secret, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg); -# ifndef OPENSSL_NO_TLSEXT - /* Typedefs for handling custom extensions */ typedef int (*custom_ext_add_cb) (SSL *s, unsigned int ext_type, @@ -353,8 +351,6 @@ typedef int (*custom_ext_parse_cb) (SSL *s, unsigned int ext_type, const unsigned char *in, size_t inlen, int *al, void *parse_arg); -# endif - /* Allow initial connection to servers that don't support RI */ # define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L /* Removed from OpenSSL 0.9.8q and 1.0.0c */ @@ -771,12 +767,10 @@ void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len); # endif -# ifndef OPENSSL_NO_TLSEXT __owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, const unsigned char *client, unsigned int client_len); -# endif # define OPENSSL_NPN_UNSUPPORTED 0 # define OPENSSL_NPN_NEGOTIATED 1 @@ -867,7 +861,6 @@ const char *SSL_get_psk_identity_hint(const SSL *s); const char *SSL_get_psk_identity(const SSL *s); # endif -# ifndef OPENSSL_NO_TLSEXT /* Register callbacks to handle custom TLS Extensions for client or server. */ __owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type, @@ -886,8 +879,6 @@ __owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type, __owur int SSL_extension_supported(unsigned int ext_type); -# endif - # define SSL_NOTHING 1 # define SSL_WRITING 2 # define SSL_READING 3 @@ -1112,40 +1103,38 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_SET_MAX_CERT_LIST 51 # define SSL_CTRL_SET_MAX_SEND_FRAGMENT 52 /* see tls1.h for macros based on these */ -# ifndef OPENSSL_NO_TLSEXT -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 -# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 -# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 -# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 -# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 -# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 -/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ -/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ -/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 -# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 -# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 -# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 -# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 -# define SSL_CTRL_SET_SRP_ARG 78 -# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 -# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 -# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 -# ifndef OPENSSL_NO_HEARTBEATS -# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 -# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 -# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 -# endif -# endif /* OPENSSL_NO_TLSEXT */ +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB 53 +# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG 54 +# define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 +# define SSL_CTRL_SET_TLSEXT_DEBUG_CB 56 +# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 +# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS 58 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS 59 +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT 60 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */ +/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */ +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB 63 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS 67 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS 68 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS 69 +# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 +# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 +# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB 72 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB 75 +# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB 76 +# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB 77 +# define SSL_CTRL_SET_SRP_ARG 78 +# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME 79 +# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH 80 +# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD 81 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT 85 +# define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING 86 +# define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS 87 +# endif # define DTLS_CTRL_GET_TIMEOUT 73 # define DTLS_CTRL_HANDLE_TIMEOUT 74 # define DTLS_CTRL_LISTEN 75 @@ -1390,15 +1379,12 @@ __owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, __owur int SSL_use_certificate(SSL *ssl, X509 *x); __owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len); -# ifndef OPENSSL_NO_TLSEXT /* Set serverinfo data for the current active cert. */ __owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, size_t serverinfo_length); -# ifndef OPENSSL_NO_STDIO +# ifndef OPENSSL_NO_STDIO __owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file); -# endif /* NO_STDIO */ - -# endif +# endif /* NO_STDIO */ # ifndef OPENSSL_NO_STDIO __owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index d107396..40205e1 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -311,9 +311,7 @@ extern "C" { # define TLSEXT_curve_P_256 23 # define TLSEXT_curve_P_384 24 -# ifndef OPENSSL_NO_TLSEXT - -# define TLSEXT_MAXLEN_host_name 255 +# define TLSEXT_MAXLEN_host_name 255 __owur const char *SSL_get_servername(const SSL *s, const int type); __owur int SSL_get_servername_type(const SSL *s); @@ -339,71 +337,70 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, __owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain); -# define SSL_set_tlsext_host_name(s,name) \ +# define SSL_set_tlsext_host_name(s,name) \ SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name) -# define SSL_set_tlsext_debug_callback(ssl, cb) \ +# define SSL_set_tlsext_debug_callback(ssl, cb) \ SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb) -# define SSL_set_tlsext_debug_arg(ssl, arg) \ +# define SSL_set_tlsext_debug_arg(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg) -# define SSL_set_tlsext_status_type(ssl, type) \ +# define SSL_set_tlsext_status_type(ssl, type) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL) -# define SSL_get_tlsext_status_exts(ssl, arg) \ +# define SSL_get_tlsext_status_exts(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) -# define SSL_set_tlsext_status_exts(ssl, arg) \ +# define SSL_set_tlsext_status_exts(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg) -# define SSL_get_tlsext_status_ids(ssl, arg) \ +# define SSL_get_tlsext_status_ids(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) -# define SSL_set_tlsext_status_ids(ssl, arg) \ +# define SSL_set_tlsext_status_ids(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg) -# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ +# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \ SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg) -# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ +# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \ SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg) -# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ +# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \ SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb) -# define SSL_TLSEXT_ERR_OK 0 -# define SSL_TLSEXT_ERR_ALERT_WARNING 1 -# define SSL_TLSEXT_ERR_ALERT_FATAL 2 -# define SSL_TLSEXT_ERR_NOACK 3 +# define SSL_TLSEXT_ERR_OK 0 +# define SSL_TLSEXT_ERR_ALERT_WARNING 1 +# define SSL_TLSEXT_ERR_ALERT_FATAL 2 +# define SSL_TLSEXT_ERR_NOACK 3 -# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ +# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg) -# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ +# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ +# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \ SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys)) -# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ +# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb) -# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ +# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \ SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0, (void *)arg) -# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ +# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) -# ifndef OPENSSL_NO_HEARTBEATS -# define SSL_TLSEXT_HB_ENABLED 0x01 -# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 -# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 +# ifndef OPENSSL_NO_HEARTBEATS +# define SSL_TLSEXT_HB_ENABLED 0x01 +# define SSL_TLSEXT_HB_DONT_SEND_REQUESTS 0x02 +# define SSL_TLSEXT_HB_DONT_RECV_REQUESTS 0x04 -# define SSL_get_tlsext_heartbeat_pending(ssl) \ +# define SSL_get_tlsext_heartbeat_pending(ssl) \ SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL) -# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ +# define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \ SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL) -# endif # endif /* PSK ciphersuites from 4279 */ diff --git a/makevms.com b/makevms.com index 37efdc8..c1c3060 100755 --- a/makevms.com +++ b/makevms.com @@ -304,7 +304,6 @@ $ CONFIG_LOGICALS := AES,- STATIC_ENGINE,- STDIO,- STORE,- - TLSEXT,- UNIT_TEST,- WHIRLPOOL $ CONFIG_EXPERIMENTAL := JPAKE,- @@ -332,11 +331,9 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- SHA/SSL3,TLS1;- RSA,DSA/SSL3,TLS1;- DH/SSL3,TLS1;- - TLS1/TLSEXT;- EC/GOST;- DSA/GOST;- DH/GOST;- - TLSEXT/SRP,HEARTBEAT;- /STATIC_ENGINE;- /DEPRECATED;- /EC_NISTP_64_GCC_128;- diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c index ed67f9d..8940abc 100644 --- a/ssl/d1_clnt.c +++ b/ssl/d1_clnt.c @@ -405,7 +405,7 @@ int dtls1_connect(SSL *s) ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) s->state = SSL3_ST_CR_CERT_STATUS_A; else @@ -414,12 +414,7 @@ int dtls1_connect(SSL *s) skip = 1; s->state = SSL3_ST_CR_KEY_EXCH_A; } -#else - } else - skip = 1; - s->state = SSL3_ST_CR_KEY_EXCH_A; -#endif s->init_num = 0; break; @@ -640,21 +635,17 @@ int dtls1_connect(SSL *s) 0, NULL); #endif -#ifndef OPENSSL_NO_TLSEXT /* * Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; else -#endif - s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; } s->init_num = 0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_CR_SESSION_TICKET_A: case SSL3_ST_CR_SESSION_TICKET_B: ret = ssl3_get_new_session_ticket(s); @@ -672,7 +663,6 @@ int dtls1_connect(SSL *s) s->state = SSL3_ST_CR_KEY_EXCH_A; s->init_num = 0; break; -#endif case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index ac2a006..dfdc573 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -425,14 +425,10 @@ int dtls1_accept(SSL *s) BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY, sizeof(sctpauthkey), sctpauthkey); #endif -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else s->state = SSL3_ST_SW_CHANGE_A; -#else - s->state = SSL3_ST_SW_CHANGE_A; -#endif } else s->state = SSL3_ST_SW_CERT_A; s->init_num = 0; @@ -447,7 +443,7 @@ int dtls1_accept(SSL *s) ret = ssl3_send_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) s->state = SSL3_ST_SW_CERT_STATUS_A; else @@ -456,12 +452,6 @@ int dtls1_accept(SSL *s) skip = 1; s->state = SSL3_ST_SW_KEY_EXCH_A; } -#else - } else - skip = 1; - - s->state = SSL3_ST_SW_KEY_EXCH_A; -#endif s->init_num = 0; break; @@ -712,16 +702,13 @@ int dtls1_accept(SSL *s) dtls1_stop_timer(s); if (s->hit) s->state = SSL_ST_OK; -#ifndef OPENSSL_NO_TLSEXT else if (s->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; -#endif else s->state = SSL3_ST_SW_CHANGE_A; s->init_num = 0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_SW_SESSION_TICKET_A: case SSL3_ST_SW_SESSION_TICKET_B: ret = ssl3_send_newsession_ticket(s); @@ -740,8 +727,6 @@ int dtls1_accept(SSL *s) s->init_num = 0; break; -#endif - case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index 4977e9c..ace0838 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -165,9 +165,7 @@ static int ssl_set_version(SSL *s); static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b); -#ifndef OPENSSL_NO_TLSEXT static int ssl3_check_finished(SSL *s); -#endif static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, int (*put_cb) (const SSL_CIPHER *, @@ -309,12 +307,10 @@ int ssl3_connect(SSL *s) if (s->hit) { s->state = SSL3_ST_CR_FINISHED_A; -#ifndef OPENSSL_NO_TLSEXT if (s->tlsext_ticket_expected) { /* receive renewed session ticket */ s->state = SSL3_ST_CR_SESSION_TICKET_A; } -#endif } else { s->state = SSL3_ST_CR_CERT_A; } @@ -322,7 +318,6 @@ int ssl3_connect(SSL *s) break; case SSL3_ST_CR_CERT_A: case SSL3_ST_CR_CERT_B: -#ifndef OPENSSL_NO_TLSEXT /* Noop (ret = 0) for everything but EAP-FAST. */ ret = ssl3_check_finished(s); if (ret < 0) @@ -333,7 +328,7 @@ int ssl3_connect(SSL *s) s->init_num = 0; break; } -#endif + /* Check if it is anon DH/ECDH, SRP auth */ /* or PSK */ if (! @@ -343,7 +338,7 @@ int ssl3_connect(SSL *s) ret = ssl3_get_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) s->state = SSL3_ST_CR_CERT_STATUS_A; else @@ -352,12 +347,7 @@ int ssl3_connect(SSL *s) skip = 1; s->state = SSL3_ST_CR_KEY_EXCH_A; } -#else - } else - skip = 1; - s->state = SSL3_ST_CR_KEY_EXCH_A; -#endif s->init_num = 0; break; @@ -470,7 +460,7 @@ int ssl3_connect(SSL *s) if (ret <= 0) goto end; -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) +#if defined(OPENSSL_NO_NEXTPROTONEG) s->state = SSL3_ST_CW_FINISHED_A; #else if (s->s3->next_proto_neg_seen) @@ -505,7 +495,7 @@ int ssl3_connect(SSL *s) break; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_CW_NEXT_PROTO_A: case SSL3_ST_CW_NEXT_PROTO_B: ret = ssl3_send_next_proto(s); @@ -538,21 +528,17 @@ int ssl3_connect(SSL *s) s->s3->delay_buf_pop_ret = 0; } } else { -#ifndef OPENSSL_NO_TLSEXT /* * Allow NewSessionTicket if ticket expected */ if (s->tlsext_ticket_expected) s->s3->tmp.next_state = SSL3_ST_CR_SESSION_TICKET_A; else -#endif - s->s3->tmp.next_state = SSL3_ST_CR_FINISHED_A; } s->init_num = 0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_CR_SESSION_TICKET_A: case SSL3_ST_CR_SESSION_TICKET_B: ret = ssl3_get_new_session_ticket(s); @@ -570,7 +556,6 @@ int ssl3_connect(SSL *s) s->state = SSL3_ST_CR_KEY_EXCH_A; s->init_num = 0; break; -#endif case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: @@ -783,15 +768,11 @@ int ssl3_client_hello(SSL *s) goto err; if ((sess == NULL) || (sess->ssl_version != s->version) || -#ifdef OPENSSL_NO_TLSEXT - !sess->session_id_length || -#else /* * In the case of EAP-FAST, we can have a pre-shared * "ticket" without a session ID. */ (!sess->session_id_length && !sess->tlsext_tick) || -#endif (sess->not_resumable)) { if (!ssl_get_new_session(s, 0)) goto err; @@ -922,7 +903,6 @@ int ssl3_client_hello(SSL *s) #endif *(p++) = 0; /* Add the NULL method */ -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (ssl_prepare_clienthello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT); @@ -935,7 +915,6 @@ int ssl3_client_hello(SSL *s) SSLerr(SSL_F_SSL3_CLIENT_HELLO, ERR_R_INTERNAL_ERROR); goto err; } -#endif l = p - d; if (!ssl_set_handshake_header(s, SSL3_MT_CLIENT_HELLO, l)) { @@ -1082,7 +1061,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_SSL3_SESSION_ID_TOO_LONG); goto f_err; } -#ifndef OPENSSL_NO_TLSEXT + /* * Check if we can resume the session based on external pre-shared secret. * EAP-FAST (RFC 4851) supports two types of session resumption. @@ -1111,7 +1090,6 @@ int ssl3_get_server_hello(SSL *s) goto f_err; } } -#endif /* OPENSSL_NO_TLSEXT */ if (j != 0 && j == s->session->session_id_length && memcmp(p, s->session->session_id, j) == 0) { @@ -1237,13 +1215,11 @@ int ssl3_get_server_hello(SSL *s) } #endif -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (!ssl_parse_serverhello_tlsext(s, &p, d, n)) { SSLerr(SSL_F_SSL3_GET_SERVER_HELLO, SSL_R_PARSE_TLSEXT); goto err; } -#endif if (p != (d + n)) { /* wrong packet length */ @@ -2240,7 +2216,6 @@ static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b) return (X509_NAME_cmp(*a, *b)); } -#ifndef OPENSSL_NO_TLSEXT int ssl3_get_new_session_ticket(SSL *s) { int ok, al, ret = 0, ticklen; @@ -2363,7 +2338,6 @@ int ssl3_get_cert_status(SSL *s) s->state = SSL_ST_ERR; return (-1); } -#endif int ssl3_get_server_done(SSL *s) { @@ -3457,7 +3431,6 @@ int ssl3_check_cert_and_algorithm(SSL *s) return (0); } -#ifndef OPENSSL_NO_TLSEXT /* * Normally, we can tell if the server is resuming the session from * the session ID. EAP-FAST (RFC 4851), however, relies on the next server @@ -3507,7 +3480,7 @@ static int ssl3_check_finished(SSL *s) return 0; } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG int ssl3_send_next_proto(SSL *s) { unsigned int len, padding_len; @@ -3530,7 +3503,6 @@ int ssl3_send_next_proto(SSL *s) return ssl3_do_write(s, SSL3_RT_HANDSHAKE); } -# endif #endif int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 78e95fc..3aa9863 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2908,9 +2908,7 @@ void ssl3_free(SSL *s) BIO_free(s->s3->handshake_buffer); if (s->s3->handshake_dgst) ssl3_free_digest_list(s); -#ifndef OPENSSL_NO_TLSEXT OPENSSL_free(s->s3->alpn_selected); -#endif #ifndef OPENSSL_NO_SRP SSL_SRP_CTX_free(s); @@ -2939,12 +2937,8 @@ void ssl3_clear(SSL *s) #ifndef OPENSSL_NO_EC EC_KEY_free(s->s3->tmp.ecdh); s->s3->tmp.ecdh = NULL; -#endif -#ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_EC s->s3->is_probably_safari = 0; -# endif /* !OPENSSL_NO_EC */ -#endif /* !OPENSSL_NO_TLSEXT */ +#endif /* !OPENSSL_NO_EC */ init_extra = s->s3->init_extra; BIO_free(s->s3->handshake_buffer); @@ -2952,12 +2946,12 @@ void ssl3_clear(SSL *s) if (s->s3->handshake_dgst) { ssl3_free_digest_list(s); } -#if !defined(OPENSSL_NO_TLSEXT) + if (s->s3->alpn_selected) { free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; } -#endif + memset(s->s3, 0, sizeof(*s->s3)); s->s3->init_extra = init_extra; @@ -2969,7 +2963,7 @@ void ssl3_clear(SSL *s) s->s3->in_read_app_data = 0; s->version = SSL3_VERSION; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(s->next_proto_negotiated); s->next_proto_negotiated = NULL; s->next_proto_negotiated_len = 0; @@ -3109,7 +3103,6 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } #endif /* !OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_HOSTNAME: if (larg == TLSEXT_NAMETYPE_host_name) { OPENSSL_free(s->tlsext_hostname); @@ -3172,7 +3165,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) ret = 1; break; -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT: if (SSL_IS_DTLS(s)) ret = dtls1_heartbeat(s); @@ -3191,9 +3184,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS; ret = 1; break; -# endif - -#endif /* !OPENSSL_NO_TLSEXT */ +#endif case SSL_CTRL_CHAIN: if (larg) @@ -3443,12 +3434,11 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_DEBUG_CB: s->tlsext_debug_cb = (void (*)(SSL *, int, int, unsigned char *, int, void *))fp; break; -#endif + case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: { s->not_resumable_session_cb = (int (*)(SSL *, int))fp; @@ -3578,7 +3568,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return (0); } #endif /* !OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG: ctx->tlsext_servername_arg = parg; break; @@ -3608,7 +3597,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) ctx->tlsext_status_arg = parg; return 1; -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME: ctx->srp_ctx.srp_Mask |= SSL_kSRP; OPENSSL_free(ctx->srp_ctx.login); @@ -3638,9 +3627,9 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH: ctx->srp_ctx.strength = larg; break; -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC case SSL_CTRL_SET_CURVES: return tls1_set_curves(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, @@ -3650,12 +3639,10 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) return tls1_set_curves_list(&ctx->tlsext_ellipticcurvelist, &ctx->tlsext_ellipticcurvelist_length, parg); -# ifndef OPENSSL_NO_EC case SSL_CTRL_SET_ECDH_AUTO: ctx->cert->ecdh_tmp_auto = larg; return 1; -# endif -# endif +#endif case SSL_CTRL_SET_SIGALGS: return tls1_set_sigalgs(ctx->cert, parg, larg, 0); @@ -3680,8 +3667,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) case SSL_CTRL_SET_CHAIN_CERT_STORE: return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg); -#endif /* !OPENSSL_NO_TLSEXT */ - /* A Thawte special :-) */ case SSL_CTRL_EXTRA_CHAIN_CERT: if (ctx->extra_certs == NULL) { @@ -3759,7 +3744,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) } break; #endif -#ifndef OPENSSL_NO_TLSEXT case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB: ctx->tlsext_servername_callback = (int (*)(SSL *, int *, void *))fp; break; @@ -3775,7 +3759,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) HMAC_CTX *, int))fp; break; -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB: ctx->srp_ctx.srp_Mask |= SSL_kSRP; ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp; @@ -3790,7 +3774,6 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) ctx->srp_ctx.SRP_give_srp_client_pwd_callback = (char *(*)(SSL *, void *))fp; break; -# endif #endif case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB: { @@ -3927,7 +3910,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #endif } -#ifndef OPENSSL_NO_TLSEXT # ifndef OPENSSL_NO_EC /* * if we are considering an ECC cipher suite that uses an ephemeral @@ -3936,7 +3918,6 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); # endif /* OPENSSL_NO_EC */ -#endif /* OPENSSL_NO_TLSEXT */ if (!ok) continue; @@ -3946,7 +3927,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED, c->strength_bits, 0, c)) continue; -#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) +#if !defined(OPENSSL_NO_EC) if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { if (!ret) diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 6bc80d5..68234ec 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -387,19 +387,15 @@ int ssl3_accept(SSL *s) ret = ssl3_send_server_hello(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT + if (s->hit) { if (s->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; else s->state = SSL3_ST_SW_CHANGE_A; - } -#else - if (s->hit) - s->state = SSL3_ST_SW_CHANGE_A; -#endif - else + } else { s->state = SSL3_ST_SW_CERT_A; + } s->init_num = 0; break; @@ -414,7 +410,7 @@ int ssl3_accept(SSL *s) ret = ssl3_send_server_certificate(s); if (ret <= 0) goto end; -#ifndef OPENSSL_NO_TLSEXT + if (s->tlsext_status_expected) s->state = SSL3_ST_SW_CERT_STATUS_A; else @@ -423,12 +419,6 @@ int ssl3_accept(SSL *s) skip = 1; s->state = SSL3_ST_SW_KEY_EXCH_A; } -#else - } else - skip = 1; - - s->state = SSL3_ST_SW_KEY_EXCH_A; -#endif s->init_num = 0; break; @@ -587,7 +577,7 @@ int ssl3_accept(SSL *s) * not sent. Also for GOST ciphersuites when the client uses * its key from the certificate for key exchange. */ -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) +#if defined(OPENSSL_NO_NEXTPROTONEG) s->state = SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) @@ -666,7 +656,7 @@ int ssl3_accept(SSL *s) if (ret <= 0) goto end; -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) +#if defined(OPENSSL_NO_NEXTPROTONEG) s->state = SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) @@ -677,7 +667,7 @@ int ssl3_accept(SSL *s) s->init_num = 0; break; -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) case SSL3_ST_SR_NEXT_PROTO_A: case SSL3_ST_SR_NEXT_PROTO_B: /* @@ -718,16 +708,13 @@ int ssl3_accept(SSL *s) goto end; if (s->hit) s->state = SSL_ST_OK; -#ifndef OPENSSL_NO_TLSEXT else if (s->tlsext_ticket_expected) s->state = SSL3_ST_SW_SESSION_TICKET_A; -#endif else s->state = SSL3_ST_SW_CHANGE_A; s->init_num = 0; break; -#ifndef OPENSSL_NO_TLSEXT case SSL3_ST_SW_SESSION_TICKET_A: case SSL3_ST_SW_SESSION_TICKET_B: ret = ssl3_send_newsession_ticket(s); @@ -746,8 +733,6 @@ int ssl3_accept(SSL *s) s->init_num = 0; break; -#endif - case SSL3_ST_SW_CHANGE_A: case SSL3_ST_SW_CHANGE_B: @@ -790,7 +775,7 @@ int ssl3_accept(SSL *s) goto end; s->state = SSL3_ST_SW_FLUSH; if (s->hit) { -#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG) +#if defined(OPENSSL_NO_NEXTPROTONEG) s->s3->tmp.next_state = SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) { @@ -1361,7 +1346,6 @@ int ssl3_get_client_hello(SSL *s) } } -#ifndef OPENSSL_NO_TLSEXT /* TLS extensions */ if (s->version >= SSL3_VERSION) { if (!ssl_parse_clienthello_tlsext(s, &p, d, n)) { @@ -1418,7 +1402,6 @@ int ssl3_get_client_hello(SSL *s) s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->session->ciphers); } } -#endif /* * Worst case, we will use the NULL compression, but if we have other @@ -1602,13 +1585,13 @@ int ssl3_send_server_hello(SSL *s) if (s->state == SSL3_ST_SW_SRVR_HELLO_A) { buf = (unsigned char *)s->init_buf->data; -#ifdef OPENSSL_NO_TLSEXT + p = s->s3->server_random; if (ssl_fill_hello_random(s, 1, p, SSL3_RANDOM_SIZE) <= 0) { s->state = SSL_ST_ERR; return -1; } -#endif + /* Do the message type and length last */ d = p = ssl_handshake_start(s); @@ -1663,7 +1646,7 @@ int ssl3_send_server_hello(SSL *s) else *(p++) = s->s3->tmp.new_compression->id; #endif -#ifndef OPENSSL_NO_TLSEXT + if (ssl_prepare_serverhello_tlsext(s) <= 0) { SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_SERVERHELLO_TLSEXT); s->state = SSL_ST_ERR; @@ -1677,7 +1660,7 @@ int ssl3_send_server_hello(SSL *s) s->state = SSL_ST_ERR; return -1; } -#endif + /* do the header */ l = (p - d); if (!ssl_set_handshake_header(s, SSL3_MT_SERVER_HELLO, l)) { @@ -3266,7 +3249,6 @@ int ssl3_send_server_certificate(SSL *s) return ssl_do_write(s); } -#ifndef OPENSSL_NO_TLSEXT /* send a new session ticket (not necessarily for a new session) */ int ssl3_send_newsession_ticket(SSL *s) { @@ -3454,7 +3436,7 @@ int ssl3_send_cert_status(SSL *s) return (ssl3_do_write(s, SSL3_RT_HANDSHAKE)); } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* * ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. * It sets the next_proto member in s if found @@ -3533,8 +3515,6 @@ int ssl3_get_next_proto(SSL *s) return 1; } -# endif - #endif #define SSLV2_CIPHER_LEN 3 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c index 51cc72a..7b58518 100644 --- a/ssl/ssl_asn1.c +++ b/ssl/ssl_asn1.c @@ -101,11 +101,9 @@ typedef struct { X509 *peer; ASN1_OCTET_STRING *session_id_context; long verify_result; -#ifndef OPENSSL_NO_TLSEXT ASN1_OCTET_STRING *tlsext_hostname; long tlsext_tick_lifetime_hint; ASN1_OCTET_STRING *tlsext_tick; -#endif #ifndef OPENSSL_NO_PSK ASN1_OCTET_STRING *psk_identity_hint; ASN1_OCTET_STRING *psk_identity; @@ -128,17 +126,13 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = { ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3), ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4), ASN1_EXP_OPT(SSL_SESSION_ASN1, verify_result, ZLONG, 5), -#ifndef OPENSSL_NO_TLSEXT ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6), -#endif #ifndef OPENSSL_NO_PSK ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7), ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8), #endif -#ifndef OPENSSL_NO_TLSEXT ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZLONG, 9), ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10), -#endif ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11), #ifndef OPENSSL_NO_SRP ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12), @@ -185,9 +179,7 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) unsigned char comp_id_data; #endif -#ifndef OPENSSL_NO_TLSEXT ASN1_OCTET_STRING tlsext_hostname, tlsext_tick; -#endif #ifndef OPENSSL_NO_SRP ASN1_OCTET_STRING srp_username; @@ -238,7 +230,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) as.peer = in->peer; -#ifndef OPENSSL_NO_TLSEXT ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname, in->tlsext_hostname); if (in->tlsext_tick) { @@ -247,7 +238,6 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) } if (in->tlsext_tick_lifetime_hint > 0) as.tlsext_tick_lifetime_hint = in->tlsext_tick_lifetime_hint; -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint, in->psk_identity_hint); @@ -373,10 +363,8 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, /* NB: this defaults to zero which is X509_V_OK */ ret->verify_result = as->verify_result; -#ifndef OPENSSL_NO_TLSEXT if (!ssl_session_strndup(&ret->tlsext_hostname, as->tlsext_hostname)) goto err; -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_PSK if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint)) @@ -385,7 +373,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, goto err; #endif -#ifndef OPENSSL_NO_TLSEXT ret->tlsext_tick_lifetime_hint = as->tlsext_tick_lifetime_hint; if (as->tlsext_tick) { ret->tlsext_tick = as->tlsext_tick->data; @@ -394,7 +381,6 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, } else { ret->tlsext_tick = NULL; } -#endif /* OPENSSL_NO_TLSEXT */ #ifndef OPENSSL_NO_COMP if (as->comp_id) { if (as->comp_id->length != 1) { diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 987b2b7..6b39e25 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -265,7 +265,6 @@ CERT *ssl_cert_dup(CERT *cert) goto err; } } -#ifndef OPENSSL_NO_TLSEXT if (cert->pkeys[i].serverinfo != NULL) { /* Just copy everything. */ ret->pkeys[i].serverinfo = @@ -280,7 +279,6 @@ CERT *ssl_cert_dup(CERT *cert) cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length); } -#endif } ret->references = 1; @@ -334,12 +332,10 @@ CERT *ssl_cert_dup(CERT *cert) ret->sec_level = cert->sec_level; ret->sec_ex = cert->sec_ex; -#ifndef OPENSSL_NO_TLSEXT if (!custom_exts_copy(&ret->cli_ext, &cert->cli_ext)) goto err; if (!custom_exts_copy(&ret->srv_ext, &cert->srv_ext)) goto err; -#endif return (ret); @@ -364,11 +360,9 @@ void ssl_cert_clear_certs(CERT *c) cpk->privatekey = NULL; sk_X509_pop_free(cpk->chain, X509_free); cpk->chain = NULL; -#ifndef OPENSSL_NO_TLSEXT OPENSSL_free(cpk->serverinfo); cpk->serverinfo = NULL; cpk->serverinfo_length = 0; -#endif } } @@ -409,10 +403,8 @@ void ssl_cert_free(CERT *c) OPENSSL_free(c->ctypes); X509_STORE_free(c->verify_store); X509_STORE_free(c->chain_store); -#ifndef OPENSSL_NO_TLSEXT custom_exts_free(&c->cli_ext); custom_exts_free(&c->srv_ext); -#endif OPENSSL_free(c); } diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 59516a5..65ff021 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -433,9 +433,7 @@ static const ssl_conf_cmd_tbl ssl_conf_cmds[] = { SSL_CONF_CMD_SWITCH("bugs", 0), SSL_CONF_CMD_SWITCH("no_comp", 0), SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER), -#ifndef OPENSSL_NO_TLSEXT SSL_CONF_CMD_SWITCH("no_ticket", 0), -#endif SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER), SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0), SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER), @@ -477,9 +475,7 @@ static const ssl_switch_tbl ssl_cmd_switches[] = { {SSL_OP_ALL, 0}, /* bugs */ {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */ {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */ -#ifndef OPENSSL_NO_TLSEXT {SSL_OP_NO_TICKET, 0}, /* no_ticket */ -#endif {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */ /* legacy_renegotiation */ {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0}, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 2624b37..3952b6b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -315,7 +315,6 @@ SSL *SSL_new(SSL_CTX *ctx) CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); s->ctx = ctx; -#ifndef OPENSSL_NO_TLSEXT s->tlsext_debug_cb = 0; s->tlsext_debug_arg = NULL; s->tlsext_ticket_expected = 0; @@ -360,7 +359,6 @@ SSL *SSL_new(SSL_CTX *ctx) s->ctx->alpn_client_proto_list_len); s->alpn_client_proto_list_len = s->ctx->alpn_client_proto_list_len; } -#endif s->verify_result = X509_V_OK; @@ -557,18 +555,16 @@ void SSL_free(SSL *s) ssl_cert_free(s->cert); /* Free up if allocated */ -#ifndef OPENSSL_NO_TLSEXT OPENSSL_free(s->tlsext_hostname); SSL_CTX_free(s->initial_ctx); -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC OPENSSL_free(s->tlsext_ecpointformatlist); OPENSSL_free(s->tlsext_ellipticcurvelist); -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, X509_EXTENSION_free); sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); OPENSSL_free(s->tlsext_ocsp_resp); OPENSSL_free(s->alpn_client_proto_list); -#endif sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); @@ -579,7 +575,7 @@ void SSL_free(SSL *s) SSL_CTX_free(s->ctx); -#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG) +#if !defined(OPENSSL_NO_NEXTPROTONEG) OPENSSL_free(s->next_proto_negotiated); #endif @@ -1394,7 +1390,6 @@ char *SSL_get_shared_ciphers(const SSL *s, char *buf, int len) return (buf); } -#ifndef OPENSSL_NO_TLSEXT /** return a servername extension value if provided in Client Hello, or NULL. * So far, only host_name types are defined (RFC 3546). */ @@ -1476,7 +1471,7 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, return status; } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* * SSL_get0_next_proto_negotiated sets *data and *len to point to the * client's requested protocol for this connection and returns 0. If the @@ -1537,7 +1532,7 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, ctx->next_proto_select_cb = cb; ctx->next_proto_select_cb_arg = arg; } -# endif +#endif /* * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|. @@ -1610,7 +1605,6 @@ void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data, *len = ssl->s3->alpn_selected_len; } -#endif /* !OPENSSL_NO_TLSEXT */ int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen, const char *label, size_t llen, @@ -1765,7 +1759,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH; -#ifndef OPENSSL_NO_TLSEXT ret->tlsext_servername_callback = 0; ret->tlsext_servername_arg = NULL; /* Setup RFC4507 ticket keys */ @@ -1777,10 +1770,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth) ret->tlsext_status_cb = 0; ret->tlsext_status_arg = NULL; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG ret->next_protos_advertised_cb = 0; ret->next_proto_select_cb = 0; -# endif #endif #ifndef OPENSSL_NO_PSK ret->psk_identity_hint = NULL; @@ -1881,13 +1873,11 @@ void SSL_CTX_free(SSL_CTX *a) ENGINE_finish(a->client_cert_engine); #endif -#ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC OPENSSL_free(a->tlsext_ecpointformatlist); OPENSSL_free(a->tlsext_ellipticcurvelist); -# endif - OPENSSL_free(a->alpn_client_proto_list); #endif + OPENSSL_free(a->alpn_client_proto_list); OPENSSL_free(a); } @@ -2273,7 +2263,6 @@ EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, return c->pkeys[idx].privatekey; } -#ifndef OPENSSL_NO_TLSEXT int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length) { @@ -2293,7 +2282,6 @@ int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, *serverinfo_length = c->pkeys[i].serverinfo_length; return 1; } -#endif void ssl_update_cache(SSL *s, int mode) { @@ -2818,10 +2806,8 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) CERT *new_cert; if (ssl->ctx == ctx) return ssl->ctx; -#ifndef OPENSSL_NO_TLSEXT if (ctx == NULL) ctx = ssl->initial_ctx; -#endif new_cert = ssl_cert_dup(ctx->cert); if (new_cert == NULL) { return NULL; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 04e5908..bdc4d8c 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -652,19 +652,17 @@ struct ssl_session_st { * implement a maximum cache size. */ struct ssl_session_st *prev, *next; -# ifndef OPENSSL_NO_TLSEXT char *tlsext_hostname; -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; unsigned char *tlsext_ecpointformatlist; /* peer's list */ size_t tlsext_ellipticcurvelist_length; unsigned char *tlsext_ellipticcurvelist; /* peer's list */ -# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_EC */ /* RFC4507 info */ unsigned char *tlsext_tick; /* Session ticket */ size_t tlsext_ticklen; /* Session ticket length */ unsigned long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */ -# endif # ifndef OPENSSL_NO_SRP char *srp_username; # endif @@ -850,7 +848,6 @@ struct ssl_ctx_st { ENGINE *client_cert_engine; # endif -# ifndef OPENSSL_NO_TLSEXT /* TLS extensions servername callback */ int (*tlsext_servername_callback) (SSL *, int *, void *); void *tlsext_servername_arg; @@ -868,7 +865,6 @@ struct ssl_ctx_st { /* Callback for status request */ int (*tlsext_status_cb) (SSL *ssl, void *arg); void *tlsext_status_arg; -# endif # ifndef OPENSSL_NO_PSK char *psk_identity_hint; @@ -886,9 +882,7 @@ struct ssl_ctx_st { SRP_CTX srp_ctx; /* ctx for SRP authentication */ # endif -# ifndef OPENSSL_NO_TLSEXT - -# ifndef OPENSSL_NO_NEXTPROTONEG +# ifndef OPENSSL_NO_NEXTPROTONEG /* Next protocol negotiation information */ /* (for experimental NPN extension). */ @@ -908,7 +902,7 @@ struct ssl_ctx_st { const unsigned char *in, unsigned int inlen, void *arg); void *next_proto_select_cb_arg; -# endif +# endif /* * ALPN information (we are in the process of transitioning from NPN to @@ -941,7 +935,6 @@ struct ssl_ctx_st { /* SRTP profiles we are willing to do from RFC 5764 */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; -# endif /* * Callback for disabling session caching and ticket support on a session * basis, depending on the chosen cipher. @@ -1096,7 +1089,7 @@ struct ssl_st { /* what was passed, used for SSLv3/TLS rollback check */ int client_version; unsigned int max_send_fragment; -# ifndef OPENSSL_NO_TLSEXT + /* TLS extension debug callback */ void (*tlsext_debug_cb) (SSL *s, int client_server, int type, unsigned char *data, int len, void *arg); @@ -1122,14 +1115,14 @@ struct ssl_st { int tlsext_ocsp_resplen; /* RFC4507 session ticket expected to be received or sent */ int tlsext_ticket_expected; -# ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_EC size_t tlsext_ecpointformatlist_length; /* our list */ unsigned char *tlsext_ecpointformatlist; size_t tlsext_ellipticcurvelist_length; /* our list */ unsigned char *tlsext_ellipticcurvelist; -# endif /* OPENSSL_NO_EC */ +# endif /* OPENSSL_NO_EC */ /* TLS Session Ticket extension override */ TLS_SESSION_TICKET_EXT *tlsext_session_ticket; /* TLS Session Ticket extension callback */ @@ -1139,7 +1132,7 @@ struct ssl_st { tls_session_secret_cb_fn tls_session_secret_cb; void *tls_session_secret_cb_arg; SSL_CTX *initial_ctx; /* initial ctx, used to store sessions */ -# ifndef OPENSSL_NO_NEXTPROTONEG +# ifndef OPENSSL_NO_NEXTPROTONEG /* * Next protocol negotiation. For the client, this is the protocol that * we sent in NextProtocol and is set when handling ServerHello @@ -1149,8 +1142,8 @@ struct ssl_st { */ unsigned char *next_proto_negotiated; unsigned char next_proto_negotiated_len; -# endif -# define session_ctx initial_ctx +# endif +# define session_ctx initial_ctx /* What we'll do */ STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles; /* What's been chosen */ @@ -1172,9 +1165,7 @@ struct ssl_st { */ unsigned char *alpn_client_proto_list; unsigned alpn_client_proto_list_len; -# else -# define session_ctx ctx -# endif /* OPENSSL_NO_TLSEXT */ + /*- * 1 if we are renegotiating. * 2 if we are a server and are inside a handshake @@ -1328,8 +1319,6 @@ typedef struct ssl3_state_st { int next_proto_neg_seen; # endif -# ifndef OPENSSL_NO_TLSEXT - /* * ALPN information (we are in the process of transitioning from NPN to * ALPN.) @@ -1351,8 +1340,6 @@ typedef struct ssl3_state_st { */ char is_probably_safari; # endif /* !OPENSSL_NO_EC */ - -# endif /* !OPENSSL_NO_TLSEXT */ } SSL3_STATE; @@ -1462,7 +1449,7 @@ typedef struct cert_pkey_st { EVP_PKEY *privatekey; /* Chain for this certificate */ STACK_OF(X509) *chain; -# ifndef OPENSSL_NO_TLSEXT + /*- * serverinfo data for this certificate. The data is in TLS Extension * wire format, specifically it's a series of records like: @@ -1472,7 +1459,6 @@ typedef struct cert_pkey_st { */ unsigned char *serverinfo; size_t serverinfo_length; -# endif } CERT_PKEY; /* Retrieve Suite B flags */ # define tls1_suiteb(s) (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS) @@ -1916,10 +1902,8 @@ int ssl_undefined_function(SSL *s); __owur int ssl_undefined_void_function(void); __owur int ssl_undefined_const_function(const SSL *s); __owur CERT_PKEY *ssl_get_server_send_pkey(SSL *s); -# ifndef OPENSSL_NO_TLSEXT __owur int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo, size_t *serverinfo_length); -# endif __owur EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd); __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey); void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher); @@ -2031,10 +2015,8 @@ __owur int ssl3_send_client_key_exchange(SSL *s); __owur int ssl3_get_key_exchange(SSL *s); __owur int ssl3_get_server_certificate(SSL *s); __owur int ssl3_check_cert_and_algorithm(SSL *s); -# ifndef OPENSSL_NO_TLSEXT -# ifndef OPENSSL_NO_NEXTPROTONEG +# ifndef OPENSSL_NO_NEXTPROTONEG __owur int ssl3_send_next_proto(SSL *s); -# endif # endif int dtls1_client_hello(SSL *s); @@ -2106,7 +2088,6 @@ __owur int tls1_set_curves_list(unsigned char **pext, size_t *pextlen, __owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id); # endif /* OPENSSL_NO_EC */ -# ifndef OPENSSL_NO_TLSEXT __owur int tls1_shared_list(SSL *s, const unsigned char *l1, size_t l1len, const unsigned char *l2, size_t l2len, int nmatch); @@ -2123,12 +2104,12 @@ __owur int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, __owur int ssl_prepare_clienthello_tlsext(SSL *s); __owur int ssl_prepare_serverhello_tlsext(SSL *s); -# ifndef OPENSSL_NO_HEARTBEATS +# ifndef OPENSSL_NO_HEARTBEATS __owur int tls1_heartbeat(SSL *s); __owur int dtls1_heartbeat(SSL *s); __owur int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); __owur int dtls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length); -# endif +# endif __owur int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, const unsigned char *limit, SSL_SESSION **ret); @@ -2145,7 +2126,6 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, int idx); void tls1_set_cert_validity(SSL *s); -# endif # ifndef OPENSSL_NO_DH __owur DH *ssl_get_auto_dh(SSL *s); # endif diff --git a/ssl/ssl_rsa.c b/ssl/ssl_rsa.c index a9c832c..f485126 100644 --- a/ssl/ssl_rsa.c +++ b/ssl/ssl_rsa.c @@ -738,7 +738,6 @@ int SSL_use_certificate_chain_file(SSL *ssl, const char *file) } #endif -#ifndef OPENSSL_NO_TLSEXT static int serverinfo_find_extension(const unsigned char *serverinfo, size_t serverinfo_length, unsigned int extension_type, @@ -910,7 +909,7 @@ int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo, return 1; } -# ifndef OPENSSL_NO_STDIO +#ifndef OPENSSL_NO_STDIO int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) { unsigned char *serverinfo = NULL; @@ -1000,5 +999,4 @@ int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file) BIO_free(bin); return ret; } -# endif /* OPENSSL_NO_STDIO */ -#endif /* OPENSSL_NO_TLSEXT */ +#endif /* OPENSSL_NO_STDIO */ diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c index 2be9592..f1c2095 100644 --- a/ssl/ssl_sess.c +++ b/ssl/ssl_sess.c @@ -207,14 +207,12 @@ SSL_SESSION *SSL_SESSION_new(void) ss->prev = NULL; ss->next = NULL; ss->compress_meth = 0; -#ifndef OPENSSL_NO_TLSEXT ss->tlsext_hostname = NULL; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; ss->tlsext_ecpointformatlist = NULL; ss->tlsext_ellipticcurvelist_length = 0; ss->tlsext_ellipticcurvelist = NULL; -# endif #endif CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); #ifndef OPENSSL_NO_PSK @@ -322,7 +320,7 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return (0); } -#ifndef OPENSSL_NO_TLSEXT + /*- * If RFC5077 ticket, use empty session ID (as server). * Note that: @@ -342,7 +340,7 @@ int ssl_get_new_session(SSL *s, int session) ss->session_id_length = 0; goto sess_id_done; } -#endif + /* Choose which callback will set the session ID */ CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); if (s->generate_session_id) @@ -378,7 +376,7 @@ int ssl_get_new_session(SSL *s, int session) SSL_SESSION_free(ss); return (0); } -#ifndef OPENSSL_NO_TLSEXT + sess_id_done: if (s->tlsext_hostname) { ss->tlsext_hostname = BUF_strdup(s->tlsext_hostname); @@ -388,7 +386,6 @@ int ssl_get_new_session(SSL *s, int session) return 0; } } -#endif } else { ss->session_id_length = 0; } @@ -435,9 +432,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, SSL_SESSION *ret = NULL; int fatal = 0; int try_session_cache = 1; -#ifndef OPENSSL_NO_TLSEXT int r; -#endif if (len < 0 || len > SSL_MAX_SSL_SESSION_ID_LENGTH) goto err; @@ -450,7 +445,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, if (len == 0) try_session_cache = 0; -#ifndef OPENSSL_NO_TLSEXT /* sets s->tlsext_ticket_expected */ r = tls1_process_ticket(s, session_id, len, limit, &ret); switch (r) { @@ -467,7 +461,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, default: abort(); } -#endif if (try_session_cache && ret == NULL && @@ -589,7 +582,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, err: if (ret != NULL) { SSL_SESSION_free(ret); -#ifndef OPENSSL_NO_TLSEXT + if (!try_session_cache) { /* * The session was from a ticket, so we should issue a ticket for @@ -597,7 +590,6 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, */ s->tlsext_ticket_expected = 1; } -#endif } if (fatal) return -1; @@ -734,16 +726,14 @@ void SSL_SESSION_free(SSL_SESSION *ss) ssl_sess_cert_free(ss->sess_cert); X509_free(ss->peer); sk_SSL_CIPHER_free(ss->ciphers); -#ifndef OPENSSL_NO_TLSEXT OPENSSL_free(ss->tlsext_hostname); OPENSSL_free(ss->tlsext_tick); -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC ss->tlsext_ecpointformatlist_length = 0; OPENSSL_free(ss->tlsext_ecpointformatlist); ss->tlsext_ellipticcurvelist_length = 0; OPENSSL_free(ss->tlsext_ellipticcurvelist); -# endif /* OPENSSL_NO_EC */ -#endif +#endif /* OPENSSL_NO_EC */ #ifndef OPENSSL_NO_PSK OPENSSL_free(ss->psk_identity_hint); OPENSSL_free(ss->psk_identity); @@ -877,7 +867,6 @@ long SSL_CTX_get_timeout(const SSL_CTX *s) return (s->session_timeout); } -#ifndef OPENSSL_NO_TLSEXT int SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb) (SSL *s, void *secret, @@ -932,7 +921,6 @@ int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len) return 0; } -#endif /* OPENSSL_NO_TLSEXT */ typedef struct timeout_param_st { SSL_CTX *ctx; diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c index 0da2bb4..0f506f0 100644 --- a/ssl/ssl_txt.c +++ b/ssl/ssl_txt.c @@ -182,7 +182,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err; #endif -#ifndef OPENSSL_NO_TLSEXT if (x->tlsext_tick_lifetime_hint) { if (BIO_printf(bp, "\n TLS session ticket lifetime hint: %ld (seconds)", @@ -196,7 +195,6 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) <= 0) goto err; } -#endif #ifndef OPENSSL_NO_COMP if (x->compress_meth != 0) { diff --git a/ssl/t1_ext.c b/ssl/t1_ext.c index f1092ac..396ad7e 100644 --- a/ssl/t1_ext.c +++ b/ssl/t1_ext.c @@ -57,7 +57,6 @@ #include "ssl_locl.h" -#ifndef OPENSSL_NO_TLSEXT /* Find a custom extension from the list. */ static custom_ext_method *custom_ext_find(custom_ext_methods *exts, @@ -283,12 +282,11 @@ int SSL_extension_supported(unsigned int ext_type) case TLSEXT_TYPE_srp: case TLSEXT_TYPE_status_request: case TLSEXT_TYPE_use_srtp: -# ifdef TLSEXT_TYPE_encrypt_then_mac +#ifdef TLSEXT_TYPE_encrypt_then_mac case TLSEXT_TYPE_encrypt_then_mac: -# endif +#endif return 1; default: return 0; } } -#endif diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 7053c4a..ce010ca 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -123,13 +123,11 @@ const char tls1_version_str[] = "TLSv1" OPENSSL_VERSION_PTEXT; -#ifndef OPENSSL_NO_TLSEXT static int tls_decrypt_ticket(SSL *s, const unsigned char *tick, int ticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess); static int ssl_check_clienthello_tlsext_early(SSL *s); int ssl_check_serverhello_tlsext(SSL *s); -#endif SSL3_ENC_METHOD const TLSv1_enc_data = { tls1_enc, @@ -208,9 +206,7 @@ int tls1_new(SSL *s) void tls1_free(SSL *s) { -#ifndef OPENSSL_NO_TLSEXT OPENSSL_free(s->tlsext_session_ticket); -#endif /* OPENSSL_NO_TLSEXT */ ssl3_free(s); } @@ -912,32 +908,30 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md) #endif /* OPENSSL_NO_EC */ -#ifndef OPENSSL_NO_TLSEXT - /* * List of supported signature algorithms and hashes. Should make this * customisable at some point, for now include everything we support. */ -# ifdef OPENSSL_NO_RSA -# define tlsext_sigalg_rsa(md) /* */ -# else -# define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, -# endif +#ifdef OPENSSL_NO_RSA +# define tlsext_sigalg_rsa(md) /* */ +#else +# define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa, +#endif -# ifdef OPENSSL_NO_DSA -# define tlsext_sigalg_dsa(md) /* */ -# else -# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, -# endif +#ifdef OPENSSL_NO_DSA +# define tlsext_sigalg_dsa(md) /* */ +#else +# define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa, +#endif -# ifdef OPENSSL_NO_EC -# define tlsext_sigalg_ecdsa(md) /* */ -# else -# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, -# endif +#ifdef OPENSSL_NO_EC +# define tlsext_sigalg_ecdsa(md) /* */ +#else +# define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa, +#endif -# define tlsext_sigalg(md) \ +#define tlsext_sigalg(md) \ tlsext_sigalg_rsa(md) \ tlsext_sigalg_dsa(md) \ tlsext_sigalg_ecdsa(md) @@ -950,19 +944,19 @@ static const unsigned char tls12_sigalgs[] = { tlsext_sigalg(TLSEXT_hash_sha1) }; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC static const unsigned char suiteb_sigalgs[] = { tlsext_sigalg_ecdsa(TLSEXT_hash_sha256) tlsext_sigalg_ecdsa(TLSEXT_hash_sha384) }; -# endif +#endif size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) { /* * If Suite B mode use Suite B sigalgs only, ignore any other * preferences. */ -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC switch (tls1_suiteb(s)) { case SSL_CERT_FLAG_SUITEB_128_LOS: *psigs = suiteb_sigalgs; @@ -976,7 +970,7 @@ size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs) *psigs = suiteb_sigalgs + 2; return 2; } -# endif +#endif /* If server use client authentication sigalgs if not NULL */ if (s->server && s->cert->client_sigalgs) { *psigs = s->cert->client_sigalgs; @@ -1008,7 +1002,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE); return 0; } -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC if (pkey->type == EVP_PKEY_EC) { unsigned char curve_id[2], comp_id; /* Check compression and curve matches extensions */ @@ -1039,7 +1033,7 @@ int tls12_check_peer_sigalg(const EVP_MD **pmd, SSL *s, } } else if (tls1_suiteb(s)) return 0; -# endif +#endif /* Check signature matches a type we sent */ sent_sigslen = tls12_get_psigalgs(s, &sent_sigs); @@ -1105,13 +1099,13 @@ void ssl_set_client_disabled(SSL *s) s->s3->tmp.mask_a |= SSL_aPSK; s->s3->tmp.mask_k |= SSL_kPSK; } -# endif /* OPENSSL_NO_PSK */ -# ifndef OPENSSL_NO_SRP +#endif /* OPENSSL_NO_PSK */ +#ifndef OPENSSL_NO_SRP if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) { s->s3->tmp.mask_a |= SSL_aSRP; s->s3->tmp.mask_k |= SSL_kSRP; } -# endif +#endif } int ssl_cipher_disabled(SSL *s, const SSL_CIPHER *c, int op) @@ -1136,7 +1130,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, int extdatalen = 0; unsigned char *orig = buf; unsigned char *ret = buf; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC /* See if we support any ECC ciphersuites */ int using_ecc = 0; if (s->version >= TLS1_VERSION || SSL_IS_DTLS(s)) { @@ -1156,7 +1150,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, } } } -# endif +#endif ret += 2; @@ -1221,7 +1215,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; } -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP /* Add SRP username if there is one */ if (s->srp_ctx.login != NULL) { /* Add TLS extension SRP username to the * Client Hello message */ @@ -1248,9 +1242,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; } -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC if (using_ecc) { /* * Add TLS extension ECPointFormats to the ClientHello message @@ -1311,7 +1305,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, s2n(curves_list_len, ret); ret += curves_list_len; } -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ if (tls_use_ticket(s)) { int ticklen; @@ -1407,7 +1401,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, if (extlen > 0) i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); } -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS /* Add Heartbeat extension */ if ((limit - ret - 4 - 1) < 0) return NULL; @@ -1422,9 +1416,9 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; else *(ret++) = SSL_TLSEXT_HB_ENABLED; -# endif +#endif -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) { /* * The client advertises an emtpy extension to indicate its support @@ -1435,7 +1429,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_next_proto_neg, ret); s2n(0, ret); } -# endif +#endif if (s->alpn_client_proto_list && !s->s3->tmp.finish_md_len) { if ((size_t)(limit - ret) < 6 + s->alpn_client_proto_list_len) @@ -1446,7 +1440,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, memcpy(ret, s->alpn_client_proto_list, s->alpn_client_proto_list_len); ret += s->alpn_client_proto_list_len; } -# ifndef OPENSSL_NO_SRTP +#ifndef OPENSSL_NO_SRTP if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s)) { int el; @@ -1468,15 +1462,15 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, } ret += el; } -# endif +#endif custom_ext_init(&s->cert->cli_ext); /* Add custom TLS Extensions to ClientHello */ if (!custom_ext_add(s, 0, &ret, limit, al)) return NULL; -# ifdef TLSEXT_TYPE_encrypt_then_mac +#ifdef TLSEXT_TYPE_encrypt_then_mac s2n(TLSEXT_TYPE_encrypt_then_mac, ret); s2n(0, ret); -# endif +#endif s2n(TLSEXT_TYPE_extended_master_secret, ret); s2n(0, ret); @@ -1518,16 +1512,16 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, int extdatalen = 0; unsigned char *orig = buf; unsigned char *ret = buf; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG int next_proto_neg_seen; -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; int using_ecc = (alg_k & (SSL_kECDHE | SSL_kECDHr | SSL_kECDHe)) || (alg_a & SSL_aECDSA); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); -# endif +#endif ret += 2; if (ret >= limit) @@ -1567,7 +1561,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(TLSEXT_TYPE_server_name, ret); s2n(0, ret); } -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC if (using_ecc) { const unsigned char *plist; size_t plistlen; @@ -1598,7 +1592,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, * Currently the server should not respond with a SupportedCurves * extension */ -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ if (s->tlsext_ticket_expected && tls_use_ticket(s)) { if ((long)(limit - ret - 4) < 0) @@ -1614,7 +1608,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(0, ret); } -# ifndef OPENSSL_NO_SRTP +#ifndef OPENSSL_NO_SRTP if (SSL_IS_DTLS(s) && s->srtp_profile) { int el; @@ -1635,7 +1629,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, } ret += el; } -# endif +#endif if (((s->s3->tmp.new_cipher->id & 0xFFFF) == 0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF) == 0x81) @@ -1654,7 +1648,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, ret += 36; } -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS /* Add Heartbeat extension if we've received one */ if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) { if ((limit - ret - 4 - 1) < 0) @@ -1672,9 +1666,9 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, *(ret++) = SSL_TLSEXT_HB_ENABLED; } -# endif +#endif -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG next_proto_neg_seen = s->s3->next_proto_neg_seen; s->s3->next_proto_neg_seen = 0; if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb) { @@ -1695,10 +1689,10 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s->s3->next_proto_neg_seen = 1; } } -# endif +#endif if (!custom_ext_add(s, 1, &ret, limit, al)) return NULL; -# ifdef TLSEXT_TYPE_encrypt_then_mac +#ifdef TLSEXT_TYPE_encrypt_then_mac if (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC) { /* * Don't use encrypt_then_mac if AEAD or RC4 might want to disable @@ -1712,7 +1706,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, s2n(0, ret); } } -# endif +#endif if (!s->hit && s->session->flags & SSL_SESS_FLAG_EXTMS) { s2n(TLSEXT_TYPE_extended_master_secret, ret); s2n(0, ret); @@ -1808,7 +1802,7 @@ static int tls1_alpn_handle_client_hello(SSL *s, const unsigned char *data, return -1; } -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC /*- * ssl_check_for_safari attempts to fingerprint Safari using OS X * SecureTransport using the TLS extension block in |d|, of length |n|. @@ -1889,7 +1883,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, s->s3->is_probably_safari = 1; } -# endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_EC */ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) @@ -1902,33 +1896,33 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, s->servername_done = 0; s->tlsext_status_type = -1; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG s->s3->next_proto_neg_seen = 0; -# endif +#endif OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) ssl_check_for_safari(s, data, d, n); -# endif /* !OPENSSL_NO_EC */ +#endif /* !OPENSSL_NO_EC */ /* Clear any signature algorithms extension received */ OPENSSL_free(s->s3->tmp.peer_sigalgs); s->s3->tmp.peer_sigalgs = NULL; -# ifdef TLSEXT_TYPE_encrypt_then_mac +#ifdef TLSEXT_TYPE_encrypt_then_mac s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; -# endif +#endif -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP OPENSSL_free(s->srp_ctx.login); s->srp_ctx.login = NULL; -# endif +#endif s->srtp_profile = NULL; @@ -2051,7 +2045,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } } -# ifndef OPENSSL_NO_SRP +#ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { if (size <= 0 || ((len = data[0])) != (size - 1)) { *al = SSL_AD_DECODE_ERROR; @@ -2071,9 +2065,9 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, return 0; } } -# endif +#endif -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); @@ -2126,7 +2120,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, ellipticcurvelist_length); } } -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && !s->tls_session_ticket_ext_cb(s, data, size, @@ -2239,7 +2233,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, else s->tlsext_status_type = -1; } -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS else if (type == TLSEXT_TYPE_heartbeat) { switch (data[0]) { case 0x01: /* Client allows us to send HB requests */ @@ -2254,8 +2248,8 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, return 0; } } -# endif -# ifndef OPENSSL_NO_NEXTPROTONEG +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0 && s->s3->alpn_selected == NULL) { @@ -2278,30 +2272,30 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, */ s->s3->next_proto_neg_seen = 1; } -# endif +#endif else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation && s->ctx->alpn_select_cb && s->s3->tmp.finish_md_len == 0) { if (tls1_alpn_handle_client_hello(s, data, size, al) != 0) return 0; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* ALPN takes precedence over NPN. */ s->s3->next_proto_neg_seen = 0; -# endif +#endif } /* session ticket processed earlier */ -# ifndef OPENSSL_NO_SRTP +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && SSL_get_srtp_profiles(s) && type == TLSEXT_TYPE_use_srtp) { if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) return 0; } -# endif -# ifdef TLSEXT_TYPE_encrypt_then_mac +#endif +#ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; -# endif +#endif else if (type == TLSEXT_TYPE_extended_master_secret) { if (!s->hit) s->session->flags |= SSL_SESS_FLAG_EXTMS; @@ -2355,7 +2349,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, return 1; } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG /* * ssl_next_proto_validate validates a Next Protocol Negotiation block. No * elements of zero length are allowed and the set of elements must exactly @@ -2374,7 +2368,7 @@ static char ssl_next_proto_validate(unsigned char *d, unsigned len) return off == len; } -# endif +#endif static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) @@ -2386,21 +2380,21 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, int tlsext_servername = 0; int renegotiate_seen = 0; -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG s->s3->next_proto_neg_seen = 0; -# endif +#endif s->tlsext_ticket_expected = 0; OPENSSL_free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | SSL_TLSEXT_HB_DONT_SEND_REQUESTS); -# endif +#endif -# ifdef TLSEXT_TYPE_encrypt_then_mac +#ifdef TLSEXT_TYPE_encrypt_then_mac s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC; -# endif +#endif if (data >= (d + n - 2)) goto ri_check; @@ -2433,7 +2427,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, } tlsext_servername = 1; } -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC else if (type == TLSEXT_TYPE_ec_point_formats) { unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); @@ -2456,7 +2450,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, ecpointformatlist_length); } } -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ else if (type == TLSEXT_TYPE_session_ticket) { if (s->tls_session_ticket_ext_cb && @@ -2484,7 +2478,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, /* Set flag to expect CertificateStatus message */ s->tlsext_status_expected = 1; } -# ifndef OPENSSL_NO_NEXTPROTONEG +#ifndef OPENSSL_NO_NEXTPROTONEG else if (type == TLSEXT_TYPE_next_proto_neg && s->s3->tmp.finish_md_len == 0) { unsigned char *selected; @@ -2517,7 +2511,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, s->next_proto_negotiated_len = selected_len; s->s3->next_proto_neg_seen = 1; } -# endif +#endif else if (type == TLSEXT_TYPE_application_layer_protocol_negotiation) { unsigned len; @@ -2558,7 +2552,7 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, memcpy(s->s3->alpn_selected, data + 3, len); s->s3->alpn_selected_len = len; } -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS else if (type == TLSEXT_TYPE_heartbeat) { switch (data[0]) { case 0x01: /* Server allows us to send HB requests */ @@ -2573,21 +2567,21 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, return 0; } } -# endif -# ifndef OPENSSL_NO_SRTP +#endif +#ifndef OPENSSL_NO_SRTP else if (SSL_IS_DTLS(s) && type == TLSEXT_TYPE_use_srtp) { if (ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) return 0; } -# endif -# ifdef TLSEXT_TYPE_encrypt_then_mac +#endif +#ifdef TLSEXT_TYPE_encrypt_then_mac else if (type == TLSEXT_TYPE_encrypt_then_mac) { /* Ignore if inappropriate ciphersuite */ if (s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4) s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC; } -# endif +#endif else if (type == TLSEXT_TYPE_extended_master_secret) { if (!s->hit) s->session->flags |= SSL_SESS_FLAG_EXTMS; @@ -2661,7 +2655,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s) int ret = SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC /* * The handling of the ECPointFormats extension is done elsewhere, namely * in ssl3_choose_cipher in s3_lib.c. @@ -2670,7 +2664,7 @@ static int ssl_check_clienthello_tlsext_early(SSL *s) * The handling of the EllipticCurves extension is done elsewhere, namely * in ssl3_choose_cipher in s3_lib.c. */ -# endif +#endif if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) ret = @@ -2818,7 +2812,7 @@ int ssl_check_serverhello_tlsext(SSL *s) int ret = SSL_TLSEXT_ERR_NOACK; int al = SSL_AD_UNRECOGNIZED_NAME; -# ifndef OPENSSL_NO_EC +#ifndef OPENSSL_NO_EC /* * If we are client and using an elliptic curve cryptography cipher * suite, then if server returns an EC point formats lists extension it @@ -2850,7 +2844,7 @@ int ssl_check_serverhello_tlsext(SSL *s) } } ret = SSL_TLSEXT_ERR_OK; -# endif /* OPENSSL_NO_EC */ +#endif /* OPENSSL_NO_EC */ if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0) ret = @@ -3227,11 +3221,11 @@ typedef struct { } tls12_hash_info; static const tls12_hash_info tls12_md_info[] = { -# ifdef OPENSSL_NO_MD5 +#ifdef OPENSSL_NO_MD5 {NID_md5, 64, 0}, -# else +#else {NID_md5, 64, EVP_md5}, -# endif +#endif {NID_sha1, 80, EVP_sha1}, {NID_sha224, 112, EVP_sha224}, {NID_sha256, 128, EVP_sha256}, @@ -3262,18 +3256,18 @@ const EVP_MD *tls12_get_hash(unsigned char hash_alg) static int tls12_get_pkey_idx(unsigned char sig_alg) { switch (sig_alg) { -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA case TLSEXT_signature_rsa: return SSL_PKEY_RSA_SIGN; -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA case TLSEXT_signature_dsa: return SSL_PKEY_DSA_SIGN; -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: return SSL_PKEY_ECC; -# endif +#endif } return -1; } @@ -3336,24 +3330,24 @@ void ssl_set_sig_mask(unsigned long *pmask_a, SSL *s, int op) sigalgslen = tls12_get_psigalgs(s, &sigalgs); for (i = 0; i < sigalgslen; i += 2, sigalgs += 2) { switch (sigalgs[1]) { -# ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_RSA case TLSEXT_signature_rsa: if (!have_rsa && tls12_sigalg_allowed(s, op, sigalgs)) have_rsa = 1; break; -# endif -# ifndef OPENSSL_NO_DSA +#endif +#ifndef OPENSSL_NO_DSA case TLSEXT_signature_dsa: if (!have_dsa && tls12_sigalg_allowed(s, op, sigalgs)) have_dsa = 1; break; -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC case TLSEXT_signature_ecdsa: if (!have_ecdsa && tls12_sigalg_allowed(s, op, sigalgs)) have_ecdsa = 1; break; -# endif +#endif } } if (!have_rsa) @@ -3487,7 +3481,7 @@ int tls1_process_sigalgs(SSL *s) if (!tls1_set_shared_sigalgs(s)) return 0; -# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) { /* * Use first set signature preference to force message digest, @@ -3509,7 +3503,7 @@ int tls1_process_sigalgs(SSL *s) } } } -# endif +#endif for (i = 0, sigptr = c->shared_sigalgs; i < c->shared_sigalgslen; i++, sigptr++) { @@ -3534,20 +3528,20 @@ int tls1_process_sigalgs(SSL *s) * Set any remaining keys to default values. NOTE: if alg is not * supported it stays as NULL. */ -# ifndef OPENSSL_NO_DSA +#ifndef OPENSSL_NO_DSA if (pmd[SSL_PKEY_DSA_SIGN] == NULL) pmd[SSL_PKEY_DSA_SIGN] = EVP_sha1(); -# endif -# ifndef OPENSSL_NO_RSA +#endif +#ifndef OPENSSL_NO_RSA if (pmd[SSL_PKEY_RSA_SIGN] == NULL) { pmd[SSL_PKEY_RSA_SIGN] = EVP_sha1(); pmd[SSL_PKEY_RSA_ENC] = EVP_sha1(); } -# endif -# ifndef OPENSSL_NO_EC +#endif +#ifndef OPENSSL_NO_EC if (pmd[SSL_PKEY_ECC] == NULL) pmd[SSL_PKEY_ECC] = EVP_sha1(); -# endif +#endif } return 1; } @@ -3594,7 +3588,7 @@ int SSL_get_shared_sigalgs(SSL *s, int idx, return s->cert->shared_sigalgslen; } -# ifndef OPENSSL_NO_HEARTBEATS +#ifndef OPENSSL_NO_HEARTBEATS int tls1_process_heartbeat(SSL *s, unsigned char *p, unsigned int length) { unsigned char *pl; @@ -3752,9 +3746,9 @@ int tls1_heartbeat(SSL *s) OPENSSL_free(buf); return ret; } -# endif +#endif -# define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2) +#define MAX_SIGALGLEN (TLSEXT_hash_num * TLSEXT_signature_num * 2) typedef struct { size_t sigalgcnt; @@ -3897,10 +3891,10 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x) /* Flags which need to be set for a certificate when stict mode not set */ -# define CERT_PKEY_VALID_FLAGS \ +#define CERT_PKEY_VALID_FLAGS \ (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM) /* Strict mode flags */ -# define CERT_PKEY_STRICT_FLAGS \ +#define CERT_PKEY_STRICT_FLAGS \ (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \ | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE) @@ -3930,7 +3924,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, /* If no cert or key, forget it */ if (!x || !pk) goto end; -# ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL +#ifdef OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL /* Allow any certificate to pass test */ if (s->cert->cert_flags & SSL_CERT_FLAG_BROKEN_PROTOCOL) { rv = CERT_PKEY_STRICT_FLAGS | CERT_PKEY_EXPLICIT_SIGN | @@ -3938,7 +3932,7 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain, *pvalid = rv; return rv; } -# endif +#endif } else { if (!x || !pk) return 0; @@ -4174,7 +4168,6 @@ int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain) return tls1_check_chain(s, x, pk, chain, -1); } -#endif #ifndef OPENSSL_NO_DH DH *ssl_get_auto_dh(SSL *s) diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 00a3efe..5161c17 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -289,7 +289,6 @@ $cflags.=" -DOPENSSL_NO_DH" if $no_dh; $cflags.=" -DOPENSSL_NO_WHIRLPOOL" if $no_whirlpool; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; -$cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_SRP" if $no_srp; $cflags.=" -DOPENSSL_NO_CMS" if $no_cms; $cflags.=" -DOPENSSL_NO_ERR" if $no_err; @@ -1391,7 +1390,6 @@ sub read_options "gaswin" => \$gaswin, "no-ssl3" => \$no_ssl3, "no-ssl3-method" => 0, - "no-tlsext" => \$no_tlsext, "no-srp" => \$no_srp, "no-cms" => \$no_cms, "no-jpake" => \$no_jpake, diff --git a/util/mkdef.pl b/util/mkdef.pl index e2b1fb6..b21d03b 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -81,7 +81,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", # Engines "STATIC_ENGINE", "ENGINE", "HW", "GMP", # TLS - "TLSEXT", "PSK", "SRP", "HEARTBEATS", + "PSK", "SRP", "HEARTBEATS", # CMS "CMS", # CryptoAPI Engine @@ -124,7 +124,7 @@ my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2; my $no_rsa; my $no_dsa; my $no_dh; my $no_aes; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; -my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; +my $no_psk; my $no_cms; my $no_capieng; my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; my $no_ocb; @@ -213,7 +213,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-engine$/) { $no_engine=1; } elsif (/^no-hw$/) { $no_hw=1; } elsif (/^no-gmp$/) { $no_gmp=1; } - elsif (/^no-tlsext$/) { $no_tlsext=1; } elsif (/^no-cms$/) { $no_cms=1; } elsif (/^no-ec2m$/) { $no_ec2m=1; } elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; } @@ -1198,7 +1197,6 @@ sub is_valid if ($keyword eq "FP_API" && $no_fp_api) { return 0; } if ($keyword eq "STATIC_ENGINE" && $no_static_engine) { return 0; } if ($keyword eq "GMP" && $no_gmp) { return 0; } - if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; } if ($keyword eq "PSK" && $no_psk) { return 0; } if ($keyword eq "CMS" && $no_cms) { return 0; } if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc) diff --git a/util/ssleay.num b/util/ssleay.num index d595fe0..1b4755c 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -240,8 +240,8 @@ SSL_CTX_sess_get_new_cb 287 EXIST::FUNCTION: SSL_CTX_get_client_cert_cb 288 EXIST::FUNCTION: SSL_CTX_sess_get_remove_cb 289 EXIST::FUNCTION: SSL_set_SSL_CTX 290 EXIST::FUNCTION: -SSL_get_servername 291 EXIST::FUNCTION:TLSEXT -SSL_get_servername_type 292 EXIST::FUNCTION:TLSEXT +SSL_get_servername 291 EXIST::FUNCTION: +SSL_get_servername_type 292 EXIST::FUNCTION: SSL_CTX_set_client_cert_engine 293 EXIST::FUNCTION:ENGINE SSL_CTX_use_psk_identity_hint 294 EXIST::FUNCTION:PSK SSL_CTX_set_psk_client_callback 295 EXIST::FUNCTION:PSK @@ -309,21 +309,21 @@ SSL_CIPHER_get_id 349 EXIST::FUNCTION: TLSv1_2_method 350 EXIST::FUNCTION: SSL_SESSION_get_id_len 351 NOEXIST::FUNCTION: kssl_ctx_get0_client_princ 352 NOEXIST::FUNCTION: -SSL_export_keying_material 353 EXIST::FUNCTION:TLSEXT +SSL_export_keying_material 353 EXIST::FUNCTION: SSL_set_tlsext_use_srtp 354 EXIST::FUNCTION:SRTP SSL_CTX_set_next_protos_advertised_cb 355 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_protos_adv_cb 355 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_get0_next_proto_negotiated 356 EXIST::FUNCTION:NEXTPROTONEG SSL_get_selected_srtp_profile 357 EXIST::FUNCTION:SRTP SSL_CTX_set_tlsext_use_srtp 358 EXIST::FUNCTION:SRTP -SSL_select_next_proto 359 EXIST::FUNCTION:TLSEXT +SSL_select_next_proto 359 EXIST::FUNCTION: SSL_get_srtp_profiles 360 EXIST::FUNCTION:SRTP SSL_CTX_set_next_proto_select_cb 361 EXIST:!VMS:FUNCTION:NEXTPROTONEG SSL_CTX_set_next_proto_sel_cb 361 EXIST:VMS:FUNCTION:NEXTPROTONEG SSL_SESSION_get_compress_id 362 EXIST::FUNCTION: SSL_get0_param 363 EXIST::FUNCTION: SSL_CTX_get0_privatekey 364 EXIST::FUNCTION: -SSL_get_shared_sigalgs 365 EXIST::FUNCTION:TLSEXT +SSL_get_shared_sigalgs 365 EXIST::FUNCTION: SSL_CONF_CTX_finish 366 EXIST::FUNCTION: DTLS_method 367 EXIST::FUNCTION: DTLS_client_method 368 EXIST::FUNCTION: @@ -336,40 +336,40 @@ SSL_COMP_set0_compress_methods 374 NOEXIST::FUNCTION: SSL_COMP_set0_compression_methods 374 EXIST:!VMS:FUNCTION: SSL_COMP_set0_compr_methods 374 EXIST:VMS:FUNCTION: SSL_CTX_set_cert_cb 375 EXIST::FUNCTION: -SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION:TLSEXT +SSL_CTX_add_client_custom_ext 376 EXIST::FUNCTION: SSL_is_server 377 EXIST::FUNCTION: SSL_CTX_get0_param 378 EXIST::FUNCTION: SSL_CONF_cmd 379 EXIST::FUNCTION: SSL_CTX_get_ssl_method 380 EXIST::FUNCTION: SSL_CONF_CTX_set_ssl_ctx 381 EXIST::FUNCTION: SSL_CIPHER_find 382 EXIST::FUNCTION: -SSL_CTX_use_serverinfo 383 EXIST::FUNCTION:TLSEXT +SSL_CTX_use_serverinfo 383 EXIST::FUNCTION: DTLSv1_2_client_method 384 EXIST::FUNCTION: SSL_get0_alpn_selected 385 EXIST::FUNCTION: SSL_CONF_CTX_clear_flags 386 EXIST::FUNCTION: SSL_CTX_set_alpn_protos 387 EXIST::FUNCTION: -SSL_CTX_add_server_custom_ext 389 EXIST::FUNCTION:TLSEXT +SSL_CTX_add_server_custom_ext 389 EXIST::FUNCTION: SSL_CTX_get0_certificate 390 EXIST::FUNCTION: SSL_CTX_set_alpn_select_cb 391 EXIST::FUNCTION: SSL_CONF_cmd_value_type 392 EXIST::FUNCTION: SSL_set_cert_cb 393 EXIST::FUNCTION: -SSL_get_sigalgs 394 EXIST::FUNCTION:TLSEXT +SSL_get_sigalgs 394 EXIST::FUNCTION: SSL_CONF_CTX_set1_prefix 395 EXIST::FUNCTION: SSL_CONF_CTX_new 396 EXIST::FUNCTION: SSL_CONF_CTX_set_flags 397 EXIST::FUNCTION: SSL_CONF_CTX_set_ssl 398 EXIST::FUNCTION: -SSL_check_chain 399 EXIST::FUNCTION:TLSEXT +SSL_check_chain 399 EXIST::FUNCTION: SSL_certs_clear 400 EXIST::FUNCTION: SSL_CONF_CTX_free 401 EXIST::FUNCTION: SSL_trace 402 EXIST::FUNCTION:SSL_TRACE SSL_CTX_set_cli_supp_data 403 NOEXIST::FUNCTION: DTLSv1_2_method 404 EXIST::FUNCTION: DTLS_server_method 405 EXIST::FUNCTION: -SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO,TLSEXT +SSL_CTX_use_serverinfo_file 406 EXIST::FUNCTION:STDIO SSL_COMP_free_compress_methods 407 NOEXIST::FUNCTION: SSL_COMP_free_compression_methods 407 EXIST:!VMS:FUNCTION: SSL_COMP_free_compr_methods 407 EXIST:VMS:FUNCTION: -SSL_extension_supported 409 EXIST::FUNCTION:TLSEXT +SSL_extension_supported 409 EXIST::FUNCTION: SSL_CTX_get_security_callback 410 EXIST::FUNCTION: SSL_SESSION_print_keylog 411 EXIST::FUNCTION: SSL_CTX_set_not_resumable_session_callback 412 EXIST:!VMS:FUNCTION: From matt at openssl.org Fri May 22 22:26:39 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:26:39 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432333599.824069.7900.nullmailer@dev.openssl.org> The branch master has been updated via 7cc18d8158b5fc2676393d99b51c30c135502107 (commit) from 2c55a0bc93bf578757ec5c85bdb3abe9cf3f4893 (commit) - Log ----------------------------------------------------------------- commit 7cc18d8158b5fc2676393d99b51c30c135502107 Author: Matt Caswell Date: Tue May 19 15:19:30 2015 +0100 Reject negative shifts for BN_rshift and BN_lshift The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_err.c | 3 +++ crypto/bn/bn_shift.c | 10 ++++++++++ doc/crypto/BN_set_bit.pod | 8 ++++---- include/openssl/bn.h | 3 +++ 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index 13742ff..1096ec7 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -98,6 +98,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -113,6 +114,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_SET_WORDS), "bn_set_words"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} @@ -131,6 +133,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 1b38bd8..4e43a60 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -136,6 +136,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index b7c47b9..a32cca2 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. diff --git a/include/openssl/bn.h b/include/openssl/bn.h index 9c53aaf..44f1737 100644 --- a/include/openssl/bn.h +++ b/include/openssl/bn.h @@ -711,6 +711,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -726,6 +727,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_SET_WORDS 144 # define BN_F_BN_USUB 115 @@ -741,6 +743,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 From matt at openssl.org Fri May 22 22:27:03 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:27:03 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432333623.386993.11073.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 726b5e71329865d14e46e1eb96c986e3e373bbfd (commit) from 0a9f8e0621ba03d6cbd5691f997eedba2d8536f7 (commit) - Log ----------------------------------------------------------------- commit 726b5e71329865d14e46e1eb96c986e3e373bbfd Author: Matt Caswell Date: Tue May 19 15:19:30 2015 +0100 Reject negative shifts for BN_rshift and BN_lshift The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 3 +++ crypto/bn/bn_err.c | 3 +++ crypto/bn/bn_shift.c | 10 ++++++++++ doc/crypto/BN_set_bit.pod | 8 ++++---- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d615be6..da2a0e1 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -911,6 +911,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -926,6 +927,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ @@ -939,6 +941,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index faa7e22..a9b7f51 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -125,6 +127,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 4f3e8ff..9673d9a 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index b7c47b9..a32cca2 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. From matt at openssl.org Fri May 22 22:26:49 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:26:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432333609.983789.9547.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 1a9499cf23dfd441628f37c29cfe5ac615255ee1 (commit) from 254c01ed548263cf7128f54dc5c51b4df18f9b37 (commit) - Log ----------------------------------------------------------------- commit 1a9499cf23dfd441628f37c29cfe5ac615255ee1 Author: Matt Caswell Date: Tue May 19 15:19:30 2015 +0100 Reject negative shifts for BN_rshift and BN_lshift The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 3 +++ crypto/bn/bn_err.c | 3 +++ crypto/bn/bn_shift.c | 10 ++++++++++ doc/crypto/BN_set_bit.pod | 8 ++++---- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 9996b4a..7311c0a 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -893,6 +893,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -908,6 +909,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ @@ -921,6 +923,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index faa7e22..a9b7f51 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -125,6 +127,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 4f3e8ff..9673d9a 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -137,6 +137,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -174,6 +179,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index b7c47b9..a32cca2 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. From matt at openssl.org Fri May 22 22:27:14 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:27:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432333634.989070.12548.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via b3c721482b0fc54e09612f55309acade6b35a7d9 (commit) from ea04412c1338e3730064c902db180ca534d450b2 (commit) - Log ----------------------------------------------------------------- commit b3c721482b0fc54e09612f55309acade6b35a7d9 Author: Matt Caswell Date: Tue May 19 15:19:30 2015 +0100 Reject negative shifts for BN_rshift and BN_lshift The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 3 +++ crypto/bn/bn_err.c | 3 +++ crypto/bn/bn_shift.c | 10 ++++++++++ doc/crypto/BN_set_bit.pod | 8 ++++---- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 4ef3c8f..d64ed53 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -894,6 +894,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -909,6 +910,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ @@ -922,6 +924,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index faa7e22..a9b7f51 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -125,6 +127,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 67904c9..70c68f1 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index b7c47b9..a32cca2 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. From matt at openssl.org Fri May 22 22:27:24 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:27:24 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1432333644.664673.13944.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via c0de854c9d44569529fb562f0a193e81c395ce94 (commit) from 155ca14ea9fa64808782eca2b29583cfd9ff4d7f (commit) - Log ----------------------------------------------------------------- commit c0de854c9d44569529fb562f0a193e81c395ce94 Author: Matt Caswell Date: Tue May 19 15:19:30 2015 +0100 Reject negative shifts for BN_rshift and BN_lshift The functions BN_rshift and BN_lshift shift their arguments to the right or left by a specified number of bits. Unpredicatable results (including crashes) can occur if a negative number is supplied for the shift value. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke and Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx (cherry picked from commit 7cc18d8158b5fc2676393d99b51c30c135502107) Conflicts: crypto/bn/bn.h crypto/bn/bn_err.c ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 3 +++ crypto/bn/bn_err.c | 3 +++ crypto/bn/bn_shift.c | 10 ++++++++++ doc/crypto/BN_set_bit.pod | 8 ++++---- 4 files changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 6dc2d75..95dab58 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -871,6 +871,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR 135 # define BN_F_BN_GF2M_MOD_SQR 136 # define BN_F_BN_GF2M_MOD_SQRT 137 +# define BN_F_BN_LSHIFT 145 # define BN_F_BN_MOD_EXP2_MONT 118 # define BN_F_BN_MOD_EXP_MONT 109 # define BN_F_BN_MOD_EXP_MONT_CONSTTIME 124 @@ -886,6 +887,7 @@ void ERR_load_BN_strings(void); # define BN_F_BN_NEW 113 # define BN_F_BN_RAND 114 # define BN_F_BN_RAND_RANGE 122 +# define BN_F_BN_RSHIFT 146 # define BN_F_BN_USUB 115 /* Reason codes. */ @@ -899,6 +901,7 @@ void ERR_load_BN_strings(void); # define BN_R_INPUT_NOT_REDUCED 110 # define BN_R_INVALID_LENGTH 106 # define BN_R_INVALID_RANGE 115 +# define BN_R_INVALID_SHIFT 119 # define BN_R_NOT_A_SQUARE 111 # define BN_R_NOT_INITIALIZED 107 # define BN_R_NO_INVERSE 108 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index faa7e22..a9b7f51 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -94,6 +94,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"}, {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"}, + {ERR_FUNC(BN_F_BN_LSHIFT), "BN_lshift"}, {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"}, {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"}, @@ -109,6 +110,7 @@ static ERR_STRING_DATA BN_str_functs[] = { {ERR_FUNC(BN_F_BN_NEW), "BN_new"}, {ERR_FUNC(BN_F_BN_RAND), "BN_rand"}, {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"}, + {ERR_FUNC(BN_F_BN_RSHIFT), "BN_rshift"}, {ERR_FUNC(BN_F_BN_USUB), "BN_usub"}, {0, NULL} }; @@ -125,6 +127,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"}, {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"}, {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"}, + {ERR_REASON(BN_R_INVALID_SHIFT), "invalid shift"}, {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"}, {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"}, {ERR_REASON(BN_R_NO_INVERSE), "no inverse"}, diff --git a/crypto/bn/bn_shift.c b/crypto/bn/bn_shift.c index 67904c9..70c68f1 100644 --- a/crypto/bn/bn_shift.c +++ b/crypto/bn/bn_shift.c @@ -133,6 +133,11 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + r->neg = a->neg; nw = n / BN_BITS2; if (bn_wexpand(r, a->top + nw + 1) == NULL) @@ -170,6 +175,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) bn_check_top(r); bn_check_top(a); + if (n < 0) { + BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT); + return 0; + } + nw = n / BN_BITS2; rb = n % BN_BITS2; lb = BN_BITS2 - rb; diff --git a/doc/crypto/BN_set_bit.pod b/doc/crypto/BN_set_bit.pod index b7c47b9..a32cca2 100644 --- a/doc/crypto/BN_set_bit.pod +++ b/doc/crypto/BN_set_bit.pod @@ -37,12 +37,12 @@ BN_mask_bits() truncates B to an B bit number shorter than B bits. BN_lshift() shifts B left by B bits and places the result in -B (C). BN_lshift1() shifts B left by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_lshift1() shifts +B left by one and places the result in B (C). BN_rshift() shifts B right by B bits and places the result in -B (C). BN_rshift1() shifts B right by one and places -the result in B (C). +B (C). Note that B must be non-negative. BN_rshift1() shifts +B right by one and places the result in B (C). For the shift functions, B and B may be the same variable. From matt at openssl.org Fri May 22 22:50:03 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:50:03 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432335003.469487.19516.nullmailer@dev.openssl.org> The branch master has been updated via efee575ad464bfb60bf72dcb73f9b51768f4b1a1 (commit) from 7cc18d8158b5fc2676393d99b51c30c135502107 (commit) - Log ----------------------------------------------------------------- commit efee575ad464bfb60bf72dcb73f9b51768f4b1a1 Author: Matt Caswell Date: Tue May 19 16:03:02 2015 +0100 Fix off-by-one in BN_rand If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_rand.c | 7 ++++++- doc/crypto/BN_rand.pod | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 4dd3f92..2764c8a 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -122,6 +122,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } } - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index d6b975c..bd6bc86 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B is 0, it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for From matt at openssl.org Fri May 22 22:50:14 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:50:14 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432335014.569193.21271.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14 (commit) from 1a9499cf23dfd441628f37c29cfe5ac615255ee1 (commit) - Log ----------------------------------------------------------------- commit c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14 Author: Matt Caswell Date: Tue May 19 16:03:02 2015 +0100 Fix off-by-one in BN_rand If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 1 + crypto/bn/bn_err.c | 3 ++- crypto/bn/bn_rand.c | 7 ++++++- doc/crypto/BN_rand.pod | 3 ++- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 7311c0a..5696965 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -916,6 +916,7 @@ void ERR_load_BN_strings(void); # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a9b7f51..e7a7038 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 9e78d4d..f9fb2e9 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -169,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index d6b975c..bd6bc86 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B is 0, it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for From matt at openssl.org Fri May 22 22:50:25 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:50:25 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432335025.534533.22514.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via b484b040e39e03efbc889a204f5fd2406d7b04b5 (commit) from 726b5e71329865d14e46e1eb96c986e3e373bbfd (commit) - Log ----------------------------------------------------------------- commit b484b040e39e03efbc889a204f5fd2406d7b04b5 Author: Matt Caswell Date: Tue May 19 16:03:02 2015 +0100 Fix off-by-one in BN_rand If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 1 + crypto/bn/bn_err.c | 3 ++- crypto/bn/bn_rand.c | 7 ++++++- doc/crypto/BN_rand.pod | 3 ++- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index da2a0e1..47d8c71 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -934,6 +934,7 @@ void ERR_load_BN_strings(void); # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a9b7f51..e7a7038 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 9e78d4d..f9fb2e9 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -169,7 +174,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 81f93c2..3b2796c 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B is 0, it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for From matt at openssl.org Fri May 22 22:50:38 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:50:38 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432335038.889594.24430.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via e261cf5a2e3c12e9c6221a83a077c5523b85b979 (commit) from b3c721482b0fc54e09612f55309acade6b35a7d9 (commit) - Log ----------------------------------------------------------------- commit e261cf5a2e3c12e9c6221a83a077c5523b85b979 Author: Matt Caswell Date: Tue May 19 16:03:02 2015 +0100 Fix off-by-one in BN_rand If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 1 + crypto/bn/bn_err.c | 3 ++- crypto/bn/bn_rand.c | 7 ++++++- doc/crypto/BN_rand.pod | 3 ++- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index d64ed53..f18e3b8 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -917,6 +917,7 @@ void ERR_load_BN_strings(void); # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a9b7f51..e7a7038 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 7ac71ec..72308bc 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 81f93c2..3b2796c 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B is 0, it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for From matt at openssl.org Fri May 22 22:50:50 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 22:50:50 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1432335050.166452.26183.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via f3b555a601d641448af8f2a7ef57c20db36f1b94 (commit) from c0de854c9d44569529fb562f0a193e81c395ce94 (commit) - Log ----------------------------------------------------------------- commit f3b555a601d641448af8f2a7ef57c20db36f1b94 Author: Matt Caswell Date: Tue May 19 16:03:02 2015 +0100 Fix off-by-one in BN_rand If BN_rand is called with |bits| set to 1 and |top| set to 1 then a 1 byte buffer overflow can occur. There are no such instances within the OpenSSL at the moment. Thanks to Mateusz Kocielski (LogicalTrust), Marek Kroemeke, Filip Palian for discovering and reporting this issue. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn.h | 1 + crypto/bn/bn_err.c | 3 ++- crypto/bn/bn_rand.c | 7 ++++++- doc/crypto/BN_rand.pod | 3 ++- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 95dab58..fa3520b 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -894,6 +894,7 @@ void ERR_load_BN_strings(void); # define BN_R_ARG2_LT_ARG3 100 # define BN_R_BAD_RECIPROCAL 101 # define BN_R_BIGNUM_TOO_LONG 114 +# define BN_R_BITS_TOO_SMALL 118 # define BN_R_CALLED_WITH_EVEN_MODULUS 102 # define BN_R_DIV_BY_ZERO 103 # define BN_R_ENCODING_ERROR 104 diff --git a/crypto/bn/bn_err.c b/crypto/bn/bn_err.c index a9b7f51..e7a7038 100644 --- a/crypto/bn/bn_err.c +++ b/crypto/bn/bn_err.c @@ -1,6 +1,6 @@ /* crypto/bn/bn_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -119,6 +119,7 @@ static ERR_STRING_DATA BN_str_reasons[] = { {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"}, {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"}, {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"}, + {ERR_REASON(BN_R_BITS_TOO_SMALL), "bits too small"}, {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"}, {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"}, {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"}, diff --git a/crypto/bn/bn_rand.c b/crypto/bn/bn_rand.c index 7ac71ec..72308bc 100644 --- a/crypto/bn/bn_rand.c +++ b/crypto/bn/bn_rand.c @@ -121,6 +121,11 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) int ret = 0, bit, bytes, mask; time_t tim; + if (bits < 0 || (bits == 1 && top > 0)) { + BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL); + return 0; + } + if (bits == 0) { BN_zero(rnd); return 1; @@ -168,7 +173,7 @@ static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) } #endif - if (top != -1) { + if (top >= 0) { if (top) { if (bit == 0) { buf[0] = 1; diff --git a/doc/crypto/BN_rand.pod b/doc/crypto/BN_rand.pod index 81f93c2..3b2796c 100644 --- a/doc/crypto/BN_rand.pod +++ b/doc/crypto/BN_rand.pod @@ -24,7 +24,8 @@ most significant bit of the random number can be zero. If B is 0, it is set to 1, and if B is 1, the two most significant bits of the number will be set to 1, so that the product of two such random numbers will always have 2*B length. If B is true, the -number will be odd. +number will be odd. The value of B must be zero or greater. If B is +1 then B cannot also be 1. BN_pseudo_rand() does the same, but pseudo-random numbers generated by this function are not necessarily unpredictable. They can be used for From matt at openssl.org Fri May 22 23:04:15 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 23:04:15 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432335855.470637.29572.nullmailer@dev.openssl.org> The branch master has been updated via fdfe8b06ae97da3bc3a77aa3db00f8e0445f3c70 (commit) via 13f8eb4730b9fc039e743870f81e5ff54b3d05b8 (commit) from efee575ad464bfb60bf72dcb73f9b51768f4b1a1 (commit) - Log ----------------------------------------------------------------- commit fdfe8b06ae97da3bc3a77aa3db00f8e0445f3c70 Author: Matt Caswell Date: Fri May 22 13:48:49 2015 +0100 Fix typo setting up certificate masks The certificate masks are used to select which ciphersuite we are going to use. The variables |emask_k| and |emask_a| relate to export grade key exchange and authentication respecitively. The variables |mask_k| and |mask_a| are the equivalent versions for non-export grade. This fixes an instance where the two usages of export/non-export were mixed up. In practice it makes little difference since it still works! Reviewed-by: Richard Levitte commit 13f8eb4730b9fc039e743870f81e5ff54b3d05b8 Author: Matt Caswell Date: Fri May 22 13:33:19 2015 +0100 Remove export static DH ciphersuites Remove support for the two export grade static DH ciphersuites. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix them. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/apps/ciphers.pod | 2 -- ssl/s3_lib.c | 4 ++-- ssl/ssl_lib.c | 2 +- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index e1e0721..6016151 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,14 @@ not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed. [Matt Caswell] + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + *) Version negotiation has been rewritten. In particular SSLv23_method(), SSLv23_client_method() and SSLv23_server_method() have been deprecated, and turned into macros which simply call the new preferred function names diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 84d8260..c2d40ac 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -365,10 +365,8 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DHE-DSS-DES-CBC-SHA diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 3aa9863..efd9683 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -330,7 +330,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { /* The DH ciphers */ /* Cipher 0B */ { - 1, + 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL_kDHd, @@ -378,7 +378,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl3_ciphers[] = { /* Cipher 0E */ { - 1, + 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL_kDHr, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 3952b6b..5ca9171 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2024,7 +2024,7 @@ void ssl_set_masks(SSL *s, const SSL_CIPHER *cipher) if (dh_dsa_export) emask_k |= SSL_kDHd; - if (emask_k & (SSL_kDHr | SSL_kDHd)) + if (mask_k & (SSL_kDHr | SSL_kDHd)) mask_a |= SSL_aDH; if (rsa_enc || rsa_sign) { From matt at openssl.org Fri May 22 23:04:34 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 22 May 2015 23:04:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432335874.292938.32021.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via e4731f76e2dc2a36e62522a4ec115880ba7dfc1f (commit) via 595487ea1978d65ca8db7b1c4990fc8c4f781399 (commit) from c6eb1cbd1e2afbf0e0e9170cb9b5df1ff25bfd14 (commit) - Log ----------------------------------------------------------------- commit e4731f76e2dc2a36e62522a4ec115880ba7dfc1f Author: Matt Caswell Date: Fri May 22 13:48:49 2015 +0100 Fix typo setting up certificate masks The certificate masks are used to select which ciphersuite we are going to use. The variables |emask_k| and |emask_a| relate to export grade key exchange and authentication respecitively. The variables |mask_k| and |mask_a| are the equivalent versions for non-export grade. This fixes an instance where the two usages of export/non-export were mixed up. In practice it makes little difference since it still works! Reviewed-by: Richard Levitte (cherry picked from commit fdfe8b06ae97da3bc3a77aa3db00f8e0445f3c70) commit 595487ea1978d65ca8db7b1c4990fc8c4f781399 Author: Matt Caswell Date: Fri May 22 13:33:19 2015 +0100 Remove export static DH ciphersuites Remove support for the two export grade static DH ciphersuites. These two ciphersuites were newly added (along with a number of other static DH ciphersuites) to 1.0.2. However the two export ones have *never* worked since they were introduced. It seems strange in any case to be adding new export ciphersuites, and given "logjam" it also does not seem correct to fix them. Reviewed-by: Richard Levitte (cherry picked from commit 13f8eb4730b9fc039e743870f81e5ff54b3d05b8) Conflicts: CHANGES ----------------------------------------------------------------------- Summary of changes: CHANGES | 8 ++++++++ doc/apps/ciphers.pod | 2 -- ssl/s3_lib.c | 4 ++-- ssl/ssl_lib.c | 2 +- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index 0fedee6..c65ce82 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx] + *) Removed support for the two export grade static DH ciphersuites + EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites + were newly added (along with a number of other static DH ciphersuites) to + 1.0.2. However the two export ones have *never* worked since they were + introduced. It seems strange in any case to be adding new export + ciphersuites, and given "logjam" it also does not seem correct to fix them. + [Matt Caswell] + *) Only support 256-bit or stronger elliptic curves with the 'ecdh_auto' setting (server) or by default (client). Of supported curves, prefer P-256 (both). diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index e9280bc..1c26e3b 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -365,10 +365,8 @@ e.g. DES-CBC3-SHA. In these cases, RSA authentication is used. SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA - SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_DES_CBC_SHA DH-DSS-DES-CBC-SHA SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA - SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_DES_CBC_SHA DH-RSA-DES-CBC-SHA SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 28129f6..5db349a 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -330,7 +330,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* The DH ciphers */ /* Cipher 0B */ { - 1, + 0, SSL3_TXT_DH_DSS_DES_40_CBC_SHA, SSL3_CK_DH_DSS_DES_40_CBC_SHA, SSL_kDHd, @@ -378,7 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { /* Cipher 0E */ { - 1, + 0, SSL3_TXT_DH_RSA_DES_40_CBC_SHA, SSL3_CK_DH_RSA_DES_40_CBC_SHA, SSL_kDHr, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index b60fe1a..c0931e7 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2330,7 +2330,7 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) if (dh_dsa_export) emask_k |= SSL_kDHd; - if (emask_k & (SSL_kDHr | SSL_kDHd)) + if (mask_k & (SSL_kDHr | SSL_kDHd)) mask_a |= SSL_aDH; if (rsa_enc || rsa_sign) { From levitte at openssl.org Sat May 23 04:14:44 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2015 04:14:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432354484.876006.30345.nullmailer@dev.openssl.org> The branch master has been updated via 6f45032f6730622e8d484d92e07c7fce7d1f88ac (commit) from fdfe8b06ae97da3bc3a77aa3db00f8e0445f3c70 (commit) - Log ----------------------------------------------------------------- commit 6f45032f6730622e8d484d92e07c7fce7d1f88ac Author: Richard Levitte Date: Fri May 22 19:23:43 2015 +0200 Missed a couple of spots in the update change Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: Makefile.org | 2 +- apps/Makefile | 12 +++++------- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/Makefile.org b/Makefile.org index ea9f6a0..9f72cdb 100644 --- a/Makefile.org +++ b/Makefile.org @@ -439,7 +439,7 @@ tests: rehash report: @$(PERL) util/selftest.pl -update: errors stacks util/libeay.num util/ssleay.num apps/openssl-vms.cnf TABLE +update: errors stacks util/libeay.num util/ssleay.num TABLE @set -e; target=update; $(RECURSIVE_BUILD_CMD) depend: diff --git a/apps/Makefile b/apps/Makefile index ea78064..90e6014 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -123,14 +123,12 @@ tests: lint: echo nope >fluff -update: openssl-vms.cnf depend +update: openssl-vms.cnf local_depend -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC); \ - fi +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(EXE_SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new From levitte at openssl.org Sat May 23 09:07:42 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2015 09:07:42 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432372062.511482.27002.nullmailer@dev.openssl.org> The branch master has been updated via 8b822d2566853ee5e313c37529f71336209b28ab (commit) from 6f45032f6730622e8d484d92e07c7fce7d1f88ac (commit) - Log ----------------------------------------------------------------- commit 8b822d2566853ee5e313c37529f71336209b28ab Author: Richard Levitte Date: Sat May 23 06:33:41 2015 +0200 Fix update and depend in engines/ The update: target in engines/ didn't recurse into engines/ccgost. The update: and depend: targets in engines/ccgost needed a fixup. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: engines/Makefile | 1 + engines/ccgost/Makefile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/engines/Makefile b/engines/Makefile index eca15e2..e9dc1c4 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -136,6 +136,7 @@ lint: update: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) depend: local_depend @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index f3378aa..57b9c59 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -64,10 +64,10 @@ install: tests: update: local_depend - @[ -z "$(THIS)" ] && $(MAKE) -f $(TOP)/Makefile reflect THIS=$@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi depend: local_depend - @[ -z "$(THIS)" ] && $(MAKE) -f $(TOP)/Makefile reflect THIS=$@ + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi local_depend: @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) From levitte at openssl.org Sat May 23 09:09:44 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2015 09:09:44 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432372184.327942.27944.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 886ef2b650768d8960e769707055eb79c32a0125 (commit) via 8b89cb3307acb2e1056bfda56794a45abda278a5 (commit) via bf423546200bd748277f79235cb0cdb7ca0e4a2c (commit) from e4731f76e2dc2a36e62522a4ec115880ba7dfc1f (commit) - Log ----------------------------------------------------------------- commit 886ef2b650768d8960e769707055eb79c32a0125 Author: Richard Levitte Date: Sat May 23 06:33:41 2015 +0200 Fix update and depend in engines/ The update: target in engines/ didn't recurse into engines/ccgost. The update: and depend: targets in engines/ccgost needed a fixup. Reviewed-by: Rich Salz (cherry picked from commit 8b822d2566853ee5e313c37529f71336209b28ab) commit 8b89cb3307acb2e1056bfda56794a45abda278a5 Author: Richard Levitte Date: Fri May 22 19:23:43 2015 +0200 Missed a couple of spots in the update change Reviewed-by: Rich Salz (cherry picked from commit 6f45032f6730622e8d484d92e07c7fce7d1f88ac) Conflicts: apps/Makefile commit bf423546200bd748277f79235cb0cdb7ca0e4a2c Author: Richard Levitte Date: Fri May 22 17:54:06 2015 +0200 Fix the update target and remove duplicate file updates We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile ----------------------------------------------------------------------- Summary of changes: Makefile.org | 19 +++---------------- apps/Makefile | 15 +++++++++------ crypto/Makefile | 11 ++++++++--- crypto/aes/Makefile | 2 ++ crypto/asn1/Makefile | 2 ++ crypto/bf/Makefile | 2 ++ crypto/bio/Makefile | 2 ++ crypto/bn/Makefile | 2 ++ crypto/buffer/Makefile | 2 ++ crypto/camellia/Makefile | 2 ++ crypto/cast/Makefile | 2 ++ crypto/cmac/Makefile | 2 ++ crypto/cms/Makefile | 2 ++ crypto/comp/Makefile | 2 ++ crypto/conf/Makefile | 2 ++ crypto/des/Makefile | 2 ++ crypto/dh/Makefile | 2 ++ crypto/dsa/Makefile | 2 ++ crypto/dso/Makefile | 2 ++ crypto/ec/Makefile | 2 ++ crypto/ecdh/Makefile | 2 ++ crypto/ecdsa/Makefile | 2 ++ crypto/engine/Makefile | 2 ++ crypto/err/Makefile | 2 ++ crypto/evp/Makefile | 2 ++ crypto/hmac/Makefile | 2 ++ crypto/idea/Makefile | 2 ++ crypto/jpake/Makefile | 2 ++ crypto/krb5/Makefile | 2 ++ crypto/lhash/Makefile | 2 ++ crypto/md2/Makefile | 2 ++ crypto/md4/Makefile | 2 ++ crypto/md5/Makefile | 2 ++ crypto/mdc2/Makefile | 2 ++ crypto/modes/Makefile | 2 ++ crypto/objects/Makefile | 2 ++ crypto/ocsp/Makefile | 2 ++ crypto/pem/Makefile | 2 ++ crypto/pkcs12/Makefile | 2 ++ crypto/pkcs7/Makefile | 2 ++ crypto/pqueue/Makefile | 2 ++ crypto/rand/Makefile | 2 ++ crypto/rc2/Makefile | 2 ++ crypto/rc4/Makefile | 2 ++ crypto/rc5/Makefile | 2 ++ crypto/ripemd/Makefile | 2 ++ crypto/rsa/Makefile | 2 ++ crypto/seed/Makefile | 2 ++ crypto/sha/Makefile | 2 ++ crypto/srp/Makefile | 2 ++ crypto/stack/Makefile | 2 ++ crypto/store/Makefile | 2 ++ crypto/ts/Makefile | 2 ++ crypto/txt_db/Makefile | 2 ++ crypto/ui/Makefile | 2 ++ crypto/whrlpool/Makefile | 2 ++ crypto/x509/Makefile | 2 ++ crypto/x509v3/Makefile | 2 ++ engines/Makefile | 13 ++++++++----- engines/ccgost/Makefile | 13 +++++++------ ssl/Makefile | 13 +++++++------ test/Makefile | 13 +++++++------ tools/Makefile | 2 ++ 63 files changed, 161 insertions(+), 48 deletions(-) diff --git a/Makefile.org b/Makefile.org index b7a3f96..0b2b72d 100644 --- a/Makefile.org +++ b/Makefile.org @@ -457,6 +457,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -481,26 +484,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/apps/Makefile b/apps/Makefile index 72657ea..963780f 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -127,12 +130,12 @@ links: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: openssl-vms.cnf local_depend + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/crypto/Makefile b/crypto/Makefile index 9a39e93..7869996 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -125,12 +125,17 @@ install: lint: @target=lint; $(RECURSIVE_MAKE) -depend: +update: local_depend + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index b94ca72..e825c14 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -122,6 +122,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 2e2a097..330fe81 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -93,6 +93,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bf/Makefile b/crypto/bf/Makefile index d01bfaa..6dd2015 100644 --- a/crypto/bf/Makefile +++ b/crypto/bf/Makefile @@ -72,6 +72,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bio/Makefile b/crypto/bio/Makefile index c395d80..ef526f6 100644 --- a/crypto/bio/Makefile +++ b/crypto/bio/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index ad814de..215855e 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -176,6 +176,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/buffer/Makefile b/crypto/buffer/Makefile index 2efba47..352efb8 100644 --- a/crypto/buffer/Makefile +++ b/crypto/buffer/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 60e8960..ab1225e 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -75,6 +75,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cast/Makefile b/crypto/cast/Makefile index f3f4859..4c4b5e9 100644 --- a/crypto/cast/Makefile +++ b/crypto/cast/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cmac/Makefile b/crypto/cmac/Makefile index 54e7cc3..6a28408 100644 --- a/crypto/cmac/Makefile +++ b/crypto/cmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile index 644fef3..6f3a832 100644 --- a/crypto/cms/Makefile +++ b/crypto/cms/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index efda832..a1e9464 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index 78bb324..d5f5c58 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/des/Makefile b/crypto/des/Makefile index 060c647..8b5166c 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -96,6 +96,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index f447907..46fa5ac 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 5fef4ca..8109201 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dso/Makefile b/crypto/dso/Makefile index fb2709e..36b8ead 100644 --- a/crypto/dso/Makefile +++ b/crypto/dso/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index 0d9f3ab..359ef4e 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -78,6 +78,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile index df1b03a..1b31ba1 100644 --- a/crypto/ecdh/Makefile +++ b/crypto/ecdh/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index e89e0c0..4ce00e8 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 2ee6c72..426388e 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/err/Makefile b/crypto/err/Makefile index 862b23b..b6f3ef1 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index c9afca7..aaaad98 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -86,6 +86,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile index 0e91709..52e39e5 100644 --- a/crypto/hmac/Makefile +++ b/crypto/hmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/idea/Makefile b/crypto/idea/Makefile index 8af0acd..3dc23e4 100644 --- a/crypto/idea/Makefile +++ b/crypto/idea/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile index 110c49c..5193fd9 100644 --- a/crypto/jpake/Makefile +++ b/crypto/jpake/Makefile @@ -32,6 +32,8 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/krb5/Makefile b/crypto/krb5/Makefile index 1407739..8b9a01a 100644 --- a/crypto/krb5/Makefile +++ b/crypto/krb5/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/lhash/Makefile b/crypto/lhash/Makefile index 82bddac..c7f4365 100644 --- a/crypto/lhash/Makefile +++ b/crypto/lhash/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md2/Makefile b/crypto/md2/Makefile index 17f878a..b630110 100644 --- a/crypto/md2/Makefile +++ b/crypto/md2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md4/Makefile b/crypto/md4/Makefile index e6f1e44..3ee4361 100644 --- a/crypto/md4/Makefile +++ b/crypto/md4/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index 390e5f1..f5240da 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -79,6 +79,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 1415531..c2d0c5b 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index cbcbfad..a7863d9 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -95,6 +95,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index a8aedbd..f93d2f9 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: obj_dat.h obj_mac.h obj_xref.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index 60c414c..96a1b15 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 7691f83..65de60e 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile index 3a7498f..be5f8c5 100644 --- a/crypto/pkcs12/Makefile +++ b/crypto/pkcs12/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile index effe05f..decf5e0 100644 --- a/crypto/pkcs7/Makefile +++ b/crypto/pkcs7/Makefile @@ -68,6 +68,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile index fb36a0c..a59b5a9 100644 --- a/crypto/pqueue/Makefile +++ b/crypto/pqueue/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index 27694aa..df44369 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc2/Makefile b/crypto/rc2/Makefile index 8a9d49a..b3727a4 100644 --- a/crypto/rc2/Makefile +++ b/crypto/rc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index 76860ae..7434ff7 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -89,6 +89,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc5/Makefile b/crypto/rc5/Makefile index 8a8b00e..6ca0037 100644 --- a/crypto/rc5/Makefile +++ b/crypto/rc5/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile index 25140b2..1c3f094 100644 --- a/crypto/ripemd/Makefile +++ b/crypto/ripemd/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index af487b6..e292e84 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/seed/Makefile b/crypto/seed/Makefile index 4bc55e4..70d3d45 100644 --- a/crypto/seed/Makefile +++ b/crypto/seed/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index a8c0cf7..de6cdde 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -124,6 +124,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile index ddf6748..414af7b 100644 --- a/crypto/srp/Makefile +++ b/crypto/srp/Makefile @@ -64,6 +64,8 @@ srptest: top srptest.c $(LIB) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/stack/Makefile b/crypto/stack/Makefile index 5327692..b069c93 100644 --- a/crypto/stack/Makefile +++ b/crypto/stack/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/store/Makefile b/crypto/store/Makefile index 0dcfd78..5bc7ca7 100644 --- a/crypto/store/Makefile +++ b/crypto/store/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index c182345..cf991ef 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -73,6 +73,8 @@ tags: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile index e6f3033..4f70b19 100644 --- a/crypto/txt_db/Makefile +++ b/crypto/txt_db/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ui/Makefile b/crypto/ui/Makefile index a685659..b28fcca 100644 --- a/crypto/ui/Makefile +++ b/crypto/ui/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile index f4d46e4..befd6d6 100644 --- a/crypto/whrlpool/Makefile +++ b/crypto/whrlpool/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index cfbb59c..01aa3bf 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index cdbfd52..8cae749 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/engines/Makefile b/engines/Makefile index da6c875..2058ff4 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -146,12 +146,15 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @target=lint; $(RECURSIVE_MAKE) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - fi - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index a1d2197..17e1efb 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -66,12 +66,13 @@ links: tests: -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/ssl/Makefile b/ssl/Makefile index 1c5b388..42f1af5 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -89,12 +89,13 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/test/Makefile b/test/Makefile index 3388679..1b65d4e 100644 --- a/test/Makefile +++ b/test/Makefile @@ -351,12 +351,13 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/tools/Makefile b/tools/Makefile index bb6fb71..c1a2f6b 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -44,6 +44,8 @@ tags: errors: +update: depend + depend: dclean: From levitte at openssl.org Sat May 23 09:20:37 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2015 09:20:37 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432372837.721697.29287.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 591c819c301bf9e02333852aabf55d55813ae721 (commit) via 439c1934135c1f41fbef55592781cf4899efad94 (commit) via 1b8403889b52be15a8de87054ad4605d79fafb08 (commit) from e261cf5a2e3c12e9c6221a83a077c5523b85b979 (commit) - Log ----------------------------------------------------------------- commit 591c819c301bf9e02333852aabf55d55813ae721 Author: Richard Levitte Date: Sat May 23 06:33:41 2015 +0200 Fix update and depend in engines/ The update: target in engines/ didn't recurse into engines/ccgost. The update: and depend: targets in engines/ccgost needed a fixup. Reviewed-by: Rich Salz (cherry picked from commit 8b822d2566853ee5e313c37529f71336209b28ab) commit 439c1934135c1f41fbef55592781cf4899efad94 Author: Richard Levitte Date: Fri May 22 19:23:43 2015 +0200 Missed a couple of spots in the update change Reviewed-by: Rich Salz (cherry picked from commit 6f45032f6730622e8d484d92e07c7fce7d1f88ac) Conflicts: apps/Makefile commit 1b8403889b52be15a8de87054ad4605d79fafb08 Author: Richard Levitte Date: Fri May 22 17:54:06 2015 +0200 Fix the update target and remove duplicate file updates We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile crypto/cmac/Makefile crypto/srp/Makefile ----------------------------------------------------------------------- Summary of changes: Makefile.org | 19 +++---------------- apps/Makefile | 15 +++++++++------ crypto/Makefile | 11 ++++++++--- crypto/aes/Makefile | 2 ++ crypto/asn1/Makefile | 2 ++ crypto/bf/Makefile | 2 ++ crypto/bio/Makefile | 2 ++ crypto/bn/Makefile | 2 ++ crypto/buffer/Makefile | 2 ++ crypto/camellia/Makefile | 2 ++ crypto/cast/Makefile | 2 ++ crypto/cms/Makefile | 2 ++ crypto/comp/Makefile | 2 ++ crypto/conf/Makefile | 2 ++ crypto/des/Makefile | 2 ++ crypto/dh/Makefile | 2 ++ crypto/dsa/Makefile | 2 ++ crypto/dso/Makefile | 2 ++ crypto/ec/Makefile | 2 ++ crypto/ecdh/Makefile | 2 ++ crypto/ecdsa/Makefile | 2 ++ crypto/engine/Makefile | 2 ++ crypto/err/Makefile | 2 ++ crypto/evp/Makefile | 2 ++ crypto/hmac/Makefile | 2 ++ crypto/idea/Makefile | 2 ++ crypto/jpake/Makefile | 2 ++ crypto/krb5/Makefile | 2 ++ crypto/lhash/Makefile | 2 ++ crypto/md2/Makefile | 2 ++ crypto/md4/Makefile | 2 ++ crypto/md5/Makefile | 2 ++ crypto/mdc2/Makefile | 2 ++ crypto/modes/Makefile | 2 ++ crypto/objects/Makefile | 2 ++ crypto/ocsp/Makefile | 2 ++ crypto/pem/Makefile | 2 ++ crypto/pkcs12/Makefile | 2 ++ crypto/pkcs7/Makefile | 2 ++ crypto/pqueue/Makefile | 2 ++ crypto/rand/Makefile | 2 ++ crypto/rc2/Makefile | 2 ++ crypto/rc4/Makefile | 2 ++ crypto/rc5/Makefile | 2 ++ crypto/ripemd/Makefile | 2 ++ crypto/rsa/Makefile | 2 ++ crypto/seed/Makefile | 2 ++ crypto/sha/Makefile | 2 ++ crypto/stack/Makefile | 2 ++ crypto/store/Makefile | 2 ++ crypto/ts/Makefile | 2 ++ crypto/txt_db/Makefile | 2 ++ crypto/ui/Makefile | 2 ++ crypto/whrlpool/Makefile | 2 ++ crypto/x509/Makefile | 2 ++ crypto/x509v3/Makefile | 2 ++ engines/Makefile | 13 ++++++++----- engines/ccgost/Makefile | 13 +++++++------ ssl/Makefile | 13 +++++++------ test/Makefile | 13 +++++++------ tools/Makefile | 2 ++ 61 files changed, 157 insertions(+), 48 deletions(-) diff --git a/Makefile.org b/Makefile.org index 808b99e..13ffc15 100644 --- a/Makefile.org +++ b/Makefile.org @@ -416,6 +416,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -440,26 +443,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/apps/Makefile b/apps/Makefile index fa32d2d..863144c 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -127,12 +130,12 @@ links: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: openssl-vms.cnf local_depend + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/crypto/Makefile b/crypto/Makefile index d6bc8e4..6524ad2 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -121,12 +121,17 @@ install: lint: @target=lint; $(RECURSIVE_MAKE) -depend: +update: local_depend + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index c501a43..fb70030 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -87,6 +87,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index 160544e..6d874d6 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -93,6 +93,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bf/Makefile b/crypto/bf/Makefile index dd2c2c7..e0e4ee9 100644 --- a/crypto/bf/Makefile +++ b/crypto/bf/Makefile @@ -72,6 +72,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bio/Makefile b/crypto/bio/Makefile index c395d80..ef526f6 100644 --- a/crypto/bio/Makefile +++ b/crypto/bio/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index aabc4f5..02c2e0d 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -142,6 +142,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/buffer/Makefile b/crypto/buffer/Makefile index 9f3a88d..9355e70 100644 --- a/crypto/buffer/Makefile +++ b/crypto/buffer/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index ff5fe4a..e8f166d 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cast/Makefile b/crypto/cast/Makefile index 0acc38f..acce5a3 100644 --- a/crypto/cast/Makefile +++ b/crypto/cast/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile index 5837049..90da8e4 100644 --- a/crypto/cms/Makefile +++ b/crypto/cms/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index efda832..a1e9464 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index 78bb324..d5f5c58 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/des/Makefile b/crypto/des/Makefile index ae98226..035b836 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -94,6 +94,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index f23b4f7..6d574f4 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 8073c4e..682772a 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dso/Makefile b/crypto/dso/Makefile index fb2709e..36b8ead 100644 --- a/crypto/dso/Makefile +++ b/crypto/dso/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index db380ed..a5f7cad 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -66,6 +66,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile index 65d8904..e456e96 100644 --- a/crypto/ecdh/Makefile +++ b/crypto/ecdh/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index e89e0c0..4ce00e8 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index 9c21482..fa27f3e 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/err/Makefile b/crypto/err/Makefile index 862b23b..b6f3ef1 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index 82825e5..8fe3c02 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -84,6 +84,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile index 0e91709..52e39e5 100644 --- a/crypto/hmac/Makefile +++ b/crypto/hmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/idea/Makefile b/crypto/idea/Makefile index b2e7add..3463d03 100644 --- a/crypto/idea/Makefile +++ b/crypto/idea/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile index 110c49c..5193fd9 100644 --- a/crypto/jpake/Makefile +++ b/crypto/jpake/Makefile @@ -32,6 +32,8 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/krb5/Makefile b/crypto/krb5/Makefile index 1407739..8b9a01a 100644 --- a/crypto/krb5/Makefile +++ b/crypto/krb5/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/lhash/Makefile b/crypto/lhash/Makefile index 82bddac..c7f4365 100644 --- a/crypto/lhash/Makefile +++ b/crypto/lhash/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md2/Makefile b/crypto/md2/Makefile index 17f878a..b630110 100644 --- a/crypto/md2/Makefile +++ b/crypto/md2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md4/Makefile b/crypto/md4/Makefile index c94a139..c810182 100644 --- a/crypto/md4/Makefile +++ b/crypto/md4/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index 9858d53..67d8ac6 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -76,6 +76,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 1d064f1..28e8bc3 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index 6c85861..20add64 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index a8aedbd..f93d2f9 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: obj_dat.h obj_mac.h obj_xref.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index 60c414c..96a1b15 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 2cc7801..7a930ee 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile index 3a7498f..be5f8c5 100644 --- a/crypto/pkcs12/Makefile +++ b/crypto/pkcs12/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile index effe05f..decf5e0 100644 --- a/crypto/pkcs7/Makefile +++ b/crypto/pkcs7/Makefile @@ -68,6 +68,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile index fb36a0c..a59b5a9 100644 --- a/crypto/pqueue/Makefile +++ b/crypto/pqueue/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index 27694aa..df44369 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc2/Makefile b/crypto/rc2/Makefile index 73eac34..2348ab8 100644 --- a/crypto/rc2/Makefile +++ b/crypto/rc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index 264451a..f1a5d3a 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -84,6 +84,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc5/Makefile b/crypto/rc5/Makefile index 8a8b00e..6ca0037 100644 --- a/crypto/rc5/Makefile +++ b/crypto/rc5/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile index d5b1067..464169d 100644 --- a/crypto/ripemd/Makefile +++ b/crypto/ripemd/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index 7c6bc00..22c0793 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/seed/Makefile b/crypto/seed/Makefile index 4bc55e4..70d3d45 100644 --- a/crypto/seed/Makefile +++ b/crypto/seed/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index e6eccb0..8439142 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -100,6 +100,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/stack/Makefile b/crypto/stack/Makefile index 5327692..b069c93 100644 --- a/crypto/stack/Makefile +++ b/crypto/stack/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/store/Makefile b/crypto/store/Makefile index 0dcfd78..5bc7ca7 100644 --- a/crypto/store/Makefile +++ b/crypto/store/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index c182345..cf991ef 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -73,6 +73,8 @@ tags: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile index e6f3033..4f70b19 100644 --- a/crypto/txt_db/Makefile +++ b/crypto/txt_db/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ui/Makefile b/crypto/ui/Makefile index a685659..b28fcca 100644 --- a/crypto/ui/Makefile +++ b/crypto/ui/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile index 566b996..308bbb0 100644 --- a/crypto/whrlpool/Makefile +++ b/crypto/whrlpool/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index 72c8227..af3c255 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index 556ef35..05125ab 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/engines/Makefile b/engines/Makefile index 2fa9534..23bd2f3 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -146,12 +146,15 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @target=lint; $(RECURSIVE_MAKE) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - fi - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index dadb523..a6836b3 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -66,12 +66,13 @@ links: tests: -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: diff --git a/ssl/Makefile b/ssl/Makefile index cd0c37d..f429e3a 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -89,12 +89,13 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/test/Makefile b/test/Makefile index 9566945..3fe5f19 100644 --- a/test/Makefile +++ b/test/Makefile @@ -321,12 +321,13 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/tools/Makefile b/tools/Makefile index bb6fb71..c1a2f6b 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -44,6 +44,8 @@ tags: errors: +update: depend + depend: dclean: From levitte at openssl.org Sat May 23 09:22:19 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2015 09:22:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432372939.510677.29626.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via c62592e52f38280e9e31cd42e7a77cf2604518a1 (commit) via f460f050c2143b5b4b7861e8d390676c6a90b129 (commit) via eb797fde3f4c0c89052f20dc2be359a6d02efa22 (commit) from b484b040e39e03efbc889a204f5fd2406d7b04b5 (commit) - Log ----------------------------------------------------------------- commit c62592e52f38280e9e31cd42e7a77cf2604518a1 Author: Richard Levitte Date: Sat May 23 06:33:41 2015 +0200 Fix update and depend in engines/ The update: target in engines/ didn't recurse into engines/ccgost. The update: and depend: targets in engines/ccgost needed a fixup. Reviewed-by: Rich Salz (cherry picked from commit 8b822d2566853ee5e313c37529f71336209b28ab) commit f460f050c2143b5b4b7861e8d390676c6a90b129 Author: Richard Levitte Date: Fri May 22 19:23:43 2015 +0200 Missed a couple of spots in the update change Reviewed-by: Rich Salz (cherry picked from commit 6f45032f6730622e8d484d92e07c7fce7d1f88ac) Conflicts: apps/Makefile commit eb797fde3f4c0c89052f20dc2be359a6d02efa22 Author: Richard Levitte Date: Fri May 22 17:54:06 2015 +0200 Fix the update target and remove duplicate file updates We had updates of certain header files in both Makefile.org and the Makefile in the directory the header file lived in. This is error prone and also sometimes generates slightly different results (usually just a comment that differs) depending on which way the update was done. This removes the file update targets from the top level Makefile, adds an update: target in all Makefiles and has it depend on the depend: or local_depend: targets, whichever is appropriate, so we don't get a double run through the whole file tree. Reviewed-by: Rich Salz (cherry picked from commit 0f539dc1a2f45580435c39dada44dd276e79cb88) Conflicts: Makefile.org apps/Makefile test/Makefile ----------------------------------------------------------------------- Summary of changes: Makefile.org | 19 +++---------------- apps/Makefile | 15 +++++++++------ crypto/Makefile | 11 ++++++++--- crypto/aes/Makefile | 2 ++ crypto/asn1/Makefile | 2 ++ crypto/bf/Makefile | 2 ++ crypto/bio/Makefile | 2 ++ crypto/bn/Makefile | 2 ++ crypto/buffer/Makefile | 2 ++ crypto/camellia/Makefile | 2 ++ crypto/cast/Makefile | 2 ++ crypto/cmac/Makefile | 2 ++ crypto/cms/Makefile | 2 ++ crypto/comp/Makefile | 2 ++ crypto/conf/Makefile | 2 ++ crypto/des/Makefile | 2 ++ crypto/dh/Makefile | 2 ++ crypto/dsa/Makefile | 2 ++ crypto/dso/Makefile | 2 ++ crypto/ec/Makefile | 2 ++ crypto/ecdh/Makefile | 2 ++ crypto/ecdsa/Makefile | 2 ++ crypto/engine/Makefile | 2 ++ crypto/err/Makefile | 2 ++ crypto/evp/Makefile | 2 ++ crypto/hmac/Makefile | 2 ++ crypto/idea/Makefile | 2 ++ crypto/jpake/Makefile | 2 ++ crypto/krb5/Makefile | 2 ++ crypto/lhash/Makefile | 2 ++ crypto/md2/Makefile | 2 ++ crypto/md4/Makefile | 2 ++ crypto/md5/Makefile | 2 ++ crypto/mdc2/Makefile | 2 ++ crypto/modes/Makefile | 2 ++ crypto/objects/Makefile | 2 ++ crypto/ocsp/Makefile | 2 ++ crypto/pem/Makefile | 2 ++ crypto/pkcs12/Makefile | 2 ++ crypto/pkcs7/Makefile | 2 ++ crypto/pqueue/Makefile | 2 ++ crypto/rand/Makefile | 2 ++ crypto/rc2/Makefile | 2 ++ crypto/rc4/Makefile | 2 ++ crypto/rc5/Makefile | 2 ++ crypto/ripemd/Makefile | 2 ++ crypto/rsa/Makefile | 2 ++ crypto/seed/Makefile | 2 ++ crypto/sha/Makefile | 2 ++ crypto/srp/Makefile | 2 ++ crypto/stack/Makefile | 2 ++ crypto/store/Makefile | 2 ++ crypto/ts/Makefile | 2 ++ crypto/txt_db/Makefile | 2 ++ crypto/ui/Makefile | 2 ++ crypto/whrlpool/Makefile | 2 ++ crypto/x509/Makefile | 2 ++ crypto/x509v3/Makefile | 2 ++ engines/Makefile | 13 ++++++++----- engines/ccgost/Makefile | 13 +++++++------ ssl/Makefile | 13 +++++++------ test/Makefile | 13 +++++++------ tools/Makefile | 2 ++ 63 files changed, 161 insertions(+), 48 deletions(-) diff --git a/Makefile.org b/Makefile.org index c92806f..8b4de74 100644 --- a/Makefile.org +++ b/Makefile.org @@ -459,6 +459,9 @@ tests: rehash report: @$(PERL) util/selftest.pl +update: errors stacks util/libeay.num util/ssleay.num TABLE + @set -e; target=update; $(RECURSIVE_BUILD_CMD) + depend: @set -e; target=depend; $(RECURSIVE_BUILD_CMD) @@ -483,26 +486,10 @@ util/libeay.num:: util/ssleay.num:: $(PERL) util/mkdef.pl ssl update -crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h - $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h -crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h -crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num - $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h - -apps/openssl-vms.cnf: apps/openssl.cnf - $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf - -crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl - $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h - - TABLE: Configure (echo 'Output of `Configure TABLE'"':"; \ $(PERL) Configure TABLE) > TABLE -update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend - # Build distribution tar-file. As the list of files returned by "find" is # pretty long, on several platforms a "too many arguments" error or similar # would occur. Therefore the list of files is temporarily stored into a file diff --git a/apps/Makefile b/apps/Makefile index 72657ea..963780f 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -94,6 +94,9 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO) sreq.o: req.c $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c +openssl-vms.cnf: openssl.cnf + $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf + files: $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO @@ -127,12 +130,12 @@ links: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: openssl-vms.cnf local_depend + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(SRC); \ dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/crypto/Makefile b/crypto/Makefile index 2355661..618c958 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -125,12 +125,17 @@ install: lint: @target=lint; $(RECURSIVE_MAKE) -depend: +update: local_depend + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: @[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC) @[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h - @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi clean: rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff diff --git a/crypto/aes/Makefile b/crypto/aes/Makefile index 45ede0a..b3a9581 100644 --- a/crypto/aes/Makefile +++ b/crypto/aes/Makefile @@ -106,6 +106,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/asn1/Makefile b/crypto/asn1/Makefile index f778700..d774f78 100644 --- a/crypto/asn1/Makefile +++ b/crypto/asn1/Makefile @@ -93,6 +93,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bf/Makefile b/crypto/bf/Makefile index d01bfaa..6dd2015 100644 --- a/crypto/bf/Makefile +++ b/crypto/bf/Makefile @@ -72,6 +72,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bio/Makefile b/crypto/bio/Makefile index c395d80..ef526f6 100644 --- a/crypto/bio/Makefile +++ b/crypto/bio/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile index 6dd136b..3d0158c 100644 --- a/crypto/bn/Makefile +++ b/crypto/bn/Makefile @@ -167,6 +167,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: bn_prime.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/buffer/Makefile b/crypto/buffer/Makefile index 2efba47..352efb8 100644 --- a/crypto/buffer/Makefile +++ b/crypto/buffer/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/camellia/Makefile b/crypto/camellia/Makefile index 6ce6fc9..228f1dc 100644 --- a/crypto/camellia/Makefile +++ b/crypto/camellia/Makefile @@ -73,6 +73,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cast/Makefile b/crypto/cast/Makefile index f3f4859..4c4b5e9 100644 --- a/crypto/cast/Makefile +++ b/crypto/cast/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cmac/Makefile b/crypto/cmac/Makefile index 54e7cc3..6a28408 100644 --- a/crypto/cmac/Makefile +++ b/crypto/cmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile index 9820adb..b124b5d 100644 --- a/crypto/cms/Makefile +++ b/crypto/cms/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/comp/Makefile b/crypto/comp/Makefile index efda832..a1e9464 100644 --- a/crypto/comp/Makefile +++ b/crypto/comp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/conf/Makefile b/crypto/conf/Makefile index 78bb324..d5f5c58 100644 --- a/crypto/conf/Makefile +++ b/crypto/conf/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/des/Makefile b/crypto/des/Makefile index a6e1001..fbc77c1 100644 --- a/crypto/des/Makefile +++ b/crypto/des/Makefile @@ -94,6 +94,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dh/Makefile b/crypto/dh/Makefile index f23b4f7..6d574f4 100644 --- a/crypto/dh/Makefile +++ b/crypto/dh/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dsa/Makefile b/crypto/dsa/Makefile index 5fef4ca..8109201 100644 --- a/crypto/dsa/Makefile +++ b/crypto/dsa/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/dso/Makefile b/crypto/dso/Makefile index fb2709e..36b8ead 100644 --- a/crypto/dso/Makefile +++ b/crypto/dso/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ec/Makefile b/crypto/ec/Makefile index f85fc84..2753b28 100644 --- a/crypto/ec/Makefile +++ b/crypto/ec/Makefile @@ -70,6 +70,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdh/Makefile b/crypto/ecdh/Makefile index ba05fea..f076635 100644 --- a/crypto/ecdh/Makefile +++ b/crypto/ecdh/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ecdsa/Makefile b/crypto/ecdsa/Makefile index e89e0c0..4ce00e8 100644 --- a/crypto/ecdsa/Makefile +++ b/crypto/ecdsa/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/engine/Makefile b/crypto/engine/Makefile index d29bdd0..8ceb747 100644 --- a/crypto/engine/Makefile +++ b/crypto/engine/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/err/Makefile b/crypto/err/Makefile index 862b23b..b6f3ef1 100644 --- a/crypto/err/Makefile +++ b/crypto/err/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index ef75678..ed1502d 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -86,6 +86,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/hmac/Makefile b/crypto/hmac/Makefile index 0e91709..52e39e5 100644 --- a/crypto/hmac/Makefile +++ b/crypto/hmac/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/idea/Makefile b/crypto/idea/Makefile index 8af0acd..3dc23e4 100644 --- a/crypto/idea/Makefile +++ b/crypto/idea/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/jpake/Makefile b/crypto/jpake/Makefile index 110c49c..5193fd9 100644 --- a/crypto/jpake/Makefile +++ b/crypto/jpake/Makefile @@ -32,6 +32,8 @@ install: chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/krb5/Makefile b/crypto/krb5/Makefile index 1407739..8b9a01a 100644 --- a/crypto/krb5/Makefile +++ b/crypto/krb5/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/lhash/Makefile b/crypto/lhash/Makefile index 82bddac..c7f4365 100644 --- a/crypto/lhash/Makefile +++ b/crypto/lhash/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md2/Makefile b/crypto/md2/Makefile index 17f878a..b630110 100644 --- a/crypto/md2/Makefile +++ b/crypto/md2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md4/Makefile b/crypto/md4/Makefile index e6f1e44..3ee4361 100644 --- a/crypto/md4/Makefile +++ b/crypto/md4/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/md5/Makefile b/crypto/md5/Makefile index b9e2ce9..0f87dbd 100644 --- a/crypto/md5/Makefile +++ b/crypto/md5/Makefile @@ -76,6 +76,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/mdc2/Makefile b/crypto/mdc2/Makefile index 1415531..c2d0c5b 100644 --- a/crypto/mdc2/Makefile +++ b/crypto/mdc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile index 3d8bafd..e278fa6 100644 --- a/crypto/modes/Makefile +++ b/crypto/modes/Makefile @@ -89,6 +89,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile index a8aedbd..f93d2f9 100644 --- a/crypto/objects/Makefile +++ b/crypto/objects/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: obj_dat.h obj_mac.h obj_xref.h depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ocsp/Makefile b/crypto/ocsp/Makefile index 60c414c..96a1b15 100644 --- a/crypto/ocsp/Makefile +++ b/crypto/ocsp/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pem/Makefile b/crypto/pem/Makefile index 2cc7801..7a930ee 100644 --- a/crypto/pem/Makefile +++ b/crypto/pem/Makefile @@ -64,6 +64,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/pkcs12/Makefile b/crypto/pkcs12/Makefile index 3a7498f..be5f8c5 100644 --- a/crypto/pkcs12/Makefile +++ b/crypto/pkcs12/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pkcs7/Makefile b/crypto/pkcs7/Makefile index effe05f..decf5e0 100644 --- a/crypto/pkcs7/Makefile +++ b/crypto/pkcs7/Makefile @@ -68,6 +68,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/pqueue/Makefile b/crypto/pqueue/Makefile index fb36a0c..a59b5a9 100644 --- a/crypto/pqueue/Makefile +++ b/crypto/pqueue/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rand/Makefile b/crypto/rand/Makefile index 27694aa..df44369 100644 --- a/crypto/rand/Makefile +++ b/crypto/rand/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc2/Makefile b/crypto/rc2/Makefile index 8a9d49a..b3727a4 100644 --- a/crypto/rc2/Makefile +++ b/crypto/rc2/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc4/Makefile b/crypto/rc4/Makefile index 1614d47..f3d6e0d 100644 --- a/crypto/rc4/Makefile +++ b/crypto/rc4/Makefile @@ -89,6 +89,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rc5/Makefile b/crypto/rc5/Makefile index 8a8b00e..6ca0037 100644 --- a/crypto/rc5/Makefile +++ b/crypto/rc5/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ripemd/Makefile b/crypto/ripemd/Makefile index 25140b2..1c3f094 100644 --- a/crypto/ripemd/Makefile +++ b/crypto/ripemd/Makefile @@ -69,6 +69,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile index e8121a4..79c7c42 100644 --- a/crypto/rsa/Makefile +++ b/crypto/rsa/Makefile @@ -67,6 +67,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/seed/Makefile b/crypto/seed/Makefile index 4bc55e4..70d3d45 100644 --- a/crypto/seed/Makefile +++ b/crypto/seed/Makefile @@ -62,6 +62,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile index 2eb2b7a..ceb8094 100644 --- a/crypto/sha/Makefile +++ b/crypto/sha/Makefile @@ -117,6 +117,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/srp/Makefile b/crypto/srp/Makefile index 41859d4..7639533 100644 --- a/crypto/srp/Makefile +++ b/crypto/srp/Makefile @@ -61,6 +61,8 @@ srptest: top srptest.c $(LIB) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/stack/Makefile b/crypto/stack/Makefile index 5327692..b069c93 100644 --- a/crypto/stack/Makefile +++ b/crypto/stack/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/store/Makefile b/crypto/store/Makefile index 0dcfd78..5bc7ca7 100644 --- a/crypto/store/Makefile +++ b/crypto/store/Makefile @@ -63,6 +63,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ts/Makefile b/crypto/ts/Makefile index c182345..cf991ef 100644 --- a/crypto/ts/Makefile +++ b/crypto/ts/Makefile @@ -73,6 +73,8 @@ tags: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(LIBSRC) diff --git a/crypto/txt_db/Makefile b/crypto/txt_db/Makefile index e6f3033..4f70b19 100644 --- a/crypto/txt_db/Makefile +++ b/crypto/txt_db/Makefile @@ -61,6 +61,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by top Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/ui/Makefile b/crypto/ui/Makefile index a685659..b28fcca 100644 --- a/crypto/ui/Makefile +++ b/crypto/ui/Makefile @@ -65,6 +65,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/whrlpool/Makefile b/crypto/whrlpool/Makefile index f4d46e4..befd6d6 100644 --- a/crypto/whrlpool/Makefile +++ b/crypto/whrlpool/Makefile @@ -74,6 +74,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509/Makefile b/crypto/x509/Makefile index 72c8227..af3c255 100644 --- a/crypto/x509/Makefile +++ b/crypto/x509/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/crypto/x509v3/Makefile b/crypto/x509v3/Makefile index 556ef35..05125ab 100644 --- a/crypto/x509v3/Makefile +++ b/crypto/x509v3/Makefile @@ -71,6 +71,8 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff +update: depend + depend: @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) diff --git a/engines/Makefile b/engines/Makefile index 2fa9534..23bd2f3 100644 --- a/engines/Makefile +++ b/engines/Makefile @@ -146,12 +146,15 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @target=lint; $(RECURSIVE_MAKE) -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - fi - @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + @[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) ) + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi @[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) ) +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile index c246f23..4e183a4 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile @@ -66,12 +66,13 @@ links: tests: -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) files: diff --git a/ssl/Makefile b/ssl/Makefile index 7baf3ab..29d9e45 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -89,12 +89,13 @@ tests: lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/test/Makefile b/test/Makefile index 9aa920d..6205d80 100644 --- a/test/Makefile +++ b/test/Makefile @@ -337,12 +337,13 @@ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff -depend: - @if [ -z "$(THIS)" ]; then \ - $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \ - else \ - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \ - fi +update: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + +depend: local_depend + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi +local_depend: + @[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC) dclean: $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new diff --git a/tools/Makefile b/tools/Makefile index bb6fb71..c1a2f6b 100644 --- a/tools/Makefile +++ b/tools/Makefile @@ -44,6 +44,8 @@ tags: errors: +update: depend + depend: dclean: From levitte at openssl.org Sat May 23 11:24:17 2015 From: levitte at openssl.org (Richard Levitte) Date: Sat, 23 May 2015 11:24:17 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432380257.984576.10560.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via 079495cad2bc368372f5a123a3625ad92207d265 (commit) from 591c819c301bf9e02333852aabf55d55813ae721 (commit) - Log ----------------------------------------------------------------- commit 079495cad2bc368372f5a123a3625ad92207d265 Author: Richard Levitte Date: Wed Apr 8 19:26:11 2015 +0200 Have mkerr.pl treat already existing multiline string defs properly Since source reformat, we ended up with some error reason string definitions that spanned two lines. That in itself is fine, but we sometimes edited them to provide better strings than what could be automatically determined from the reason macro, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "Peer haven't sent GOST certificate, required for selected ciphersuite"}, However, mkerr.pl didn't treat those two-line definitions right, and they ended up being retranslated to whatever the macro name would indicate, for example: {ERR_REASON(SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER), "No gost certificate sent by peer"}, Clearly not what we wanted. This change fixes this problem. Reviewed-by: Matt Caswell (cherry picked from commit 2cfdfe0918f03f8323c9523a2beb2b363ae86ca7) ----------------------------------------------------------------------- Summary of changes: util/mkerr.pl | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/util/mkerr.pl b/util/mkerr.pl index 8d2fdbc..d87c4fd 100644 --- a/util/mkerr.pl +++ b/util/mkerr.pl @@ -534,14 +534,21 @@ EOF # First, read any existing reason string definitions: my %err_reason_strings; if (open(IN,"<$cfile")) { + my $line = ""; while () { - if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { - $err_reason_strings{$1} = $2; - } - if (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { - if (!exists $ftrans{$1} && ($1 ne $2)) { - print STDERR "WARNING: Mismatched function string $2\n"; - $ftrans{$1} = $2; + chomp; + $_ = $line . $_; + $line = ""; + if (/{ERR_(FUNC|REASON)\(/) { + if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { + $err_reason_strings{$1} = $2; + } elsif (/\b${lib}_F_(\w*)\b.*\"(.*)\"/) { + if (!exists $ftrans{$1} && ($1 ne $2)) { + print STDERR "WARNING: Mismatched function string $2\n"; + $ftrans{$1} = $2; + } + } else { + $line = $_; } } } From appro at openssl.org Sun May 24 19:27:49 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 24 May 2015 19:27:49 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432495669.930104.28319.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0945bfcb22f1df1d89e84973f175a620adab4f0d (commit) via f5d840a079d18b3efad7938070b964f82e9bbcaf (commit) from 886ef2b650768d8960e769707055eb79c32a0125 (commit) - Log ----------------------------------------------------------------- commit 0945bfcb22f1df1d89e84973f175a620adab4f0d Author: Andy Polyakov Date: Wed May 20 09:24:36 2015 +0200 bn/bn_gf2m.c: appease STACK, unstable code detector. RT#3852 Reviewed-by: Richard Levitte (cherry picked from commit 86e5d1e32b2d702a5fc777e612cd746e790098ef) commit f5d840a079d18b3efad7938070b964f82e9bbcaf Author: Andy Polyakov Date: Wed May 13 22:19:59 2015 +0200 bn/asm/vis3-mont.pl: fix intermittent EC failures on SPARC T3. BLKINIT optimization worked on T4, but for some reason appears "too aggressive" for T3 triggering intermiitent EC failures. It's not clear why only EC is affected... Reviewed-by: Tim Hudson (cherry picked from commit 579734ced696125c0768a2f4e56e97939b0e6e49) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/vis3-mont.pl | 10 +++++----- crypto/bn/bn_gf2m.c | 3 +-- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl index a1357de..263ac02 100644 --- a/crypto/bn/asm/vis3-mont.pl +++ b/crypto/bn/asm/vis3-mont.pl @@ -100,7 +100,7 @@ $code.=<<___; ld [$ap+12], $t3 or $t0, $aj, $aj add $ap, 16, $ap - stxa $aj, [$anp]0xe2 ! converted ap[0] + stx $aj, [$anp] ! converted ap[0] mulx $aj, $m0, $lo0 ! ap[0]*bp[0] umulxhi $aj, $m0, $hi0 @@ -150,7 +150,7 @@ $code.=<<___; sllx $t1, 32, $aj add $ap, 8, $ap or $t0, $aj, $aj - stxa $aj, [$anp]0xe2 ! converted ap[j] + stx $aj, [$anp] ! converted ap[j] ld [$np+0], $t2 ! np[j] addcc $nlo, $hi1, $lo1 @@ -169,7 +169,7 @@ $code.=<<___; addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] umulxhi $nj, $m1, $nj ! nhi=nj addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp ! tp++ brnz,pt $cnt, .L1st @@ -182,12 +182,12 @@ $code.=<<___; addxc $nj, %g0, $hi1 addcc $lo0, $lo1, $lo1 ! np[j]*m1+ap[j]*bp[0] addxc %g0, $hi1, $hi1 - stxa $lo1, [$tp]0xe2 ! tp[j-1] + stx $lo1, [$tp] ! tp[j-1] add $tp, 8, $tp addcc $hi0, $hi1, $hi1 addxc %g0, %g0, $ovf ! upmost overflow bit - stxa $hi1, [$tp]0xe2 + stx $hi1, [$tp] add $tp, 8, $tp ba .Louter diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index aeee49a..1981f16 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -450,8 +450,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) d0 = p[k] % BN_BITS2; d1 = BN_BITS2 - d0; z[n] ^= (zz << d0); - tmp_ulong = zz >> d1; - if (d0 && tmp_ulong) + if (d0 && (tmp_ulong = zz >> d1)) z[n + 1] ^= tmp_ulong; } From appro at openssl.org Sun May 24 19:27:50 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 24 May 2015 19:27:50 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432495670.029457.28342.nullmailer@dev.openssl.org> The branch master has been updated via 86e5d1e32b2d702a5fc777e612cd746e790098ef (commit) from 8b822d2566853ee5e313c37529f71336209b28ab (commit) - Log ----------------------------------------------------------------- commit 86e5d1e32b2d702a5fc777e612cd746e790098ef Author: Andy Polyakov Date: Wed May 20 09:24:36 2015 +0200 bn/bn_gf2m.c: appease STACK, unstable code detector. RT#3852 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_gf2m.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/crypto/bn/bn_gf2m.c b/crypto/bn/bn_gf2m.c index caad2d0..73e1e8f 100644 --- a/crypto/bn/bn_gf2m.c +++ b/crypto/bn/bn_gf2m.c @@ -450,8 +450,7 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]) d0 = p[k] % BN_BITS2; d1 = BN_BITS2 - d0; z[n] ^= (zz << d0); - tmp_ulong = zz >> d1; - if (d0 && tmp_ulong) + if (d0 && (tmp_ulong = zz >> d1)) z[n + 1] ^= tmp_ulong; } From appro at openssl.org Sun May 24 19:31:56 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 24 May 2015 19:31:56 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432495916.999754.29619.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 0a59e2dc308e6d6a7078e6b3e4e714101a2db538 (commit) from 0945bfcb22f1df1d89e84973f175a620adab4f0d (commit) - Log ----------------------------------------------------------------- commit 0a59e2dc308e6d6a7078e6b3e4e714101a2db538 Author: Andy Polyakov Date: Wed May 20 09:36:48 2015 +0200 bn/asm/x86_64-mont5.pl: fix valgrind error. bn_get_bits5 was overstepping array boundary by 1 byte. It was exclusively read overstep and data could not have been used. The only potential problem would be if array happens to end on the very edge of last accesible page. Reviewed-by: Richard Levitte (cherry picked from commit 69567687b0b7ed67831c17a010f4d46dfd059aef) ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/x86_64-mont5.pl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index fa22c30..820de3d 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -3226,11 +3226,16 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: - mov $inp,%r10 + lea 0($inp),%r10 + lea 1($inp),%r11 mov $num,%ecx - shr \$3,$num - movzw (%r10,$num),%eax - and \$7,%ecx + shr \$4,$num + and \$15,%ecx + lea -8(%ecx),%eax + cmp \$11,%ecx + cmova %r11,%r10 + cmova %eax,%ecx + movzw (%r10,$num,2),%eax shrl %cl,%eax and \$31,%eax ret From appro at openssl.org Sun May 24 19:31:57 2015 From: appro at openssl.org (Andy Polyakov) Date: Sun, 24 May 2015 19:31:57 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432495917.105610.29641.nullmailer@dev.openssl.org> The branch master has been updated via 69567687b0b7ed67831c17a010f4d46dfd059aef (commit) from 86e5d1e32b2d702a5fc777e612cd746e790098ef (commit) - Log ----------------------------------------------------------------- commit 69567687b0b7ed67831c17a010f4d46dfd059aef Author: Andy Polyakov Date: Wed May 20 09:36:48 2015 +0200 bn/asm/x86_64-mont5.pl: fix valgrind error. bn_get_bits5 was overstepping array boundary by 1 byte. It was exclusively read overstep and data could not have been used. The only potential problem would be if array happens to end on the very edge of last accesible page. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bn/asm/x86_64-mont5.pl | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/crypto/bn/asm/x86_64-mont5.pl b/crypto/bn/asm/x86_64-mont5.pl index 69e81bf..aa96d43 100755 --- a/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/bn/asm/x86_64-mont5.pl @@ -3231,11 +3231,16 @@ $code.=<<___; .type bn_get_bits5,\@abi-omnipotent .align 16 bn_get_bits5: - mov $inp,%r10 + lea 0($inp),%r10 + lea 1($inp),%r11 mov $num,%ecx - shr \$3,$num - movzw (%r10,$num),%eax - and \$7,%ecx + shr \$4,$num + and \$15,%ecx + lea -8(%ecx),%eax + cmp \$11,%ecx + cmova %r11,%r10 + cmova %eax,%ecx + movzw (%r10,$num,2),%eax shrl %cl,%eax and \$31,%eax ret From matt at openssl.org Sun May 24 22:57:55 2015 From: matt at openssl.org (Matt Caswell) Date: Sun, 24 May 2015 22:57:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432508275.049006.23023.nullmailer@dev.openssl.org> The branch master has been updated via 81fc390fd96ad9fae21cda919513fb696cd24028 (commit) from 69567687b0b7ed67831c17a010f4d46dfd059aef (commit) - Log ----------------------------------------------------------------- commit 81fc390fd96ad9fae21cda919513fb696cd24028 Author: Matt Caswell Date: Sat May 23 21:05:19 2015 +0100 Set first_packet for TLS clients Version negotiation was broken (one of the late changes in the review process broke it). The problem is that TLS clients do not set first_packet, whereas TLS/DTLS servers and DTLS clients do. The simple fix is to set first_packet for TLS clients too. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/s3_clnt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index ace0838..f70dce4 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -947,8 +947,7 @@ int ssl3_get_server_hello(SSL *s) * Hello verify request and/or server hello version may not match so set * first packet if we're negotiating version. */ - if (SSL_IS_DTLS(s)) - s->first_packet = 1; + s->first_packet = 1; n = s->method->ssl_get_message(s, SSL3_ST_CR_SRVR_HELLO_A, @@ -957,8 +956,8 @@ int ssl3_get_server_hello(SSL *s) if (!ok) return ((int)n); + s->first_packet = 0; if (SSL_IS_DTLS(s)) { - s->first_packet = 0; if (s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) { if (s->d1->send_cookie == 0) { s->s3->tmp.reuse_message = 1; From rsalz at openssl.org Mon May 25 16:47:10 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 25 May 2015 16:47:10 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432572430.982287.16072.nullmailer@dev.openssl.org> The branch master has been updated via fc0eb00bca9dd892592edb6367927186928a7e1a (commit) from 81fc390fd96ad9fae21cda919513fb696cd24028 (commit) - Log ----------------------------------------------------------------- commit fc0eb00bca9dd892592edb6367927186928a7e1a Author: Rich Salz Date: Mon May 25 11:13:28 2015 -0400 fix s_client crash The 'http proxy' commit broke s_client default host/port value. Thanks to Matt for the simplest fix. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/s_client.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/apps/s_client.c b/apps/s_client.c index 8c5412c..6c14af0 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -635,8 +635,8 @@ int s_client_main(int argc, char **argv) char *CApath = NULL, *CAfile = NULL, *cbuf = NULL, *sbuf = NULL; char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL; char *cert_file = NULL, *key_file = NULL, *chain_file = NULL, *prog; - char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME, *inrand = - NULL; + char *chCApath = NULL, *chCAfile = NULL, *host = SSL_HOST_NAME; + char *inrand = NULL; char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL; char *sess_in = NULL, *sess_out = NULL, *crl_file = NULL, *p; char *jpake_secret = NULL, *xmpphost = NULL; @@ -1067,7 +1067,8 @@ int s_client_main(int argc, char **argv) if (!extract_host_port(proxystr, &host, NULL, &port)) goto end; } - else if (!extract_host_port(connectstr, &host, NULL, &port)) + else if (connectstr != NULL + && !extract_host_port(connectstr, &host, NULL, &port)) goto end; if (unix_path && (socket_type != SOCK_STREAM)) { From matt at openssl.org Mon May 25 22:12:47 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 25 May 2015 22:12:47 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432591967.528410.22447.nullmailer@dev.openssl.org> The branch master has been updated via 02db21dfb4d9ea76d83a10df6d46d8b511fcce50 (commit) from fc0eb00bca9dd892592edb6367927186928a7e1a (commit) - Log ----------------------------------------------------------------- commit 02db21dfb4d9ea76d83a10df6d46d8b511fcce50 Author: Matt Caswell Date: Sat May 23 21:32:12 2015 +0100 Don't send an alert if we've just received one If the record received is for a version that we don't support, previously we were sending an alert back. However if the incoming record already looks like an alert then probably we shouldn't do that. So suppress an outgoing alert if it looks like we've got one incoming. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/record/ssl3_record.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c index 5070bc3..bae9490 100644 --- a/ssl/record/ssl3_record.c +++ b/ssl/record/ssl3_record.c @@ -268,11 +268,22 @@ int ssl3_get_record(SSL *s) if (!s->first_packet && version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) + && !s->enc_write_ctx && !s->write_hash) { + if (rr->type == SSL3_RT_ALERT) { + /* + * The record is using an incorrect version number, but + * what we've got appears to be an alert. We haven't + * read the body yet to check whether its a fatal or + * not - but chances are it is. We probably shouldn't + * send a fatal alert back. We'll just end. + */ + goto err; + } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; + } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } From matt at openssl.org Mon May 25 22:13:09 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 25 May 2015 22:13:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432591989.566175.23366.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 75077a2277f95cc293e1f5d0538b426ae5e99e6f (commit) from c62592e52f38280e9e31cd42e7a77cf2604518a1 (commit) - Log ----------------------------------------------------------------- commit 75077a2277f95cc293e1f5d0538b426ae5e99e6f Author: Matt Caswell Date: Sat May 23 21:51:21 2015 +0100 Don't send an alert if we've just received one If the record received is for a version that we don't support, previously we were sending an alert back. However if the incoming record already looks like an alert then probably we shouldn't do that. So suppress an outgoing alert if it looks like we've got one incoming. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/s3_pkt.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 7c9f20c..25cf929 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -347,11 +347,22 @@ static int ssl3_get_record(SSL *s) if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) + && !s->enc_write_ctx && !s->write_hash) { + if (rr->type == SSL3_RT_ALERT) { + /* + * The record is using an incorrect version number, but + * what we've got appears to be an alert. We haven't + * read the body yet to check whether its a fatal or + * not - but chances are it is. We probably shouldn't + * send a fatal alert back. We'll just end. + */ + goto err; + } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; + } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } From matt at openssl.org Mon May 25 22:12:58 2015 From: matt at openssl.org (Matt Caswell) Date: Mon, 25 May 2015 22:12:58 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432591978.615720.23129.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 11414f17d93ec04d2d056d5f3a87e964a7412431 (commit) from 0a59e2dc308e6d6a7078e6b3e4e714101a2db538 (commit) - Log ----------------------------------------------------------------- commit 11414f17d93ec04d2d056d5f3a87e964a7412431 Author: Matt Caswell Date: Sat May 23 21:51:21 2015 +0100 Don't send an alert if we've just received one If the record received is for a version that we don't support, previously we were sending an alert back. However if the incoming record already looks like an alert then probably we shouldn't do that. So suppress an outgoing alert if it looks like we've got one incoming. Reviewed-by: Kurt Roeckx ----------------------------------------------------------------------- Summary of changes: ssl/s3_pkt.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c index 8440f1e..603c285 100644 --- a/ssl/s3_pkt.c +++ b/ssl/s3_pkt.c @@ -361,11 +361,22 @@ static int ssl3_get_record(SSL *s) if (version != s->version) { SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_WRONG_VERSION_NUMBER); if ((s->version & 0xFF00) == (version & 0xFF00) - && !s->enc_write_ctx && !s->write_hash) + && !s->enc_write_ctx && !s->write_hash) { + if (rr->type == SSL3_RT_ALERT) { + /* + * The record is using an incorrect version number, but + * what we've got appears to be an alert. We haven't + * read the body yet to check whether its a fatal or + * not - but chances are it is. We probably shouldn't + * send a fatal alert back. We'll just end. + */ + goto err; + } /* * Send back error using their minor version number :-) */ s->version = (unsigned short)version; + } al = SSL_AD_PROTOCOL_VERSION; goto f_err; } From rsalz at openssl.org Mon May 25 23:09:12 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 25 May 2015 23:09:12 +0000 Subject: [openssl-commits] [web] master update Message-ID: <1432595352.184017.1293.nullmailer@dev.openssl.org> The branch master has been updated via f7dd814fc51f0d7968805efb5f0df4ffbe546ab3 (commit) from 24b6f7ec36449f7b39bb04df4626b292664654bc (commit) - Log ----------------------------------------------------------------- commit f7dd814fc51f0d7968805efb5f0df4ffbe546ab3 Author: Rich Salz Date: Thu May 7 21:58:03 2015 -0400 update for sizeof(*p) and use of ! ----------------------------------------------------------------------- Summary of changes: about/codingstyle.txt | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/about/codingstyle.txt b/about/codingstyle.txt index d133709..1b22575 100644 --- a/about/codingstyle.txt +++ b/about/codingstyle.txt @@ -154,10 +154,13 @@ a function or keyword. Use a space after most keywords: if, switch, case, for, do, while, return Do not use a space after sizeof, typeof, alignof, or __attribute__. -They look somewhat like functions and are usually used with parentheses -in OpenSSL, although they are not required in the language: +They look somewhat like functions and should have parentheses +in OpenSSL, although they are not required by the language. For sizeof, +use a variable when at all possible, to ensure that type changes are +properly reflected: + + SOMETYPE *p = OPENSSL_malloc(sizeof(*p) * num_of_elements); - s = sizeof(struct file); Do not add spaces around the inside of parenthesized expressions. This example is wrong: @@ -537,6 +540,20 @@ should be used. This is more commonly referred to as C90. ISO/IEC 9899:1999 used on and therefore should be avoided. + Chapter 21: Miscellaneous + +Do not use ! to check if a pointer is NULL, or to see if a str...cmp +function found a match. For example, these are wrong: + + if (!(p = BN_new())) ... + if (!strcmp(a, "FOO")) ... + +Do this instead: + + if ((p = BN_new()) == NULL)... + if (strcmp(a, "FOO") == 0) ... + + Appendix A: References The C Programming Language, Second Edition From rsalz at openssl.org Mon May 25 23:11:41 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 25 May 2015 23:11:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432595501.639912.8986.nullmailer@dev.openssl.org> The branch master has been updated via cc630cdbcc77859a8d4ada54d3c986afe9f9dece (commit) from 02db21dfb4d9ea76d83a10df6d46d8b511fcce50 (commit) - Log ----------------------------------------------------------------- commit cc630cdbcc77859a8d4ada54d3c986afe9f9dece Author: Rich Salz Date: Mon May 25 16:16:34 2015 -0400 Fix segfault in ec command Thanks to Brian Carpenter for finding this. Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/ec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/ec.c b/apps/ec.c index c56150c..31a50ee 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -176,6 +176,7 @@ int ec_main(int argc, char **argv) case OPT_CIPHER: if (!opt_cipher(opt_unknown(), &enc)) goto opthelp; + break; case OPT_CONV_FORM: if (!opt_pair(opt_arg(), conv_forms, &i)) goto opthelp; From rsalz at openssl.org Mon May 25 23:13:44 2015 From: rsalz at openssl.org (Rich Salz) Date: Mon, 25 May 2015 23:13:44 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432595624.075686.10020.nullmailer@dev.openssl.org> The branch master has been updated via cf89a80e25b79ae0e6004e4a2509bf656fb59168 (commit) from cc630cdbcc77859a8d4ada54d3c986afe9f9dece (commit) - Log ----------------------------------------------------------------- commit cf89a80e25b79ae0e6004e4a2509bf656fb59168 Author: Hanno B?ck Date: Mon May 25 16:18:07 2015 -0400 RT3861: Mem/bio leak in req command The "out" variable is used for both key and csr. Close it after writing the first one so it can be re-used when writing the other. Signed-off-by: Rich Salz Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/req.c | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/req.c b/apps/req.c index 8acdad3..5514ee3 100644 --- a/apps/req.c +++ b/apps/req.c @@ -612,6 +612,7 @@ int req_main(int argc, char **argv) } goto end; } + BIO_free(out); BIO_printf(bio_err, "-----\n"); } From appro at openssl.org Tue May 26 07:59:10 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 07:59:10 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432627150.736090.9803.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 38b7073328fc0f2713d377472de8d189ae42eda1 (commit) from 75077a2277f95cc293e1f5d0538b426ae5e99e6f (commit) - Log ----------------------------------------------------------------- commit 38b7073328fc0f2713d377472de8d189ae42eda1 Author: Andy Polyakov Date: Sun May 24 22:51:12 2015 +0200 md32_common.h: backport ICC fix. RT#3843 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: crypto/md32_common.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/md32_common.h b/crypto/md32_common.h index c1efb45..1823833 100644 --- a/crypto/md32_common.h +++ b/crypto/md32_common.h @@ -142,8 +142,10 @@ */ #undef ROTATE #ifndef PEDANTIC -# if defined(_MSC_VER) || defined(__ICC) +# if defined(_MSC_VER) # define ROTATE(a,n) _lrotl(a,n) +# elif defined(__ICC) +# define ROTATE(a,n) _rotl(a,n) # elif defined(__MWERKS__) # if defined(__POWERPC__) # define ROTATE(a,n) __rlwinm(a,n,0,31) From appro at openssl.org Tue May 26 08:08:09 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:08:09 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432627689.880912.11479.nullmailer@dev.openssl.org> The branch master has been updated via 60c268b21ac81cc6b1af5c5470282a613b96f6fd (commit) from cf89a80e25b79ae0e6004e4a2509bf656fb59168 (commit) - Log ----------------------------------------------------------------- commit 60c268b21ac81cc6b1af5c5470282a613b96f6fd Author: Andy Polyakov Date: Mon May 25 10:17:14 2015 +0200 bn/bn_lcl.h: fix MIPS-specific gcc version check. RT#3859 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lcl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 196df7e..b9d124a 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -443,7 +443,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>=4 && __GNUC_MINOR__>=4 +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ From appro at openssl.org Tue May 26 08:08:09 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:08:09 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432627689.761827.11457.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 78ac7fa18d25f66c89adcb646c04d69b8c805ca7 (commit) from 11414f17d93ec04d2d056d5f3a87e964a7412431 (commit) - Log ----------------------------------------------------------------- commit 78ac7fa18d25f66c89adcb646c04d69b8c805ca7 Author: Andy Polyakov Date: Mon May 25 10:17:14 2015 +0200 bn/bn_lcl.h: fix MIPS-specific gcc version check. RT#3859 Reviewed-by: Tim Hudson (cherry picked from commit 60c268b21ac81cc6b1af5c5470282a613b96f6fd) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lcl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 7cd5883..00f4f09 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -294,7 +294,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>=4 && __GNUC_MINOR__>=4 +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ From appro at openssl.org Tue May 26 08:09:34 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:09:34 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432627774.903193.12414.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 8af13192708a8560916d10dcb0475273c4597172 (commit) from 38b7073328fc0f2713d377472de8d189ae42eda1 (commit) - Log ----------------------------------------------------------------- commit 8af13192708a8560916d10dcb0475273c4597172 Author: Andy Polyakov Date: Mon May 25 10:17:14 2015 +0200 bn/bn_lcl.h: fix MIPS-specific gcc version check. RT#3859 Reviewed-by: Tim Hudson (cherry picked from commit 60c268b21ac81cc6b1af5c5470282a613b96f6fd) ----------------------------------------------------------------------- Summary of changes: crypto/bn/bn_lcl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index 1059d1d..904a723 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -276,7 +276,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b, # endif # elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)) # if defined(__GNUC__) && __GNUC__>=2 -# if __GNUC__>=4 && __GNUC_MINOR__>=4 +# if __GNUC__>4 || (__GNUC__>=4 && __GNUC_MINOR__>=4) /* "h" constraint is no more since 4.4 */ # define BN_UMULT_HIGH(a,b) (((__uint128_t)(a)*(b))>>64) # define BN_UMULT_LOHI(low,high,a,b) ({ \ From appro at openssl.org Tue May 26 08:15:05 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:15:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432628105.150618.14043.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 5fcfef49d9bad244d851985e7bc5c6b414086414 (commit) from 8af13192708a8560916d10dcb0475273c4597172 (commit) - Log ----------------------------------------------------------------- commit 5fcfef49d9bad244d851985e7bc5c6b414086414 Author: Billy Brumley Date: Fri May 22 17:44:49 2015 +0300 fix copy paste error in ec_GF2m function prototypes RT#3858 Reviewed-by: Tim Hudson (cherry picked from commit 71f6130b7a96bacbffae4611796ed98c2f724d96) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_lcl.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 319e651..d79ed1e 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -451,14 +451,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ec_GF2m_have_precompute_mult(const EC_GROUP *group); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); From appro at openssl.org Tue May 26 08:15:05 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:15:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432628105.248740.14065.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via bec1093cced8c2e8b43f9bbc51992c86c1c567d4 (commit) from 78ac7fa18d25f66c89adcb646c04d69b8c805ca7 (commit) - Log ----------------------------------------------------------------- commit bec1093cced8c2e8b43f9bbc51992c86c1c567d4 Author: Billy Brumley Date: Fri May 22 17:44:49 2015 +0300 fix copy paste error in ec_GF2m function prototypes RT#3858 Reviewed-by: Tim Hudson (cherry picked from commit 71f6130b7a96bacbffae4611796ed98c2f724d96) ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_lcl.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 697eeb5..969fd14 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -459,14 +459,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ec_GF2m_have_precompute_mult(const EC_GROUP *group); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); From appro at openssl.org Tue May 26 08:15:05 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:15:05 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432628105.376292.14086.nullmailer@dev.openssl.org> The branch master has been updated via 71f6130b7a96bacbffae4611796ed98c2f724d96 (commit) from 60c268b21ac81cc6b1af5c5470282a613b96f6fd (commit) - Log ----------------------------------------------------------------- commit 71f6130b7a96bacbffae4611796ed98c2f724d96 Author: Billy Brumley Date: Fri May 22 17:44:49 2015 +0300 fix copy paste error in ec_GF2m function prototypes RT#3858 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: crypto/ec/ec_lcl.h | 8 -------- 1 file changed, 8 deletions(-) diff --git a/crypto/ec/ec_lcl.h b/crypto/ec/ec_lcl.h index 9db7106..3bf64c6 100644 --- a/crypto/ec/ec_lcl.h +++ b/crypto/ec/ec_lcl.h @@ -453,14 +453,6 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); int ec_GF2m_have_precompute_mult(const EC_GROUP *group); -/* method functions in ec2_mult.c */ -int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, - const BIGNUM *scalar, size_t num, - const EC_POINT *points[], const BIGNUM *scalars[], - BN_CTX *); -int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx); -int ec_GF2m_have_precompute_mult(const EC_GROUP *group); - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 /* method functions in ecp_nistp224.c */ int ec_GFp_nistp224_group_init(EC_GROUP *group); From appro at openssl.org Tue May 26 08:19:51 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:19:51 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432628391.781396.15365.nullmailer@dev.openssl.org> The branch master has been updated via f8a35ccc576b026e9ca0ccaedba3740627d67a04 (commit) from 71f6130b7a96bacbffae4611796ed98c2f724d96 (commit) - Log ----------------------------------------------------------------- commit f8a35ccc576b026e9ca0ccaedba3740627d67a04 Author: Andy Polyakov Date: Mon May 25 10:30:33 2015 +0200 Configure: replace -mv8 with -mcpu=v8 in SPARC config lines. RT#3860 Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: Configurations/10-main.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index 1d1a212..b5d32b6 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -131,7 +131,7 @@ }, "solaris-sparcv8-gcc" => { inherit_from => [ "solaris-sparcv7-gcc", asm("sparcv8_asm") ], - cflags => sub { join(" ","-mv8", at _); }, + cflags => sub { join(" ","-mcpu=v8", at _); }, }, "solaris-sparcv9-gcc" => { # -m32 should be safe to add as long as driver recognizes @@ -695,7 +695,7 @@ # patiently assisted with debugging of following two configs. "linux-sparcv8" => { inherit_from => [ "linux-generic32", asm("sparcv8_asm") ], - cflags => "-mv8 -Wall -DB_ENDIAN -DBN_DIV2W", + cflags => "-mcpu=v8 -Wall -DB_ENDIAN -DBN_DIV2W", }, "linux-sparcv9" => { # it's a real mess with -mcpu=ultrasparc option under Linux, @@ -861,7 +861,7 @@ "BSD-sparcv8" => { inherit_from => [ "BSD-generic32", asm("sparcv8_asm") ], - cflags => "-mv8 -Wall -DB_ENDIAN", + cflags => "-mcpu=v8 -Wall -DB_ENDIAN", }, "BSD-sparc64" => { # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it From appro at openssl.org Tue May 26 08:25:33 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:25:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432628733.708522.16690.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via dbcf8e331966f6c05e37f601128724e4540402cd (commit) from 5fcfef49d9bad244d851985e7bc5c6b414086414 (commit) - Log ----------------------------------------------------------------- commit dbcf8e331966f6c05e37f601128724e4540402cd Author: Andy Polyakov Date: Tue May 26 09:47:16 2015 +0200 Configure: replace -mv8 with -mcpu=v8 in SPARC config lines. RT#3860 Reviewed-by: Matt Caswell (cherry picked from commit aa1e42215b6729c0143fb056e3791e3fcdf7af6a) ----------------------------------------------------------------------- Summary of changes: Configure | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Configure b/Configure index d7ecf97..60ec378 100755 --- a/Configure +++ b/Configure @@ -230,12 +230,12 @@ my %table=( #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups @@ -252,7 +252,7 @@ my %table=( #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", +"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. @@ -379,7 +379,7 @@ my %table=( #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -413,7 +413,7 @@ my %table=( "BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it From appro at openssl.org Tue May 26 08:25:33 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 08:25:33 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432628733.777253.16712.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 3ae6186564c7820547319b8003a442b38f64835c (commit) via aa1e42215b6729c0143fb056e3791e3fcdf7af6a (commit) from bec1093cced8c2e8b43f9bbc51992c86c1c567d4 (commit) - Log ----------------------------------------------------------------- commit 3ae6186564c7820547319b8003a442b38f64835c Author: Andy Polyakov Date: Tue May 26 09:47:35 2015 +0200 Housekeeping 'make TABLE' update. Reviewed-by: Matt Caswell commit aa1e42215b6729c0143fb056e3791e3fcdf7af6a Author: Andy Polyakov Date: Tue May 26 09:47:16 2015 +0200 Configure: replace -mv8 with -mcpu=v8 in SPARC config lines. RT#3860 Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: Configure | 10 +++--- TABLE | 118 +++++++++++++++++++++++++++++++------------------------------- 2 files changed, 64 insertions(+), 64 deletions(-) diff --git a/Configure b/Configure index 149e15c..7192677 100755 --- a/Configure +++ b/Configure @@ -240,12 +240,12 @@ my %table=( #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64", #### -"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with Sun C setups @@ -262,7 +262,7 @@ my %table=( #### SunOS configs, assuming sparc for the gcc one. #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::", -"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", +"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::", #### IRIX 5.x configs # -mips2 flag is added by ./config when appropriate. @@ -426,7 +426,7 @@ my %table=( #### SPARC Linux setups # Ray Miller has patiently # assisted with debugging of following two configs. -"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # it's a real mess with -mcpu=ultrasparc option under Linux, but # -Wa,-Av8plus should do the trick no matter what. "linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -461,7 +461,7 @@ my %table=( "BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it diff --git a/TABLE b/TABLE index dc3e139..29c94d6 100644 --- a/TABLE +++ b/TABLE @@ -36,7 +36,7 @@ $multilib = *** BS2000-OSD $cc = c89 -$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC +$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC $unistd = $thread_cflag = (unknown) $sys_id = @@ -70,7 +70,7 @@ $multilib = *** BSD-generic32 $cc = gcc -$cflags = -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -104,7 +104,7 @@ $multilib = *** BSD-generic64 $cc = gcc -$cflags = -DTERMIOS -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -138,7 +138,7 @@ $multilib = *** BSD-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -172,7 +172,7 @@ $multilib = *** BSD-sparc64 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall +$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -206,7 +206,7 @@ $multilib = *** BSD-sparcv8 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall +$cflags = -DB_ENDIAN -O3 -mcpu=v8 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -240,7 +240,7 @@ $multilib = *** BSD-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -274,7 +274,7 @@ $multilib = *** BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -308,7 +308,7 @@ $multilib = *** BSD-x86_64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -410,7 +410,7 @@ $multilib = *** DJGPP $cc = gcc -$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall +$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall $unistd = $thread_cflag = $sys_id = MSDOS @@ -546,7 +546,7 @@ $multilib = *** QNX6 $cc = gcc -$cflags = -DTERMIOS +$cflags = $unistd = $thread_cflag = $sys_id = @@ -580,7 +580,7 @@ $multilib = *** QNX6-i386 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -1600,7 +1600,7 @@ $multilib = *** debug-BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall -g +$cflags = -DL_ENDIAN -O3 -Wall -g $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -2348,7 +2348,7 @@ $multilib = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2416,7 +2416,7 @@ $multilib = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2450,7 +2450,7 @@ $multilib = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2484,7 +2484,7 @@ $multilib = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2518,7 +2518,7 @@ $multilib = *** debug-linux-generic32 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2586,7 +2586,7 @@ $multilib = *** debug-linux-ia32-aes $cc = gcc -$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2620,7 +2620,7 @@ $multilib = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2654,7 +2654,7 @@ $multilib = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2688,7 +2688,7 @@ $multilib = *** debug-linux-x86_64 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2790,7 +2790,7 @@ $multilib = *** debug-solaris-sparcv8-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3708,7 +3708,7 @@ $multilib = /pa20_64 *** hurd-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3776,7 +3776,7 @@ $multilib = *** irix-cc $cc = cc -$cflags = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN +$cflags = -O2 -use_readonly_const -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3810,7 +3810,7 @@ $multilib = *** irix-gcc $cc = gcc -$cflags = -O3 -DTERMIOS -DB_ENDIAN +$cflags = -O3 -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3844,7 +3844,7 @@ $multilib = *** irix-mips3-cc $cc = cc -$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3878,7 +3878,7 @@ $multilib = 32 *** irix-mips3-gcc $cc = gcc -$cflags = -mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3912,7 +3912,7 @@ $multilib = 32 *** irix64-mips4-cc $cc = cc -$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3946,7 +3946,7 @@ $multilib = 64 *** irix64-mips4-gcc $cc = gcc -$cflags = -mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3980,7 +3980,7 @@ $multilib = 64 *** linux-aarch64 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4014,7 +4014,7 @@ $multilib = *** linux-alpha+bwx-ccc $cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO +$cflags = -fast -readonly_strings -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4048,7 +4048,7 @@ $multilib = *** linux-alpha+bwx-gcc $cc = gcc -$cflags = -O3 -DL_ENDIAN -DTERMIO +$cflags = -O3 -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4082,7 +4082,7 @@ $multilib = *** linux-alpha-ccc $cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO +$cflags = -fast -readonly_strings -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4116,7 +4116,7 @@ $multilib = *** linux-alpha-gcc $cc = gcc -$cflags = -O3 -DL_ENDIAN -DTERMIO +$cflags = -O3 -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4150,7 +4150,7 @@ $multilib = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -4184,7 +4184,7 @@ $multilib = *** linux-armv4 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4218,7 +4218,7 @@ $multilib = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4252,7 +4252,7 @@ $multilib = *** linux-generic32 $cc = gcc -$cflags = -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4286,7 +4286,7 @@ $multilib = *** linux-generic64 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4320,7 +4320,7 @@ $multilib = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 +$cflags = -DL_ENDIAN -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4388,7 +4388,7 @@ $multilib = *** linux-ia64-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4422,7 +4422,7 @@ $multilib = *** linux-mips32 $cc = gcc -$cflags = -mabi=32 -DTERMIO -O3 -Wall -DBN_DIV3W +$cflags = -mabi=32 -O3 -Wall -DBN_DIV3W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4456,7 +4456,7 @@ $multilib = *** linux-mips64 $cc = gcc -$cflags = -mabi=n32 -DTERMIO -O3 -Wall -DBN_DIV3W +$cflags = -mabi=n32 -O3 -Wall -DBN_DIV3W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4490,7 +4490,7 @@ $multilib = 32 *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4524,7 +4524,7 @@ $multilib = *** linux-ppc64 $cc = gcc -$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4558,7 +4558,7 @@ $multilib = 64 *** linux-ppc64le $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4592,7 +4592,7 @@ $multilib = *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4626,7 +4626,7 @@ $multilib = *** linux-sparcv9 $cc = gcc -$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -4660,7 +4660,7 @@ $multilib = *** linux-x32 $cc = gcc -$cflags = -mx32 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -mx32 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4694,7 +4694,7 @@ $multilib = x32 *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4728,7 +4728,7 @@ $multilib = 64 *** linux-x86_64-clang $cc = clang -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Weverything -Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum -Qunused-arguments +$cflags = -m64 -DL_ENDIAN -O3 -Wall -Wextra -Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4762,7 +4762,7 @@ $multilib = 64 *** linux-x86_64-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 +$cflags = -DL_ENDIAN -O2 $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4796,7 +4796,7 @@ $multilib = 64 *** linux32-s390x $cc = gcc -$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4830,7 +4830,7 @@ $multilib = /highgprs *** linux64-mips64 $cc = gcc -$cflags = -mabi=64 -DTERMIO -O3 -Wall -DBN_DIV3W +$cflags = -mabi=64 -O3 -Wall -DBN_DIV3W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4864,7 +4864,7 @@ $multilib = 64 *** linux64-s390x $cc = gcc -$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4898,7 +4898,7 @@ $multilib = 64 *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -5748,7 +5748,7 @@ $multilib = *** solaris-sparcv8-gcc $cc = gcc -$cflags = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$cflags = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -6054,7 +6054,7 @@ $multilib = /64 *** sunos-gcc $cc = gcc -$cflags = -O3 -mv8 -Dssize_t=int +$cflags = -O3 -mcpu=v8 -Dssize_t=int $unistd = $thread_cflag = (unknown) $sys_id = SUNOS From matt at openssl.org Tue May 26 09:43:55 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 May 2015 09:43:55 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432633435.474029.29955.nullmailer@dev.openssl.org> The branch master has been updated via 9c89d290834f3ed9146eeb8b64fe5de817679a0b (commit) via 90e7cdff3aa66779486914f88333f6601f0c1cf4 (commit) via fc52ac9028b9492fb086ba35a3352ea46e03ecfc (commit) from f8a35ccc576b026e9ca0ccaedba3740627d67a04 (commit) - Log ----------------------------------------------------------------- commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b Author: Matt Caswell Date: Tue May 26 00:05:28 2015 +0100 Don't check for a negative SRP extension size The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: Richard Levitte commit 90e7cdff3aa66779486914f88333f6601f0c1cf4 Author: Matt Caswell Date: Tue May 26 00:02:57 2015 +0100 Fix error check in GOST engine The return value of i2d functions can be negative if an error occurs. Therefore don't assign the return value to an unsigned type and *then* check if it is negative. RT#3862 Reviewed-by: Richard Levitte commit fc52ac9028b9492fb086ba35a3352ea46e03ecfc Author: Matt Caswell Date: Mon May 25 23:57:41 2015 +0100 Handle unsigned struct timeval members The members of struct timeval on OpenVMS are unsigned. The logic for calculating timeouts needs adjusting to deal with this. RT#3862 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 13 +++++++------ engines/ccgost/gost94_keyx.c | 6 ++++-- ssl/t1_lib.c | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 58725a1..5eade50 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -305,16 +305,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Calculate time left until timer expires */ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - timeleft.tv_sec -= timenow.tv_sec; - timeleft.tv_usec -= timenow.tv_usec; - if (timeleft.tv_usec < 0) { + if (timeleft.tv_usec < timenow.tv_usec) { + timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; timeleft.tv_sec--; - timeleft.tv_usec += 1000000; + } else { + timeleft.tv_usec -= timenow.tv_usec; } - - if (timeleft.tv_sec < 0) { + if (timeleft.tv_sec < timenow.tv_sec) { timeleft.tv_sec = 0; timeleft.tv_usec = 1; + } else { + timeleft.tv_sec -= timenow.tv_sec; } /* diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c index db7d402..b529c8e 100644 --- a/engines/ccgost/gost94_keyx.c +++ b/engines/ccgost/gost94_keyx.c @@ -105,6 +105,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); gost_ctx cctx; int key_is_ephemeral = 1; + int tmp_outlen; EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); /* Do not use vizir cipher parameters with cryptopro */ @@ -175,12 +176,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); - if (*outlen <= 0) { + tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); + if (tmp_outlen <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; } + *outlen = tmp_outlen; if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index ce010ca..a161dcc 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2047,7 +2047,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } #ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size <= 0 || ((len = data[0])) != (size - 1)) { + if (size == 0 || ((len = data[0])) != (size - 1)) { *al = SSL_AD_DECODE_ERROR; return 0; } From matt at openssl.org Tue May 26 09:44:07 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 May 2015 09:44:07 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432633447.931344.30755.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via cdc47dcf195b309f48abf11a81b957cf697da162 (commit) via 9cab86ee0a12d640e5698a5a1995ad1583aac214 (commit) via e40d7c1f3a31fa614760f7a9b75ae40ece5ff8bd (commit) from 3ae6186564c7820547319b8003a442b38f64835c (commit) - Log ----------------------------------------------------------------- commit cdc47dcf195b309f48abf11a81b957cf697da162 Author: Matt Caswell Date: Tue May 26 00:05:28 2015 +0100 Don't check for a negative SRP extension size The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: Richard Levitte (cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b) commit 9cab86ee0a12d640e5698a5a1995ad1583aac214 Author: Matt Caswell Date: Tue May 26 00:02:57 2015 +0100 Fix error check in GOST engine The return value of i2d functions can be negative if an error occurs. Therefore don't assign the return value to an unsigned type and *then* check if it is negative. RT#3862 Reviewed-by: Richard Levitte (cherry picked from commit 90e7cdff3aa66779486914f88333f6601f0c1cf4) commit e40d7c1f3a31fa614760f7a9b75ae40ece5ff8bd Author: Matt Caswell Date: Mon May 25 23:57:41 2015 +0100 Handle unsigned struct timeval members The members of struct timeval on OpenVMS are unsigned. The logic for calculating timeouts needs adjusting to deal with this. RT#3862 Reviewed-by: Richard Levitte (cherry picked from commit fc52ac9028b9492fb086ba35a3352ea46e03ecfc) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 13 +++++++------ engines/ccgost/gost94_keyx.c | 6 ++++-- ssl/t1_lib.c | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index ac03a6d..dc4479f 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -303,16 +303,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Calculate time left until timer expires */ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - timeleft.tv_sec -= timenow.tv_sec; - timeleft.tv_usec -= timenow.tv_usec; - if (timeleft.tv_usec < 0) { + if (timeleft.tv_usec < timenow.tv_usec) { + timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; timeleft.tv_sec--; - timeleft.tv_usec += 1000000; + } else { + timeleft.tv_usec -= timenow.tv_usec; } - - if (timeleft.tv_sec < 0) { + if (timeleft.tv_sec < timenow.tv_sec) { timeleft.tv_sec = 0; timeleft.tv_usec = 1; + } else { + timeleft.tv_sec -= timenow.tv_sec; } /* diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c index 85f4bc8..ce57f17 100644 --- a/engines/ccgost/gost94_keyx.c +++ b/engines/ccgost/gost94_keyx.c @@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); gost_ctx cctx; int key_is_ephemeral = 1; + int tmp_outlen; EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); /* Do not use vizir cipher parameters with cryptopro */ @@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); - if (*outlen <= 0) { + tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); + if (tmp_outlen <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; } + *outlen = tmp_outlen; if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 8cde013..bf11f93 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2120,7 +2120,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, } # ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size <= 0 || ((len = data[0])) != (size - 1)) { + if (size == 0 || ((len = data[0])) != (size - 1)) { *al = SSL_AD_DECODE_ERROR; return 0; } From matt at openssl.org Tue May 26 09:44:19 2015 From: matt at openssl.org (Matt Caswell) Date: Tue, 26 May 2015 09:44:19 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432633459.497976.31017.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 029e8f3ac9d54133c37145ad8d86208f0ffa26fa (commit) via 28ea6ad61277a498c859eea75385b28629206f50 (commit) via 4ae1c7771d940981ba465788266cd4fc00a304c4 (commit) from dbcf8e331966f6c05e37f601128724e4540402cd (commit) - Log ----------------------------------------------------------------- commit 029e8f3ac9d54133c37145ad8d86208f0ffa26fa Author: Matt Caswell Date: Tue May 26 00:05:28 2015 +0100 Don't check for a negative SRP extension size The size of the SRP extension can never be negative (the variable |size| is unsigned). Therefore don't check if it is less than zero. RT#3862 Reviewed-by: Richard Levitte (cherry picked from commit 9c89d290834f3ed9146eeb8b64fe5de817679a0b) commit 28ea6ad61277a498c859eea75385b28629206f50 Author: Matt Caswell Date: Tue May 26 00:02:57 2015 +0100 Fix error check in GOST engine The return value of i2d functions can be negative if an error occurs. Therefore don't assign the return value to an unsigned type and *then* check if it is negative. RT#3862 Reviewed-by: Richard Levitte (cherry picked from commit 90e7cdff3aa66779486914f88333f6601f0c1cf4) commit 4ae1c7771d940981ba465788266cd4fc00a304c4 Author: Matt Caswell Date: Mon May 25 23:57:41 2015 +0100 Handle unsigned struct timeval members The members of struct timeval on OpenVMS are unsigned. The logic for calculating timeouts needs adjusting to deal with this. RT#3862 Reviewed-by: Richard Levitte (cherry picked from commit fc52ac9028b9492fb086ba35a3352ea46e03ecfc) ----------------------------------------------------------------------- Summary of changes: crypto/bio/bss_dgram.c | 13 +++++++------ engines/ccgost/gost94_keyx.c | 6 ++++-- ssl/t1_lib.c | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c index 8035213..e3e3dd0 100644 --- a/crypto/bio/bss_dgram.c +++ b/crypto/bio/bss_dgram.c @@ -299,16 +299,17 @@ static void dgram_adjust_rcv_timeout(BIO *b) /* Calculate time left until timer expires */ memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval)); - timeleft.tv_sec -= timenow.tv_sec; - timeleft.tv_usec -= timenow.tv_usec; - if (timeleft.tv_usec < 0) { + if (timeleft.tv_usec < timenow.tv_usec) { + timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec; timeleft.tv_sec--; - timeleft.tv_usec += 1000000; + } else { + timeleft.tv_usec -= timenow.tv_usec; } - - if (timeleft.tv_sec < 0) { + if (timeleft.tv_sec < timenow.tv_sec) { timeleft.tv_sec = 0; timeleft.tv_usec = 1; + } else { + timeleft.tv_sec -= timenow.tv_sec; } /* diff --git a/engines/ccgost/gost94_keyx.c b/engines/ccgost/gost94_keyx.c index 85f4bc8..ce57f17 100644 --- a/engines/ccgost/gost94_keyx.c +++ b/engines/ccgost/gost94_keyx.c @@ -104,6 +104,7 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, struct gost_pmeth_data *data = EVP_PKEY_CTX_get_data(ctx); gost_ctx cctx; int key_is_ephemeral = 1; + int tmp_outlen; EVP_PKEY *mykey = EVP_PKEY_CTX_get0_peerkey(ctx); /* Do not use vizir cipher parameters with cryptopro */ @@ -174,12 +175,13 @@ int pkey_GOST94cp_encrypt(EVP_PKEY_CTX *ctx, unsigned char *out, } ASN1_OBJECT_free(gkt->key_agreement_info->cipher); gkt->key_agreement_info->cipher = OBJ_nid2obj(param->nid); - *outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); - if (*outlen <= 0) { + tmp_outlen = i2d_GOST_KEY_TRANSPORT(gkt, out ? &out : NULL); + if (tmp_outlen <= 0) { GOSTerr(GOST_F_PKEY_GOST94CP_ENCRYPT, GOST_R_ERROR_PACKING_KEY_TRANSPORT_INFO); goto err; } + *outlen = tmp_outlen; if (!key_is_ephemeral) { /* Set control "public key from client certificate used" */ if (EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 3, NULL) <= diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 1ad2507..36ea9b0 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1134,7 +1134,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, } # ifndef OPENSSL_NO_SRP else if (type == TLSEXT_TYPE_srp) { - if (size <= 0 || ((len = data[0])) != (size - 1)) { + if (size == 0 || ((len = data[0])) != (size - 1)) { *al = SSL_AD_DECODE_ERROR; return 0; } From emilia at openssl.org Tue May 26 11:01:45 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 26 May 2015 11:01:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432638105.687551.12370.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via b6f33dce3b1ee563c0866654a9b5c44adc7b79b8 (commit) from cdc47dcf195b309f48abf11a81b957cf697da162 (commit) - Log ----------------------------------------------------------------- commit b6f33dce3b1ee563c0866654a9b5c44adc7b79b8 Author: Emilia Kasper Date: Fri May 22 18:35:50 2015 +0200 Fix ssltest to use 1024-bit DHE parameters Also add more ciphersuite test coverage, and a negative test for 512-bit DHE. Reviewed-by: Rich Salz (cherry picked from commit 1ee85aab75d7c9f20058f781bfe9222323df08eb) ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 20 +++++++++++--------- test/testssl | 38 ++++++++++++++++++++++++++++++++++---- 2 files changed, 45 insertions(+), 13 deletions(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 805da4c..6737adf 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -692,7 +692,9 @@ static void sv_usage(void) " -bytes - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); @@ -901,7 +903,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -981,19 +983,19 @@ int main(int argc, char *argv[]) debug = 1; else if (strcmp(*argv, "-reuse") == 0) reuse = 1; - else if (strcmp(*argv, "-dhe1024") == 0) { + else if (strcmp(*argv, "-dhe512") == 0) { #ifndef OPENSSL_NO_DH - dhe1024 = 1; + dhe512 = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe512, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-no_dhe") == 0) no_dhe = 1; @@ -1318,10 +1320,10 @@ int main(int argc, char *argv[]) */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); dh = get_dh1024dsa(); - } else if (dhe1024) - dh = get_dh1024(); - else + } else if (dhe512) dh = get_dh512(); + else + dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); } diff --git a/test/testssl b/test/testssl index 64e22b9..ddebf08 100644 --- a/test/testssl +++ b/test/testssl @@ -145,10 +145,9 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do +test_cipher() { + local cipher=$1 + local protocol=$2 echo "Testing $cipher" prot="" if [ $protocol = "SSLv3" ] ; then @@ -159,7 +158,38 @@ for protocol in TLSv1.2 SSLv3; do echo "Failed $cipher" exit 1 fi +} + +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol done + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo "skipping RSA+DHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + echo "testing connection with weak DH, expecting failure" + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi + fi + if ../util/shlib_wrap.sh ../apps/openssl no-ec; then + echo "skipping RSA+ECDHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + fi done ############################################################################# From emilia at openssl.org Tue May 26 11:01:45 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 26 May 2015 11:01:45 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432638105.570893.12349.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via 1ee85aab75d7c9f20058f781bfe9222323df08eb (commit) from 029e8f3ac9d54133c37145ad8d86208f0ffa26fa (commit) - Log ----------------------------------------------------------------- commit 1ee85aab75d7c9f20058f781bfe9222323df08eb Author: Emilia Kasper Date: Fri May 22 18:35:50 2015 +0200 Fix ssltest to use 1024-bit DHE parameters Also add more ciphersuite test coverage, and a negative test for 512-bit DHE. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/ssltest.c | 20 +++++++++++--------- test/testssl | 38 ++++++++++++++++++++++++++++++++++---- 2 files changed, 45 insertions(+), 13 deletions(-) diff --git a/ssl/ssltest.c b/ssl/ssltest.c index 8efbff7..6a0c293 100644 --- a/ssl/ssltest.c +++ b/ssl/ssltest.c @@ -336,7 +336,9 @@ static void sv_usage(void) " -bytes - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); @@ -531,7 +533,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_ECDH EC_KEY *ecdh = NULL; @@ -611,19 +613,19 @@ int main(int argc, char *argv[]) debug = 1; else if (strcmp(*argv, "-reuse") == 0) reuse = 1; - else if (strcmp(*argv, "-dhe1024") == 0) { + else if (strcmp(*argv, "-dhe512") == 0) { #ifndef OPENSSL_NO_DH - dhe1024 = 1; + dhe512 = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe512, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-no_dhe") == 0) no_dhe = 1; @@ -905,10 +907,10 @@ int main(int argc, char *argv[]) */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); dh = get_dh1024dsa(); - } else if (dhe1024) - dh = get_dh1024(); - else + } else if (dhe512) dh = get_dh512(); + else + dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); } diff --git a/test/testssl b/test/testssl index 9fb89a3..b9b86b3 100644 --- a/test/testssl +++ b/test/testssl @@ -119,10 +119,9 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do +test_cipher() { + local cipher=$1 + local protocol=$2 echo "Testing $cipher" prot="" if [ $protocol = "SSLv3" ] ; then @@ -133,7 +132,38 @@ for protocol in TLSv1.2 SSLv3; do echo "Failed $cipher" exit 1 fi +} + +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol done + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo "skipping RSA+DHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + echo "testing connection with weak DH, expecting failure" + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi + fi + if ../util/shlib_wrap.sh ../apps/openssl no-ec; then + echo "skipping RSA+ECDHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + fi done ############################################################################# From emilia at openssl.org Tue May 26 11:01:45 2015 From: emilia at openssl.org (Emilia Kasper) Date: Tue, 26 May 2015 11:01:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432638105.812462.12391.nullmailer@dev.openssl.org> The branch master has been updated via e8356e32aed70d139eae2d05aeaeb160509262aa (commit) from 9c89d290834f3ed9146eeb8b64fe5de817679a0b (commit) - Log ----------------------------------------------------------------- commit e8356e32aed70d139eae2d05aeaeb160509262aa Author: Emilia Kasper Date: Fri May 22 18:35:50 2015 +0200 Fix ssltest to use 1024-bit DHE parameters Also add more ciphersuite test coverage, and a negative test for 512-bit DHE. Reviewed-by: Rich Salz (cherry picked from commit 1ee85aab75d7c9f20058f781bfe9222323df08eb) ----------------------------------------------------------------------- Summary of changes: test/ssltest.c | 20 +++++++++++--------- test/testssl | 38 ++++++++++++++++++++++++++++++++++---- 2 files changed, 45 insertions(+), 13 deletions(-) diff --git a/test/ssltest.c b/test/ssltest.c index 136bf9a..f640d92 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -766,7 +766,9 @@ static void sv_usage(void) " -bytes - number of bytes to swap between client/server\n"); #ifndef OPENSSL_NO_DH fprintf(stderr, - " -dhe1024 - use 1024 bit key (safe prime) for DHE\n"); + " -dhe512 - use 512 bit key for DHE (to test failure)\n"); + fprintf(stderr, + " -dhe1024 - use 1024 bit key (safe prime) for DHE (default, no-op)\n"); fprintf(stderr, " -dhe1024dsa - use 1024 bit key (with 160-bit subprime) for DHE\n"); fprintf(stderr, " -no_dhe - disable DHE\n"); @@ -978,7 +980,7 @@ int main(int argc, char *argv[]) long bytes = 256L; #ifndef OPENSSL_NO_DH DH *dh; - int dhe1024 = 0, dhe1024dsa = 0; + int dhe512 = 0, dhe1024dsa = 0; #endif #ifndef OPENSSL_NO_EC EC_KEY *ecdh = NULL; @@ -1084,19 +1086,19 @@ int main(int argc, char *argv[]) debug = 1; else if (strcmp(*argv, "-reuse") == 0) reuse = 1; - else if (strcmp(*argv, "-dhe1024") == 0) { + else if (strcmp(*argv, "-dhe512") == 0) { #ifndef OPENSSL_NO_DH - dhe1024 = 1; + dhe512 = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe512, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-dhe1024dsa") == 0) { #ifndef OPENSSL_NO_DH dhe1024dsa = 1; #else fprintf(stderr, - "ignoring -dhe1024, since I'm compiled without DH\n"); + "ignoring -dhe1024dsa, since I'm compiled without DH\n"); #endif } else if (strcmp(*argv, "-no_dhe") == 0) no_dhe = 1; @@ -1473,10 +1475,10 @@ int main(int argc, char *argv[]) */ SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE); dh = get_dh1024dsa(); - } else if (dhe1024) - dh = get_dh1024(); - else + } else if (dhe512) dh = get_dh512(); + else + dh = get_dh1024(); SSL_CTX_set_tmp_dh(s_ctx, dh); DH_free(dh); } diff --git a/test/testssl b/test/testssl index 367807b..2998b73 100644 --- a/test/testssl +++ b/test/testssl @@ -118,10 +118,9 @@ $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 -echo "Testing ciphersuites" -for protocol in TLSv1.2 SSLv3; do - echo "Testing ciphersuites for $protocol" - for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do +test_cipher() { + local cipher=$1 + local protocol=$2 echo "Testing $cipher" prot="" if [ $protocol = "SSLv3" ] ; then @@ -132,7 +131,38 @@ for protocol in TLSv1.2 SSLv3; do echo "Failed $cipher" exit 1 fi +} + +echo "Testing ciphersuites" +for protocol in TLSv1.2 SSLv3; do + echo "Testing ciphersuites for $protocol" + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do + test_cipher $cipher $protocol done + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + echo "skipping RSA+DHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + echo "testing connection with weak DH, expecting failure" + if [ $protocol = "SSLv3" ] ; then + $ssltest -cipher EDH -dhe512 -ssl3 + else + $ssltest -cipher EDH -dhe512 + fi + if [ $? -eq 0 ]; then + echo "FAIL: connection with weak DH succeeded" + exit 1 + fi + fi + if ../util/shlib_wrap.sh ../apps/openssl no-ec; then + echo "skipping RSA+ECDHE tests" + else + for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EECDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do + test_cipher $cipher $protocol + done + fi done ############################################################################# From steve at openssl.org Tue May 26 12:27:21 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Tue, 26 May 2015 12:27:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432643241.932773.25036.nullmailer@dev.openssl.org> The branch master has been updated via f2e19cb15e3d68c748ce3dc2b791be9a2fc14fd3 (commit) via 0ceb8b74f50066a4bfa55227bc741e3259f7df43 (commit) via 6355d31538fb3d50ba34210e6514cfac1c627243 (commit) via fef034f85ea8b533423d4102cb8f83ef0ac24154 (commit) via 764ca96c953b4bcc23a390a1f68dbcad81a2b12f (commit) via 351fe21402496dfdb2673a610162519b80991665 (commit) from e8356e32aed70d139eae2d05aeaeb160509262aa (commit) - Log ----------------------------------------------------------------- commit f2e19cb15e3d68c748ce3dc2b791be9a2fc14fd3 Author: Dr. Stephen Henson Date: Thu May 21 16:33:35 2015 +0100 make update Reviewed-by: Rich Salz commit 0ceb8b74f50066a4bfa55227bc741e3259f7df43 Author: Dr. Stephen Henson Date: Thu May 21 14:17:32 2015 +0100 scrypt in pkcs8 util Add support for PKCS#8 private key encryption using the scrypt algorithm in the pkcs8 utility. Update documentation. Reviewed-by: Rich Salz commit 6355d31538fb3d50ba34210e6514cfac1c627243 Author: Dr. Stephen Henson Date: Thu May 21 00:37:39 2015 +0100 Add function PKCS8_set0_pbe This adds a new function which will encrypt a private key using PKCS#8 based on an X509_ALGOR structure and reimplements PKCS8_encrypt to use it. Update pkcs8 utlity to use PKCS8_set0_pbe. Reviewed-by: Rich Salz commit fef034f85ea8b533423d4102cb8f83ef0ac24154 Author: Dr. Stephen Henson Date: Thu May 21 01:16:31 2015 +0100 Error if memory limit exceeded. Set a specific error if the parameters are otherwise valid but exceed the memory limit. Reviewed-by: Rich Salz commit 764ca96c953b4bcc23a390a1f68dbcad81a2b12f Author: Dr. Stephen Henson Date: Thu May 21 01:15:51 2015 +0100 Fix memory leak. Reviewed-by: Rich Salz commit 351fe21402496dfdb2673a610162519b80991665 Author: Dr. Stephen Henson Date: Fri May 22 17:17:21 2015 +0100 Add PBE tests. Add support for PKCS#12 and PBKDF2 password based encryption tests. Add additional test data. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: apps/pkcs8.c | 53 ++++++++++++++-- crypto/evp/Makefile | 3 +- crypto/evp/evp_err.c | 2 + crypto/evp/scrypt.c | 5 +- crypto/pkcs12/p12_decr.c | 4 +- crypto/pkcs12/p12_p8e.c | 49 +++++++++------ crypto/pkcs12/pk12err.c | 3 +- doc/apps/pkcs8.pod | 15 +++++ include/openssl/evp.h | 2 + include/openssl/pkcs12.h | 3 + test/Makefile | 10 +-- test/evp_test.c | 110 ++++++++++++++++++++++++++------- test/evptests.txt | 156 +++++++++++++++++++++++++++++++++++++++++++++++ util/libeay.num | 1 + 14 files changed, 360 insertions(+), 56 deletions(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 55c4eea..b4af160 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -68,7 +68,8 @@ typedef enum OPTION_choice { OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT, OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT, OPT_NOOCT, OPT_NSDB, OPT_EMBED, - OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT + OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT, + OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P } OPTION_CHOICE; OPTIONS pkcs8_options[] = { @@ -93,6 +94,10 @@ OPTIONS pkcs8_options[] = { #ifndef OPENSSL_NO_ENGINE {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"}, #endif + {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"}, + {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"}, + {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"}, + {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"}, {NULL} }; @@ -110,6 +115,7 @@ int pkcs8_main(int argc, char **argv) OPTION_CHOICE o; int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK; int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; + uint64_t scrypt_N = 0, scrypt_r = 0, scrypt_p = 0; prog = opt_init(argc, argv, pkcs8_options); while ((o = opt_next()) != OPT_EOF) { @@ -188,6 +194,25 @@ int pkcs8_main(int argc, char **argv) case OPT_ENGINE: e = setup_engine(opt_arg(), 0); break; + case OPT_SCRYPT: + scrypt_N = 1024; + scrypt_r = 8; + scrypt_p = 16; + if (cipher == NULL) + cipher = EVP_aes_256_cbc(); + break; + case OPT_SCRYPT_N: + if (!opt_ulong(opt_arg(), &scrypt_N)) + goto opthelp; + break; + case OPT_SCRYPT_R: + if (!opt_ulong(opt_arg(), &scrypt_r)) + goto opthelp; + break; + case OPT_SCRYPT_P: + if (!opt_ulong(opt_arg(), &scrypt_p)) + goto opthelp; + break; } } argc = opt_num_rest(); @@ -226,18 +251,36 @@ int pkcs8_main(int argc, char **argv) goto end; } } else { + X509_ALGOR *pbe; + if (cipher) { + if (scrypt_N && scrypt_r && scrypt_p) + pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL, + scrypt_N, scrypt_r, scrypt_p); + else + pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL, + pbe_nid); + } else { + pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0); + } + if (pbe == NULL) { + BIO_printf(bio_err, "Error setting PBE algorithm\n"); + ERR_print_errors(bio_err); + goto end; + } if (passout) p8pass = passout; else { p8pass = pass; if (EVP_read_pw_string - (pass, sizeof pass, "Enter Encryption Password:", 1)) + (pass, sizeof pass, "Enter Encryption Password:", 1)) { + X509_ALGOR_free(pbe); goto end; + } } app_RAND_load_file(NULL, 0); - if ((p8 = PKCS8_encrypt(pbe_nid, cipher, - p8pass, strlen(p8pass), - NULL, 0, iter, p8inf)) == NULL) { + p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe); + if (p8 == NULL) { + X509_ALGOR_free(pbe); BIO_printf(bio_err, "Error encrypting key\n"); ERR_print_errors(bio_err); goto end; diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile index c23c39a..1a65b46 100644 --- a/crypto/evp/Makefile +++ b/crypto/evp/Makefile @@ -772,7 +772,8 @@ pmeth_lib.o: ../include/internal/cryptlib.h ../include/internal/evp_int.h pmeth_lib.o: pmeth_lib.c scrypt.o: ../../include/internal/numbers.h ../../include/openssl/asn1.h scrypt.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h -scrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h +scrypt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +scrypt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h scrypt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h scrypt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h scrypt.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 00c9386..d718b60 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -100,6 +100,7 @@ static ERR_STRING_DATA EVP_str_functs[] = { {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"}, + {ERR_FUNC(EVP_F_EVP_PBE_SCRYPT), "EVP_PBE_scrypt"}, {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"}, {ERR_FUNC(EVP_F_EVP_PKCS82PKEY_BROKEN), "EVP_PKCS82PKEY_BROKEN"}, {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"}, @@ -197,6 +198,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, + {ERR_REASON(EVP_R_MEMORY_LIMIT_EXCEEDED), "memory limit exceeded"}, {ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL), "message digest is null"}, {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED), "method not supported"}, {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"}, diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c index 971d53e..09dfdf2 100644 --- a/crypto/evp/scrypt.c +++ b/crypto/evp/scrypt.c @@ -61,6 +61,7 @@ #include #include #include +#include #include #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) @@ -255,8 +256,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; - if (Blen + Vlen > maxmem) + if (Blen + Vlen > maxmem) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } /* If no key return to indicate parameters are OK */ if (key == NULL) diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c index f19830c..8996b9e 100644 --- a/crypto/pkcs12/p12_decr.c +++ b/crypto/pkcs12/p12_decr.c @@ -75,7 +75,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, int passlen, unsigned char *in, int inlen, unsigned char **data, int *datalen, int en_de) { - unsigned char *out; + unsigned char *out = NULL; int outlen, i; EVP_CIPHER_CTX ctx; @@ -85,7 +85,7 @@ unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, algor->parameter, &ctx, en_de)) { PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); - return NULL; + goto err; } if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx))) diff --git a/crypto/pkcs12/p12_p8e.c b/crypto/pkcs12/p12_p8e.c index 46ed78a..552f2f0 100644 --- a/crypto/pkcs12/p12_p8e.c +++ b/crypto/pkcs12/p12_p8e.c @@ -66,14 +66,9 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8inf) { - X509_SIG *p8; + X509_SIG *p8 = NULL; X509_ALGOR *pbe; - if ((p8 = X509_SIG_new()) == NULL) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); - goto err; - } - if (pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) @@ -84,22 +79,40 @@ X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, } if (!pbe) { PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB); - goto err; + return NULL; } - X509_ALGOR_free(p8->algor); - p8->algor = pbe; - ASN1_OCTET_STRING_free(p8->digest); - p8->digest = + p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe); + if (p8 == NULL) { + X509_ALGOR_free(pbe); + return NULL; + } + + return p8; +} + +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) +{ + X509_SIG *p8; + ASN1_OCTET_STRING *enckey; + + enckey = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass, passlen, p8inf, 1); - if (!p8->digest) { - PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); - goto err; + if (!enckey) { + PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR); + return NULL; } - return p8; + if (!(p8 = X509_SIG_new())) { + PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE); + ASN1_OCTET_STRING_free(enckey); + return NULL; + } + X509_ALGOR_free(p8->algor); + ASN1_OCTET_STRING_free(p8->digest); + p8->algor = pbe; + p8->digest = enckey; - err: - X509_SIG_free(p8); - return NULL; + return p8; } diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index e58710b..4e6c7dd 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -1,6 +1,6 @@ /* crypto/pkcs12/pk12err.c */ /* ==================================================================== - * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -101,6 +101,7 @@ static ERR_STRING_DATA PKCS12_str_functs[] = { {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"}, {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"}, {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"}, + {ERR_FUNC(PKCS12_F_PKCS8_SET0_PBE), "PKCS8_set0_pbe"}, {0, NULL} }; diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index e946cbd..44c27f1 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -24,6 +24,10 @@ B B [B<-v2prf alg>] [B<-v1 alg>] [B<-engine id>] +[B<-scrypt>] +[B<-scrypt_N N>] +[B<-scrypt_r r>] +[B<-scrypt_p p>] =head1 DESCRIPTION @@ -144,6 +148,17 @@ to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +=item B<-scrypt> + +uses the B algorithm for private key encryption using default +parameters: currently N=1024, r=8 and p=16 and AES in CBC mode with a 256 bit +key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>, +B<-scrypt_p> and B<-v2> options. + +B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p> + +sets the scrypt B, B or B
parameters. + =back =head1 NOTES diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 3a4bcbd..dd4d701 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1447,6 +1447,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_PBE_ALG_ADD 115 # define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 # define EVP_F_EVP_PBE_CIPHERINIT 116 +# define EVP_F_EVP_PBE_SCRYPT 181 # define EVP_F_EVP_PKCS82PKEY 111 # define EVP_F_EVP_PKCS82PKEY_BROKEN 136 # define EVP_F_EVP_PKEY2PKCS8_BROKEN 113 @@ -1538,6 +1539,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_INVALID_OPERATION 148 # define EVP_R_IV_TOO_LARGE 102 # define EVP_R_KEYGEN_FAILURE 120 +# define EVP_R_MEMORY_LIMIT_EXCEEDED 172 # define EVP_R_MESSAGE_DIGEST_IS_NULL 159 # define EVP_R_METHOD_NOT_SUPPORTED 144 # define EVP_R_MISSING_PARAMETERS 103 diff --git a/include/openssl/pkcs12.h b/include/openssl/pkcs12.h index e58e55c..ba8b944 100644 --- a/include/openssl/pkcs12.h +++ b/include/openssl/pkcs12.h @@ -182,6 +182,8 @@ PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); +X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, + PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, int passlen, unsigned char *salt, int saltlen, int iter, @@ -309,6 +311,7 @@ void ERR_load_PKCS12_strings(void); # define PKCS12_F_PKCS12_VERIFY_MAC 126 # define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 # define PKCS12_F_PKCS8_ENCRYPT 125 +# define PKCS12_F_PKCS8_SET0_PBE 132 /* Reason codes. */ # define PKCS12_R_CANT_PACK_STRUCTURE 100 diff --git a/test/Makefile b/test/Makefile index 86a251f..99b999a 100644 --- a/test/Makefile +++ b/test/Makefile @@ -701,11 +701,11 @@ evp_test.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h evp_test.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h evp_test.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h evp_test.o: ../include/openssl/pem.h ../include/openssl/pem2.h -evp_test.o: ../include/openssl/pkcs7.h ../include/openssl/safestack.h -evp_test.o: ../include/openssl/sha.h ../include/openssl/stack.h -evp_test.o: ../include/openssl/symhacks.h ../include/openssl/x509.h -evp_test.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h -evp_test.o: evp_test.c +evp_test.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h +evp_test.o: ../include/openssl/safestack.h ../include/openssl/sha.h +evp_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h +evp_test.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h +evp_test.o: ../include/openssl/x509v3.h evp_test.c exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h diff --git a/test/evp_test.c b/test/evp_test.c index e0e4857..90441f3 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -60,6 +60,7 @@ #include #include #include +#include #include "internal/numbers.h" /* Remove spaces from beginning and end of a string */ @@ -1283,6 +1284,8 @@ static const struct evp_test_method pverify_test_method = { /* PBE tests */ #define PBE_TYPE_SCRYPT 1 +#define PBE_TYPE_PBKDF2 2 +#define PBE_TYPE_PKCS12 3 struct pbe_data { @@ -1291,6 +1294,10 @@ struct pbe_data { /* scrypt parameters */ uint64_t N, r, p, maxmem; + /* PKCS#12 parameters */ + int id, iter; + const EVP_MD *md; + /* password */ unsigned char *pass; size_t pass_len; @@ -1308,6 +1315,7 @@ static int scrypt_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct pbe_data *pdata = t->data; + if (strcmp(keyword, "N") == 0) return test_uint64(value, &pdata->N); if (strcmp(keyword, "p") == 0) @@ -1319,36 +1327,51 @@ static int scrypt_test_parse(struct evp_test *t, return 0; } -static int scrypt_test_run(struct evp_test *t) +static int pbkdf2_test_parse(struct evp_test *t, + const char *keyword, const char *value) { struct pbe_data *pdata = t->data; - const char *err = "INTERNAL_ERROR"; - unsigned char *key; - key = OPENSSL_malloc(pdata->key_len); - if (!key) - goto err; - err = "SCRYPT_ERROR"; - if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, - pdata->salt, pdata->salt_len, - pdata->N, pdata->r, pdata->p, pdata->maxmem, - key, pdata->key_len) == 0) - goto err; - err = "KEY_MISMATCH"; - if (check_output(t, pdata->key, key, pdata->key_len)) - goto err; - err = NULL; - err: - OPENSSL_free(key); - t->err = err; - return 1; + + if (strcmp(keyword, "iter") == 0) { + pdata->iter = atoi(value); + if (pdata->iter <= 0) + return 0; + return 1; + } + if (strcmp(keyword, "MD") == 0) { + pdata->md = EVP_get_digestbyname(value); + if (pdata->md == NULL) + return 0; + return 1; + } + return 0; +} + +static int pkcs12_test_parse(struct evp_test *t, + const char *keyword, const char *value) +{ + struct pbe_data *pdata = t->data; + + if (strcmp(keyword, "id") == 0) { + pdata->id = atoi(value); + if (pdata->id <= 0) + return 0; + return 1; + } + return pbkdf2_test_parse(t, keyword, value); } static int pbe_test_init(struct evp_test *t, const char *alg) { struct pbe_data *pdat; int pbe_type = 0; + if (strcmp(alg, "scrypt") == 0) pbe_type = PBE_TYPE_SCRYPT; + else if (strcmp(alg, "pbkdf2") == 0) + pbe_type = PBE_TYPE_PBKDF2; + else if (strcmp(alg, "pkcs12") == 0) + pbe_type = PBE_TYPE_PKCS12; else fprintf(stderr, "Unknown pbe algorithm %s\n", alg); pdat = OPENSSL_malloc(sizeof(*pdat)); @@ -1359,6 +1382,9 @@ static int pbe_test_init(struct evp_test *t, const char *alg) pdat->r = 0; pdat->p = 0; pdat->maxmem = 0; + pdat->id = 0; + pdat->iter = 0; + pdat->md = NULL; t->data = pdat; return 1; } @@ -1375,6 +1401,7 @@ static int pbe_test_parse(struct evp_test *t, const char *keyword, const char *value) { struct pbe_data *pdata = t->data; + if (strcmp(keyword, "Password") == 0) return test_bin(value, &pdata->pass, &pdata->pass_len); if (strcmp(keyword, "Salt") == 0) @@ -1383,15 +1410,52 @@ static int pbe_test_parse(struct evp_test *t, return test_bin(value, &pdata->key, &pdata->key_len); if (pdata->pbe_type == PBE_TYPE_SCRYPT) return scrypt_test_parse(t, keyword, value); + else if (pdata->pbe_type == PBE_TYPE_PBKDF2) + return pbkdf2_test_parse(t, keyword, value); + else if (pdata->pbe_type == PBE_TYPE_PKCS12) + return pkcs12_test_parse(t, keyword, value); return 0; } static int pbe_test_run(struct evp_test *t) { struct pbe_data *pdata = t->data; - if (pdata->pbe_type == PBE_TYPE_SCRYPT) - return scrypt_test_run(t); - return 0; + const char *err = "INTERNAL_ERROR"; + unsigned char *key; + + key = OPENSSL_malloc(pdata->key_len); + if (!key) + goto err; + if (pdata->pbe_type == PBE_TYPE_PBKDF2) { + err = "PBKDF2_ERROR"; + if (PKCS5_PBKDF2_HMAC((char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->iter, pdata->md, + pdata->key_len, key) == 0) + goto err; + } else if (pdata->pbe_type == PBE_TYPE_SCRYPT) { + err = "SCRYPT_ERROR"; + if (EVP_PBE_scrypt((const char *)pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->N, pdata->r, pdata->p, pdata->maxmem, + key, pdata->key_len) == 0) + goto err; + } else if (pdata->pbe_type == PBE_TYPE_PKCS12) { + err = "PKCS12_ERROR"; + if (PKCS12_key_gen_uni(pdata->pass, pdata->pass_len, + pdata->salt, pdata->salt_len, + pdata->id, pdata->iter, pdata->key_len, + key, pdata->md) == 0) + goto err; + } + err = "KEY_MISMATCH"; + if (check_output(t, pdata->key, key, pdata->key_len)) + goto err; + err = NULL; + err: + OPENSSL_free(key); + t->err = err; + return 1; } static const struct evp_test_method pbe_test_method = { diff --git a/test/evptests.txt b/test/evptests.txt index db63362..a4faba7 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2353,3 +2353,159 @@ p = 1 Key = 2101cb9b6a511aaeaddbbe09cf70f881ec568d574a2ffd4dabe5ee9820adaa478e56fd8f4ba5d09ffa1c6d927c40f4c337304049e8a952fbcbf45c6fa77a41a4 #maxmem = 10000000000 Result = SCRYPT_ERROR + +# PKCS#12 tests + +PBE = pkcs12 +id = 1 +iter = 1 +MD = SHA1 +Password = 0073006D006500670000 +Salt = 0A58CF64530D823F +Key = 8AAAE6297B6CB04642AB5B077851284EB7128F1A2A7FBCA3 + +PBE = pkcs12 +id = 2 +iter = 1 +MD = SHA1 +Password = 0073006D006500670000 +Salt = 0A58CF64530D823F +Key = 79993DFE048D3B76 + +PBE = pkcs12 +id = 3 +iter 1 +MD = SHA1 +Password = 0073006D006500670000 +Salt = 3D83C0E4546AC140 +Key = 8D967D88F6CAA9D714800AB3D48051D63F73A312 + +PBE = pkcs12 +id = 1 +iter = 1000 +MD = SHA1 +Password = 007100750065006500670000 +Salt = 1682C0FC5B3F7EC5 +Key = 483DD6E919D7DE2E8E648BA8F862F3FBFBDC2BCB2C02957F + +PBE = pkcs12 +id = 2 +iter = 1000 +MD = SHA1 +Password = 007100750065006500670000 +Salt = 1682C0FC5B3F7EC5 +Key = 9D461D1B00355C50 + +PBE = pkcs12 +id = 3 +iter = 1000 +MD = SHA1 +Password = 007100750065006500670000 +Salt = 263216FCC2FAB31C +Key = 5EC4C7A80DF652294C3925B6489A7AB857C83476 + +# PBKDF2 tests from p5_crpt2_test.c +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 1 +MD = sha1 +Key = 0c60c80f961f0e71f3a9b524af6012062fe037a6 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 1 +MD = sha256 +Key = 120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 1 +MD = sha512 +Key = 867f70cf1ade02cff3752599a3a53dc4af34c7a669815ae5d513554e1c8cf252c02d470a285a0501bad999bfe943c08f050235d7d68b1da55e63f73b60a57fce + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 2 +MD = sha1 +Key = ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 2 +MD = sha256 +Key = ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 2 +MD = sha512 +Key = e1d9c16aa681708a45f5c7c4e215ceb66e011a2e9f0040713f18aefdb866d53cf76cab2868a39b9f7840edce4fef5a82be67335c77a6068e04112754f27ccf4e + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha1 +Key = 4b007901b765489abead49d926f721d065a429c1 + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha256 +Key = c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a + +PBE = pbkdf2 +Password = "password" +Salt = "salt" +iter = 4096 +MD = sha512 +Key = d197b1b33db0143e018b12f3d1d1479e6cdebdcc97c5c0f87f6902e072f457b5143f30602641b3d55cd335988cb36b84376060ecd532e039b742a239434af2d5 + +PBE = pbkdf2 +Password = "passwordPASSWORDpassword" +Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt" +iter = 4096 +MD = sha1 +Key = 3d2eec4fe41c849b80c8d83662c0e44a8b291a964cf2f07038 + +PBE = pbkdf2 +Password = "passwordPASSWORDpassword" +Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt" +iter = 4096 +MD = sha256 +Key = 348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9 + +PBE = pbkdf2 +Password = "passwordPASSWORDpassword" +Salt = "saltSALTsaltSALTsaltSALTsaltSALTsalt" +iter = 4096 +MD = sha512 +Key = 8c0511f4c6e597c6ac6315d8f0362e225f3c501495ba23b868c005174dc4ee71115b59f9e60cd9532fa33e0f75aefe30225c583a186cd82bd4daea9724a3d3b8 + +PBE = pbkdf2 +Password = 7061737300776f7264 +Salt = 7361006c74 +iter = 4096 +MD = sha1 +Key = 56fa6aa75548099dcc37d7f03425e0c3 + +PBE = pbkdf2 +Password = 7061737300776f7264 +Salt = 7361006c74 +iter = 4096 +MD = sha256 +Key = 89b69d0516f829893c696226650a8687 + +PBE = pbkdf2 +Password = 7061737300776f7264 +Salt = 7361006c74 +iter = 4096 +MD = sha512 +Key = 9d9e9c4cd21fe4be24d5b8244c759665 diff --git a/util/libeay.num b/util/libeay.num index 9d0213c..27460f0 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4570,3 +4570,4 @@ PKCS5_v2_scrypt_keyivgen 4928 EXIST::FUNCTION: ASN1_INTEGER_get_uint64 4929 EXIST::FUNCTION: ASN1_INTEGER_set_uint64 4930 EXIST::FUNCTION: PKCS5_pbe2_set_scrypt 4931 EXIST::FUNCTION: +PKCS8_set0_pbe 4932 EXIST::FUNCTION: From appro at openssl.org Tue May 26 19:56:40 2015 From: appro at openssl.org (Andy Polyakov) Date: Tue, 26 May 2015 19:56:40 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432670200.988950.9066.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via df00b6eb5e86870e0e7f2029038f027c5359a9da (commit) from 1ee85aab75d7c9f20058f781bfe9222323df08eb (commit) - Log ----------------------------------------------------------------- commit df00b6eb5e86870e0e7f2029038f027c5359a9da Author: Andy Polyakov Date: Tue May 26 10:36:56 2015 +0200 Housekeeping 'make TABLE' update. Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: TABLE | 108 +++++++++++++++++++++++++++++++++--------------------------------- 1 file changed, 54 insertions(+), 54 deletions(-) diff --git a/TABLE b/TABLE index b8f26af..ad3af97 100644 --- a/TABLE +++ b/TABLE @@ -35,7 +35,7 @@ $multilib = *** BS2000-OSD $cc = c89 -$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC +$cflags = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC $unistd = $thread_cflag = (unknown) $sys_id = @@ -68,7 +68,7 @@ $multilib = *** BSD-generic32 $cc = gcc -$cflags = -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -101,7 +101,7 @@ $multilib = *** BSD-generic64 $cc = gcc -$cflags = -DTERMIOS -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -134,7 +134,7 @@ $multilib = *** BSD-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -167,7 +167,7 @@ $multilib = *** BSD-sparc64 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall +$cflags = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -200,7 +200,7 @@ $multilib = *** BSD-sparcv8 $cc = gcc -$cflags = -DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall +$cflags = -DB_ENDIAN -O3 -mcpu=v8 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -233,7 +233,7 @@ $multilib = *** BSD-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -266,7 +266,7 @@ $multilib = *** BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -299,7 +299,7 @@ $multilib = *** BSD-x86_64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -398,7 +398,7 @@ $multilib = *** DJGPP $cc = gcc -$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall +$cflags = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall $unistd = $thread_cflag = $sys_id = MSDOS @@ -530,7 +530,7 @@ $multilib = *** QNX6 $cc = gcc -$cflags = -DTERMIOS +$cflags = $unistd = $thread_cflag = $sys_id = @@ -563,7 +563,7 @@ $multilib = *** QNX6-i386 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O2 -Wall +$cflags = -DL_ENDIAN -O2 -Wall $unistd = $thread_cflag = $sys_id = @@ -1520,7 +1520,7 @@ $multilib = *** debug-BSD-x86-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -Wall -g +$cflags = -DL_ENDIAN -O3 -Wall -g $unistd = $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT $sys_id = @@ -2213,7 +2213,7 @@ $multilib = *** debug-levitte-linux-elf-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2279,7 +2279,7 @@ $multilib = *** debug-levitte-linux-noasm-extreme $cc = gcc -$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe +$cflags = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2312,7 +2312,7 @@ $multilib = *** debug-linux-elf $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2345,7 +2345,7 @@ $multilib = *** debug-linux-elf-noefence $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2378,7 +2378,7 @@ $multilib = *** debug-linux-generic32 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2411,7 +2411,7 @@ $multilib = *** debug-linux-generic64 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2444,7 +2444,7 @@ $multilib = *** debug-linux-ia32-aes $cc = gcc -$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2477,7 +2477,7 @@ $multilib = *** debug-linux-pentium $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2510,7 +2510,7 @@ $multilib = *** debug-linux-ppro $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2543,7 +2543,7 @@ $multilib = *** debug-linux-x86_64 $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -2642,7 +2642,7 @@ $multilib = *** debug-solaris-sparcv8-gcc $cc = gcc -$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN +$cflags = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3566,7 +3566,7 @@ $multilib = /pa20_64 *** hurd-x86 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3632,7 +3632,7 @@ $multilib = *** irix-cc $cc = cc -$cflags = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN +$cflags = -O2 -use_readonly_const -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3665,7 +3665,7 @@ $multilib = *** irix-gcc $cc = gcc -$cflags = -O3 -DTERMIOS -DB_ENDIAN +$cflags = -O3 -DB_ENDIAN $unistd = $thread_cflag = (unknown) $sys_id = @@ -3698,7 +3698,7 @@ $multilib = *** irix-mips3-cc $cc = cc -$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3731,7 +3731,7 @@ $multilib = 32 *** irix-mips3-gcc $cc = gcc -$cflags = -mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3764,7 +3764,7 @@ $multilib = 32 *** irix64-mips4-cc $cc = cc -$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3797,7 +3797,7 @@ $multilib = 64 *** irix64-mips4-gcc $cc = gcc -$cflags = -mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W +$cflags = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W $unistd = $thread_cflag = -D_SGI_MP_SOURCE $sys_id = @@ -3830,7 +3830,7 @@ $multilib = 64 *** linux-alpha+bwx-ccc $cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO +$cflags = -fast -readonly_strings -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3863,7 +3863,7 @@ $multilib = *** linux-alpha+bwx-gcc $cc = gcc -$cflags = -O3 -DL_ENDIAN -DTERMIO +$cflags = -O3 -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3896,7 +3896,7 @@ $multilib = *** linux-alpha-ccc $cc = ccc -$cflags = -fast -readonly_strings -DL_ENDIAN -DTERMIO +$cflags = -fast -readonly_strings -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3929,7 +3929,7 @@ $multilib = *** linux-alpha-gcc $cc = gcc -$cflags = -O3 -DL_ENDIAN -DTERMIO +$cflags = -O3 -DL_ENDIAN $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -3962,7 +3962,7 @@ $multilib = *** linux-aout $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall $unistd = $thread_cflag = (unknown) $sys_id = @@ -3995,7 +3995,7 @@ $multilib = *** linux-armv4 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4028,7 +4028,7 @@ $multilib = *** linux-elf $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4061,7 +4061,7 @@ $multilib = *** linux-generic32 $cc = gcc -$cflags = -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4094,7 +4094,7 @@ $multilib = *** linux-generic64 $cc = gcc -$cflags = -DTERMIO -O3 -Wall +$cflags = -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4127,7 +4127,7 @@ $multilib = *** linux-ia32-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 -no_cpprt +$cflags = -DL_ENDIAN -O2 -no_cpprt $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4160,7 +4160,7 @@ $multilib = *** linux-ia64 $cc = gcc -$cflags = -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4193,7 +4193,7 @@ $multilib = *** linux-ia64-ecc $cc = ecc -$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt +$cflags = -DL_ENDIAN -O2 -Wall -no_cpprt $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4226,7 +4226,7 @@ $multilib = *** linux-ia64-icc $cc = icc -$cflags = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt +$cflags = -DL_ENDIAN -O2 -Wall -no_cpprt $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4259,7 +4259,7 @@ $multilib = *** linux-ppc $cc = gcc -$cflags = -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4292,7 +4292,7 @@ $multilib = *** linux-ppc64 $cc = gcc -$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4325,7 +4325,7 @@ $multilib = 64 *** linux-sparcv8 $cc = gcc -$cflags = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W +$cflags = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4358,7 +4358,7 @@ $multilib = *** linux-sparcv9 $cc = gcc -$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W +$cflags = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -4391,7 +4391,7 @@ $multilib = *** linux-x86_64 $cc = gcc -$cflags = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DL_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4424,7 +4424,7 @@ $multilib = 64 *** linux32-s390x $cc = gcc -$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4457,7 +4457,7 @@ $multilib = /highgprs *** linux64-s390x $cc = gcc -$cflags = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall +$cflags = -m64 -DB_ENDIAN -O3 -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -4490,7 +4490,7 @@ $multilib = 64 *** linux64-sparcv9 $cc = gcc -$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall +$cflags = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall $unistd = $thread_cflag = -D_REENTRANT $sys_id = ULTRASPARC @@ -5315,7 +5315,7 @@ $multilib = *** solaris-sparcv8-gcc $cc = gcc -$cflags = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W +$cflags = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W $unistd = $thread_cflag = -D_REENTRANT $sys_id = @@ -5612,7 +5612,7 @@ $multilib = /64 *** sunos-gcc $cc = gcc -$cflags = -O3 -mv8 -Dssize_t=int +$cflags = -O3 -mcpu=v8 -Dssize_t=int $unistd = $thread_cflag = (unknown) $sys_id = SUNOS From emilia at openssl.org Wed May 27 15:27:36 2015 From: emilia at openssl.org (Emilia Kasper) Date: Wed, 27 May 2015 15:27:36 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432740456.071531.28715.nullmailer@dev.openssl.org> The branch master has been updated via 15a06488fcced19b79708a0329313121e01ded7e (commit) from f2e19cb15e3d68c748ce3dc2b791be9a2fc14fd3 (commit) - Log ----------------------------------------------------------------- commit 15a06488fcced19b79708a0329313121e01ded7e Author: Emilia Kasper Date: Tue May 26 14:32:57 2015 +0200 Enable DH tests In master, the 'dh' command is gone, so use 'dhparam' instead to determine if we're compiled with DH. Also, set "@SECLEVEL=1" for the weak DH test, so that it actually passes. Reviewed-by: Dr Stephen Henson ----------------------------------------------------------------------- Summary of changes: test/ssltest.c | 3 ++- test/testssl | 10 +++++----- test/testssl.com | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/test/ssltest.c b/test/ssltest.c index f640d92..26cf96c 100644 --- a/test/ssltest.c +++ b/test/ssltest.c @@ -1429,7 +1429,8 @@ int main(int argc, char *argv[]) } /* * Since we will use low security ciphersuites and keys for testing set - * security level to zero. + * security level to zero by default. Tests can override this by adding + * "@SECLEVEL=n" to the cipher string. */ SSL_CTX_set_security_level(c_ctx, 0); SSL_CTX_set_security_level(s_ctx, 0); diff --git a/test/testssl b/test/testssl index 2998b73..0f5db08 100644 --- a/test/testssl +++ b/test/testssl @@ -139,7 +139,7 @@ for protocol in TLSv1.2 SSLv3; do for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do test_cipher $cipher $protocol done - if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then echo "skipping RSA+DHE tests" else for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "EDH+aRSA+$protocol:-EXP" | tr ':' ' '`; do @@ -147,9 +147,9 @@ for protocol in TLSv1.2 SSLv3; do done echo "testing connection with weak DH, expecting failure" if [ $protocol = "SSLv3" ] ; then - $ssltest -cipher EDH -dhe512 -ssl3 + $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 -ssl3 else - $ssltest -cipher EDH -dhe512 + $ssltest -s_cipher "EDH" -c_cipher "EDH:@SECLEVEL=1" -dhe512 fi if [ $? -eq 0 ]; then echo "FAIL: connection with weak DH succeeded" @@ -167,7 +167,7 @@ done ############################################################################# -if ../util/shlib_wrap.sh ../apps/openssl no-dh; then +if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes @@ -180,7 +180,7 @@ else echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes' ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1 - if ../util/shlib_wrap.sh ../apps/openssl no-dh; then + if ../util/shlib_wrap.sh ../apps/openssl no-dhparam; then echo skipping RSA+DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes diff --git a/test/testssl.com b/test/testssl.com index 3782e35..6f9b233 100644 --- a/test/testssl.com +++ b/test/testssl.com @@ -130,7 +130,7 @@ $ define/user sys$output nla0: $ mcr 'exe_dir'openssl no-rsa $ no_rsa=$SEVERITY $ define/user sys$output nla0: -$ mcr 'exe_dir'openssl no-dh +$ mcr 'exe_dir'openssl no-dhparam $ no_dh=$SEVERITY $ $ if no_dh From matt at openssl.org Thu May 28 15:03:54 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 28 May 2015 15:03:54 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432825434.641139.3926.nullmailer@dev.openssl.org> The branch master has been updated via 9ef175148b7da12cb09f5e78f32bc6ab58d78b83 (commit) via 831eef2cf500b8a2aaee21b44986c79e62bae912 (commit) from 15a06488fcced19b79708a0329313121e01ded7e (commit) - Log ----------------------------------------------------------------- commit 9ef175148b7da12cb09f5e78f32bc6ab58d78b83 Author: Nick Mathewson Date: Tue May 26 09:46:57 2015 -0400 Add a documentation clarification suggested by Matt Caswell Signed-off-by: Matt Caswell Reviewed-by: Tim Hudson commit 831eef2cf500b8a2aaee21b44986c79e62bae912 Author: Nick Mathewson Date: Mon May 25 21:16:53 2015 -0400 Add SSL_get_client_ciphers() to return ciphers from ClientHello On the server side, if you want to know which ciphers the client offered, you had to use session->ciphers. But that field is no longer visible, so we need a method to get at it. Signed-off-by: Nick Mathewson Signed-off-by: Matt Caswell Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_ciphers.pod | 10 ++++++++++ include/openssl/ssl.h | 1 + ssl/ssl_lib.c | 7 +++++++ 3 files changed, 18 insertions(+) diff --git a/doc/ssl/SSL_get_ciphers.pod b/doc/ssl/SSL_get_ciphers.pod index aecadd9..3417454 100644 --- a/doc/ssl/SSL_get_ciphers.pod +++ b/doc/ssl/SSL_get_ciphers.pod @@ -9,6 +9,7 @@ SSL_get_ciphers, SSL_get_cipher_list - get list of available SSL_CIPHERs #include STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *ssl); + STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *ssl); const char *SSL_get_cipher_list(const SSL *ssl, int priority); =head1 DESCRIPTION @@ -17,6 +18,10 @@ SSL_get_ciphers() returns the stack of available SSL_CIPHERs for B, sorted by preference. If B is NULL or no ciphers are available, NULL is returned. +SSL_get_client_ciphers() returns the stack of available SSL_CIPHERS matching the +list sent by the client for B. If B is NULL, no ciphers are +available, or B is not operating in server mode, NULL is returned. + SSL_get_cipher_list() returns a pointer to the name of the SSL_CIPHER listed for B with B. If B is NULL, no ciphers are available, or there are less ciphers than B available, NULL @@ -30,6 +35,11 @@ the L family of functions. Call SSL_get_cipher_list() with B starting from 0 to obtain the sorted list of available ciphers, until NULL is returned. +Note: SSL_get_ciphers() and SSL_get_client_ciphers() return a pointer +to an internal cipher stack, which will be freed later on when the SSL +or SSL_SESSION object is freed. Therefore, the calling code B free the return value itself. + =head1 RETURN VALUES See DESCRIPTION diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 9694e24..5de33e9 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1583,6 +1583,7 @@ __owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */ __owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */ __owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s); +__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s); __owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s); __owur int SSL_do_handshake(SSL *s); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 5ca9171..0b4b58e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1258,6 +1258,13 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s) return (NULL); } +STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s) +{ + if ((s == NULL) || (s->session == NULL) || !s->server) + return NULL; + return s->session->ciphers; +} + STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s) { STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers; From matt at openssl.org Thu May 28 15:08:32 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 28 May 2015 15:08:32 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432825712.454208.11766.nullmailer@dev.openssl.org> The branch master has been updated via 6b8f5d0d4379c2c366c3d07e4cdbb6145abc76d1 (commit) via 7470cefcb249ea37f97c65e64628c1994725462d (commit) via 858618e7e037559b75b0bfca4d30440f9515b888 (commit) from 9ef175148b7da12cb09f5e78f32bc6ab58d78b83 (commit) - Log ----------------------------------------------------------------- commit 6b8f5d0d4379c2c366c3d07e4cdbb6145abc76d1 Author: Matt Caswell Date: Thu May 28 11:12:54 2015 +0100 Change the new functions to use size_t Change the new SSL_get_client_random(), SSL_get_server_random() and SSL_SESSION_get_master_key() functions to use size_t for |outlen| instead of int. Reviewed-by: Tim Hudson commit 7470cefcb249ea37f97c65e64628c1994725462d Author: Nick Mathewson Date: Tue May 26 09:55:06 2015 -0400 Clarify that SSL3_RANDOM_SIZE is a constant, for now. Signed-off-by: Matt Caswell Reviewed-by: Tim Hudson commit 858618e7e037559b75b0bfca4d30440f9515b888 Author: Nick Mathewson Date: Mon May 25 17:12:49 2015 -0400 Add new functions to extract {client,server}_random, master_key Tor uses these values to implement a low-rent clone of RFC 5705 (which, in our defense, we came up with before RFC 5705 existed). But now that ssl_st is opaque, we need another way to get at them. Includes documentation, with suitable warnings about not actually using these functions. Signed-off-by: Nick Mathewson Signed-off-by: Matt Caswell Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_client_random.pod | 79 +++++++++++++++++++++++++++++++++++++++ include/openssl/ssl.h | 7 ++++ ssl/ssl_lib.c | 35 +++++++++++++++++ 3 files changed, 121 insertions(+) create mode 100644 doc/ssl/SSL_get_client_random.pod diff --git a/doc/ssl/SSL_get_client_random.pod b/doc/ssl/SSL_get_client_random.pod new file mode 100644 index 0000000..75a5c33 --- /dev/null +++ b/doc/ssl/SSL_get_client_random.pod @@ -0,0 +1,79 @@ +=pod + +=head1 NAME + +SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retrieve internal TLS/SSL random values and master key + +=head1 SYNOPSIS + + #include + + int SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); + int SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); + int SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); + +=head1 DESCRIPTION + +SSL_get_client_random() extracts the random value sent from the client +to the server during the initial SSL/TLS handshake. It copies as many +bytes as it can of this value into the buffer provided in B, +which must have at least B bytes available. It returns the +total number of bytes that were actually copied. If B is less +than zero, SSL_get_client_random() copies nothing, and returns the +total size of the client_random value. + +SSL_get_server_random() behaves the same, but extracts the random value +sent from the server to the client during the initial SSL/TLS handshake. + +SSL_SESSION_get_master_key() behaves the same, but extracts the master +secret used to guarantee the security of the SSL/TLS session. This one +can be dangerous if misused; see NOTES below. + + +=head1 NOTES + +You probably shouldn't use these functions. + +These functions expose internal values from the TLS handshake, for +use in low-level protocols. You probably should not use them, unless +you are implementing something that needs access to the internal protocol +details. + +Despite the names of SSL_get_client_random() and SSL_get_server_random(), they +ARE NOT random number generators. Instead, they return the mostly-random values that +were already generated and used in the TLS protoccol. Using them +in place of RAND_bytes() would be grossly foolish. + +The security of your TLS session depends on keeping the master key secret: +do not expose it, or any information about it, to anybody. +If you need to calculate another secret value that depends on the master +secret, you should probably use SSL_export_keying_material() instead, and +forget that you ever saw these functions. + +In current versions of the TLS protocols, the length of client_random +(and also server_random) is always SSL3_RANDOM_SIZE bytes. Support for +other outlen arguments to the SSL_get_*_random() functions is provided +in case of the unlikely event that a future version or variant of TLS +uses some other length there. + +Finally, though the "client_random" and "server_random" values are called +"random", many TLS implementations will generate four bytes of those +values based on their view of the current time. + + +=head1 RETURN VALUES + +If B is at least 0, these functions return the number of bytes +actually copied, which will be less than or equal to B. + +If B is less than 0, these functions return the maximum number +of bytes they would copy--that is, the length of the underlying field. + +=head1 SEE ALSO + +L, +L, +L + + +=cut diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 5de33e9..261e399 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1652,6 +1652,13 @@ void SSL_set_state(SSL *ssl, int state); void SSL_set_verify_result(SSL *ssl, long v); __owur long SSL_get_verify_result(const SSL *ssl); +__owur int SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur int SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur int SSL_SESSION_get_master_key(const SSL_SESSION *ssl, + unsigned char *out, size_t outlen); + __owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); void *SSL_get_ex_data(const SSL *ssl, int idx); __owur int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 0b4b58e..f046770 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2897,6 +2897,41 @@ long SSL_get_verify_result(const SSL *ssl) return (ssl->verify_result); } +int SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) +{ + if (outlen == 0) + return sizeof(ssl->s3->client_random); + if (outlen > sizeof(ssl->s3->client_random)) + outlen = sizeof(ssl->s3->client_random); + memcpy(out, ssl->s3->client_random, outlen); + return (outlen); +} + +int SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) +{ + if (outlen == 0) + return sizeof(ssl->s3->server_random); + if (outlen > sizeof(ssl->s3->server_random)) + outlen = sizeof(ssl->s3->server_random); + memcpy(out, ssl->s3->server_random, outlen); + return (outlen); +} + +int SSL_SESSION_get_master_key(const SSL_SESSION *session, + unsigned char *out, size_t outlen) +{ + if (outlen == 0) + return session->master_key_length; + if (session->master_key_length < 0) { + /* Should never happen */ + return 0; + } + if (outlen > (size_t)session->master_key_length) + outlen = session->master_key_length; + memcpy(out, session->master_key, outlen); + return (outlen); +} + int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) { From matt at openssl.org Thu May 28 15:57:49 2015 From: matt at openssl.org (Matt Caswell) Date: Thu, 28 May 2015 15:57:49 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432828669.518796.27370.nullmailer@dev.openssl.org> The branch master has been updated via d9f1c639d5162617ab0aeec23865771dc4fbcbcd (commit) from 6b8f5d0d4379c2c366c3d07e4cdbb6145abc76d1 (commit) - Log ----------------------------------------------------------------- commit d9f1c639d5162617ab0aeec23865771dc4fbcbcd Author: Matt Caswell Date: Thu May 28 16:36:51 2015 +0100 Change return type of the new accessors The new accessors SSL_get_client_random, SSL_get_server_random and SSL_SESSION_get_master_key should return a size_t to match the type of the |outlen| parameter. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: doc/ssl/SSL_get_client_random.pod | 14 +++++++------- include/openssl/ssl.h | 12 ++++++------ ssl/ssl_lib.c | 16 ++++++++-------- util/ssleay.num | 4 ++++ 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/doc/ssl/SSL_get_client_random.pod b/doc/ssl/SSL_get_client_random.pod index 75a5c33..2cddf73 100644 --- a/doc/ssl/SSL_get_client_random.pod +++ b/doc/ssl/SSL_get_client_random.pod @@ -8,9 +8,9 @@ SSL_get_client_random, SSL_get_server_random, SSL_SESSION_get_master_key - retri #include - int SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); - int SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); - int SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); + size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen); + size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen); + size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen); =head1 DESCRIPTION @@ -18,8 +18,8 @@ SSL_get_client_random() extracts the random value sent from the client to the server during the initial SSL/TLS handshake. It copies as many bytes as it can of this value into the buffer provided in B, which must have at least B bytes available. It returns the -total number of bytes that were actually copied. If B is less -than zero, SSL_get_client_random() copies nothing, and returns the +total number of bytes that were actually copied. If B is +zero, SSL_get_client_random() copies nothing, and returns the total size of the client_random value. SSL_get_server_random() behaves the same, but extracts the random value @@ -63,10 +63,10 @@ values based on their view of the current time. =head1 RETURN VALUES -If B is at least 0, these functions return the number of bytes +If B is greater than 0, these functions return the number of bytes actually copied, which will be less than or equal to B. -If B is less than 0, these functions return the maximum number +If B is 0, these functions return the maximum number of bytes they would copy--that is, the length of the underlying field. =head1 SEE ALSO diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 261e399..3e2dac6 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1652,12 +1652,12 @@ void SSL_set_state(SSL *ssl, int state); void SSL_set_verify_result(SSL *ssl, long v); __owur long SSL_get_verify_result(const SSL *ssl); -__owur int SSL_get_client_random(const SSL *ssl, unsigned char *out, - size_t outlen); -__owur int SSL_get_server_random(const SSL *ssl, unsigned char *out, - size_t outlen); -__owur int SSL_SESSION_get_master_key(const SSL_SESSION *ssl, - unsigned char *out, size_t outlen); +__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, + size_t outlen); +__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *ssl, + unsigned char *out, size_t outlen); __owur int SSL_set_ex_data(SSL *ssl, int idx, void *data); void *SSL_get_ex_data(const SSL *ssl, int idx); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index f046770..1ce4f36 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2897,39 +2897,39 @@ long SSL_get_verify_result(const SSL *ssl) return (ssl->verify_result); } -int SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) +size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) return sizeof(ssl->s3->client_random); if (outlen > sizeof(ssl->s3->client_random)) outlen = sizeof(ssl->s3->client_random); memcpy(out, ssl->s3->client_random, outlen); - return (outlen); + return outlen; } -int SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) +size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen) { if (outlen == 0) return sizeof(ssl->s3->server_random); if (outlen > sizeof(ssl->s3->server_random)) outlen = sizeof(ssl->s3->server_random); memcpy(out, ssl->s3->server_random, outlen); - return (outlen); + return outlen; } -int SSL_SESSION_get_master_key(const SSL_SESSION *session, +size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, unsigned char *out, size_t outlen) { - if (outlen == 0) - return session->master_key_length; if (session->master_key_length < 0) { /* Should never happen */ return 0; } + if (outlen == 0) + return session->master_key_length; if (outlen > (size_t)session->master_key_length) outlen = session->master_key_length; memcpy(out, session->master_key, outlen); - return (outlen); + return outlen; } int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, diff --git a/util/ssleay.num b/util/ssleay.num index 1b4755c..1441be7 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -399,3 +399,7 @@ SSL_use_certificate_chain_file 433 EXIST::FUNCTION:STDIO TLS_server_method 434 EXIST::FUNCTION: TLS_method 435 EXIST::FUNCTION: TLS_client_method 436 EXIST::FUNCTION: +SSL_get_server_random 437 EXIST::FUNCTION: +SSL_get_client_ciphers 438 EXIST::FUNCTION: +SSL_get_client_random 439 EXIST::FUNCTION: +SSL_SESSION_get_master_key 440 EXIST::FUNCTION: From rsalz at openssl.org Thu May 28 16:54:48 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 28 May 2015 16:54:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432832088.024931.11921.nullmailer@dev.openssl.org> The branch master has been updated via bca3f06b84de3c0b428724ac535995064c54aee3 (commit) from d9f1c639d5162617ab0aeec23865771dc4fbcbcd (commit) - Log ----------------------------------------------------------------- commit bca3f06b84de3c0b428724ac535995064c54aee3 Author: Rich Salz Date: Tue May 26 15:42:01 2015 -0400 Use enum for X509_LOOKUP_TYPE Using an enum with -Wswitch means all lookup routines handle all cases. Remove X509_LU_PKEY which was never used. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/x509/by_dir.c | 4 ++-- crypto/x509/x509_lu.c | 8 ++++++-- include/openssl/x509_vfy.h | 11 +++++------ 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c index ffd101c..cc91db8 100644 --- a/crypto/x509/by_dir.c +++ b/crypto/x509/by_dir.c @@ -247,8 +247,8 @@ static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) return 1; } -static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, - X509_OBJECT *ret) +static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret) { BY_DIR *ctx; union { diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c index 2086225..ae46df8 100644 --- a/crypto/x509/x509_lu.c +++ b/crypto/x509/x509_lu.c @@ -294,8 +294,8 @@ X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) } } -int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, - X509_OBJECT *ret) +int X509_STORE_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type, + X509_NAME *name, X509_OBJECT *ret) { X509_STORE *ctx = vs->ctx; X509_LOOKUP *lu; @@ -403,6 +403,8 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) void X509_OBJECT_up_ref_count(X509_OBJECT *a) { switch (a->type) { + default: + break; case X509_LU_X509: CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509); break; @@ -417,6 +419,8 @@ void X509_OBJECT_free_contents(X509_OBJECT *a) if (!a) return; switch (a->type) { + default: + break; case X509_LU_X509: X509_free(a->data.x509); break; diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h index 0be9b5a..4ad2029 100644 --- a/include/openssl/x509_vfy.h +++ b/include/openssl/x509_vfy.h @@ -102,15 +102,14 @@ The X509_STORE then calls a function to actually verify the certificate chain. */ -# define X509_LU_RETRY -1 -# define X509_LU_FAIL 0 -# define X509_LU_X509 1 -# define X509_LU_CRL 2 -# define X509_LU_PKEY 3 +typedef enum { + X509_LU_RETRY = -1, + X509_LU_FAIL, X509_LU_X509, X509_LU_CRL +} X509_LOOKUP_TYPE; typedef struct x509_object_st { /* one of the above types */ - int type; + X509_LOOKUP_TYPE type; union { char *ptr; X509 *x509; From steve at openssl.org Thu May 28 17:01:14 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 28 May 2015 17:01:14 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432832474.077283.13550.nullmailer@dev.openssl.org> The branch master has been updated via f097f81c891bb1f479426d8ac9c9541390334983 (commit) via 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc (commit) from bca3f06b84de3c0b428724ac535995064c54aee3 (commit) - Log ----------------------------------------------------------------- commit f097f81c891bb1f479426d8ac9c9541390334983 Author: Dr. Stephen Henson Date: Thu May 28 15:45:57 2015 +0100 PEM doc fixes Reviewed-by: Rich Salz commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc Author: Dr. Stephen Henson Date: Thu May 28 15:44:20 2015 +0100 check for error when creating PKCS#8 structure Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 2 ++ doc/crypto/pem.pod | 27 +++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index 4534eb1..ef5131f 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -139,6 +139,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index b35a7d7..d1183da 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter From steve at openssl.org Thu May 28 17:03:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 28 May 2015 17:03:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1432832621.756698.21470.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 4d9dc0c269be87b92da188df1fbd8bfee4700eb3 (commit) via 7e365298ea40764e6df582774d58bbdd3b7b5a50 (commit) from b6f33dce3b1ee563c0866654a9b5c44adc7b79b8 (commit) - Log ----------------------------------------------------------------- commit 4d9dc0c269be87b92da188df1fbd8bfee4700eb3 Author: Dr. Stephen Henson Date: Thu May 28 15:44:20 2015 +0100 check for error when creating PKCS#8 structure Reviewed-by: Rich Salz (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc) commit 7e365298ea40764e6df582774d58bbdd3b7b5a50 Author: Dr. Stephen Henson Date: Thu May 28 15:45:57 2015 +0100 PEM doc fixes Reviewed-by: Rich Salz (cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 2 ++ doc/crypto/pem.pod | 27 +++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index b98c76c..5747c73 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 21e9fe3..763eb6f 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter From steve at openssl.org Thu May 28 17:03:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 28 May 2015 17:03:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_0_9_8-stable update Message-ID: <1432832621.293096.21399.nullmailer@dev.openssl.org> The branch OpenSSL_0_9_8-stable has been updated via f16093d2d6a61ae8b14e4b337b3c33e1900791f1 (commit) via aeff907218415cb8e36822cf9ded1e45489b6ea3 (commit) from f3b555a601d641448af8f2a7ef57c20db36f1b94 (commit) - Log ----------------------------------------------------------------- commit f16093d2d6a61ae8b14e4b337b3c33e1900791f1 Author: Dr. Stephen Henson Date: Thu May 28 15:44:20 2015 +0100 check for error when creating PKCS#8 structure Reviewed-by: Rich Salz (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc) commit aeff907218415cb8e36822cf9ded1e45489b6ea3 Author: Dr. Stephen Henson Date: Thu May 28 15:45:57 2015 +0100 PEM doc fixes Reviewed-by: Rich Salz (cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 2 ++ doc/crypto/pem.pod | 27 +++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index b98c76c..5747c73 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 58fd1b1..3affe19 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter From steve at openssl.org Thu May 28 17:03:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 28 May 2015 17:03:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1432832621.621809.21448.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via cc74177e715513e4050ee6e11c9f5fc3e8e65ad4 (commit) via e2cf18c635ba54c20410b63041d6651e7c5ff523 (commit) from df00b6eb5e86870e0e7f2029038f027c5359a9da (commit) - Log ----------------------------------------------------------------- commit cc74177e715513e4050ee6e11c9f5fc3e8e65ad4 Author: Dr. Stephen Henson Date: Thu May 28 15:44:20 2015 +0100 check for error when creating PKCS#8 structure Reviewed-by: Rich Salz (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc) commit e2cf18c635ba54c20410b63041d6651e7c5ff523 Author: Dr. Stephen Henson Date: Thu May 28 15:45:57 2015 +0100 PEM doc fixes Reviewed-by: Rich Salz (cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 2 ++ doc/crypto/pem.pod | 27 +++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index b98c76c..5747c73 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 21e9fe3..763eb6f 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter From steve at openssl.org Thu May 28 17:03:41 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Thu, 28 May 2015 17:03:41 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_0-stable update Message-ID: <1432832621.448901.21426.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_0-stable has been updated via aaa654d607f85cbab320e712377a8a345fa1158c (commit) via 296559b0ce2d98c0e12f45994e0ebaecc650e5ca (commit) from 079495cad2bc368372f5a123a3625ad92207d265 (commit) - Log ----------------------------------------------------------------- commit aaa654d607f85cbab320e712377a8a345fa1158c Author: Dr. Stephen Henson Date: Thu May 28 15:44:20 2015 +0100 check for error when creating PKCS#8 structure Reviewed-by: Rich Salz (cherry picked from commit 2849707fa65d2803e6d1c1603fdd3fd1fdc4c6cc) commit 296559b0ce2d98c0e12f45994e0ebaecc650e5ca Author: Dr. Stephen Henson Date: Thu May 28 15:45:57 2015 +0100 PEM doc fixes Reviewed-by: Rich Salz (cherry picked from commit f097f81c891bb1f479426d8ac9c9541390334983) ----------------------------------------------------------------------- Summary of changes: crypto/pem/pem_pk8.c | 2 ++ doc/crypto/pem.pod | 27 +++++++++++++++++++++++++-- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/crypto/pem/pem_pk8.c b/crypto/pem/pem_pk8.c index b98c76c..5747c73 100644 --- a/crypto/pem/pem_pk8.c +++ b/crypto/pem/pem_pk8.c @@ -138,6 +138,8 @@ static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, if (kstr == buf) OPENSSL_cleanse(buf, klen); PKCS8_PRIV_KEY_INFO_free(p8inf); + if (p8 == NULL) + return 0; if (isder) ret = i2d_PKCS8_bio(bp, p8); else diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod index 21e9fe3..763eb6f 100644 --- a/doc/crypto/pem.pod +++ b/doc/crypto/pem.pod @@ -2,7 +2,29 @@ =head1 NAME -PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines +PEM, PEM_read_bio_PrivateKey, PEM_read_PrivateKey, PEM_write_bio_PrivateKey, +PEM_write_PrivateKey, PEM_write_bio_PKCS8PrivateKey, PEM_write_PKCS8PrivateKey, +PEM_write_bio_PKCS8PrivateKey_nid, PEM_write_PKCS8PrivateKey_nid, +PEM_read_bio_PUBKEY, PEM_read_PUBKEY, PEM_write_bio_PUBKEY, PEM_write_PUBKEY, +PEM_read_bio_RSAPrivateKey, PEM_read_RSAPrivateKey, +PEM_write_bio_RSAPrivateKey, PEM_write_RSAPrivateKey, +PEM_read_bio_RSAPublicKey, PEM_read_RSAPublicKey, PEM_write_bio_RSAPublicKey, +PEM_write_RSAPublicKey, PEM_read_bio_RSA_PUBKEY, PEM_read_RSA_PUBKEY, +PEM_write_bio_RSA_PUBKEY, PEM_write_RSA_PUBKEY, PEM_read_bio_DSAPrivateKey, +PEM_read_DSAPrivateKey, PEM_write_bio_DSAPrivateKey, PEM_write_DSAPrivateKey, +PEM_read_bio_DSA_PUBKEY, PEM_read_DSA_PUBKEY, PEM_write_bio_DSA_PUBKEY, +PEM_write_DSA_PUBKEY, PEM_read_bio_DSAparams, PEM_read_DSAparams, +PEM_write_bio_DSAparams, PEM_write_DSAparams, PEM_read_bio_DHparams, +PEM_read_DHparams, PEM_write_bio_DHparams, PEM_write_DHparams, +PEM_read_bio_X509, PEM_read_X509, PEM_write_bio_X509, PEM_write_X509, +PEM_read_bio_X509_AUX, PEM_read_X509_AUX, PEM_write_bio_X509_AUX, +PEM_write_X509_AUX, PEM_read_bio_X509_REQ, PEM_read_X509_REQ, +PEM_write_bio_X509_REQ, PEM_write_X509_REQ, PEM_write_bio_X509_REQ_NEW, +PEM_write_X509_REQ_NEW, PEM_read_bio_X509_CRL, PEM_read_X509_CRL, +PEM_write_bio_X509_CRL, PEM_write_X509_CRL, PEM_read_bio_PKCS7, PEM_read_PKCS7, +PEM_write_bio_PKCS7, PEM_write_PKCS7, PEM_read_bio_NETSCAPE_CERT_SEQUENCE, +PEM_read_NETSCAPE_CERT_SEQUENCE, PEM_write_bio_NETSCAPE_CERT_SEQUENCE, +PEM_write_NETSCAPE_CERT_SEQUENCE - PEM routines =head1 SYNOPSIS @@ -239,7 +261,8 @@ SubjectPublicKeyInfo structure and an error occurs if the public key is not DSA. The B functions process DSA parameters using a DSA -structure. The parameters are encoded using a foobar structure. +structure. The parameters are encoded using a Dss-Parms structure +as defined in RFC2459. The B functions process DH parameters using a DH structure. The parameters are encoded using a PKCS#3 DHparameter From rsalz at openssl.org Thu May 28 21:28:41 2015 From: rsalz at openssl.org (Rich Salz) Date: Thu, 28 May 2015 21:28:41 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432848521.357860.20715.nullmailer@dev.openssl.org> The branch master has been updated via cc01d21756cc9c79231ef21039782c5fe42008a2 (commit) from f097f81c891bb1f479426d8ac9c9541390334983 (commit) - Log ----------------------------------------------------------------- commit cc01d21756cc9c79231ef21039782c5fe42008a2 Author: Rich Salz Date: Thu May 28 13:52:55 2015 -0400 RT3876: Only load config when needed Create app_load_config(), a routine to load config file. Remove the "always load config" from the main app. Change the places that used to load config to call the new common routine. Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 47 +++++++++++++++++++++++++------------- apps/apps.h | 2 +- apps/asn1pars.c | 16 ++----------- apps/ca.c | 51 +++++------------------------------------ apps/openssl.c | 70 ++++++++++++--------------------------------------------- apps/req.c | 33 +++++---------------------- apps/spkac.c | 14 ++---------- apps/srp.c | 47 +++++++------------------------------- apps/ts.c | 22 +++--------------- apps/x509.c | 12 +--------- 10 files changed, 73 insertions(+), 241 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 593c036..74646af 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -496,6 +496,33 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tpass); } +CONF *app_load_config(const char *filename) +{ + long errorline = -1; + CONF *conf; + int i; + BIO *in; + + in = bio_open_default(filename, "r"); + if (in == NULL) + return NULL; + + conf = NCONF_new(NULL); + i = NCONF_load_bio(conf, in, &errorline); + BIO_free(in); + if (i > 0) + return conf; + + if (errorline <= 0) + BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n", + opt_getprog(), filename); + else + BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n", + opt_getprog(), errorline, filename); + NCONF_free(conf); + return NULL; +} + int add_oid_section(CONF *conf) { char *p; @@ -1559,8 +1586,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) TXT_DB *tmpdb = NULL; BIO *in; CONF *dbattr_conf = NULL; - char buf[1][BSIZE]; - long errorline = -1; + char buf[BSIZE]; in = BIO_new_file(dbfile, "r"); if (in == NULL) { @@ -1571,22 +1597,11 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr) goto err; #ifndef OPENSSL_SYS_VMS - BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); + BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile); #else - BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); + BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile); #endif - dbattr_conf = NCONF_new(NULL); - if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) { - if (errorline > 0) { - BIO_printf(bio_err, - "error on line %ld of db attribute file '%s'\n", - errorline, buf[0]); - goto err; - } else { - NCONF_free(dbattr_conf); - dbattr_conf = NULL; - } - } + dbattr_conf = app_load_config(buf); retdb = app_malloc(sizeof(*retdb), "new DB"); retdb->db = tmpdb; diff --git a/apps/apps.h b/apps/apps.h index 33b2e65..a8e0071 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -147,7 +147,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read, * (see e_os.h). The string is * destroyed! */ -extern CONF *config; extern char *default_config_file; extern BIO *bio_in; extern BIO *bio_out; @@ -155,6 +154,7 @@ extern BIO *bio_err; BIO *dup_bio_in(void); BIO *dup_bio_out(void); BIO *bio_open_default(const char *filename, const char *mode); +CONF *app_load_config(const char* filename); void unbuffer(FILE *fp); /* Often used in calls to bio_open_default. */ diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 42338da..d188f4a 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -334,14 +334,12 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf) { CONF *cnf = NULL; int len; - long errline = 0; unsigned char *p; ASN1_TYPE *atyp = NULL; if (genconf) { - cnf = NCONF_new(NULL); - if (!NCONF_load(cnf, genconf, &errline)) - goto conferr; + if ((cnf = app_load_config(genconf)) == NULL) + goto err; if (!genstr) genstr = NCONF_get_string(cnf, "default", "asn1"); if (!genstr) { @@ -372,18 +370,8 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf) ASN1_TYPE_free(atyp); return len; - conferr: - - if (errline > 0) - BIO_printf(bio_err, "Error on line %ld of config file '%s'\n", - errline, genconf); - else - BIO_printf(bio_err, "Error loading config file '%s'\n", genconf); - err: NCONF_free(cnf); ASN1_TYPE_free(atyp); - return -1; - } diff --git a/apps/ca.c b/apps/ca.c index 58f1243..437a375 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -99,7 +99,6 @@ #define BSIZE 256 #define BASE_SECTION "ca" -#define CONFIG_FILE "openssl.cnf" #define ENV_DEFAULT_CA "default_ca" @@ -285,7 +284,8 @@ int ca_main(int argc, char **argv) STACK_OF(X509) *cert_sk = NULL; X509_CRL *crl = NULL; const EVP_MD *dgst = NULL; - char *configfile = NULL, *md = NULL, *policy = NULL, *keyfile = NULL; + char *configfile = default_config_file; + char *md = NULL, *policy = NULL, *keyfile = NULL; char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL; @@ -301,7 +301,7 @@ int ca_main(int argc, char **argv) int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int i, j, rev_type = REV_NONE, selfsign = 0; - long crldays = 0, crlhours = 0, crlsec = 0, errorline = -1, days = 0; + long crldays = 0, crlhours = 0, crlsec = 0, days = 0; unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0; X509 *x509 = NULL, *x509p = NULL, *x = NULL; X509_REVOKED *r = NULL; @@ -482,40 +482,9 @@ end_of_options: argc = opt_num_rest(); argv = opt_rest(); - tofree = NULL; - if (configfile == NULL) - configfile = getenv("OPENSSL_CONF"); - if (configfile == NULL) - configfile = getenv("SSLEAY_CONF"); - if (configfile == NULL) { - const char *s = X509_get_default_cert_area(); - size_t len; - - len = strlen(s) + 1 + sizeof(CONFIG_FILE); - tofree = app_malloc(len, "config filename"); -#ifdef OPENSSL_SYS_VMS - strcpy(tofree, s); -#else - BUF_strlcpy(tofree, s, len); - BUF_strlcat(tofree, "/", len); -#endif - BUF_strlcat(tofree, CONFIG_FILE, len); - configfile = tofree; - } - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - conf = NCONF_new(NULL); - if (NCONF_load(conf, configfile, &errorline) <= 0) { - if (errorline <= 0) - BIO_printf(bio_err, "error loading the config file '%s'\n", - configfile); - else - BIO_printf(bio_err, "error on line %ld of config file '%s'\n", - errorline, configfile); + if ((conf = app_load_config(configfile)) == NULL) goto end; - } - OPENSSL_free(tofree); - tofree = NULL; /* Lets get the config section we are using */ if (section == NULL) { @@ -800,18 +769,10 @@ end_of_options: } } - /*****************************************************************/ + /*****************************************************************/ /* Read extensions config file */ if (extfile) { - extconf = NCONF_new(NULL); - if (NCONF_load(extconf, extfile, &errorline) <= 0) { - if (errorline <= 0) - BIO_printf(bio_err, "ERROR: loading the config file '%s'\n", - extfile); - else - BIO_printf(bio_err, - "ERROR: on line %ld of config file '%s'\n", - errorline, extfile); + if ((extconf = app_load_config(extfile)) == NULL) { ret = 1; goto end; } diff --git a/apps/openssl.c b/apps/openssl.c index fa3b683..7713f9f 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -172,6 +172,7 @@ static void apps_startup() ERR_load_SSL_strings(); OpenSSL_add_all_algorithms(); OpenSSL_add_ssl_algorithms(); + OPENSSL_load_builtin_modules(); setup_ui_method(); /*SSL_library_init();*/ #ifndef OPENSSL_NO_ENGINE @@ -199,43 +200,26 @@ static void apps_shutdown() static char *make_config_name() { - const char *t = X509_get_default_cert_area(); + const char *t; size_t len; char *p; - len = strlen(t) + strlen(OPENSSL_CONF) + 2; + if ((t = getenv("OPENSSL_CONF")) != NULL + || (t = getenv("SSLEAY_CONF")) != NULL) + return BUF_strdup(t); + + t = X509_get_default_cert_area(); + len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1; p = app_malloc(len, "config filename buffer"); - BUF_strlcpy(p, t, len); + strcpy(p, t); #ifndef OPENSSL_SYS_VMS - BUF_strlcat(p, "/", len); + strcat(p, "/"); #endif - BUF_strlcat(p, OPENSSL_CONF, len); + strcat(p, OPENSSL_CONF); return p; } -static int load_config(CONF *cnf) -{ - static int load_config_called = 0; - - if (load_config_called) - return 1; - load_config_called = 1; - if (!cnf) - cnf = config; - if (!cnf) - return 1; - - OPENSSL_load_builtin_modules(); - - if (CONF_modules_load(cnf, NULL, 0) <= 0) { - BIO_printf(bio_err, "Error configuring OpenSSL\n"); - ERR_print_errors(bio_err); - return 0; - } - return 1; -} - static void lock_dbg_cb(int mode, int type, const char *file, int line) { static int modes[CRYPTO_NUM_LOCKS]; @@ -338,12 +322,11 @@ int main(int argc, char *argv[]) FUNCTION f, *fp; LHASH_OF(FUNCTION) *prog = NULL; char **copied_argv = NULL; - char *p, *pname, *to_free = NULL; + char *p, *pname; char buf[1024]; const char *prompt; ARGS arg; int first, n, i, ret = 0; - long errline; arg.argv = NULL; arg.size = 0; @@ -394,36 +377,11 @@ int main(int argc, char *argv[]) pname = opt_progname(argv[0]); /* Lets load up our environment a little */ + default_config_file = make_config_name(); bio_in = dup_bio_in(); bio_out = dup_bio_out(); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); - /* Determine and load the config file. */ - default_config_file = getenv("OPENSSL_CONF"); - if (default_config_file == NULL) - default_config_file = getenv("SSLEAY_CONF"); - if (default_config_file == NULL) - default_config_file = to_free = make_config_name(); - if (!load_config(NULL)) - goto end; - config = NCONF_new(NULL); - i = NCONF_load(config, default_config_file, &errline); - if (i == 0) { - if (ERR_GET_REASON(ERR_peek_last_error()) - == CONF_R_NO_SUCH_FILE) { - BIO_printf(bio_err, - "%s: WARNING: can't open config file: %s\n", - pname, default_config_file); - ERR_clear_error(); - NCONF_free(config); - config = NULL; - } else { - ERR_print_errors(bio_err); - NCONF_free(config); - exit(1); - } - } - /* first check the program name */ f.name = pname; fp = lh_FUNCTION_retrieve(prog, &f); @@ -510,7 +468,7 @@ int main(int argc, char *argv[]) ret = 1; end: OPENSSL_free(copied_argv); - OPENSSL_free(to_free); + OPENSSL_free(default_config_file); NCONF_free(config); config = NULL; lh_FUNCTION_free(prog); diff --git a/apps/req.c b/apps/req.c index 5514ee3..a0e0cc9 100644 --- a/apps/req.c +++ b/apps/req.c @@ -200,7 +200,7 @@ int req_main(int argc, char **argv) char *outfile = NULL, *keyfile = NULL, *inrand = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL; - char *template = NULL, *keyout = NULL; + char *template = default_config_file, *keyout = NULL; const char *keyalg = NULL; OPTION_CHOICE o; int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = @@ -377,31 +377,9 @@ int req_main(int argc, char **argv) goto end; } - if (template != NULL) { - long errline = -1; - - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", template); - req_conf = NCONF_new(NULL); - i = NCONF_load(req_conf, template, &errline); - if (i == 0) { - BIO_printf(bio_err, "error on line %ld of %s\n", errline, - template); - goto end; - } - } else { - req_conf = config; - - if (req_conf == NULL) { - BIO_printf(bio_err, "Unable to load config info from %s\n", - default_config_file); - if (newreq) - goto end; - } else if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", - default_config_file); - } - + if (verbose) + BIO_printf(bio_err, "Using configuration from %s\n", template); + req_conf = app_load_config(template); if (req_conf != NULL) { p = NCONF_get_string(req_conf, NULL, "oid_file"); if (p == NULL) @@ -873,8 +851,7 @@ int req_main(int argc, char **argv) if (ret) { ERR_print_errors(bio_err); } - if (req_conf != config) - NCONF_free(req_conf); + NCONF_free(req_conf); BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); diff --git a/apps/spkac.c b/apps/spkac.c index abae0e1..bd99f0e 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -95,7 +95,7 @@ OPTIONS spkac_options[] = { int spkac_main(int argc, char **argv) { - BIO *in = NULL, *out = NULL; + BIO *out = NULL; CONF *conf = NULL; ENGINE *e = NULL; EVP_PKEY *pkey = NULL; @@ -184,18 +184,9 @@ int spkac_main(int argc, char **argv) goto end; } - in = bio_open_default(infile, "r"); - if (in == NULL) + if ((conf = app_load_config(infile)) == NULL) goto end; - conf = NCONF_new(NULL); - i = NCONF_load_bio(conf, in, NULL); - if (!i) { - BIO_printf(bio_err, "Error parsing config file\n"); - ERR_print_errors(bio_err); - goto end; - } - spkstr = NCONF_get_string(conf, spksect, spkac); if (!spkstr) { @@ -237,7 +228,6 @@ int spkac_main(int argc, char **argv) end: NCONF_free(conf); NETSCAPE_SPKI_free(spki); - BIO_free(in); BIO_free_all(out); EVP_PKEY_free(pkey); OPENSSL_free(passin); diff --git a/apps/srp.c b/apps/srp.c index 161f2b8..b91d7d0 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -255,14 +255,13 @@ int srp_main(int argc, char **argv) CA_DB *db = NULL; DB_ATTR db_attr; CONF *conf = NULL; - int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = - 0, i, doupdatedb = 0; - int mode = OPT_ERR; + int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i; + int doupdatedb = 0, mode = OPT_ERR; char *user = NULL, *passinarg = NULL, *passoutarg = NULL; char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL; char *randfile = NULL, *tofree = NULL, *section = NULL; - char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog; - long errorline = -1; + char **gNrow = NULL, *configfile = default_config_file; + char *dbfile = NULL, **pp, *prog; OPTION_CHOICE o; prog = opt_init(argc, argv, srp_options); @@ -349,42 +348,12 @@ int srp_main(int argc, char **argv) } if (!dbfile) { - - /*****************************************************************/ - tofree = NULL; - if (configfile == NULL) - configfile = getenv("OPENSSL_CONF"); - if (configfile == NULL) - configfile = getenv("SSLEAY_CONF"); - if (configfile == NULL) { - const char *s = X509_get_default_cert_area(); - size_t len = strlen(s) + 1 + sizeof(CONFIG_FILE); - - tofree = app_malloc(len, "config filename space"); -# ifdef OPENSSL_SYS_VMS - strcpy(tofree, s); -# else - BUF_strlcpy(tofree, s, len); - BUF_strlcat(tofree, "/", len); -# endif - BUF_strlcat(tofree, CONFIG_FILE, len); - configfile = tofree; - } - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - conf = NCONF_new(NULL); - if (NCONF_load(conf, configfile, &errorline) <= 0) { - if (errorline <= 0) - BIO_printf(bio_err, "error loading the config file '%s'\n", - configfile); - else - BIO_printf(bio_err, "error on line %ld of config file '%s'\n", - errorline, configfile); + BIO_printf(bio_err, "Using configuration from %s\n", + configfile); + conf = app_load_config(configfile); + if (conf == NULL) goto end; - } - OPENSSL_free(tofree); - tofree = NULL; /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ts.c b/apps/ts.c index 5c42ff5..be2482c 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -188,7 +188,8 @@ int ts_main(int argc, char **argv) { CONF *conf = NULL; char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp; - char *configfile = NULL, *section = NULL, *password = NULL; + char *configfile = default_config_file; + char *section = NULL, *password = NULL; char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL; char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; @@ -389,24 +390,7 @@ static ASN1_OBJECT *txt2obj(const char *oid) static CONF *load_config_file(const char *configfile) { - CONF *conf = NULL; - long errorline = -1; - - if (!configfile) - configfile = getenv("OPENSSL_CONF"); - if (!configfile) - configfile = getenv("SSLEAY_CONF"); - - if (configfile && - ((conf = NCONF_new(NULL)) == NULL - || NCONF_load(conf, configfile, &errorline) <= 0)) { - if (errorline <= 0) - BIO_printf(bio_err, "error loading the config file " - "'%s'\n", configfile); - else - BIO_printf(bio_err, "error on line %ld of config file " - "'%s'\n", errorline, configfile); - } + CONF *conf = app_load_config(configfile); if (conf != NULL) { const char *p; diff --git a/apps/x509.c b/apps/x509.c index f22eef1..1a6e327 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -521,19 +521,9 @@ int x509_main(int argc, char **argv) } if (extfile) { - long errorline = -1; X509V3_CTX ctx2; - extconf = NCONF_new(NULL); - if (!NCONF_load(extconf, extfile, &errorline)) { - if (errorline <= 0) - BIO_printf(bio_err, - "error loading the config file '%s'\n", extfile); - else - BIO_printf(bio_err, - "error on line %ld of config file '%s'\n", - errorline, extfile); + if ((extconf = app_load_config(extfile)) == NULL) goto end; - } if (!extsect) { extsect = NCONF_get_string(extconf, "default", "extensions"); if (!extsect) { From emilia at openssl.org Fri May 29 10:41:28 2015 From: emilia at openssl.org (Emilia Kasper) Date: Fri, 29 May 2015 10:41:28 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432896088.624833.32585.nullmailer@dev.openssl.org> The branch master has been updated via 88f4c6f3d2f884715f8f5f8eb81f0a96cbec8cef (commit) from cc01d21756cc9c79231ef21039782c5fe42008a2 (commit) - Log ----------------------------------------------------------------- commit 88f4c6f3d2f884715f8f5f8eb81f0a96cbec8cef Author: Peter Dettman Date: Wed May 27 15:56:14 2015 +0200 Fix build errors with enable-ec_nistp_64_gcc_128 RT 3871 Reviewed-by: Richard Levitte ----------------------------------------------------------------------- Summary of changes: crypto/ec/ecp_nistp224.c | 2 +- crypto/ec/ecp_nistp256.c | 2 +- crypto/ec/ecp_nistp521.c | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crypto/ec/ecp_nistp224.c b/crypto/ec/ecp_nistp224.c index 0e40db4..febfcab 100644 --- a/crypto/ec/ecp_nistp224.c +++ b/crypto/ec/ecp_nistp224.c @@ -1070,7 +1070,7 @@ static void select_point(const u64 idx, unsigned int size, unsigned i, j; limb *outlimbs = &out[0][0]; - memset(out 0, sizeof(out)); + memset(out, 0, sizeof(*out) * 3); for (i = 0; i < size; i++) { const limb *inlimbs = &pre_comp[i][0][0]; u64 mask = i ^ idx; diff --git a/crypto/ec/ecp_nistp256.c b/crypto/ec/ecp_nistp256.c index b4cd24d..110984b 100644 --- a/crypto/ec/ecp_nistp256.c +++ b/crypto/ec/ecp_nistp256.c @@ -1625,7 +1625,7 @@ static void select_point(const u64 idx, unsigned int size, unsigned i, j; u64 *outlimbs = &out[0][0]; - memset(out, 0, sizeof(out)); + memset(out, 0, sizeof(*out) * 3); for (i = 0; i < size; i++) { const u64 *inlimbs = (u64 *)&pre_comp[i][0][0]; diff --git a/crypto/ec/ecp_nistp521.c b/crypto/ec/ecp_nistp521.c index 6e572f1..a5d7360 100644 --- a/crypto/ec/ecp_nistp521.c +++ b/crypto/ec/ecp_nistp521.c @@ -1471,7 +1471,7 @@ static void select_point(const limb idx, unsigned int size, unsigned i, j; limb *outlimbs = &out[0][0]; - memset(out, 0, sizeof(out)); + memset(out, 0, sizeof(*out) * 3); for (i = 0; i < size; i++) { const limb *inlimbs = &pre_comp[i][0][0]; @@ -1906,7 +1906,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points); if (mixed) tmp_felems = - OPENSSL_malloc(sizeof(*tmp_felemts) * (num_points * 17 + 1)); + OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1)); if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) { ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE); @@ -1918,7 +1918,7 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, * i.e., they contribute nothing to the linear combination */ memset(secrets, 0, sizeof(*secrets) * num_points); - memset(pre_comp, 0, sizseof(*pre_comp) * num_points); + memset(pre_comp, 0, sizeof(*pre_comp) * num_points); for (i = 0; i < num_points; ++i) { if (i == num) /* From levitte at openssl.org Fri May 29 10:42:01 2015 From: levitte at openssl.org (Richard Levitte) Date: Fri, 29 May 2015 10:42:01 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432896121.697773.979.nullmailer@dev.openssl.org> The branch master has been updated via 7ea9f90d7734f07b5efd9a201e6e3254ce6a920b (commit) via 296f54ee211edbf8d21479091b4c20a9ee7698ad (commit) via 21425195009e4daf6971453f8a0be08375ae9eec (commit) from 88f4c6f3d2f884715f8f5f8eb81f0a96cbec8cef (commit) - Log ----------------------------------------------------------------- commit 7ea9f90d7734f07b5efd9a201e6e3254ce6a920b Author: Richard Levitte Date: Thu May 28 21:48:17 2015 +0200 Remove OPENSSL_CONF=/dev/null from tests Almost two months ago, the warning about non-existing config file was supressed by setting the environment variable OPENSSL_CONF to /dev/null everywhere. Now that this warning is gone, that practice is no longer needed. Reviewed-by: Stephen Henson Reviewed-by: Rich Salz commit 296f54ee211edbf8d21479091b4c20a9ee7698ad Author: Richard Levitte Date: Fri May 29 08:07:10 2015 +0200 Restore module loading The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson commit 21425195009e4daf6971453f8a0be08375ae9eec Author: Richard Levitte Date: Fri May 29 09:14:03 2015 +0200 Fix double BIO_free in req Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: apps/apps.c | 53 ++++++++++++++++++++++++++++++++++++++++++++++------- apps/apps.h | 5 ++++- apps/asn1pars.c | 5 ++++- apps/ca.c | 2 ++ apps/ciphers.c | 3 +++ apps/cms.c | 4 +++- apps/crl.c | 3 +++ apps/crl2p7.c | 3 +++ apps/dgst.c | 3 +++ apps/dhparam.c | 3 +++ apps/dsa.c | 3 +++ apps/dsaparam.c | 3 +++ apps/ec.c | 3 +++ apps/ecparam.c | 3 +++ apps/enc.c | 3 +++ apps/engine.c | 3 +++ apps/gendsa.c | 3 +++ apps/genpkey.c | 3 +++ apps/genrsa.c | 3 +++ apps/nseq.c | 3 +++ apps/ocsp.c | 3 +++ apps/openssl.c | 18 +++++++++++++++++- apps/passwd.c | 3 +++ apps/pkcs12.c | 3 +++ apps/pkcs7.c | 3 +++ apps/pkcs8.c | 3 +++ apps/pkey.c | 3 +++ apps/pkeyparam.c | 3 +++ apps/pkeyutl.c | 3 +++ apps/prime.c | 3 +++ apps/rand.c | 3 +++ apps/req.c | 4 ++++ apps/rsa.c | 3 +++ apps/rsautl.c | 3 +++ apps/s_client.c | 3 +++ apps/s_server.c | 3 +++ apps/smime.c | 3 +++ apps/speed.c | 3 +++ apps/spkac.c | 2 ++ apps/srp.c | 2 ++ apps/ts.c | 7 ++++--- apps/verify.c | 3 +++ apps/x509.c | 3 +++ test/Makefile | 8 ++++---- test/tcrl | 1 - test/testca | 2 +- test/testenc | 1 - test/testgen | 1 - test/testss | 1 - test/testssl | 1 - test/tkey | 1 - test/tocsp | 1 - test/tpkcs7 | 1 - test/tpkcs7d | 1 - test/treq | 1 - test/tsid | 1 - test/tx509 | 1 - 57 files changed, 192 insertions(+), 31 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 74646af..60f71c3 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -496,20 +496,14 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tpass); } -CONF *app_load_config(const char *filename) +static CONF *app_load_config_(BIO *in, const char *filename) { long errorline = -1; CONF *conf; int i; - BIO *in; - - in = bio_open_default(filename, "r"); - if (in == NULL) - return NULL; conf = NCONF_new(NULL); i = NCONF_load_bio(conf, in, &errorline); - BIO_free(in); if (i > 0) return conf; @@ -522,6 +516,51 @@ CONF *app_load_config(const char *filename) NCONF_free(conf); return NULL; } +CONF *app_load_config(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default(filename, "r"); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} +CONF *app_load_config_quiet(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default_quiet(filename, "r"); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} + +int app_load_modules(const CONF *config) +{ + CONF *to_free = NULL; + + if (config == NULL) + config = to_free = app_load_config_quiet(default_config_file); + if (config == NULL) + return 1; + + if (CONF_modules_load(config, NULL, 0) <= 0) { + BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); + ERR_print_errors(bio_err); + NCONF_free(to_free); + return 0; + } + NCONF_free(to_free); + return 1; +} int add_oid_section(CONF *conf) { diff --git a/apps/apps.h b/apps/apps.h index a8e0071..a8652a1 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -154,7 +154,10 @@ extern BIO *bio_err; BIO *dup_bio_in(void); BIO *dup_bio_out(void); BIO *bio_open_default(const char *filename, const char *mode); -CONF *app_load_config(const char* filename); +BIO *bio_open_default_quiet(const char *filename, const char *mode); +CONF *app_load_config(const char *filename); +CONF *app_load_config_quiet(const char *filename); +int app_load_modules(const CONF *config); void unbuffer(FILE *fp); /* Often used in calls to bio_open_default. */ diff --git a/apps/asn1pars.c b/apps/asn1pars.c index d188f4a..bf53a34 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -186,8 +186,11 @@ int asn1parse_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (oidfile != NULL) { - in = bio_open_default(oidfile, "r"); + in = bio_open_default(oidfile, "r"); if (in == NULL) goto end; OBJ_create_objects(in); diff --git a/apps/ca.c b/apps/ca.c index 437a375..4dc9176 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -485,6 +485,8 @@ end_of_options: BIO_printf(bio_err, "Using configuration from %s\n", configfile); if ((conf = app_load_config(configfile)) == NULL) goto end; + if (!app_load_modules(conf)) + goto end; /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ciphers.c b/apps/ciphers.c index 47132fd..b1b3bdd 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -148,6 +148,9 @@ int ciphers_main(int argc, char **argv) else if (argc != 0) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + ctx = SSL_CTX_new(meth); if (ctx == NULL) goto err; diff --git a/apps/cms.c b/apps/cms.c index 5293fbd..7ccca5b 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -664,12 +664,14 @@ int cms_main(int argc, char **argv) } else if (!operation) goto opthelp; - if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } + if (!app_load_modules(NULL)) + goto end; + if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/crl.c b/apps/crl.c index 443889a..17391e2 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -217,6 +217,9 @@ int crl_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + x = load_crl(infile, informat); if (x == NULL) goto end; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index f05ad4a..e4e39cf 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -148,6 +148,9 @@ int crl2pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (!nocrl) { in = bio_open_default(infile, RB(informat)); if (in == NULL) diff --git a/apps/dgst.c b/apps/dgst.c index 5d23492..308555c 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -236,6 +236,9 @@ int dgst_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); diff --git a/apps/dhparam.c b/apps/dhparam.c index c66c591..931bf10 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -230,6 +230,9 @@ int dhparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) goto end; diff --git a/apps/dsa.c b/apps/dsa.c index d864c75..f02f293 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -196,6 +196,9 @@ int dsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index cf29b80..ffd81ff 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -185,6 +185,9 @@ int dsaparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (argc == 1) { if (!opt_int(argv[0], &num)) goto end; diff --git a/apps/ec.c b/apps/ec.c index 31a50ee..83a6aa4 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -199,6 +199,9 @@ int ec_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index 755b1be..ae75573 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -220,6 +220,9 @@ int ecparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/enc.c b/apps/enc.c index e4d490f..d045d15 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -294,6 +294,9 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; diff --git a/apps/engine.c b/apps/engine.c index 832cb0a..91af7bf 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -369,6 +369,9 @@ int engine_main(int argc, char **argv) } } + if (!app_load_modules(NULL)) + goto end; + for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) { const char *id = sk_OPENSSL_STRING_value(engines, i); if ((e = ENGINE_by_id(id)) != NULL) { diff --git a/apps/gendsa.c b/apps/gendsa.c index 75bd802..a832ec3 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -143,6 +143,9 @@ int gendsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(dsaparams, "r"); if (in == NULL) goto end2; diff --git a/apps/genpkey.c b/apps/genpkey.c index de14bd3..b9843cf 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -179,6 +179,9 @@ int genpkey_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "wb"); if (out == NULL) goto end; diff --git a/apps/genrsa.c b/apps/genrsa.c index e09e576..80d9ea6 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -166,6 +166,9 @@ int genrsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "w"); if (out == NULL) goto end; diff --git a/apps/nseq.c b/apps/nseq.c index 3fa496c..5c8ed17 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -109,6 +109,9 @@ int nseq_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, "r"); if (in == NULL) goto end; diff --git a/apps/ocsp.c b/apps/ocsp.c index c71b0d6..4c3aa39 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -482,6 +482,9 @@ int ocsp_main(int argc, char **argv) if (!req && !reqin && !respin && !(port && ridx_filename)) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "w"); if (out == NULL) goto end; diff --git a/apps/openssl.c b/apps/openssl.c index 7713f9f..e04ddce 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -289,12 +289,16 @@ void unbuffer(FILE *fp) setbuf(fp, NULL); } -BIO *bio_open_default(const char *filename, const char *mode) +static BIO *bio_open_default_(const char *filename, const char *mode, int quiet) { BIO *ret; if (filename == NULL || strcmp(filename, "-") == 0) { ret = *mode == 'r' ? dup_bio_in() : dup_bio_out(); + if (quiet) { + ERR_clear_error(); + return ret; + } if (ret != NULL) return ret; BIO_printf(bio_err, @@ -302,6 +306,10 @@ BIO *bio_open_default(const char *filename, const char *mode) *mode == 'r' ? "stdin" : "stdout", strerror(errno)); } else { ret = BIO_new_file(filename, mode); + if (quiet) { + ERR_clear_error(); + return ret; + } if (ret != NULL) return ret; BIO_printf(bio_err, @@ -312,6 +320,14 @@ BIO *bio_open_default(const char *filename, const char *mode) ERR_print_errors(bio_err); return NULL; } +BIO *bio_open_default(const char *filename, const char *mode) +{ + return bio_open_default_(filename, mode, 0); +} +BIO *bio_open_default_quiet(const char *filename, const char *mode) +{ + return bio_open_default_(filename, mode, 1); +} #if defined( OPENSSL_SYS_VMS) extern char **copy_argv(int *argc, char **argv); diff --git a/apps/passwd.c b/apps/passwd.c index 8dd8542..f34ef9f 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -202,6 +202,9 @@ int passwd_main(int argc, char **argv) goto opthelp; # endif + if (!app_load_modules(NULL)) + goto end; + if (infile && in_stdin) { BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); goto end; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 367ba87..82131e8 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -342,6 +342,9 @@ int pkcs12_main(int argc, char **argv) mpass = macpass; } + if (!app_load_modules(NULL)) + goto end; + if (export_cert || inrand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 7c62a86..248e0d6 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -193,6 +193,9 @@ int pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index b4af160..f8a340e 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -223,6 +223,9 @@ int pkcs8_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; diff --git a/apps/pkey.c b/apps/pkey.c index f0930a7..875087f 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -165,6 +165,9 @@ int pkey_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "wb"); if (out == NULL) goto end; diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index fbd19a7..6039dad 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -118,6 +118,9 @@ int pkeyparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, "r"); if (in == NULL) goto end; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 87e4950..4c267c1 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -229,6 +229,9 @@ int pkeyutl_main(int argc, char **argv) if (ctx == NULL) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "%s: Signature file specified for non verify\n", prog); diff --git a/apps/prime.c b/apps/prime.c index 04a83ab..d7f3869 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -109,6 +109,9 @@ int prime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (argc == 0 && !generate) { BIO_printf(bio_err, "%s: No prime specified\n", prog); goto end; diff --git a/apps/rand.c b/apps/rand.c index 498e7da..432e784 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -126,6 +126,9 @@ int rand_main(int argc, char **argv) if (sscanf(argv[0], "%d", &num) != 1 || num < 0) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", diff --git a/apps/req.c b/apps/req.c index a0e0cc9..3bae59e 100644 --- a/apps/req.c +++ b/apps/req.c @@ -380,6 +380,9 @@ int req_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "Using configuration from %s\n", template); req_conf = app_load_config(template); + if (!app_load_modules(req_conf)) + goto end; + if (req_conf != NULL) { p = NCONF_get_string(req_conf, NULL, "oid_file"); if (p == NULL) @@ -591,6 +594,7 @@ int req_main(int argc, char **argv) goto end; } BIO_free(out); + out = NULL; BIO_printf(bio_err, "-----\n"); } diff --git a/apps/rsa.c b/apps/rsa.c index 858699b..87cb702 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -254,6 +254,9 @@ int rsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + if (check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index 0ef6105..8ba838b 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -214,6 +214,9 @@ int rsautl_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, 0); diff --git a/apps/s_client.c b/apps/s_client.c index 6c14af0..009e5fe 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1059,6 +1059,9 @@ int s_client_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (proxystr) { if (connectstr == NULL) { BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); diff --git a/apps/s_server.c b/apps/s_server.c index 6bbabcc..189019d 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1438,6 +1438,9 @@ int s_server_main(int argc, char *argv[]) goto end; } + if (!app_load_modules(NULL)) + goto end; + if (s_key_file == NULL) s_key_file = s_cert_file; diff --git a/apps/smime.c b/apps/smime.c index 3f48278..45898de 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -411,6 +411,9 @@ int smime_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/speed.c b/apps/speed.c index 4b3da87..b93237e 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -856,6 +856,9 @@ int speed_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + /* Remaining arguments are algorithms. */ for ( ; *argv; argv++) { if (found(*argv, doit_choices, &i)) { diff --git a/apps/spkac.c b/apps/spkac.c index bd99f0e..d41331c 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -186,6 +186,8 @@ int spkac_main(int argc, char **argv) if ((conf = app_load_config(infile)) == NULL) goto end; + if (!app_load_modules(conf)) + goto end; spkstr = NCONF_get_string(conf, spksect, spkac); diff --git a/apps/srp.c b/apps/srp.c index b91d7d0..c730d6d 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -354,6 +354,8 @@ int srp_main(int argc, char **argv) conf = app_load_config(configfile); if (conf == NULL) goto end; + if (!app_load_modules(conf)) + goto end; /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ts.c b/apps/ts.c index be2482c..dfbf7ea 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -316,6 +316,10 @@ int ts_main(int argc, char **argv) goto end; } + conf = load_config_file(configfile); + if (!app_load_modules(conf)) + goto end; + /* * Check consistency of parameters and execute the appropriate function. */ @@ -331,13 +335,10 @@ int ts_main(int argc, char **argv) ret = data != NULL && digest != NULL; if (ret) goto opthelp; - /* Load the config file for possible policy OIDs. */ - conf = load_config_file(configfile); ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; case OPT_REPLY: - conf = load_config_file(configfile); if (in == NULL) { ret = !(queryfile != NULL && conf != NULL && !token_in); if (ret) diff --git a/apps/verify.c b/apps/verify.c index cb1be9a..0235194 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -177,6 +177,9 @@ int verify_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if ((store = setup_verify(CAfile, CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cb); diff --git a/apps/x509.c b/apps/x509.c index 1a6e327..77a2a6b 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -489,6 +489,9 @@ int x509_main(int argc, char **argv) goto opthelp; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "w"); if (out == NULL) goto end; diff --git a/test/Makefile b/test/Makefile index 99b999a..d37e020 100644 --- a/test/Makefile +++ b/test/Makefile @@ -300,7 +300,7 @@ test_ecdh: $(ECDHTEST)$(EXE_EXT) test_verify: ../apps/openssl$(EXE_EXT) @echo $(START) $@ -- expect some failures and expired certificates - OPENSSL_CONF=/dev/null ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem + ../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs/demo ../certs/demo/*.pem test_dh: $(DHTEST)$(EXE_EXT) @echo $(START) $@ @@ -345,7 +345,7 @@ test_ssl: keyU.ss certU.ss certCA.ss certP1.ss keyP1.ss certP2.ss keyP2.ss \ @sh ./testsslproxy keyP2.ss certP2.ss intP2.ss test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf - @if OPENSSL_CONF=/dev/null ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ echo SKIP $@ -- requires RSA; \ else \ echo $(START) $@; \ @@ -353,7 +353,7 @@ test_ca: ../apps/openssl$(EXE_EXT) testca CAss.cnf Uss.cnf fi test_tsa: ../apps/openssl$(EXE_EXT) testtsa CAtsa.cnf ../util/shlib_wrap.sh - @if OPENSSL_CONF=/dev/null ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ echo SKIP $@ -- requires RSA; \ else \ echo $(START) $@; \ @@ -370,7 +370,7 @@ test_jpake: $(JPAKETEST)$(EXE_EXT) test_cms: ../apps/openssl$(EXE_EXT) cms-test.pl smcont.txt @echo $(START) $@ - OPENSSL_CONFIG=/dev/null $(PERL) cms-test.pl + $(PERL) cms-test.pl test_srp: $(SRPTEST)$(EXE_EXT) @echo $(START) $@ diff --git a/test/tcrl b/test/tcrl index f01eff8..951c9dd 100644 --- a/test/tcrl +++ b/test/tcrl @@ -1,6 +1,5 @@ #!/bin/sh -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF cmd='../util/shlib_wrap.sh ../apps/openssl crl' if [ "$1"x != "x" ]; then diff --git a/test/testca b/test/testca index ee52463..452558b 100644 --- a/test/testca +++ b/test/testca @@ -18,7 +18,7 @@ export SSLEAY_CONFIG OPENSSL SSLEAY_CONFIG="-config CAss.cnf" OPENSSL="`pwd`/../util/opensslwrap.sh" -OPENSSL_CONFIG=/dev/null $PERL ../apps/CA.pl -newca $test; diff --git a/test/testgen b/test/testgen index f4eb112..1140f8a 100644 --- a/test/testgen +++ b/test/testgen @@ -3,7 +3,6 @@ T=testcert KEY=512 CA=../certs/testca.pem -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF /bin/rm -f $T.1 $T.2 $T.key diff --git a/test/testss b/test/testss index 0f2f6dd..5c5389b 100644 --- a/test/testss +++ b/test/testss @@ -5,7 +5,6 @@ reqcmd="../util/shlib_wrap.sh ../apps/openssl req" x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" dummycnf="../apps/openssl.cnf" -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF CAkey="keyCA.ss" CAcert="certCA.ss" diff --git a/test/testssl b/test/testssl index 0f5db08..7e834a7 100644 --- a/test/testssl +++ b/test/testssl @@ -10,7 +10,6 @@ if [ "$2" = "" ]; then else cert="$2" fi -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then diff --git a/test/tkey b/test/tkey index c6abd2f..47ac1be 100644 --- a/test/tkey +++ b/test/tkey @@ -4,7 +4,6 @@ t=$1 ktype=$2 ptype=$3 -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF if ../util/shlib_wrap.sh ../apps/openssl no-$ktype; then echo skipping $ktype $ptype conversion test exit 0 diff --git a/test/tocsp b/test/tocsp index ac91145..5fc291c 100644 --- a/test/tocsp +++ b/test/tocsp @@ -1,7 +1,6 @@ #!/bin/sh cmd='../util/shlib_wrap.sh ../apps/openssl' -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF ocspdir="ocsp-tests" # 17 December 2012 so we don't get certificate expiry errors. check_time="-attime 1355875200" diff --git a/test/tpkcs7 b/test/tpkcs7 index a1e8c0a..91e304b 100644 --- a/test/tpkcs7 +++ b/test/tpkcs7 @@ -1,7 +1,6 @@ #!/bin/sh cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF if [ "$1"x != "x" ]; then t=$1 diff --git a/test/tpkcs7d b/test/tpkcs7d index 9dc2932..c5077da 100644 --- a/test/tpkcs7d +++ b/test/tpkcs7d @@ -1,7 +1,6 @@ #!/bin/sh cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF if [ "$1"x != "x" ]; then t=$1 diff --git a/test/treq b/test/treq index 89f088c..2062d76 100644 --- a/test/treq +++ b/test/treq @@ -1,7 +1,6 @@ #!/bin/sh cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF if [ "$1"x != "x" ]; then t=$1 diff --git a/test/tsid b/test/tsid index a5c1c73..546efb7 100644 --- a/test/tsid +++ b/test/tsid @@ -1,6 +1,5 @@ #!/bin/sh -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' if [ "$1"x != "x" ]; then diff --git a/test/tx509 b/test/tx509 index f4774c0..3185ce1 100644 --- a/test/tx509 +++ b/test/tx509 @@ -1,6 +1,5 @@ #!/bin/sh -OPENSSL_CONF=/dev/null ; export OPENSSL_CONF cmd='../util/shlib_wrap.sh ../apps/openssl x509' if [ "$1"x != "x" ]; then From steve at openssl.org Fri May 29 11:09:45 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Fri, 29 May 2015 11:09:45 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432897785.415273.4208.nullmailer@dev.openssl.org> The branch master has been updated via 2d4deb256fb28f53ae778f8cf26698f49c5b83b4 (commit) from 7ea9f90d7734f07b5efd9a201e6e3254ce6a920b (commit) - Log ----------------------------------------------------------------- commit 2d4deb256fb28f53ae778f8cf26698f49c5b83b4 Author: Dr. Stephen Henson Date: Fri May 29 11:38:53 2015 +0100 fix asn1parse -inform Reviewed-by: Richard Levitte Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/asn1pars.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index bf53a34..24b5568 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -140,7 +140,7 @@ int asn1parse_main(int argc, char **argv) case OPT_INFORM: if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat)) goto opthelp; - goto end; + break; case OPT_IN: infile = opt_arg(); break; From matt at openssl.org Fri May 29 15:28:23 2015 From: matt at openssl.org (Matt Caswell) Date: Fri, 29 May 2015 15:28:23 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1432913303.735145.12915.nullmailer@dev.openssl.org> The branch master has been updated via 6218a1f57e7e25a6b9a798f00cf5f0e56a02ff31 (commit) from 2d4deb256fb28f53ae778f8cf26698f49c5b83b4 (commit) - Log ----------------------------------------------------------------- commit 6218a1f57e7e25a6b9a798f00cf5f0e56a02ff31 Author: Matt Caswell Date: Fri May 29 16:14:02 2015 +0100 Remove struct ccs_header_st struct ccs_header_st is not used so it should be removed. Reviewed-by: Rich Salz ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 7 ------- ssl/record/rec_layer_d1.c | 3 --- ssl/ssl_locl.h | 6 ------ 3 files changed, 16 deletions(-) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 05b8f9e..bcdba74 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -1298,13 +1298,6 @@ dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) n2l3(data, msg_hdr->frag_len); } -void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr) -{ - memset(ccs_hdr, 0, sizeof(*ccs_hdr)); - - ccs_hdr->type = *(data++); -} - int dtls1_shutdown(SSL *s) { int ret; diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c index 159c222..52ef8f0 100644 --- a/ssl/record/rec_layer_d1.c +++ b/ssl/record/rec_layer_d1.c @@ -857,11 +857,8 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) } if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) { - struct ccs_header_st ccs_hdr; unsigned int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH; - dtls1_get_ccs_header(SSL3_RECORD_get_data(rr), &ccs_hdr); - if (s->version == DTLS1_BAD_VER) ccs_hdr_len = 3; diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index bdc4d8c..9d1f80a 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -1370,11 +1370,6 @@ struct hm_header_st { struct dtls1_retransmit_state saved_retransmit_state; }; -struct ccs_header_st { - unsigned char type; - unsigned short seq; -}; - struct dtls1_timeout_st { /* Number of read timeouts so far */ unsigned int read_timeouts; @@ -1986,7 +1981,6 @@ int dtls1_retransmit_buffered_messages(SSL *s); void dtls1_clear_record_buffer(SSL *s); void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr); -void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr); __owur long dtls1_default_timeout(void); __owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft); __owur int dtls1_check_timeout_num(SSL *s); From rsalz at openssl.org Sat May 30 16:28:21 2015 From: rsalz at openssl.org (Rich Salz) Date: Sat, 30 May 2015 16:28:21 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433003301.160536.11207.nullmailer@dev.openssl.org> The branch master has been updated via e0f9bf1de72e2717a5e8c2126259959e2d650777 (commit) from 6218a1f57e7e25a6b9a798f00cf5f0e56a02ff31 (commit) - Log ----------------------------------------------------------------- commit e0f9bf1de72e2717a5e8c2126259959e2d650777 Author: Rich Salz Date: Fri May 29 12:22:43 2015 -0400 clear/cleanse cleanup Where we called openssl_cleanse, make sure we do it on all error paths. Be consistent in use of sizeof(foo) when possible. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/s3_enc.c | 10 ++++++---- ssl/s3_srvr.c | 3 +-- ssl/t1_enc.c | 12 +++++++----- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c index ea9042b..dd93e25 100644 --- a/ssl/s3_enc.c +++ b/ssl/s3_enc.c @@ -206,7 +206,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) km += MD5_DIGEST_LENGTH; } - OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH); + OPENSSL_cleanse(smd, sizeof(smd)); EVP_MD_CTX_cleanup(&m5); EVP_MD_CTX_cleanup(&s1); return 1; @@ -388,13 +388,15 @@ int ssl3_change_cipher_state(SSL *s, int which) } #endif - OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key)); - OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv)); + OPENSSL_cleanse(exp_key, sizeof(exp_key)); + OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); EVP_MD_CTX_cleanup(&md); return (1); err: SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: + OPENSSL_cleanse(exp_key, sizeof(exp_key)); + OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); return (0); } @@ -687,7 +689,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, s, s->msg_callback_arg); } #endif - OPENSSL_cleanse(buf, sizeof buf); + OPENSSL_cleanse(buf, sizeof(buf)); return (ret); } diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 68234ec..88e649d 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -2238,7 +2238,6 @@ int ssl3_get_client_key_exchange(SSL *s) BIGNUM *pub = NULL; DH *dh_srvr, *dh_clnt = NULL; #endif - #ifndef OPENSSL_NO_EC EC_KEY *srvr_ecdh = NULL; EVP_PKEY *clnt_pub_pkey = NULL; @@ -2676,7 +2675,7 @@ int ssl3_get_client_key_exchange(SSL *s) psk_len = s->psk_server_callback(s, tmp_id, psk_or_pre_ms, sizeof(psk_or_pre_ms)); - OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1); + OPENSSL_cleanse(tmp_id, sizeof(tmp_id)); if (psk_len > PSK_MAX_PSK_LEN) { SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 8c53aa8..e410ff7 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -563,6 +563,10 @@ int tls1_change_cipher_state(SSL *s, int which) err: SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE); err2: + OPENSSL_cleanse(tmp1, sizeof(tmp1)); + OPENSSL_cleanse(tmp2, sizeof(tmp1)); + OPENSSL_cleanse(iv1, sizeof(iv1)); + OPENSSL_cleanse(iv2, sizeof(iv2)); return (0); } @@ -721,7 +725,7 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, return 0; OPENSSL_cleanse(hash, hashlen); OPENSSL_cleanse(buf2, sizeof(buf2)); - return sizeof buf2; + return sizeof(buf2); } int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, @@ -871,8 +875,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, NULL, 0, s->session->master_key, s->session->master_key_length, out, buff, olen); - OPENSSL_cleanse(val, vallen); - OPENSSL_cleanse(buff, olen); goto ret; err1: @@ -884,8 +886,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE); rv = 0; ret: - OPENSSL_free(buff); - OPENSSL_free(val); + CRYPTO_clear_free(val, vallen); + CRYPTO_clear_free(buff, olen); return (rv); } From steve at openssl.org Sat May 30 23:52:38 2015 From: steve at openssl.org (Dr. Stephen Henson) Date: Sat, 30 May 2015 23:52:38 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433029958.547235.2812.nullmailer@dev.openssl.org> The branch master has been updated via 688c244685981085cf0290a228771391cf22ff18 (commit) from e0f9bf1de72e2717a5e8c2126259959e2d650777 (commit) - Log ----------------------------------------------------------------- commit 688c244685981085cf0290a228771391cf22ff18 Author: Dr. Stephen Henson Date: Sat May 30 23:05:31 2015 +0100 fix warning Reviewed-by: Matt Caswell ----------------------------------------------------------------------- Summary of changes: apps/pkcs8.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/pkcs8.c b/apps/pkcs8.c index f8a340e..e94a232 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -115,7 +115,7 @@ int pkcs8_main(int argc, char **argv) OPTION_CHOICE o; int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER, p8_broken = PKCS8_OK; int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1; - uint64_t scrypt_N = 0, scrypt_r = 0, scrypt_p = 0; + unsigned long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0; prog = opt_init(argc, argv, pkcs8_options); while ((o = opt_next()) != OPT_EOF) { From rsalz at openssl.org Sun May 31 21:58:48 2015 From: rsalz at openssl.org (Rich Salz) Date: Sun, 31 May 2015 21:58:48 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433109528.562020.4113.nullmailer@dev.openssl.org> The branch master has been updated via 1c8a527cff6cd4e07935e5a86335963e93adf75a (commit) from 688c244685981085cf0290a228771391cf22ff18 (commit) - Log ----------------------------------------------------------------- commit 1c8a527cff6cd4e07935e5a86335963e93adf75a Author: Rich Salz Date: Sun May 31 14:46:44 2015 -0400 Silence Clang warning about unit'd variable Reviewed-by: Tim Hudson ----------------------------------------------------------------------- Summary of changes: ssl/t1_enc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index e410ff7..e865341 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -808,7 +808,7 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen, { unsigned char *buff; unsigned char *val = NULL; - size_t vallen, currentvalpos; + size_t vallen = 0, currentvalpos; int rv; buff = OPENSSL_malloc(olen); From matt at openssl.org Sun May 31 23:36:43 2015 From: matt at openssl.org (Matt Caswell) Date: Sun, 31 May 2015 23:36:43 +0000 Subject: [openssl-commits] [openssl] master update Message-ID: <1433115403.362506.15895.nullmailer@dev.openssl.org> The branch master has been updated via 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6 (commit) from 1c8a527cff6cd4e07935e5a86335963e93adf75a (commit) - Log ----------------------------------------------------------------- commit 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6 Author: Matt Caswell Date: Fri May 29 17:05:01 2015 +0100 Check the message type requested is the type received in DTLS dtls1_get_message has an |mt| variable which is the type of the message that is being requested. If it is negative then any message type is allowed. However the value of |mt| is not checked in one of the main code paths, so a peer can send a message of a completely different type and it will be processed as if it was the message type that we were expecting. This has very little practical consequences because the current behaviour will still fail when the format of the message isn't as expected. Reviewed-by: Andy Polyakov ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index bcdba74..569b561 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -478,6 +478,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + if (mt >= 0 && s->s3->tmp.message_type != mt) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len; From matt at openssl.org Sun May 31 23:36:54 2015 From: matt at openssl.org (Matt Caswell) Date: Sun, 31 May 2015 23:36:54 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_2-stable update Message-ID: <1433115414.049522.16591.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_2-stable has been updated via 8744ba5e4260ccb47daae3c45bb8e7b5bac42cd3 (commit) from 4d9dc0c269be87b92da188df1fbd8bfee4700eb3 (commit) - Log ----------------------------------------------------------------- commit 8744ba5e4260ccb47daae3c45bb8e7b5bac42cd3 Author: Matt Caswell Date: Fri May 29 17:05:01 2015 +0100 Check the message type requested is the type received in DTLS dtls1_get_message has an |mt| variable which is the type of the message that is being requested. If it is negative then any message type is allowed. However the value of |mt| is not checked in one of the main code paths, so a peer can send a message of a completely different type and it will be processed as if it was the message type that we were expecting. This has very little practical consequences because the current behaviour will still fail when the format of the message isn't as expected. Reviewed-by: Andy Polyakov (cherry picked from commit 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6) ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index ae8239a..ffd4784 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -489,6 +489,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + if (mt >= 0 && s->s3->tmp.message_type != mt) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len; From matt at openssl.org Sun May 31 23:37:05 2015 From: matt at openssl.org (Matt Caswell) Date: Sun, 31 May 2015 23:37:05 +0000 Subject: [openssl-commits] [openssl] OpenSSL_1_0_1-stable update Message-ID: <1433115425.121148.16844.nullmailer@dev.openssl.org> The branch OpenSSL_1_0_1-stable has been updated via f3e85f43598a1511b72c3813a71e403f19ddf458 (commit) from cc74177e715513e4050ee6e11c9f5fc3e8e65ad4 (commit) - Log ----------------------------------------------------------------- commit f3e85f43598a1511b72c3813a71e403f19ddf458 Author: Matt Caswell Date: Fri May 29 17:05:01 2015 +0100 Check the message type requested is the type received in DTLS dtls1_get_message has an |mt| variable which is the type of the message that is being requested. If it is negative then any message type is allowed. However the value of |mt| is not checked in one of the main code paths, so a peer can send a message of a completely different type and it will be processed as if it was the message type that we were expecting. This has very little practical consequences because the current behaviour will still fail when the format of the message isn't as expected. Reviewed-by: Andy Polyakov (cherry picked from commit 8c2b1d872b25f3ec78e04f5cd2de8f21e853c4a6) ----------------------------------------------------------------------- Summary of changes: ssl/d1_both.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ssl/d1_both.c b/ssl/d1_both.c index 68218e7..c5b2e99 100644 --- a/ssl/d1_both.c +++ b/ssl/d1_both.c @@ -485,6 +485,12 @@ long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) return i; } + if (mt >= 0 && s->s3->tmp.message_type != mt) { + al = SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_DTLS1_GET_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); + goto f_err; + } + p = (unsigned char *)s->init_buf->data; msg_len = msg_hdr->msg_len;